So does this affect English/European keyboards or just Asian keyboards?
It seems like the mechanism is exploiting an insecure connection (or rather a connection using predictable encryption where the same input results in the same packets) to the cloud for translating keystrokes into logographic characters?
Did I understand correctly? I definitely didn’t do a thorough read.
I also think it’s kind of interesting Gboard wasn’t included (?)
It’s about using a cloud-based model to better predict the next keystroke.
Think of the next-word-prediction of the likes of GBoard or SwiftKey, but for just strokes/characters. There’s a local model, but it’s limited in depth and complexity, and then a cloud based one, that can do more but as shown here has security flaws.
Mine is offline, cause I fucking knew it!
Man it sucks that these open source keyboards don’t support Chinese
RIME can be configured on Android via fcitx.
That’s why I keep my keyboard gagged behind a no-network order. My keyboard has no business being online.
Are the on-device pinyin keyboards unusably bad at typing?
I know it’s complex to get the right meaning with the English alphabet, but I’m surprised at cloud-based keyboards
Naomi Wu, AKA Sexy Cyborg, talked about how this vulnerability could leak chats in secure messaging apps last year. It got her a visit by the Chinese police and she can no longer post videos online.
See: https://www.hackingbutlegal.com/p/naomi-wu-and-the-silence-that-speaks-volumes
“Ok for those of you that haven’t figured it out I got my wings clipped and they weren’t gentle about it- so there’s not going to be much posting on social media anymore and only on very specific subjects. I can leave but Kaidi can’t so we’re just going to follow the new rules and that’s that. Nothing personal if I don’t like and reply like I used to. I’ll be focusing on the store and the occasional video. Thanks for understanding, it was fun while it lasted.” –@RealSexyCyborg, July 7, 2023
