Hotznplotzn

cross-posted from: https://lemmy.sdf.org/post/31994855

Archived

The Xiaomi SU7, which has been lauded for its safety features since its March 2024 market launch, has recorded its first widely reported fatal accident, resulting in the deaths of three female university students.

[...]

Initial reports on Chinese social media claimed the vehicle caught fire after a collision, with allegations that the “doors could not be unlocked, preventing escape.” The incident quickly gained attention as the first publicly reported fatality involving Xiaomi’s flagship electric vehicle.

cross-posted from: https://lemmy.sdf.org/post/31995242

Archived

Unveiling Trae: ByteDance's AI IDE and Its Extensive Data Collection System

Trae - the coding assistant of China's ByteDance - has rapidly emerged as a formidable competitor to established AI coding assistants like Cursor and GitHub Copilot. Its main selling point? It's completely free - offering Claude 3.7 Sonnet and GPT-4o without any subscription fees. Unit 221B's technical analysis, using network traffic interception, binary analysis, and runtime monitoring, has identified a sophisticated telemetry framework that continuously transmits data to multiple ByteDance servers. From a cybersecurity perspective, this represents a complex data collection operation with significant security and privacy implications.

[...]

Key Findings:

• Persistent connections to minimum 5 unique ByteDance domains, creating multiple data transmission vectors
• Continuous telemetry transmission even during idle periods, indicating an always-on monitoring system
• Regular update checks and configuration pulls from ByteDance servers, allowing for dynamic control
• Permanent device identification via machineId parameter, which appears to be derived from hardware identifiers, enabling long-term tracking capabilities
• Local WebSocket channels observed collecting full file content, with portions potentially transmitted to remote servers
• Complex local microservice architecture with redundant pathways for code data, suggesting a deliberate system design
• JWT tokens and authentication data observed in multiple communication channels, presenting potential credential exposure concerns
• Use of binary MessagePack format observed in data transfers, adding complexity to security analysis
• Extensive behavioral tracking mechanisms capable of building detailed user activity profiles
• Sophisticated data segregation across multiple endpoints, consistent with enterprise-grade telemetry systems

[...]

cross-posted from: https://lemmy.sdf.org/post/31995242

Archived

Unveiling Trae: ByteDance's AI IDE and Its Extensive Data Collection System

Trae - the coding assistant of China's ByteDance - has rapidly emerged as a formidable competitor to established AI coding assistants like Cursor and GitHub Copilot. Its main selling point? It's completely free - offering Claude 3.7 Sonnet and GPT-4o without any subscription fees. Unit 221B's technical analysis, using network traffic interception, binary analysis, and runtime monitoring, has identified a sophisticated telemetry framework that continuously transmits data to multiple ByteDance servers. From a cybersecurity perspective, this represents a complex data collection operation with significant security and privacy implications.

[...]

Key Findings:

• Persistent connections to minimum 5 unique ByteDance domains, creating multiple data transmission vectors
• Continuous telemetry transmission even during idle periods, indicating an always-on monitoring system
• Regular update checks and configuration pulls from ByteDance servers, allowing for dynamic control
• Permanent device identification via machineId parameter, which appears to be derived from hardware identifiers, enabling long-term tracking capabilities
• Local WebSocket channels observed collecting full file content, with portions potentially transmitted to remote servers
• Complex local microservice architecture with redundant pathways for code data, suggesting a deliberate system design
• JWT tokens and authentication data observed in multiple communication channels, presenting potential credential exposure concerns
• Use of binary MessagePack format observed in data transfers, adding complexity to security analysis
• Extensive behavioral tracking mechanisms capable of building detailed user activity profiles
• Sophisticated data segregation across multiple endpoints, consistent with enterprise-grade telemetry systems

[...]

Archived

Unveiling Trae: ByteDance's AI IDE and Its Extensive Data Collection System

Trae - the coding assistant of China's ByteDance - has rapidly emerged as a formidable competitor to established AI coding assistants like Cursor and GitHub Copilot. Its main selling point? It's completely free - offering Claude 3.7 Sonnet and GPT-4o without any subscription fees. Unit 221B's technical analysis, using network traffic interception, binary analysis, and runtime monitoring, has identified a sophisticated telemetry framework that continuously transmits data to multiple ByteDance servers. From a cybersecurity perspective, this represents a complex data collection operation with significant security and privacy implications.

[...]

Key Findings:

• Persistent connections to minimum 5 unique ByteDance domains, creating multiple data transmission vectors
• Continuous telemetry transmission even during idle periods, indicating an always-on monitoring system
• Regular update checks and configuration pulls from ByteDance servers, allowing for dynamic control
• Permanent device identification via machineId parameter, which appears to be derived from hardware identifiers, enabling long-term tracking capabilities
• Local WebSocket channels observed collecting full file content, with portions potentially transmitted to remote servers
• Complex local microservice architecture with redundant pathways for code data, suggesting a deliberate system design
• JWT tokens and authentication data observed in multiple communication channels, presenting potential credential exposure concerns
• Use of binary MessagePack format observed in data transfers, adding complexity to security analysis
• Extensive behavioral tracking mechanisms capable of building detailed user activity profiles
• Sophisticated data segregation across multiple endpoints, consistent with enterprise-grade telemetry systems

[...]

cross-posted from: https://lemmy.sdf.org/post/31994855

Archived

The Xiaomi SU7, which has been lauded for its safety features since its March 2024 market launch, has recorded its first widely reported fatal accident, resulting in the deaths of three female university students.

[...]

Initial reports on Chinese social media claimed the vehicle caught fire after a collision, with allegations that the “doors could not be unlocked, preventing escape.” The incident quickly gained attention as the first publicly reported fatality involving Xiaomi’s flagship electric vehicle.

Archived

The Xiaomi SU7, which has been lauded for its safety features since its March 2024 market launch, has recorded its first widely reported fatal accident, resulting in the deaths of three female university students.

[...]

Initial reports on Chinese social media claimed the vehicle caught fire after a collision, with allegations that the “doors could not be unlocked, preventing escape.” The incident quickly gained attention as the first publicly reported fatality involving Xiaomi’s flagship electric vehicle.

cross-posted from: https://lemmy.sdf.org/post/31959167

Russia is to be put on the enhanced tier of the Foreign Influence Registration Scheme (FIRS), meaning anyone working for the Russian state in the UK will need to declare what they are doing or risk jail, the government announced [...]

Introduced under the National Security Act 2023, FIRS is a tool to help protect our democracy, economy and society from covert, deceptive or otherwise harmful activities against UK interests. The enhanced tier has been specifically designed to shed light on activities directed by particular foreign powers which pose a threat to the safety or interests of the UK.

Russia is the second country to be placed on the enhanced tier, following the announcement in March that Iran would be specified. The government will designate all parts of the Russian state – including its president, its parliament, all Russian ministries and their agencies, and the Russian intelligence services.

The specification of the Russian state is in response to the significant and persistent threat Russia poses to the UK and our interests, which has only increased in recent years. Russian hostile acts on UK soil have ranged from the use of a deadly nerve agent in Salisbury, malign cyber incidents - which included targeting UK parliamentarians through spear-phishing campaigns - as well as espionage and arson.

[...]

Meanwhile, Russia continues to wage its unprovoked and illegal war against Ukraine, a war which Russia could end by tomorrow by withdrawing its forces. The UK remains committed to a just and lasting peace in Ukraine and will continue to exert maximum economic pressure to stop Russia from threatening and undermining Ukraine’s sovereignty, territorial integrity and independence, and to help ensure Russia pays for the damage it has caused.

[...]

Russia is to be put on the enhanced tier of the Foreign Influence Registration Scheme (FIRS), meaning anyone working for the Russian state in the UK will need to declare what they are doing or risk jail, the government announced [...]

Introduced under the National Security Act 2023, FIRS is a tool to help protect our democracy, economy and society from covert, deceptive or otherwise harmful activities against UK interests. The enhanced tier has been specifically designed to shed light on activities directed by particular foreign powers which pose a threat to the safety or interests of the UK.

Russia is the second country to be placed on the enhanced tier, following the announcement in March that Iran would be specified. The government will designate all parts of the Russian state – including its president, its parliament, all Russian ministries and their agencies, and the Russian intelligence services.

The specification of the Russian state is in response to the significant and persistent threat Russia poses to the UK and our interests, which has only increased in recent years. Russian hostile acts on UK soil have ranged from the use of a deadly nerve agent in Salisbury, malign cyber incidents - which included targeting UK parliamentarians through spear-phishing campaigns - as well as espionage and arson.

[...]

Meanwhile, Russia continues to wage its unprovoked and illegal war against Ukraine, a war which Russia could end by tomorrow by withdrawing its forces. The UK remains committed to a just and lasting peace in Ukraine and will continue to exert maximum economic pressure to stop Russia from threatening and undermining Ukraine’s sovereignty, territorial integrity and independence, and to help ensure Russia pays for the damage it has caused.

[...]

cross-posted from: https://lemmy.sdf.org/post/31957116

Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.

TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.

[...]

VPNs allow users to mask the IP address that can identify them, and, in theory, keep their internet browsing private. For that reason, they have been used by people around the world to sidestep government censorship or surveillance, or because they believe it will improve their online security. In the U.S., kids often download free VPNs to play games or access social media during school hours.

However, VPNs can themselves pose serious risks because the companies that provide them can read all the internet traffic routed through them. That risk is compounded in the case of Chinese apps, given China’s strict laws that can force companies in that country to secretly share access to their users’ data with the government.

[...]

The VPN apps identified by TTP have been downloaded more than 70 million times from U.S. app stores, according to data from AppMagic, a mobile apps market intelligence firm.

[...]

The findings raise questions about Apple’s carefully cultivated reputation for protecting user privacy. The company has repeatedly sought to fend off antitrust legislation designed to loosen its control of the App Store by arguing such efforts could compromise user privacy and security. But TTP’s investigation suggests that Apple is not taking adequate steps to determine who owns the apps it offers its users and what they do with the data they collect. More than a dozen of the Chinese VPNs were also available in Apple’s App Store in France in late February, showing that the issue extends to other Western markets.

[...]

cross-posted from: https://lemmy.sdf.org/post/31957116

Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.

TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.

[...]

VPNs allow users to mask the IP address that can identify them, and, in theory, keep their internet browsing private. For that reason, they have been used by people around the world to sidestep government censorship or surveillance, or because they believe it will improve their online security. In the U.S., kids often download free VPNs to play games or access social media during school hours.

However, VPNs can themselves pose serious risks because the companies that provide them can read all the internet traffic routed through them. That risk is compounded in the case of Chinese apps, given China’s strict laws that can force companies in that country to secretly share access to their users’ data with the government.

[...]

The VPN apps identified by TTP have been downloaded more than 70 million times from U.S. app stores, according to data from AppMagic, a mobile apps market intelligence firm.

[...]

The findings raise questions about Apple’s carefully cultivated reputation for protecting user privacy. The company has repeatedly sought to fend off antitrust legislation designed to loosen its control of the App Store by arguing such efforts could compromise user privacy and security. But TTP’s investigation suggests that Apple is not taking adequate steps to determine who owns the apps it offers its users and what they do with the data they collect. More than a dozen of the Chinese VPNs were also available in Apple’s App Store in France in late February, showing that the issue extends to other Western markets.

[...]

cross-posted from: https://lemmy.sdf.org/post/31957116

Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.

TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.

[...]

VPNs allow users to mask the IP address that can identify them, and, in theory, keep their internet browsing private. For that reason, they have been used by people around the world to sidestep government censorship or surveillance, or because they believe it will improve their online security. In the U.S., kids often download free VPNs to play games or access social media during school hours.

However, VPNs can themselves pose serious risks because the companies that provide them can read all the internet traffic routed through them. That risk is compounded in the case of Chinese apps, given China’s strict laws that can force companies in that country to secretly share access to their users’ data with the government.

[...]

The VPN apps identified by TTP have been downloaded more than 70 million times from U.S. app stores, according to data from AppMagic, a mobile apps market intelligence firm.

[...]

The findings raise questions about Apple’s carefully cultivated reputation for protecting user privacy. The company has repeatedly sought to fend off antitrust legislation designed to loosen its control of the App Store by arguing such efforts could compromise user privacy and security. But TTP’s investigation suggests that Apple is not taking adequate steps to determine who owns the apps it offers its users and what they do with the data they collect. More than a dozen of the Chinese VPNs were also available in Apple’s App Store in France in late February, showing that the issue extends to other Western markets.

[...]

Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.

TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.

[...]

VPNs allow users to mask the IP address that can identify them, and, in theory, keep their internet browsing private. For that reason, they have been used by people around the world to sidestep government censorship or surveillance, or because they believe it will improve their online security. In the U.S., kids often download free VPNs to play games or access social media during school hours.

However, VPNs can themselves pose serious risks because the companies that provide them can read all the internet traffic routed through them. That risk is compounded in the case of Chinese apps, given China’s strict laws that can force companies in that country to secretly share access to their users’ data with the government.

[...]

The VPN apps identified by TTP have been downloaded more than 70 million times from U.S. app stores, according to data from AppMagic, a mobile apps market intelligence firm.

[...]

The findings raise questions about Apple’s carefully cultivated reputation for protecting user privacy. The company has repeatedly sought to fend off antitrust legislation designed to loosen its control of the App Store by arguing such efforts could compromise user privacy and security. But TTP’s investigation suggests that Apple is not taking adequate steps to determine who owns the apps it offers its users and what they do with the data they collect. More than a dozen of the Chinese VPNs were also available in Apple’s App Store in France in late February, showing that the issue extends to other Western markets.

[...]