• Dark Arc
    link
    fedilink
    English
    37 months ago

    So does this affect English/European keyboards or just Asian keyboards?

    It seems like the mechanism is exploiting an insecure connection (or rather a connection using predictable encryption where the same input results in the same packets) to the cloud for translating keystrokes into logographic characters?

    Did I understand correctly? I definitely didn’t do a thorough read.

    I also think it’s kind of interesting Gboard wasn’t included (?)

    • Carighan Maconar
      link
      fedilink
      English
      37 months ago

      It’s about using a cloud-based model to better predict the next keystroke.

      Think of the next-word-prediction of the likes of GBoard or SwiftKey, but for just strokes/characters. There’s a local model, but it’s limited in depth and complexity, and then a cloud based one, that can do more but as shown here has security flaws.

      • Dark Arc
        link
        fedilink
        English
        17 months ago

        Well, it can’t just be about that. There are ways to salt the data so that it’s not predictable. I’m not an expert in that area, but I know it’s a technique that’s often employed by cryptography experts when this is a major concern.

    • lemmyreaderOP
      link
      fedilink
      English
      17 months ago

      I also think it’s kind of interesting Gboard wasn’t included (?)

      Indeed. But given it’s Google I would not be surprised if Gboard has keylogger features.

      • Dark Arc
        link
        fedilink
        English
        27 months ago

        I think that would be far too large of a liability for Google for the minimal amount of data they’d get back.

        Google mostly cares about metadata for their advertising business (per my understanding).