Deepseek sends your data Overseas (and possible link to ByteDance?)
Disclaimer: This is not a code-review nor a packet-level inspection of Deepseek, simply a surface-level analysis of privacy policy and strings found in the Deepseek Android app.
It is also worth noting that while the LLM is Open-Source, the Android and iOS apps are not and requests these permissions:
- Camera
- Files (optional)
Information collected as part of their Privacy Policy:
- Account Details (Username/Email)
- User Input/Uploads
- Payment Information
- Cookies for targeted Ads and Analytics
- Google/Apple sign-in information (if used)
Information disclosed to Third-Parties:
- Device Information (Screen Resolution, IP address, Device ID, manufacturer, etc.) to Ishumei/VolceEngine (Chinese companies)
- WeChat Login Information (when signing via WeChat)
Overall, I'd say pretty standard information to collect and doesn't differ that greatly from the Privacy Policy of ChatGPT. But, this information is sent directly over to China and will be subject to Chinese data laws and can be stored indefinitely, with no option to opt out of data collection. Also according to their policy, they do not store the information of anyone younger than the age of 14.
------------------------------------------------------------
Possible Link to ByteDance (?)
On inspection of the Android Manifest XML, it makes several references to ByteDance:
com.bytedance.applog.migrate.MigrateDetectorActivity
com.bytedance.apm6.traffic.TrafficTransportService
com.bytedance.applog.collector.Collector
com.bytedance.frameworks.core.apm.contentprovider.MonitorContentProvider
So the Android/iOS app might be sharing data with ByteDance. Not entirely sure what each activity/module does yet, but I've cross-referenced it with other popular Chinese apps like Xiahongshu (RedNote), Weixin (WeChat), and BiliBili (Chinese YouTube), and none have these similar references. Maybe it's a way to share chats/results to TikTok?
--------------------------------------------------------------
Best Ways to Run DeepSeek without Registering
Luckily, you can run still run it locally or through an online platform without registering (even though the average user will probably be using the APP or Website, where all this info is being collected):
- Run it locally or on a VM (easy setup with Ollama)
- Run it through Google Collab + Ollama (watch?v=vvIVIOD5pmQ) (Note: If you want to use the chat feature, just run
!ollama run deepseek-r1after step 3 (pull command) - Run JanusPro (txt2img/img2txt) on Hugging Faces Spaces.
It will still not answer some "sensitive" questions, but at least it's not sending your data to Chinese servers.
--------------------------------XXX-----------------------------
Overall, while it is great that we finally have the option of open-sourced AI/LLM, the majority of users will likely be using the phone app or website, which requires additional identifiable information to be sent overseas. Hopefully, we get deeper analyses into the app and hopefully this will encourage more companies to open-source their AI projects.
Also, if anyone has anything to add to the possible ByteDance connection, feel free to post below.
--------------------------------XXX-----------------------------
Relevant Documents:
DeepSeek Privacy Policy (CN) (EN)
Third-Party Disclosure Notice [WeChat, Ishumei, and VolceEngine] (CN)
Virustotal Analysis of the Android App