this post was submitted on 28 Jan 2025
479 points (84.6% liked)

Privacy

34218 readers
1735 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Is anyone actually surprised by this?

you are viewing a single comment's thread
view the rest of the comments
[–] grey_maniac@lemmy.ca 55 points 3 weeks ago (6 children)

I'm confused. Isn't "collecting keystroke data" just an alarmist way to describe text entry?

[–] noisefree@lemmy.world 13 points 3 weeks ago (3 children)

Maybe. They could also be doing things like paying attention to input cadence and typos/pre-send typo corrections to use as part of a fingerprint associated with the identifying information a user gives them when creating an account so that they can then attempt to detect the user elsewhere on the web whether they are using an identifying account or not.

[–] yogthos@lemmy.ml 8 points 3 weeks ago

This argument applies to literally every single web app you use.

[–] ubergeek@lemmy.today 6 points 3 weeks ago (1 children)

So, basically using Facebook technology in their AI app?

[–] noisefree@lemmy.world 3 points 3 weeks ago

You'll hear no arguments from me on that point, US tech companies are toxic af.

[–] Melvin_Ferd@lemmy.world 2 points 3 weeks ago

How far we've come

[–] vfreire85@lemmy.ml 3 points 3 weeks ago

this. i mean, the session logs for the prompt are kept at least for your user, right?

[–] uis@lemm.ee 3 points 3 weeks ago (2 children)

Not exactly. Timing between key presses can be used to identify people.

[–] grey_maniac@lemmy.ca 2 points 3 weeks ago* (last edited 3 weeks ago)

I am literally so paranoid I regularly vary my keysteoke rhythms and explore polyrhytmic techniques to create variations. Not even joking.

[–] kekmacska@lemmy.zip -1 points 3 weeks ago (1 children)

lol no. only the sounds of the keys can identify the keyboard's model

[–] uis@lemm.ee 1 points 3 weeks ago (1 children)

The goal is not to identify keyboard model. The goal is to identify person. And people tend to have something called habbits.

[–] kekmacska@lemmy.zip -1 points 3 weeks ago (1 children)

the chance of this is almost zero. if you are a dangerous cybercriminal, they will track your device down by a networking solution, wait until you leave it unattended and install a hardware-based spy device and capture evidence. No fbi agent will fuck around with keyboard sounds or movie bs like that

[–] uis@lemm.ee 2 points 3 weeks ago

with keyboard sounds

Ok, I see you are intentionally going in circles.

[–] tux@lemmy.world 2 points 3 weeks ago

Not usually. Keystroke info is different than text input, like if you didn’t click onto any field and typed it would only be captured if keystroke are all being grabbed. It’s especially scary if you keep the app running in the bg and then type something and it still captures it. Not saying they’re doing that, but the privacy policy says they might.

The rhythm part is annoying, it’s commonly used to ID people even through things like ad blocks and dns blocks. Could also (in theory) be used to capture what people are typing just by hearing how they type.

[–] Ferk@lemmy.ml 1 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

This is the full paragraph:

We collect certain device and network connection information when you access the Service. This information includes your device model, operating system, keystroke patterns or rhythms, IP address, and system language. We also collect service-related, diagnostic, and performance information, including crash reports and performance logs. We automatically assign you a device ID and user ID. Where you log-in from multiple devices, we use information such as your device ID and user ID to identify your activity across devices to give you a seamless log-in experience and for security purposes.

It looks to me that they are using it to identify the user uniquely, maybe also related to captcha to prevent bots (it's common practice to capture mouse and keyboard while resolving captchas to see if the movement is human-like).

[–] grey_maniac@lemmy.ca 1 points 3 weeks ago

Looks like there are more things I need to start randomizing and injecting with noise.