Yep it also prevents anyone in the airport impersonating the WiFi and the bytedance server (which is trivial) and crafting payloads that run insecure code on your phone ( not that easy but there’s heaps of CVEs like this in apps like Safari over the years, so there’s at least 2x as many in an app like this)
Yes, so not only are they doing something shady, they’re doing something shady and exposing your data to anyone wanting to snoop it. What’s dumb about criticising the latter part?
If you are implying that a government wants your data, they can just buy it or request it from the company directly. They don’t have to snoop to get it. Also SSL isn’t going to stop them.
Oh, no. I don’t mean USA government. I do mean some governments, but also any company between here an there.
Imagin that your company wants to sell user data. There are limits on what your company can sell due to contracts or laws, due to having a relationship with the customers.
Your company leases internet connections from another company, ISP or not, that can sell the data.
Sending the data without SSL provides an okay, if not ideal, method to move that data.
This is dumb.
Even if you encrypt network traffic, the receiving server still knows what you’re doing. All it does is prevent third parties from snooping.
Usually.
Yep it also prevents anyone in the airport impersonating the WiFi and the bytedance server (which is trivial) and crafting payloads that run insecure code on your phone ( not that easy but there’s heaps of CVEs like this in apps like Safari over the years, so there’s at least 2x as many in an app like this)
Yes, so not only are they doing something shady, they’re doing something shady and exposing your data to anyone wanting to snoop it. What’s dumb about criticising the latter part?
The fact that anyone thinks they have any semblance of privacy when typing into an online AI chatbot is saddening.
Of course anything you type into a externally hosted AI is going to be harvested and sold.
But sure, in this case you are also potentially exposing your queries to your ISP or someone listening on your local network too.
Privacy is not the same as security
Regardless of the downstream server, you should expect the interim traffic to be encrypted in transit
Sure, it’s not a bad thing and it should be standard practice, but to act like encrypted traffic guarantees privacy is silly.
The thing is that with the traffic unencrypted it opens the door to all sorts of attacks on that traffic.
It’s not just privacy.
If you can intercept and interpret you have the ability to replace as well.
This is the integrity of your data
Tell me where in this thread are anyone expecting privacy from any online LLM service, or anyone saying encrypted traffic guarantees privacy?
Maybe they want 3rd parties snooping?
If you are implying that a government wants your data, they can just buy it or request it from the company directly. They don’t have to snoop to get it. Also SSL isn’t going to stop them.
Oh, no. I don’t mean USA government. I do mean some governments, but also any company between here an there.
Imagin that your company wants to sell user data. There are limits on what your company can sell due to contracts or laws, due to having a relationship with the customers.
Your company leases internet connections from another company, ISP or not, that can sell the data. Sending the data without SSL provides an okay, if not ideal, method to move that data.