• GenderNeutralBro@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    6
    ·
    8 months ago

    Naomi Wu, AKA Sexy Cyborg, talked about how this vulnerability could leak chats in secure messaging apps last year. It got her a visit by the Chinese police and she can no longer post videos online.

    See: https://www.hackingbutlegal.com/p/naomi-wu-and-the-silence-that-speaks-volumes

    “Ok for those of you that haven’t figured it out I got my wings clipped and they weren’t gentle about it- so there’s not going to be much posting on social media anymore and only on very specific subjects. I can leave but Kaidi can’t so we’re just going to follow the new rules and that’s that. Nothing personal if I don’t like and reply like I used to. I’ll be focusing on the store and the occasional video. Thanks for understanding, it was fun while it lasted.” –@RealSexyCyborg, July 7, 2023

  • jol@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    8 months ago

    That’s why I keep my keyboard gagged behind a no-network order. My keyboard has no business being online.

  • ozymandias117@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    8 months ago

    Are the on-device pinyin keyboards unusably bad at typing?

    I know it’s complex to get the right meaning with the English alphabet, but I’m surprised at cloud-based keyboards

  • Dark Arc@social.packetloss.gg
    link
    fedilink
    English
    arrow-up
    2
    ·
    8 months ago

    So does this affect English/European keyboards or just Asian keyboards?

    It seems like the mechanism is exploiting an insecure connection (or rather a connection using predictable encryption where the same input results in the same packets) to the cloud for translating keystrokes into logographic characters?

    Did I understand correctly? I definitely didn’t do a thorough read.

    I also think it’s kind of interesting Gboard wasn’t included (?)

    • Carighan Maconar@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      8 months ago

      It’s about using a cloud-based model to better predict the next keystroke.

      Think of the next-word-prediction of the likes of GBoard or SwiftKey, but for just strokes/characters. There’s a local model, but it’s limited in depth and complexity, and then a cloud based one, that can do more but as shown here has security flaws.

      • Dark Arc@social.packetloss.gg
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        Well, it can’t just be about that. There are ways to salt the data so that it’s not predictable. I’m not an expert in that area, but I know it’s a technique that’s often employed by cryptography experts when this is a major concern.

    • lemmyreader@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      8 months ago

      I also think it’s kind of interesting Gboard wasn’t included (?)

      Indeed. But given it’s Google I would not be surprised if Gboard has keylogger features.

      • Dark Arc@social.packetloss.gg
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        I think that would be far too large of a liability for Google for the minimal amount of data they’d get back.

        Google mostly cares about metadata for their advertising business (per my understanding).