Deepin privacy issues

I have been playing in VM with DE's I installed all of them into one account to see how they look like :slight_smile: I found I like deepin it looks simple and nice, however I have read there are some security issues with this DE made in China, this warning is still on Arch wiki and openSuSe closed those bug reports because deepin developers did not respond, what security issues were there? Sending data to china or ordinary holes as every sw has?

Moderation Note: Title changed for clarity

The first video is about the actual distrbution. not the DE. Basicaly sending data to a server in china


Then there is a follow up video about the Manjaro version (clearing its name):

And finaly an update about the current beta distribution (again, not the DE):

1 Like

Very sketchy TOS but that may just apply to Deepin OS rather than the DE.

Basicaly Deepin OS has a EULA that you need to accept during installation.

1 Like

I’ve always taken it as applying to the Deepin Distro (UOS) and not the desktop environment.

If the DE environment itself was spying, distro devs would have caught it in the source code and there would have been an entire Linux community uproar about banning Deepin and having them blacklisted.

I just want to install DE, not gonna use their appstore but I want to use those programs there. Maybe will install wireshark too :wink:

That's the impression I was under but I've not dug into it as I have no plans to use either.

I skimmed over some of it when 20 released. At least they're upfront about the data they store (lots) but it's a still a hard ew and nope for me.

Some EULA nonsense is in settings under DE.

There has been no response from the packager or from upstream for a long time.
Closing this and related deepin bugs.

https://bugzilla.opensuse.org/show_bug.cgi?id=1136026#c1

What I gather from this bug report is that Deepin is essentially dead on SUSE for not fixing security bugs. Can’t say I blame them.

This may not be the best choice of a DE if you have to ask about security, just my two cents.

The question is if they are in the arch packages.

You are right, I checked two of those bugs, one is search security hole and second is something with access to ALSA.

Here's the juicy bit
deepin
Excuse the poor cropping, never used gimp before. Of course, this applies to the distro not the DE environment.

2 Likes

I will check what is in DE.... IT IS SAME IN DE.
Bye bye Deepin, case closed.

2 Likes

https://wiki.archlinux.org/index.php/Talk:Deepin_Desktop_Environment#Security_issues

Doesn’t look like Arch made any progress with them either. @frpenguin

1 Like

I suggest flameshot

2 Likes

Then unless it is fixed it cannot be trusted in my opinion.

2 Likes

So it looks like this is saving quite a bit of personal info to the disk, with a promise not to share it unless you buy a business license, in which case sharing is possible if the user wishes? (God they need a better translator)

Ummm. Yeah. Blacklisting time

I could have just snapped and cropped it in Firefox, I temporarily forgot it could do that.

Yeah, its a bit vague and the rest of the (rather long) EULA reads much the same.

I just wonder why it is in Arch repo....

Wireshark test, after login to Arch and deepin in VM there is communication to:

baidu

If I boot Arch-KDE no communication anywhere till I do something what needs NET, same with debian, manjaro, deepin is a spy.

Forum kindly sponsored by