• Dark Arc@social.packetloss.gg
    link
    fedilink
    English
    arrow-up
    2
    ·
    7 months ago

    So does this affect English/European keyboards or just Asian keyboards?

    It seems like the mechanism is exploiting an insecure connection (or rather a connection using predictable encryption where the same input results in the same packets) to the cloud for translating keystrokes into logographic characters?

    Did I understand correctly? I definitely didn’t do a thorough read.

    I also think it’s kind of interesting Gboard wasn’t included (?)

    • Carighan Maconar@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      It’s about using a cloud-based model to better predict the next keystroke.

      Think of the next-word-prediction of the likes of GBoard or SwiftKey, but for just strokes/characters. There’s a local model, but it’s limited in depth and complexity, and then a cloud based one, that can do more but as shown here has security flaws.

      • Dark Arc@social.packetloss.gg
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        Well, it can’t just be about that. There are ways to salt the data so that it’s not predictable. I’m not an expert in that area, but I know it’s a technique that’s often employed by cryptography experts when this is a major concern.

    • lemmyreader@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      7 months ago

      I also think it’s kind of interesting Gboard wasn’t included (?)

      Indeed. But given it’s Google I would not be surprised if Gboard has keylogger features.

      • Dark Arc@social.packetloss.gg
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        I think that would be far too large of a liability for Google for the minimal amount of data they’d get back.

        Google mostly cares about metadata for their advertising business (per my understanding).