this post was submitted on 10 Aug 2023
2023 points (97.8% liked)

Technology

59080 readers
4344 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

you are viewing a single comment's thread
view the rest of the comments
[–] ObamaBinLaden@lemmy.world 31 points 1 year ago (8 children)

And gboard or SwiftKey don't?

[–] Steeve@lemmy.ca 36 points 1 year ago* (last edited 1 year ago) (3 children)

Every single time something sketchy is happening in Chinese tech a Lemmy user will slide the conversation and accusations to American tech. It's a rule.

[–] ZeroHora@lemmy.ml 12 points 1 year ago (1 children)

Is not about American/Chinese government, is about privacy. ANY company or government storing your data can be extremely problematic in the future.

Yeah the Sogou Keyboard send data to Tencent, the same thing happens or could happens with others proprietary keyboards in the future. How about trying a FOSS one?

[–] Steeve@lemmy.ca 7 points 1 year ago* (last edited 1 year ago) (1 children)

It's absolutely about the American/Chinese government, I don't see comments forum sliding into Chinese tech on every post about Google.

But no, swift and gboard don't send your data to the American government.

There's also a dangerous misconception around here that FOSS == privacy safe. It doesn't.

[–] Aurenkin@sh.itjust.works 2 points 1 year ago

There is also a differece between invading your privacy and compromising your security. Both are bad, but one is much worse at least in my view. Keylogging and then sending those keystrokes back to base with a dodgey custom rolled encryption framework is not just a breach of privacy.

On all social media, that seems to happen and it makes me sick.

People not knowing how scary the Chinese government is speaks volumes about the future of other countries. We had all the opportunity to see it happen and avoid it and these morons dismiss the truth and whatabout every damned thing

[–] Aurenkin@sh.itjust.works 3 points 1 year ago

Well, we have actual evidence here of dodgy shit happening, but what about this other thing I assume is also happening based on absolutely nothing? See, both just as bad!

[–] Aurenkin@sh.itjust.works 13 points 1 year ago* (last edited 1 year ago) (3 children)

Gboard doesn't at least. It does send some stuff but not keystrokes

[–] echo64@lemmy.world 30 points 1 year ago (1 children)

It sends whole words instead!

[–] Aurenkin@sh.itjust.works 27 points 1 year ago* (last edited 1 year ago)

Any data you submit to Google is stored and analysed. That's different from sending keystrokes as they happen though.

I'm all for criticising invasive data use and collection which Google is definitely guilty of. It's not the same as keylogging though which is not just a privacy concern but a pretty serious security one as well. Also we have actual evidence here of Tencent doing this which makes a difference to me at least.

[–] supercheesecake@aussie.zone 4 points 1 year ago

I’m not sure if that’s true. You know, it’s Google. Every keystroke in your gmail email is analysed, so can’t imagine gboard is any different to them.

[–] lowleveldata@programming.dev 3 points 1 year ago

We can't know for sure if they're not open source

[–] fmstrat@lemmy.nowsci.com 7 points 1 year ago (1 children)

While GBoard is closed source, they have documented that they use federated learning. Meaning their model is generated on-device and only the inferences are sent to Google.

That being said, I use OpenBoard.

[–] itsJoelle@lemmy.world 3 points 1 year ago

Plus it also has the feature where you can drag on the space bar to move the letterhead!

[–] throws_lemy@lemmy.nz 5 points 1 year ago (1 children)

I prefer OpenBoard, it doesn't send keystrokes to any server

[–] august_senpai@lemm.ee 2 points 1 year ago (1 children)

The fork even has support for swipe, autocorrect, word prediction, clipboard management, etc, and is way more lightweight than Gboard and the rest. Zero reason to use anything else at the moment.

[–] portside@monyet.cc 2 points 1 year ago (1 children)

What's the fork? I've been using Florisboard beta (ehich is also opensource) and pretty happy with it. The only things I miss is swipe for dictionary words

[–] august_senpai@lemm.ee 3 points 1 year ago* (last edited 1 year ago) (1 children)

https://github.com/Helium314/openboard
Important to note that you need to install a library from inside the app's settings to enable swipe typing. Ctrl+F "enable gesture typing" on the Github page to see where to get it.

[–] portside@monyet.cc 1 points 1 year ago (1 children)

I loaded the library but couldn't see a toggle to turn it on.

[–] august_senpai@lemm.ee 1 points 1 year ago (1 children)

Uhhh it's pretty blatant.
OpenBoard Settings > Gesture Typing > Enable Gesture Typing

[–] portside@monyet.cc 1 points 1 year ago (1 children)
[–] august_senpai@lemm.ee 1 points 1 year ago* (last edited 1 year ago)

No, it's the fork I've linked. You got it from here, yes? Also, the option only appears after you successfully load a library by going to Advanced > Load gesture typing library. Since you said you'd already loaded it I didn't mention that. You might've loaded the incorrect file or something.

[–] Engywuck@lemm.ee 2 points 1 year ago (1 children)

Not if you block internet connection at system level. I think it can be done if GBoard in installed as an user app, not as a system one.

[–] fmstrat@lemmy.nowsci.com 3 points 1 year ago (1 children)

Might as well just use Open Board.

[–] Engywuck@lemm.ee 1 points 1 year ago

Of course. My "problem" is that I need to write in 3 languages at the same time and switching languages manually in Open board is a bit cumbersome, while in GBoard it happens automatically.

[–] SnowdenHeroOfOurTime@unilem.org 1 points 1 year ago (1 children)

This "they're all bad" shit aimed at the Chinese government makes me so sad. How many of you dullards have even heard of Tienanmen square

[–] SnowdenHeroOfOurTime@unilem.org 3 points 1 year ago (1 children)

The downvotes tell me some people need to Google Tienanmen square. From outside China. Inside china, it didn't happen. Erases from history

[–] addie@feddit.uk 9 points 1 year ago

It's not called the 'Tiananmen Square' by the Chinese - that's just the name of the place. Either 六四屠殺 (June 4 massacre) or 六四鎮壓 (June 4 crackdown) would be more likely. And yes, expect loads of downvoting on Lemmy if you're ever critical of China.