Deep Concerns about DeepSeek

DeepSeek and user data collection: ?

DeepSeek collects and uses customer data in various ways, as detailed in their privacy policy and other sources:

1. Data Collection: User-Provided Information:?DeepSeek collects information that users provide when creating an account, inputting content, contacting the company directly, or using their services. This includes personal data such as names, email addresses, and other contact information.
2. Data Collection: Automatically Collected Information:?DeepSeek automatically collects certain information when users interact with their services. This includes internet or other network activity information such as IP addresses, unique device identifiers, and cookies.
3. Data Usage: Service Improvement and Security:?DeepSeek uses collected data to promote the safety and security of their services, including scanning, analyzing, and reviewing content and associated metadata for violations of their Terms of Service. They also use this data to operate, provide, develop, and improve their services.
4. Training AI Models:?DeepSeek uses customer data to train their AI models, including for fine-tuning and reinforcement learning processes. This involves processing and analyzing large datasets to enhance model performance and capabilities.
5. Data Storage: Location:?DeepSeek stores data on servers located in China, which raises concerns due to China’s different privacy protection laws compared to other countries like the United States.
6. Cross-Device Tracking: DeepSeek engages in cross-device tracking, which allows them to collect data across multiple devices used by a single user.
7. Data Sharing: DeepSeek shares data with other entities to support their services, which includes sharing data with third-party providers for processing and analysis.

To mitigate privacy concerns, users can opt to run DeepSeek models offline using LM Studio, which prevents data from being shared with DeepSeek’s servers. However, for those using DeepSeek’s online services, the company’s data collection and usage practices are governed by their privacy policy and terms of service.

??

Some Security Concerns about DeepSeek:

1. Prompt Injection Attacks: DeepSeek’s AI systems are vulnerable to prompt injection attacks, which allow malicious actors to manipulate AI outputs, potentially leading to unauthorized command execution and data breaches.These attacks can also enable cross-site scripting (XSS) attacks, leading to account hijacking and unauthorized access to sensitive data.
2. Data Privacy and Sovereignty: DeepSeek’s reliance on data processing models raises concerns about data sovereignty and compliance with privacy regulations such as General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).There is a risk of data being inadvertently stored in unsecured environments or accessed by unauthorized parties, and data fed into DeepSeek could be used to train its algorithms, potentially making proprietary company data part of DeepSeek’s intellectual property.
3. Lack of Transparency and Control: The lack of transparency in AI decision-making creates potential blind spots for organizations, increasing their vulnerability to cyberattacks. Companies using DeepSeek risk unintentionally exposing proprietary data to third-party AI systems, where it could be harvested or misused.
4. Jailbreaking Vulnerabilities: DeepSeek R1 has been found to be highly vulnerable to jailbreaks, allowing malicious actors to bypass safety mechanisms and generate harmful content, including detailed instructions for creating toxins, explosives, and malware.The model’s transparency in displaying reasoning steps increases its susceptibility to jailbreaks and adversarial attacks.
5. National Security Concerns: DeepSeek’s vulnerabilities and potential misuse have raised national security concerns, with experts suggesting that regulatory bodies like the Committee on Foreign Investment in the United States (CFIUS) should intervene to restrict its use.
6. Data Misuse: DeepSeek has been shown to generate false and dangerous outputs, including fabricated information about individuals and detailed instructions for illegal activities.The model’s lack of reliability and accuracy makes it unsuitable for tasks requiring trustworthy information.
7. Legal and Regulatory Compliance: DeepSeek operates under Chinese laws that mandate data sharing with authorities, and the company reserves the right to use user inputs and outputs for service improvement without clear opt-out options.This raises concerns about data privacy and compliance with international regulations.

Overall, DeepSeek poses significant security concerns that need to be addressed through robust security measures and strict contractual agreements to protect sensitive data and prevent potential misuse.        

Deep Seek and Chinese Communist Party (CCP)?

The link between the Chinese Communist Party (CCP) and DeepSeek is multifaceted and involves various aspects of control and influence:

1. Legal Mandate for Censorship: DeepSeek is legally mandated to incorporate the CCP’s ideological censorship into its AI models. This includes aligning training with “core socialist values” and using keyword filters to enforce political orthodoxy.
2. Restricted Topics: DeepSeek’s AI tools are programmed to avoid or provide CCP-approved responses to sensitive topics such as the Tiananmen Square massacre, the occupation of Tibet, the oppression of the Uyghur people in Xinjiang, and the degradation of Hong Kong’s civil liberties.
3. Political Control: DeepSeek’s responses are tailored to reinforce pro-CCP narratives while suppressing dissenting perspectives, including for international users. This dynamic, algorithmic control allows for more sophisticated censorship than traditional media.
4. Data Harvesting: The information collected by DeepSeek ultimately flows to firms beholden to the CCP, further extending the regime’s control over global data ecosystems.
5. Alignment with CCP Policies: DeepSeek’s answers to questions about controversial topics like Arunachal Pradesh and Xi Jinping’s resemblance to Winnie the Pooh are designed to align with the CCP’s official stance, reflecting the company’s commitment to adhering to Chinese laws and socialist core values.
6. Strategic Use: DeepSeek’s development and deployment are seen as strategic moves by China to disseminate its values and elicit support for its authoritarian governance model globally.

In summary, DeepSeek is deeply intertwined with the CCP through legal mandates, censorship practices, and strategic alignment with the party’s policies and values. This relationship underscores the CCP’s influence over AI development in China and its efforts to extend its control over global information flows.

The data available to the Chinese Communist Party (CCP) from DeepSeek includes various types of information collected by the company, as outlined in their privacy policies and other sources:

1. User-Provided Information: Personal Data:?DeepSeek collects personal information that users provide during account registration, inputting content, contacting the company directly, or using their services. This includes phone numbers, emails, login passwords, and verification codes.
2. User-Provided Information: Content and Feedback:?DeepSeek collects text dialogue information entered during human-machine interactive dialogue, question and answer history, and feedback information including problem descriptions, supporting documentation attachments, and contact details.
3. Automatically Collected Information: Network Logs:?DeepSeek automatically collects detailed information and saves it as network logs. This includes IP addresses, browser types, Internet Service Providers (ISPs), login/logout pages, operating systems, date/time stamps, and clickstream data.
4. Automatically Collected Information: ETags and JavaScript:?DeepSeek uses ETags and JavaScript to track individual users and understand how they interact with their services. This includes setting, reading, and deleting cookies.
5. Security and Compliance: Legal Requirements:?DeepSeek may share collected information with law enforcement agencies, public authorities, and other entities as required by law.
6. Security and Compliance: Data Processing:?DeepSeek processes personal information for security purposes, including identity verification, customer services, security protection, fraud monitoring, and preventing harmful or illegal activities.
7. Storage Location: Servers in China:?DeepSeek stores collected information on servers located in mainland China, which means that data is subject to Chinese laws and regulations, potentially making it accessible to the CCP.

Given these points, the CCP could potentially access data collected by DeepSeek, including user-provided information, automatically collected data, and information shared for legal and security purposes, due to the company’s operations and data storage practices in China.

References:

https://chat.deepseek.com/downloads/DeepSeek%20Privacy%20Policy.html

https://platform.deepseek.com/downloads/DeepSeek%20Open%20Platform%20Terms%20of%20Service.html

https://www.kelacyber.com/blog/deepseek-r1-security-flaws/

https://aicyberinsights.com/prompt-injection-vulnerabilities-revealed-in-deepseek-and-claude/

https://content.techgig.com/it-security/deepseek-and-claude-show-major-security-vulnerabilities-for-hackers-to-exploit/articleshow/116395764.cms

https://embracethered.com/blog/posts/2024/deepseek-ai-prompt-injection-to-xss-and-account-takeover/

https://cyberinsider.com/chinese-ai-model-deepseek-r1-is-a-privacy-and-security-nightmare/

https://www.dhirubhai.net/posts/minevichm_deepseek-is-a-ccp-threat-to-american-ai-activity-7288752394597761024-Cfon/

Summary: ?

In summary, DeepSeek’s aims include advancing AI research, commercial applications, global influence, political and social control, data collection and analysis, and strategic use, all of which are intertwined with the CCP’s broader goals and policies.