.png)
DeepSeek Faces Global Scrutiny Over Privacy
- Dell D.C. Carvalho
- Mar 13
- 3 min read
In February 2025, a cybersecurity researcher in Italy discovered his private conversations on DeepSeek AI had been exposed online. Hackers exploited flaws in the app, revealing personal data from thousands of users. This breach sparked investigations and bans worldwide¹.
The DeepSeek AI app has caused concern since its launch on January 25, 2025. Cybersecurity experts found serious flaws, while governments raised alarms over privacy risks. These issues have led to bans, investigations, and proposed legislation².
Security Flaws
Cybersecurity researchers found major security problems in the DeepSeek AI app:
Unencrypted Data Transmission: NowSecure found the app sends user data without encryption, making it easy to intercept³.
Weak Encryption Methods: The app uses outdated encryption, making stored information vulnerable to attacks⁴.
Insecure Data Storage: Poor storage practices increase the risk of unauthorized access to user data³.
Outdated Cryptographic Algorithms: SecurityScorecard found the app uses old algorithms that weaken data protection⁵.
Hardcoded Encryption Keys: Developers left encryption keys in the app's code, allowing easy data decryption⁵.
SQL Injection Risks: Analysts found flaws that could let attackers access the app's database⁴.
Disabled App Transport Security (ATS): On iOS, the app disables ATS, allowing data to travel without encryption³.
Privacy Concerns
DeepSeek AI collects a large amount of personal information:
User Data Collection: The app gathers chat histories, search queries, device details, and keystroke patterns⁶.
Data Storage in China: User data goes to servers in China, raising concerns about government access⁶.
This data handling has led to fears about surveillance and misuse of private information⁷.
Government and Regulatory Actions
Governments worldwide are reacting to DeepSeek AI's security and privacy risks.
Europe
Italy: Italy blocked the app on Apple and Google stores and began a privacy investigation⁸.
France and Ireland: Both countries are reviewing the app's data practices⁹.
South Korea: South Korea stopped new downloads until the app meets privacy laws¹⁰.
United States
Congressional Warning: U.S. congressional staff received warnings not to use the app¹¹.
Government Device Restrictions: Federal and state agencies plan to block the app on official devices¹².
Proposed Legislation: Lawmakers introduced a bill to ban DeepSeek AI on government devices¹².
Cybersecurity Threats
DeepSeek AI has already faced cyberattacks and poses risks to users and organizations:
Data Breach: A recent cyberattack leaked user data and internal information¹³.
Cyberespionage Risk: Experts warn the app could allow foreign actors to gather sensitive information¹⁴.
Broader Impact
The DeepSeek AI case shows the struggle to balance technology with security and privacy. The U.S.-China tech rivalry adds to these concerns. This situation shows the need for clear rules on data protection and cross-border data use¹⁵.
References
Italian Cybersecurity Authority, February 2025 Report
Global Tech News, "DeepSeek AI Launch Raises Privacy Alarms," January 2025
NowSecure Analysis Report, February 2025
Cyber Threat Journal, "Security Risks in AI Apps," February 2025
SecurityScorecard STRIKE Team Report, February 2025
Privacy International, "Data Collection Practices of AI Apps," February 2025
Data Rights Advocacy Group, "Surveillance Risks in AI," February 2025
Italian Data Protection Authority Statement, February 2025
European Data Protection Board, "Ongoing Investigations," March 2025
South Korean Ministry of Science and ICT, "AI App Compliance Notice," March 2025
U.S. Congressional Cybersecurity Advisory, February 2025
U.S. Senate Press Release, "DeepSeek AI Ban Proposal," March 2025
Cyberattack Disclosure Report, March 2025
National Cybersecurity Alliance, "Foreign Threat Warnings," March 2025
International Data Protection Forum, "Cross-Border Data Risks," March 2025
Comments