NEW RESEARCH: most popular Chinese keyboard app (450 million monthly users!) transmits every key typed to #Tencent.
.
My npub1h662kslx3s4e4y0ny97snasj8d0m22yld2xt6rn8zjpyj8nz4f7q8e0ec3 (npub1h66…0ec3) colleagues found vulnerable encryption means the uploaded keystrokes could *also* be intercepted by 3rd parties.
We did responsible disclosure.
The vulnerable encryption that could expose transmitted typing to third parties = fixed.
Sogou Keyboard users should update!
But they should also remain aware that everything you type still goes to the developer.
John Scott-Railton ☕ /
npub18r…e9j7t
2023-08-09 16:32:41
Author Public Key
npub18r8efsp3d9r79v42huwlyjstzr3y92s99zyfur2q2utnqpyzsrcqce9j7tPublished at
2023-08-09 16:32:41Event JSON
{
"id": "9907e34c3850dbdafdfb72566127b82de7ef937ada57be9c7349c1c36bc54a24",
"pubkey": "38cf94c0316947e2b2aabf1df24a0b10e242aa0528889e0d40571730048280f0",
"created_at": 1691598761,
"kind": 1,
"tags": [
[
"p",
"beb4ab43e68c2b9a91f3217d09f6123b5fb5289f6a8cbd0e671482491e62aa7c",
"wss://relay.mostr.pub"
],
[
"p",
"48484737f8444aea04613fc9f77b5249e005e3e398474551ba7491b81dd5cf64",
"wss://relay.mostr.pub"
],
[
"t",
"tencent"
],
[
"proxy",
"https://mastodon.social/users/jsrailton/statuses/110860616423970446",
"activitypub"
]
],
"content": "NEW RESEARCH: most popular Chinese keyboard app (450 million monthly users!) transmits every key typed to #Tencent.\n.\nMy nostr:npub1h662kslx3s4e4y0ny97snasj8d0m22yld2xt6rn8zjpyj8nz4f7q8e0ec3 colleagues found vulnerable encryption means the uploaded keystrokes could *also* be intercepted by 3rd parties. \n\nWe did responsible disclosure.\n\nThe vulnerable encryption that could expose transmitted typing to third parties = fixed. \n\nSogou Keyboard users should update!\n\nBut they should also remain aware that everything you type still goes to the developer.",
"sig": "79d899f5426a5898deef7721f90a35f552df662d35c66ec5d09fedbc5d69eb8883b5d7eed816c201249274afc14cd021214aaeb9341c3de1049e71fc12d91d12"
}