> Weak & Hardcoded Encryption Keys
> Insecure Data Storage
you know they're not kidding when they said that deepseek is just a side-project...
> However, there are multiple reasons why companies might send data to servers in the current country including performance, regulatory, or more nefariously to mask where the data will ultimately be sent or processed.
thought i'm very glad to see it's demonized, as long as it can force these companies changing their mindset abt security
i talked abt this problem elsewhere[Exposed DeepSeek database leaking sensitive information, including chat history](https://news.ycombinator.com/item?id=42871371):
> this industry in china is so young, many devs and orgs don't understand what will happened if they shutdown the firewall or expose their database on the internet without a password, they just, can't think of it, need someone to remind them
re: big red, the sensitive traffic (but not all sadly), is communicated over HTTPS which should already protect you from eavesdroppers. My understanding is that the use of 3DES is just another layer of obfuscation to make it harder to abuse their app's private web APIs even if someone used a self-signed cert to MITM HTTPS. It's HTTPS that should be protecting your data in transit.
Basically I think this is a big nothing burger but would love to understand why I'm wrong. Though poor use of encryption certainly doesn't give me positive vibes on the developers.
