this post was submitted on 21 Feb 2025
70 points (88.9% liked)

Cybersecurity

6368 readers
61 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
kid
[email protected]
70
DeepSeek found to be sharing user data with TikTok parent company ByteDance (www.malwarebytes.com)
submitted 1 day ago by kid to c/cybersecurity
28 comments fedilink hide all child comments
top 28 comments
sorted by: hot top controversial new old
[–] [email protected] 29 points 1 day ago* (last edited 1 day ago) (3 children)

Gee I wonder if grok shares data with the rest of twitter, Gemini shares with the rest of google or llama… actually I haven’t used Facebook in ages, I don’t even know if there’s a ChatGPT equivalent service on Facebook.

I do actually wonder if Anthropic shares data with Amazon, or OpenAI with Microsoft (their majority shareholders). That would be a direct 1:1 comparison with what’s happening between deepseek and bytedance (though at least in the latter case you can host-your-own since the model is open source).

[–] [email protected] 10 points 1 day ago (1 children)

DeepSeek isn't owned by bytedance, which is why it's news worthy. The title is stating DeepSeek (an independent company) is sharing data with Bytedance (TikTok parent company).

So it would be like OpenAI sharing ChatGPT data to Google. Which would be noteworthy as there is likely a lot of sensitive information that people share and most people probably don't think that data is being sold/shared.

[–] [email protected] 3 points 1 day ago

Yes, that’s a valid distinction. Though practically speaking, I don’t really know how different it is from anthropic sharing with Amazon, for example

[–] [email protected] 3 points 1 day ago

Chinaman bad bro!

[–] Lucidlethargy 0 points 1 day ago (1 children)

Llama is touted as better than chat gpt. It ostensibly doesn't share data if you self host it... But I never trust any of them.

[–] [email protected] 1 points 23 hours ago* (last edited 23 hours ago)

Llama is not touted as better than ChatGPT models. On most benchmarks Llama3.3 performs worse than ChatGPT 4o and much worse than OpenAi's reasoning model o3-mini.

Unless you're speaking in terms of privacy and then unfortunately no one really knows as OpenAI does not release any of their metadata and Llama models are self hosted so there's no method in which the data will leave the LAN they're hosted on. It's a case of apples and oranges.

[–] [email protected] 15 points 1 day ago* (last edited 1 day ago) (2 children)

This is the web chat client/app, just like OpenAI sharing data with Microsoft, or Copilot doing the same. If you self host these LLMs your data stays within your LAN.

[–] jwiggler 11 points 1 day ago* (last edited 1 day ago) (3 children)

I'm moving to self host all my streaming stuff. Switching from local-only plex to self hosting all my media (spotify, google photos, LLMs) and tools behind a reverse proxy so i can access outside my home. It's pretty sweet and a good learning experience using reverse proxies

Edit: Plus fuck these technofeudal lords who enclose access to markets, information, and culture.

[–] kid 6 points 1 day ago

[email protected] to the win!

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago)

Love to see it.

Edit: replied to the wrong comment

[–] [email protected] 1 points 1 day ago

A freedom enjoyer detected. A Proper authority has been notified.

[–] [email protected] 6 points 1 day ago* (last edited 1 day ago) (3 children)

You can't practically self-host Deepseek R1.

Look, I use the 32B distil on my 3090 every day, but it is not the same thing as full R1. And people need to stop conflating the two.

And (theoretically) API usage through one of many R1 providers is private.

[–] [email protected] 6 points 1 day ago* (last edited 1 day ago) (2 children)

Do you know of a provider is actually private? The few privacy policies I checked all had something like "We might keep some of your data for some time for anti-abuse or other reasons"...

[–] [email protected] 1 points 1 day ago

I mean, not with certainty. If the risk of your input leaking is that great, you can just host your own VM with the 32B to be more certain.

[–] [email protected] 0 points 1 day ago

Trust me bro, they are private

[–] jwiggler 1 points 1 day ago (1 children)

I dont really use LLMs so I didn't even realize there were versions with different weights and stuff. I was using 7b, but found it pretty useless. Pretty sure I'm not going to be able run 32B on my rig. lmao.

guess ill continue being an LLMless pleb.

[–] [email protected] 2 points 1 day ago* (last edited 1 day ago) (1 children)

There are plenty of free LLM APIs you can use with something like Open Web UI, on any machine. I still use them myself.

[–] jwiggler 1 points 1 day ago (2 children)

Have you got any recs? I've got a 3080 in my machine atm

[–] [email protected] 2 points 1 day ago

I'm not @[email protected] However here's a pretty barebones how to article to get you started. Just know it can be as complicated as you like. For starters you may want to stick to the 7b and 14b models like mistral:7b and phi4:14b as they'll fit easily on your card and will allow you to test the waters.

If you're on Windows https://doncharisma.org/2024/11/23/self-hosting-ollama-with-open-webui-on-windows-a-step-by-step-guide/

If you're using Linux https://linuxtldr.com/setup-ollama-and-open-webui-on-linux/

If you want a container https://github.com/open-webui/open-webui/blob/main/docker-compose.yaml

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago)

Locally? Arcee 14B and the 14B Deepseek distill are currently the best models that fill fit.

I'd recommend hosting them with TabbyAPI instead of ollama, as they will be much faster and more VRAM efficient. But this is more fuss.

Honestly, I would just try free APIs like Gemini, Groq, and such through open web ui, or use really cheap APIs like openrouter. Newer 14B models are okay, but they're definitely lacking that "encyclopedic intelligence" larger models have.

[–] [email protected] 1 points 1 day ago (2 children)

I use 32b and the 672b side by side. The performance hit is around 20% and I keep all my data local. I am not conflating the two however self hosting works for me just fine. Your usecase is your own certainly. However I'd rather take the performance hit for the added data privacy.

Also it's nice to he able to set my own weights and further distil R1

I have a local python expert a local golang expert and both have my local gitlab repository and I've tied their respective Ollama keys to my VSCode IDE.

[–] [email protected] 2 points 1 day ago* (last edited 1 day ago) (1 children)

Depends for sure. I usually try the 32B first, but give really "hard" queries to some API model.

[–] [email protected] 2 points 1 day ago

With the distilled models I have, I've been able to build and troubleshoot pretty complicated apps in Golang and Python. However, these distilled models are very specialized and will not do things like write me a story about a duck made out of duct tape or properly summarize articles. There are absolutely limits to my workflow and setup. But I'm pretty happy with it.

[–] [email protected] 1 points 1 day ago (1 children)

Have you had any luck importing even a medium-sized codebase and doing reasoning on it? All of my experiments start to show subtle errors past 2k tokens, and at 5k tokens the errors become significant. Any attempt to ingest and process a decent-sized project (say 20k SLOC plus tooling/overhead/config) has been useless, even on models that "should" have a good-enough sized context window.

[–] [email protected] 1 points 1 day ago* (last edited 23 hours ago)

My codebase is almost 1.2GB of raw python and go files no images. I think it's somewhere near 15k tokens for the python codebase and 22k for golang due to all the .mod and .io connectors to python libraries... it was a much bigger mess before if you can believe it.

What size model are you using? I'm getting pretty good results with R1 32b but these have been distilled to be experts in the languages of the codebases. I'm not using any general models for this.

Also it depends on the language you're targeting as well. Rust or Lisp have issues due to how much less they've been documented. I think golf type languages like brainfuck are impossible. It really comes down to how the language has been documented. Python gave me issues in the beginning until I specified 3.11 in my weights and distillation/training, and that definitely fixed a lot of the hallucinations I was getting from the model.

I think static typing languages that have consistent documentation would be the easiest for this. Now that I think of it, maybe getting a typescript expert would be something I could tool around with.

Edited for legibility and the fact that I just went and looked at my datasets again. Much bigger than I initially thought.

[–] Lucidlethargy 1 points 1 day ago (1 children)

This is the worst AI, just in case anyone is wondering. The only thing that's interesting is that you can see it reasoning and thinking before it answers questions.

Otherwise, it's just trash. It makes huge mistakes, it hallucinates often, and it takes more processing power to do those things than other popular alternative AI's.

[–] [email protected] 7 points 1 day ago* (last edited 1 day ago)

All LLMs lie, this is why it's important to verify what output you're getting. A GPT is essentially text prediction that has been trained on a very large dataset, think of when you end up sending "ducking autocorrect" in a text. Furthermore, Deepseek has distillations of many models. Which do you have experience using?

https://github.com/deepseek-ai/DeepSeek-R1

Edit: To add even more context GPT and Diffusion models are patently not AI as they are not able to verify what output they're giving. These are all tokens that are fed into a recursive algorithm. They're vector database queries that have reinforced pathing. None of these "A.I." models are thinking or reasoning, yet.

[–] [email protected] 1 points 1 day ago

what's the least surprising thing you've heard all day