In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
no, people who do this are shilling for China and/or tiktok. we all know this.
and yes the raw keyboard data going directly from your fingers to the government is not something that likely happens in the US, so either way this is a false equivalence.
the raw keyboard data going directly from your fingers to the government is not something that likely happens in the US, so either way this is a false equivalence.
Again, I never mentioned the US.
What does it matter if the data is routed to the government server first or second? Blanket data collection is nefarious no matter who is doing it, but it landing in the hands of any government is dangerous. It isn’t somehow less dangerous just because it hits a private server first (although it’s harder to tell spying is happening, so in that respect it may be worse)
E2E encryption should be standard across all tech platforms in every country, full stop.
no, people who do this are shilling for China and/or tiktok. we all know this.
and yes the raw keyboard data going directly from your fingers to the government is not something that likely happens in the US, so either way this is a false equivalence.
I’m not defending China.
Again, I never mentioned the US.
What does it matter if the data is routed to the government server first or second? Blanket data collection is nefarious no matter who is doing it, but it landing in the hands of any government is dangerous. It isn’t somehow less dangerous just because it hits a private server first (although it’s harder to tell spying is happening, so in that respect it may be worse)
E2E encryption should be standard across all tech platforms in every country, full stop.
yeah, Snowden probably wouldn’t be really into the idea that we shouldn’t talk about what China is doing it because “everyone else is too”.
Snowden would acknowledge the pervasiveness of the issue.
he’s also not a bad-faith actor on an anonymous platform
I’m not the one reducing the issue into a China vs US binary my guy.
but you are defending those who want that to be the whole discussion. blocking you now.
Whatever you need to do to take care of your mental health, no skin off my nose.