DeepSeek IOS App Sends Data Unencrypted To ByteDance-Controlled Servers (arstechnica.com) 68
An anonymous Slashdot reader quotes a new article from Ars Technica: On Thursday, mobile security company NowSecure reported that [DeepSeek] sends sensitive data over unencrypted channels, making the data readable to anyone who can monitor the traffic. More sophisticated attackers could also tamper with the data while it's in transit. Apple strongly encourages iPhone and iPad developers to enforce encryption of data sent over the wire using ATS (App Transport Security). For unknown reasons, that protection is globally disabled in the app, NowSecure said. What's more, the data is sent to servers that are controlled by ByteDance, the Chinese company that owns TikTok...
[DeepSeek] is "not equipped or willing to provide basic security protections of your data and identity," NowSecure co-founder Andrew Hoog told Ars. "There are fundamental security practices that are not being observed, either intentionally or unintentionally. In the end, it puts your and your company's data and identity at risk...." This data, along with a mix of other encrypted information, is sent to DeepSeek over infrastructure provided by Volcengine a cloud platform developed by ByteDance. While the IP address the app connects to geo-locates to the US and is owned by US-based telecom Level 3 Communications, the DeepSeek privacy policy makes clear that the company "store[s] the data we collect in secure servers located in the People's Republic of China...."
US lawmakers began pushing to immediately ban DeepSeek from all government devices, citing national security concerns that the Chinese Communist Party may have built a backdoor into the service to access Americans' sensitive private data. If passed, DeepSeek could be banned within 60 days.
[DeepSeek] is "not equipped or willing to provide basic security protections of your data and identity," NowSecure co-founder Andrew Hoog told Ars. "There are fundamental security practices that are not being observed, either intentionally or unintentionally. In the end, it puts your and your company's data and identity at risk...." This data, along with a mix of other encrypted information, is sent to DeepSeek over infrastructure provided by Volcengine a cloud platform developed by ByteDance. While the IP address the app connects to geo-locates to the US and is owned by US-based telecom Level 3 Communications, the DeepSeek privacy policy makes clear that the company "store[s] the data we collect in secure servers located in the People's Republic of China...."
US lawmakers began pushing to immediately ban DeepSeek from all government devices, citing national security concerns that the Chinese Communist Party may have built a backdoor into the service to access Americans' sensitive private data. If passed, DeepSeek could be banned within 60 days.
"But It's Open Source So It's Secure" HERPHERPDERP (Score:5, Insightful)
Things to remember:
"It's open source" is no guarantee that the code is actually being audited for security.
"It's open source" is no guarantee that the "maintainers" aren't actively slipping obfuscated, malicious code into it. (XZ Utils debacle) [wired.com]
"It's open source" is no guarantee that the "publicly downloadable binaries" don't contain something undisclosed that isn't in the released "public open source" code.
I'm not saying that every open source project is a bad thing, by any means, but the open source community needs to do a better job on security and we need to have appropriate skepticism when malicious CCP government/military front companies claim they're "open source" just for the marketing buzz...
Re:"But It's Open Source So It's Secure" HERPHERPD (Score:4, Interesting)
I missed the reference at the end of your Subject. Some movie or TV thing?
Interesting FP take on the topic, though I think you're too shallow. You can't blame the FOSS community for malicious players joining the game. It's a sort of advantage the bad guys have. They can follow the rules as much as they like. Or not. Mostly a matter of timing and trying to die outside of jail and with the most toys. (And most Chinese people and most Americans deny that they are living in any sort of jail...)
I think the most significant aspect of DS (DeepSeek) is that the Chinese government let it be released at all. The basic claim is that "we can do this better and cheaper than the Americans". That is not a surprise, but a standard old claim, and even a kind of threat when it comes to AI, but it mostly makes me wonder about the secret AI development projects that have no visible descriptions in English... But ditto the American government's secret projects that got Snowden into so much trouble.
I've gone a number of rounds with DS and it mostly convinced me that it can't be trusted. The harder it tried to defend itself, the more problems it exposed. I had forgotten about many of those vulnerabilities--but that isn't the worst of it. Are there other problems and vulnerabilities that are too secret to talk about?
(Might also be a personal problem from my approach? I often approach those "conversations" like a student talking to a teacher. But GAI is a pretty poor, even terrible, teacher. It clearly doesn't know where my head is at and it doesn't ask. It just keeps trying to spew out "life, the universe and everything" remotely related to anything I said...)
So I was motivated to read two more books on computer security... The MIT book is worthless, but the other book is from a police perspective and has an interesting focus on counter-strategies. Not really solutions, but better than nothing?
Re: (Score:3)
You can't blame the FOSS community for malicious players joining the game.
Maybe not for malicious players attempting to join - but definitely for failing to do the due diligence and for allowing critical projects that have dependencies all across the FOSS ecosystem to get to the point where (a) almost nobody is auditing the code and (b) only 1-2 maintainers exist, which allowed for a very easy social-engineering takeover of the project.
This is the problem at the heart of most of the FOSS structure and
Re: (Score:2)
Thanks for clarifying (except for the HERP thing that I asked about), but I can only partly agree. Fundamentally I think it is impossible to see into other people's minds--and even if they did excellent diligence and blocked the bad apples, people change and a good apple could go bad. For example, for a bribe.
Which leads to what I think is the biggest problem with FOSS. It's the "business model" as based on confusion about what "free" means. The economic part needs to be separated out and I think it would b
Re: (Score:3)
I find those vulnerabilities to make it actually useful for trying to write Tom Clancy shit. I had a long conversation with R1:70b where it was willing to play along in the guise of "a helpful assistant to a fictional leader in a novel" and promptly set to work re-creating the scooter assassination. It went with me every step of the way, at points even telling itself "this guy is a war criminal and deserves this, as long as we minimize collateral damage", all because I re-framed the war as being between the
Re: (Score:2)
Also please don't respond to tell me the Finns are barbecuing in January, right next to their ice fishing hole and their sauna trailer, even though there probably are some. (I bet they could even use the same propane supply for the barbecue and the sauna.) That's not comparable to daily life in Moscow or St. Petersburg (not that I named those cities for the AI).
Re: "But It's Open Source So It's Secure" HERPHERP (Score:2)
You probably tipped it off. That and presuming a chef serious enough to BBQ in winter would use propane.
Maybe it was being fooled, but I wouldn't rule out it trying to instill basic ethics to point out the sociopathy of the scenario you propsed.
In my interactions , I find the answers very polite. Did it recommend diplomacy by any chance?
Re: (Score:2)
Neither the DeepSeek app nor iOS are open source.
Re: (Score:2)
Re: (Score:2)
I'm not saying that every open source project is a bad thing, by any means, but the open source community needs to do a better job on security ...
The thing about open source is that anyone is welcome to do whatever they think needs to be done. It is an anarchist collective. So put up or shut up. Do that better job that you say needs to be done.
Oh, you meant that someone else should do it for you because you want it done and don't have the skills to do it yourself? Fuck you, pay me.
Re: (Score:2)
It is an anarchist collective. So put up or shut up. Do that better job that you say needs to be done.
Thank you for revealing the entire problem with the "Open Source Community." The stuck-up attitudes and narcissism involved.
This isn't a matter of just one project, nor a scale where you demanding just one person take on the clear security problems of the FOSS "community" is in any way rational.
Oh, you meant that someone else should do it for you because you want it done and don't have the skills to
Re: "But It's Open Source So It's Secure" HERPHERP (Score:2)
CaNt sOmEoNe eLsE Do It
Re: (Score:2)
DeepSeek LLM is open-source, their iOS app isn't.
What's your point?
Re: (Score:2)
Open source code is only as good as far as it's audited and checked. Otherwise you have things like the attempted Jia Tan vulnerability in an extremely common Linux util [cyberscoop.com] (XZ utils). Had that gone unnoticed, a to
Re: "But It's Open Source So It's Secure" HERPHERP (Score:2)
The problem here is the app not using encryption plus and the servers being Chinese. Open source has literally nothing to do with it.
Re: (Score:2)
Add to this the additional (threat) surface area when you account for all of the dependencies that project depends on and each one has the same vulnerabilities in them that you mentioned.
Who cares (Score:3)
I run it locally because they werent stingy bastards, so who cares?
Re: Who cares (Score:2)
Exactly. 14b does me just fine, thank you very much ccp.
Re: (Score:3)
70b will run on any halfway recent (like "if it runs Windows 11 without hacking, it's good enough") PC with 48 GB of RAM, and this gets you access to all of the Experts rather than just one. Even the GPU is optional, as it will only offload tiny, specific bits of the processing unless you have enough VRAM for the entire model -- which you might if you have a 4090D or two 3090s or something in the workstation range, bit this is well outside the specs of a gaming PC.
Also I'm pretty sure there's a lot more ent
Re: (Score:2)
I'm only aware of distillations at 70b- specifically llama. The MoE DeepSeek models are way, way, *fucking way* bigger than 70b.
Llama does not have experts.
Re: (Score:2)
70b is a distill of 671b and functions the same way internally, choosing from among six different expert models in forming its Chain of Thought. 32b is just one of those models standing on its own. I'm not sure how they managed to shoehorn everything in there, but 70b acts a lot like a somewhat lobotomized 671b. It task saturates a lot easier and the context window is smaller, but the basic way it makes decisions is based on the 671b model -- it's invoking experts. Ask the same question twice and it may inv
Re: (Score:2)
70b is a distill of 671b and functions the same way internally, choosing from among six different expert models in forming its Chain of Thought.
No, that's not how it works at all.
Distillations are fine tuning of an existing model (in this case llama-3-70b) using a larger model as a teacher.
This teaches llama-3-70b to use CoT, but llama3 is a fundamentally dense model- not an MoE. There are no experts.
You can say that the "knowledge of those experts are distilled into llama3", but they are gone.
Re: (Score:2)
Alright, from the outside to me I could not distinguish between 70b merely subsuming the output of the experts, and actually starting them up the way the 671b "full fat" R1 does. The output, including the CoT, is stylistically extremely similar although as noted, the 70b model task saturates a whole lot easier and has to be spoon-fed some of the more complex problems one piece at a time.
Re: (Score:2)
deepseek-r1-llama3-70b feels very similar to deepseek-r1- except that I can run it at 9t/s instead of 0.36t/s.
Re: Who cares (Score:2)
Dual x5650-recent? Windows 11 on tps 1.2? Don't have the energy (or cash) any more, thx. Ecc ram I have plenty but even 14b is sluggish, works though.
Re: (Score:2)
I also tried the 32b model and there isn't a huge speed difference between 32b and 70b, although there is a large difference in the variety of output that can be produced. In my case it's an i5-8500, 48 GB of nowhere near optimized DDR4, and an RTX 3060. The RTX 3060 only gets flicked into life for a couple seconds at a time, as opposed to running FLUX.1 where the GPU is doing all the heavy lifting. I'd need 41 GB of VRAM to fit all of the 70b model in, anything less than that and swapping in and out of VRA
Re:Who cares [where it goes?] (Score:2)
I run it locally because they werent stingy bastards, so who cares?
And do you allow it to access any remote libraries?
Obligatory reference to "Reflections on Trusting Trust" https://aeb.win.tue.nl/linux/h... [win.tue.nl] by one of the gawds.
Re: (Score:2)
Nope, DeepSeek-R1 runs just fine fully contained in its little (or big) Ollama box. It can either do Chain of Thought or Web searches, not both at the same time, and CoT is the killer feature you don't want to turn off, so there's not really any reason to give it access to the Internet.
Re: (Score:2)
You can run the distilled models, is what you most likely mean.
Running the full models at full precision require over 1TB of (V)RAM.
(V) in parentheses, because while you can run the MoE kinda ok-ish via CPU inference, it's pretty trash.
That's why people use the app/API- it's much, much, better than what you can do with local inference realistically.
That all said, I do nothing but local inference, and the distilled models are a huge step forward from the models I used to run.
The llama3-70b-in
So? (Score:5, Insightful)
If you can set this up on your own controlled box, just run wireshark and see what it's doing. Anyone able to setup DeepSeek on their own hardware should be perfectly capable of doing that to verify if any info is leaving your network and even WHERE it's going.
It's probably prudent and wise to keep this stuff off government devices, but I'd argue that's true for all AI anyway. American Corporations may not be a national security risk (remember, America is only here for Corporations) but as a consumer, they are as big a threat to me as China is. Probably worse since they own my politicians.
Open Source is a use at your own risk. Don't like it, go use Microsoft. I'm sure they care a lot about your personal data and keeping it nice and safe for you...
Re: So? (Score:2)
Running this with llama-cpp it has zero way to reach outside. It even says if you ask it to that it cant seem to reach the internet.
This is why running it locally is so great. Works with no internet and its great.
Re: (Score:3)
You'll find DeepSeek doesn't try to call home at all. They may be completely incompetent at administering Web-facing servers, but they did a pretty good job getting the models to stand on their own, with no access to outside anything. Go ahead and completely airgap the machine if you want, and DeepSeek will carry on completely oblivious to the change unless you turn off Chain of Thought and turn on Web searches. (And you probably won't want to do that, CoT is what makes its good answers trustworthy and its
Re: (Score:2)
I really don't have a problem with the advice "you really should air gap this because it could try to call home". That's not a bad idea in general if you don't/can't/shouldn't trust a machine being exposed to the world. But R1 is just a set of weights on top of a Llama framework, and there is zero evidence it tries to exfiltrate any data. Technically it's not even software, it's just data, so it shouldn't be able to "do" anything at all that isn't supported by the underlying Llama framework.
Re: (Score:2)
And as I said, I have no problem with this. Even without evidence of misdeeds, airgapping it is unlikely to harm you in any meaningful way so go ahead and be as paranoid as you want/need.
Re: (Score:1)
Re: (Score:2)
llama.cpp, which you'd likely be running it with (generally compiled into some other tool like ollama) doesn't support tool use, and no llm runtime i've ever used allowed tool use without you specifically setting it up.
I think you're conflating the DeepSeek models, with the iOS application, which is very much not open source, whatsoever.
Re: (Score:3)
this was done.. and it calls back to servers in China and ByteDance controlled servers (this was stated in the first paragraph of the article)
Multiple researches have done this and confirmed it independently.
It was assumed it would be communicating with something in China... the problem is that the TOS state that user data is not transmitted, which it is. And not in a secure manner.
If you run DeepSeek or any other local version of an AI at home... just make sure it's air gapped, or your firewall is fully an
Yes, ban Chinese software for unencrypted backdoor (Score:2)
At least the Western three-letter organisations demand their backdoors into software has to be encrypted.
Much safer for the general public.
Re: Yes, ban Chinese software for unencrypted back (Score:2)
And their backdoors into hardware protected by national security acts of various parliaments
Is there a single person (Score:2)
Straight from deepseek to bytedance to the Chinese government.
I dont really have a problem with this. At this point, the entire world knows that the Chinese government has access to pretty much anything inside any Chinese company.
The same goes for my own country (US), except I trust the US way more. Are they watching me? Definitely. But I’ve never been called to the local police station for “re-education” because my online posts we
Re: (Score:2)
As a Chinese citizen, that math becomes very different.
More or Less? (Score:2)
UK demands data (Score:2)
Re: UK demands data (Score:1)
No that'a fake news. Definitely alternative facts.
Apple's responsibility somewhat (Score:2)
Apple can just put in an app security requirement that unencrypted connections will be blocked at the OS level.
Re: (Score:2)
Would that really be much better? The dodgy server getting a raw feed of your data will still get that feed, but you won't be able to tell. The traffic would be protected from snooping in transit, but to a first order that doesn't matter if an untrustworthy party is getting so the data anyway.
Incremental improvement (Score:2)
Incremental step towards better security. Not a 100% fix, though it prevents the lowest common denominator fails.
Re: Apple's responsibility somewhat (Score:2)
They have one, as noted in TFS. It can be turned off by the app. This one did. Not sure WHY an app would want to avoid using TLS for whatever shady stuff it's sending to the mothership. Smells more like lazy/sloppy than overtly malicious.
I am Jack's Complete Lack of Surprise (TM) (Score:2)
Don't install the app (Score:3)
And that's true for 95% of all webservices. The app is the same as the website, but with more tracking and more access to local device data. They want you to install it to know more about you. Not just DeepSeek. Have a look information Meta's apps access.
Re: (Score:2)
And that's true for 95% of all webservices. The app is the same as the website, but with more tracking and more access to local device data. They want you to install it to know more about you. Not just DeepSeek. Have a look information Meta's apps access.
Not to mention an uninterruptable means of serving you ads.
The overwhelming majority of apps are just single use web browsers... and there's enough single use shit in our lives.
Slashvertisement for NowSecure (Score:3)
It's basic telemetry. That's it. Yes it should probably be encrypted or ideally not sent at all but come on, it's not like it's sending them your grannies nudes that you have on your phone for some reason.
At least this was mitigated from the start. (Score:2)
Everyone using the remote DeepSeek servers had to know that anything they transmitted would be subject to inspection by the Chinese government. The fact that it's accessible to practically everyone is considerably worse, but the known problems should have kept people from doxxing themselves in the first place. So I'd expect that the vast bulk of information going across that server is fiction, even when it's convincing fiction.
So what..? (Score:2, Insightful)
> In the end, it puts your and your company's data and identity at risk.
Isn't this the new US national policy anyway - your data is now available to random, unvetted teenagers?
Ok soâ¦.. (Score:2)
Why dont apple and Google block unencrypted traffic from happening from apps on their decided? They surely can
Re: (Score:2)
how do you identify encrypted data vs proprietary binary data?
Meta (Score:1)
Not encrypted is GOOD and on PURPOSE (Score:2)
his way, we can verify that it only transmits telemetry data and none of your chat interactions.
So yes, this step makes DeepSeek significantly more trustworthy.
Encrypted connections, on the other hand, would leave room for any conspiracy theory one could imagine.
hmmm (Score:1)