Privacy firm discovers direct link between DeepSeek and Chinese government servers
Chinese AI startup DeepSeek has enjoyed a meteoric rise in the past month, but alarming privacy and security concerns are now overshadowing its success. In the latest development, privacy firm Feroot Security has discovered direct links between DeepSeek servers and those operated by the Chinese government, raising fears about data security and potential surveillance.
The discovery
In an interview with ABC, Feroot Security CEO Ivan Tsarynny revealed that his firm discovered "direct links to servers and to companies in China that are under the control of the Chinese government" within DeepSeek's code.
This hidden programming sends user data, including identifying information, queries, and online activity, to China Mobile, a state-operated telecom company banned in the US due to national security risks.
Mobile app flaws
Before the new discovery, another security company, NowSecure, had recommended organizations ban DeepSeek's mobile app due to multiple vulnerabilities, including unencrypted data and poor data storage.
These flaws expose user information to potential interception and compromise. Not to forget, research firm Wiz had earlier discovered a publicly accessible internal DeepSeek database containing chat histories, user API keys, and other sensitive data. This "completely open and unauthenticated" database allowed for full database control and potential privilege escalation, raising serious questions about DeepSeek's data security practices.
Privacy policy red flags
DeepSeek's privacy policy itself raises concerns. It states that user data may be stored on servers in China and collects a wide range of information, including IP addresses, device identifiers, user credentials, and chat history.
Notably, the policy does not mention GDPR compliance. Experts warn that data shared with DeepSeek could be subject to government access under Chinese cybersecurity laws, which mandate data sharing with authorities upon request.
So, while DeepSeek may be a more affordable option than many current models, it carries security and privacy risks that every business should be aware of. And unless the company takes steps to correct the issues, any benefit it may offer is overshadowed by the downsides.
