| ▲ | memesarecool 2 days ago |
| Cool post. One thing that rubbed me the wrong way: Their response was better than 98% of other companies when it comes to reporting vulnerabilities. Very welcoming and most of all they showed interest and addressed the issues. OP however seemed to show disdain and even combativeness towards them... which is a shame. And of course the usual sinophobia (e.g. everything Chinese is spying on you).
Overall simple security design flaws but it's good to see a company that cares to fix them, even if they didn't take security seriously from the start. Edit: typo |
|
| ▲ | mmastrac 2 days ago | parent | next [-] |
| I agree they could have worked more closely with the team, but the chat logging is actually pretty concerning. It's not sinophobia when they're logging _everything_ you say. (in fairness pervasive logging by American companies should probably be treated with the same level of hostility these days, lest you be stopped for a Vance meme) |
| |
| ▲ | oceanplexian 2 days ago | parent | next [-] | | This might come as a weird take but I'm less concerned about the Chinese logging my private information than an American company. What's China going to do? It's a far away country I don't live in and don't care about. If they got an American court order they would probably use it as toilet paper. On the other hand, OpenAI would trivially hand out my information to the FBI, NSA, US Gov, and might even do things on behalf of the government without a court order to stay in their good graces. This could have a far more material impact on your life. | | |
| ▲ | dubcanada 2 days ago | parent | next [-] | | That's rather naive, considering China has a international police unit, that is stationed in several countries https://en.wikipedia.org/wiki/Chinese_police_overseas_servic... | | | |
| ▲ | mschuster91 2 days ago | parent | prev | next [-] | | > What's China going to do? It's a far away country I don't live in and don't care about. Extortion is one thing. That's how spy agencies have operated for millennia to gather HUMINT. The Russians, the ultimate masters, even have a word for it: kompromat. You may not care about China, Russia, Israel, the UK or the US (the top nations when it comes to espionage) - but if you work at a place they're interested, they care about you. The other thing is, China has been known to operate overseas against targets (usually their own citizens and public dissidents), and so have the CIA and Mossad. Just search for "Chinese secret police station" [1], these have cropped up worldwide. And, even if you personally are of no interest to any foreign or national security service, sentiment analysis is a thing. Listen in on what people talk about, run it through a STT engine and a ML model to condense it down, and you get a pretty broad picture of what's going on in a nation (aka, what are potential wedge points in a society that can be used to fuel discontent). Or proximity gathering stuff... basically the same thing the ad industry [2] or Strava does [3], that can then be used in warfare. And no, I'm not paranoid. This, sadly, is the world we live in - there is no privacy any more, nowhere, and there are lots of financial and "national security" interest in keeping it that way. [1] https://www.bbc.com/news/world-us-canada-65305415 [2] https://techxplore.com/news/2023-05-advertisers-tracking-tho... [3] https://www.theguardian.com/world/2018/jan/28/fitness-tracki... | | |
| ▲ | Sanzig 2 days ago | parent | next [-] | | > but if you work at a place they're interested, they care about you. And also worth noting that "place a hostile intelligence service may be interested in" can be extremely broad. I think people have this skewed impression they're only after assets that work for goverment departments and defense contractors, but really, everything is fair game. Communications infrastructure, social media networks, cutting edge R&D, financial services - these are all useful inputs for intelligence services. These are also softer targets: someone working for a defense contractor or for the government will have had training to identify foreign blackmail attempts and will be far more likely to notify their country's counterintelligence services (having the penalties for espionage clearly explained on the regular helps). Someone who works for a small SaaS vendor, though? Far less likely to understand the consequences. | |
| ▲ | lostlogin 2 days ago | parent | prev | next [-] | | > The other thing is, China has been known to operate overseas against targets Here in boring New Zealand, the Chinese government has had anti-China protestors beaten in new zealand. They have stalked and broken into the office and home of an academic, expert in China. They have a dubious relationship with both the main political parties (including having an ex-Chinese spy elected as an MP). It’s an uncomfortable situation and we are possibly the least strategically useful country in the world. | | |
| ▲ | mschuster91 2 days ago | parent [-] | | > It’s an uncomfortable situation and we are possibly the least strategically useful country in the world. You're still part of Five Eyes... a privilege no single European Union country enjoys. That's what makes you a juicy target for China. |
| |
| ▲ | Szpadel 2 days ago | parent | prev [-] | | > Listen in on what people talk about, run it through a STT engine and a ML model to condense it down this is something I was talking when LLM boom started. it's now possible to spy on everyone on every conversation. you just need enough computing power to run special AI agent (pun intended) |
| |
| ▲ | dylan604 2 days ago | parent | prev | next [-] | | These threads always seem to be what can China do to me in a limited way of thinking that China cannot jail you or something. However, do you think all of the Chinese data scrapers are not doing something similar to Facebook where every source of data gathering ultimately gets tied back to you? Once China has a dosier on every single person on the planet regardless of country they live, they can then start using their algos to influence you in ways well beyond advertising. If they can have their algos show you content that causes you to change your mind on who you are voting for or some other method of having you do something to make changes in your local/state/federal elections, then that's much worse to me than some feigned threat of Chinese advertising making you buy something | | |
| ▲ | drawfloat 2 days ago | parent [-] | | They probably will do that, but I think it’s naive to think the US military/intelligence/tech sector wouldn’t happily do the same. Given many of us likely see the hand of the US already trying to tip the scale in our local politics more than China, why would we be more worried of China? | | |
| ▲ | dylan604 2 days ago | parent [-] | | So flip the script, what do I care if the US is trying to influence the minds of adversary's citizens? If people are saying they don't care what China knows about them (not being a Chinese citizen), why should I (not a Chinese citizen) care what my gov't knows about Chinese citizens? | | |
| ▲ | drawfloat 2 days ago | parent [-] | | Nobody said they don’t care, they said it worries them less than America. | | |
| ▲ | dylan604 2 days ago | parent [-] | | The "don't care" is implied when someone says that "China knowing about me when I'm not in China nor a Chinese citizen" |
|
|
|
| |
| ▲ | IncreasePosts 2 days ago | parent | prev | next [-] | | Carry this package and deliver it to person X with you next time you fly. Go to the outskirts of this military base and take a picture and send it to us. You wouldn't want your mom finding out your weird sexual fetish, would you? | |
| ▲ | mensetmanusman 2 days ago | parent | prev [-] | | China has a policy of chilling free speech in the west with political pressure. | | |
| |
| ▲ | mrheosuper 2 days ago | parent | prev | next [-] | | i like to give them benefit of doubt. I bet that decision is decided solely by dev team. All the CEO care is "I want the chat log sync between devices, i don't care how you do this". They won't even know the chat log is stored on their server. | | |
| ▲ | rvnx 2 days ago | parent [-] | | It is only in DAN mode, so most likely it is not to spy but to be able to debug whether answers violate the laws in China (aka: that the prompt is efficient in all scenarios) as this is a serious crime |
| |
| ▲ | rvnx 2 days ago | parent | prev [-] | | No, it was only in DAN mode |
|
|
| ▲ | transcriptase 2 days ago | parent | prev | next [-] |
| >everything Chinese is spying on you When you combine the modern SOP of software and hardware collecting and phoning home with as much data about users as is technologically possible with laws that say “all orgs and citizens shall support, assist, and cooperate with state intelligence work”… how exactly is that Sinophobia? |
| |
| ▲ | ixtli 2 days ago | parent | next [-] | | its sinophobia because it perfectly describes the conditions we live in in the US and many parts of europe, but we work hard to add lots of "nuance" when we criticize the west but its different and dystopian when They do it over there. | | |
| ▲ | transcriptase 2 days ago | parent | next [-] | | Do you remember that Sesame Street segment where they played a game and sang “One of these things is not like the others”? I’ll give you a hint: In this case it’s the one-party unitary authoritarian political system with an increasingly aggressive pursuit of global influence. | | |
| ▲ | nyrikki 2 days ago | parent | next [-] | | One is disappearing citizens for political speech or the crime of being born to active duty parents, who happened to be stationed over seas. Anyone in the US should be very concerned, no matter if it is the current administration's thought police, or the next who treats it as precident. As I am not actively involved in something the Chinese government would view as a huge risk, but being put on a plane without due process to be sent to a labor camp based on trumped up charges by my own government is far more likely. | | |
| ▲ | transcriptase 2 days ago | parent [-] | | And if you were a Chinese citizen would you post the same thing about your government while living in China? Would the things you’re referencing be covered in non-stop Chinese news coverage that’s critical of the government? You know of these things due to the domestic free press holding the government accountable and being able to speak freely about it as you’re doing here. Seeing the two as remotely comparable is beyond belief. You don’t fear the U.S. government but it’s fun to pretend you live under an authoritarian dictatorship because your concept of it is purely academic. | | |
| ▲ | habinero a day ago | parent [-] | | My dude, I know multiple white people in LA who are terrified their Hispanic spouses might not come home one day, because masked agents are grabbing people and disappearing them. The president threatened to deport a legal citizen who won the primary for mayor in NYC. He's tried to send the military after civilians. He's sued and extracted payment from media companies who said things he didn't like. We do not have a free press. We're fully as bad as China. I don't know what your criteria for "authoritarian dictatorship" is but it doesn't appear to be reality based. | | |
| ▲ | transcriptase 20 hours ago | parent [-] | | [flagged] | | |
| ▲ | habinero 17 hours ago | parent [-] | | Huh. It takes a special kind of person to respond to "my IRL friends credibly fear being disappeared by the government" with a sneer of "lol reddit". Man, I am glad I am not that person. | | |
| ▲ | transcriptase 15 hours ago | parent [-] | | Credibly? Are they illegal immigrants with criminal records? If not, do they also walk around in crippling fear of car crashes, fatal falls, aneurysms, choking, drowning, anaphylaxis, cardiac arrest, or a thousand other things orders of magnitude more likely to happen to them? Which assumes for a moment that the odds of what you think is happening outside of human error is non-zero. The fact is your view of reality is being warped and it’s not good for your mental health or that of your friends. |
|
|
|
|
| |
| ▲ | ceejayoz 2 days ago | parent | prev | next [-] | | > I’ll give you a hint: In this case it’s the one-party unitary authoritarian political system with an increasingly aggressive pursuit of global influence. Gonna need a more specific hint to narrow it down. | |
| ▲ | immibis 2 days ago | parent | prev | next [-] | | > In this case it’s the one-party unitary authoritarian political system with an increasingly aggressive pursuit of global influence. This could describe any of the countries involved. | |
| ▲ | standardly 2 days ago | parent | prev [-] | | > one-party unitary authoritarian political system with an increasingly aggressive pursuit of global influence. The United States? | | |
| ▲ | wombatpm 2 days ago | parent [-] | | Global Bully maybe. The current administration has no concept of soft power, otherwise they would have kept USAID |
|
| |
| ▲ | observationist 2 days ago | parent | prev [-] | | There's no question that the Chinese are doing sketchy things, and there's no question that US companies do it, too. The difference that makes it concerning and problematic that China is doing it is that with China, there is no recourse. If you are harmed by a US company, you have legal recourse, and this holds the companies in check, restraining some of the most egregious behaviors. That's not sinophobia. Any other country where products are coming out of that is effectively immune from consequences for bad behavior warrants heavy skepticism and scrutiny. Just like popup manufacturing companies and third world suppliers, you might get a good deal on cheap parts, but there's no legal accountability if anything goes wrong. If a company in the US or EU engages in bad faith, or harms consumers, then trade treaties and consumer protection law in their respective jurisdictions ensure the company will be held to account. This creates a degree of trust that is currently entirely absent from the Chinese market, because they deliberately and belligerently decline to participate in reciprocal legal accountability and mutually beneficial agreements if it means impinging even an inch on their superiority and sovereignty. China is not a good faith participant in trade deals, they're after enriching themselves and degrading those they consider adversaries. They play zero sum games at the expense of other players and their own citizens, so long as they achieve their geopolitical goals. Intellectual property, consumer and worker safety, environmental protection, civil liberties, and all of those factors that come into play with international trade treaties allow the US and EU to trade freely and engage in trustworthy and mutually good faith transactions. China basically says "just trust us, bro" and will occasionally performatively execute or imprison a bad actor in their own markets, but are otherwise completely beyond the reach of any accountability. | | |
| ▲ | ixtli 2 days ago | parent | next [-] | | I think the notion that people have recourse against giant companies, a military industrial complex, or even their landlords in the US is naive. I believe this to be pretty clear so I don't feel the need to stretch it into a deep discussion or argument but suffice it to say it seems clear to me that everything you accuse china of here can also be said of the US. | |
| ▲ | rvnx 2 days ago | parent | prev | next [-] | | The main difference is that ChatGPT and Google directly captures the conversations. Here they capture only the conversations legally at high-risk, so even less conversations than the “good privacy” US LLM providers themselves. | |
| ▲ | drawfloat 2 days ago | parent | prev | next [-] | | Your president is currently using tariffs and the threat of further economic damage as a weapon to push Europe in to dropping regulation of its tech sector. We have no recourse to challenge that either. | |
| ▲ | pbhjpbhj 2 days ago | parent | prev [-] | | >there's no question that US companies [...] You don't think Trump's backers have used profiling, say, to influence voters? Or that DOGE {party of the USA regime} has done "sketchy things" with people's data? |
|
| |
| ▲ | Vilian 2 days ago | parent | prev [-] | | USA does the same thing, but uses tax money to pay for the information, between wasting taxpayer money and forcing companies to give the information for free, China is the least morally incorrect |
|
|
| ▲ | hnrodey 2 days ago | parent | prev | next [-] |
| If all of the details in this post are to be believed, the vendor is repugnantly negligent for anything resembling customer respect, security and data privacy. This company cannot be helped. They cannot be saved through knowledge. See ya. |
| |
| ▲ | repelsteeltje 2 days ago | parent [-] | | +1 Yes, even when you know what you're doing security incidents dan happen. And in those cases, your response to a vulnerable matters most. The point is there are so many dumb mistakes and worrying design flaws that neglect and incompetence seems ample. Most likely they simply don't grasp what they're doing |
|
|
| ▲ | wyager 2 days ago | parent | prev | next [-] |
| Note that the world-model "everything Chinese is spying on you" actually produced a substantially more accurate prediction of reality than the world-model you are advocating here. As far as being "very welcoming", that's nice, but it only goes so far to make up for irresponsible gross incompetence. They made a choice to sell a product that's z-tier flaming crap, and they ought to be treated accordingly. |
| |
|
| ▲ | mensetmanusman 2 days ago | parent | prev | next [-] |
| Nipponophobia is low because Japan didn’t successfully weaponize technology to make a social credit score police state for minority groups. |
| |
| ▲ | ixtli 2 days ago | parent [-] | | they already terrorize minority groups there just fine: no need for technology. |
|
|
| ▲ | dylan604 2 days ago | parent | prev | next [-] |
| > And of course the usual sinophobia (e.g. everything Chinese is spying on you) to assume it is not spying on you is naive at best. to address your sinophobia label, personally, I assume everything is spying on me regardless of country of origin. I assume every single website is spying on me. I assume every single app is spying on me. I assume every single device that runs an app or loads a website is spying on me. Sometimes that spying is done for me, but pretty much always the person doing the spying is benefiting someway much greater than any benefit I receive. Especially the Facebook example of every website spying on me for Facebook, yet I don't use Facebook. |
| |
| ▲ | immibis 2 days ago | parent [-] | | And, importantly, the USA spying can actually have an impact on your life in a way that the Chinese spying can't. Suppose you live in the USA and the USA is spying on you. Whatever information they collect goes into a machine learning system and it flags you for disappearal. You get disappeared. Suppose you live in the USA and China is spying on you. Whatever information they collect goes into a machine learning system and it flags you for disappearal. But you're not in China and have no ties to China so nothing happens to you. This is a strictly better scenario than the first one. If you're living in China with a Chinese family, of course, the scenarios are reversed. |
|
|
| ▲ | billyhoffman 2 days ago | parent | prev | next [-] |
| > Their response was better than 98% of other companies when it comes to reporting vulnerabilities. Very welcoming and most of all they showed interest and addressed the issues This was the opposite of a professional response: * Official communication coming from a Gmail. (Is this even an employee or some random contractor?) * Asked no clarifying questions * Gave no timelines for expected fixes, no expectations on when the next communication should be * No discussion about process to disclose the issues publicly * Mixing unrelated business discussions within a security discussion. While not an outright offer of a bribe, ANY adjacent comments about creating a business relationship like a sponsorship is wildly inappropriate in this context. These folks are total clown shoes on the security side, and the efficacy of their "fix", and then their lack of communication, further proves that. |
|
| ▲ | repelsteeltje 2 days ago | parent | prev | next [-] |
| > Overall simple security design flaws but it's good to see a company that cares to fix them, even if they didn't take security seriously from the start. It depends on what you mean by simple security design flaws. I'd rather frame it as, neglect or incompetence. That isn't the same as malice, of course, and they deserve credits for their relatively professional response as you already pointed out. But, come on, it reeks of people not understanding what they're doing. Not appreciating the context of a complicated device and delivering a high end service. If they're not up to it, they should not be doing this. |
| |
| ▲ | memesarecool 2 days ago | parent [-] | | Yes I meant simple as in "amateur mistakes". From the mistakes (and their excitement and response to the report) they are clueless about security. Which of course is bad. Hopefully they will take security more seriously on the future. |
|
|
| ▲ | plorntus 2 days ago | parent | prev | next [-] |
| To be honest the responses sounded copy and pasted straight from ChatGPT, it seemed like there was fake feigned interest into their non-existent youtube channel. > Overall simple security design flaws but it's good to see a company that cares to fix them, even if they didn't take security seriously from the start I don't think that should give anyone a free pass though. It was such a simple flaw that realistically speaking they shouldn't ever be trusted again. If it had been a non-obvious flaw that required going through lots of hoops then fair enough but they straight up had zero authentication. That isn't a 'flaw' you need an external researcher to tell you about. I personally believe companies should not be praised for responding to such a blatant disregard for quality, standards, privacy and security. No matter where they are from. |
|
| ▲ | derac 2 days ago | parent | prev | next [-] |
| I mean, at the end of the article they neglected to fix most of the issues and stopped responding. |
|
| ▲ | Aeolun a day ago | parent | prev | next [-] |
| I think the response wouldn’t be so hostile if they had continued to engage. One round of fixes clearly wasn’t enough. |
|
| ▲ | demarq 2 days ago | parent | prev | next [-] |
| Same here. Also once it turned out to be an android device in debug mode the rest of the article was less interesting. Evil maid stuff |
|
| ▲ | 2 days ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | butlike 2 days ago | parent | prev | next [-] |
| They'll only patch it in the military model /s |
|
| ▲ | jekwoooooe 2 days ago | parent | prev [-] |
| It’s not sinophobia to point out an obvious pattern. It’s like saying talking about how terrorism (the kind that will actually affect you) is solely an Islamic issue, and then calling that islamophobic. It’s okay to recognize patterns my man. |
