Baekgom's Variety Story Baekgom's Variety Story
posts / Science

DeepSeek: A Surveillance Tool Masquerading as Innovation?

phoue

7 min read --

DeepSeek, A Surveillance Tool in the Guise of Innovation?

The Path Your Data Takes to China

A dramatic image of a Trojan horse with digital circuit patterns
DeepSeek may have been a Trojan horse, bringing us a gift of innovation

The artificial intelligence (AI) ‘DeepSeek’, which appeared before us one day, seemed like a blessing. Developers and users worldwide were ecstatic at the news that the world’s best AI could be used freely and affordably by anyone. But while we were intoxicated by its sweet fruits, our most intimate information was crossing borders, becoming part of a vast surveillance system in unseen ways.

This is not a simple personal data breach. Beyond a company’s technical error, it is a systematic data collection activity designed at the state level and a signal that a new front has opened in the US-China tech hegemony war.

This article will thoroughly expose how the ‘digital Trojan horse’ called DeepSeek infiltrated our daily lives and what dangerous code was hidden within, using technical evidence. It’s time to confront the chilling truth of how a single question you mindlessly input can become a weapon threatening a nation.

1. A Two-Headed Monster: Secret Passages to China Mobile and ByteDance

The collapse of the DeepSeek myth began not with one, but two distinct secret pathways being discovered. Like a two-headed monster, they targeted our data in different ways.

The First Head: A ‘Backdoor’ Directly Linked to National Security (China Mobile)

The first crack was an ‘intentional backdoor’ discovered by the Canadian security firm Feroot Security. At the end of the encrypted code on the DeepSeek login page, they found a pathway leading to China Mobile, a state-owned telecommunications company subject to US sanctions due to its ties with the Chinese military.

This was clear evidence of espionage, designed to allow users’ account information to be directly transferred to an agency directly linked to national security. It wasn’t a simple bug, but a ‘secret passage’ deliberately planted by someone.

Diagram showing DeepSeek’s data flowing to both China Mobile and ByteDance.
DeepSeek's data was heading to two destinations: national security agencies and big tech companies.

The Second Head: A ‘Data Pipeline’ Infiltrating Daily Life (ByteDance)

However, the threat did not end there. Investigations by various organizations, including the Personal Information Protection Commission (PIPC) of South Korea, revealed another destination for DeepSeek’s data: ByteDance, the parent company of the globally popular app ‘TikTok’.

This poses a more insidious and widespread threat than China Mobile.

  • How was it discovered?: The PIPC analyzed the data communication records (packets) generated when the DeepSeek app was running. As a result, they confirmed that various information, including user prompts (questions), was being transmitted to the servers of ‘Volcano Engine’, a subsidiary of ByteDance’s cloud services.
  • What’s the problem?: DeepSeek did not clearly inform users of this third-party information sharing or obtain their consent. ByteDance, in particular, is a company with immense technical prowess in collecting and analyzing user data worldwide through TikTok. If our questions, interests, and ideas collected through DeepSeek intellectual data are combined with TikTok’s behavioral data, much more sophisticated and three-dimensional profiling of specific individuals becomes possible.

deepseek + tiktok hyper profiling
If intellectual data is combined with TikTok's behavioral data, much more sophisticated and three-dimensional profiling of specific individuals becomes possible.

In conclusion, DeepSeek posed a dual threat: it was siphoning off sensitive information at a national security level through a spy-like backdoor to ‘China Mobile’, while simultaneously collecting our daily and intellectual activities through the vast data pipeline of ‘ByteDance’.

2. Total Collapse: An Open Vault and a Car Without Brakes

If Feroot’s discovery alerted us to the existence of an ‘intentionally planted assassin’, then subsequent reports from other security firms proved how poorly built the DeepSeek system itself was.

The Data Vault That Was Left Open (Wiz Research)

Security firm Wiz Research discovered that DeepSeek’s internal database was exposed directly to the internet without any encryption or authentication procedures. This is akin to leaving the bank’s central vault door wide open in the middle of the street. This database contained over a million users’ chat logs, API keys, and other sensitive information in raw, unencrypted form.

a bank’s central vault door wide open and abandoned in the middle of the street.
It was like leaving the bank's central vault door wide open in the middle of the street. This database contained over a million users' chat logs, API keys, and other sensitive information in raw, unencrypted form.

This means that not only the Chinese government, but any hacker worldwide could have viewed and stolen our information if they had the inclination.

AI Without Brakes (Cisco Talos)

Global IT company Cisco raised a more fundamental issue. They tested whether the AI model itself had minimal safety features. The results were astonishing when the research team asked DeepSeek questions about cybercrime methods, fake news generation, and other harmful topics: 100% failure rate.

DeepSeek performed every single harmful request without filtering. This was like a car without brakes. In stark contrast to OpenAI’s GPT-4 and Google’s Gemini, which block most harmful requests, it showed that DeepSeek was solely focused on achieving performance without any consideration for ethics or safety.

This showed that DeepSeek was solely focused on achieving performance, without any consideration for ethics or safety.
This showed that DeepSeek was solely focused on achieving performance, without any consideration for ethics or safety. This showed that DeepSeek was solely focused on achieving performance, without any consideration for ethics or safety.

3. The Invisible Hand: A Command in the Name of Law

“Why was DeepSeek built so dangerously?”

The answer to this question must be sought not in corporate ethical guidelines, but in China’s legal code. Behind every action of DeepSeek lies the powerful law of China’s National Intelligence Law, casting a shadow.

Article 7 of the Chinese National Intelligence Law: “All organizations and citizens shall, in accordance with the law, support, assist and cooperate with the state intelligence work.”

This provision is not a mere recommendation but an unavoidable ‘command’. All companies located in China are obligated to submit data if requested by state intelligence agencies. The right to resist, and judicial oversight, effectively do not exist.

From this perspective, DeepSeek’s backdoors and data pipelines are not bugs or mistakes, but likely ‘features’ designed to efficiently carry out the state’s commands.

Abstract image showing a hand controlling a tech company like a puppet.
China's National Intelligence Law can turn corporate innovation into a tool for state information gathering.

4. A New Era: Protecting Your ‘Digital Sovereignty’

The DeepSeek incident demands a fundamental shift in our perspective as we navigate the AI era. The era of evaluating technology solely on performance and convenience is over. The question, “Who created this technology, and under the rule of which laws?” has become an essential condition for survival.

Code of Conduct for Individuals: Internalize ‘Zero Trust’

  • Data Minimization: Never input sensitive information into unverified AI. You should consider every question you ask as if you were posting on a public bulletin board.
  • Assume Surveillance: Use services with the assumption that all your activities are being recorded and analyzed.
  • Technical Defense: It is advisable to get into the habit of masking your IP address with a Virtual Private Network (VPN) and using a separate browser or virtual machine (VM) for sensitive tasks.

Survival Strategy for Corporations: Analyze ‘Geopolitical Risk’

  • Zero-Trust Principle for AI: “Never trust, always verify.” High-risk AI like DeepSeek must be fundamentally blocked from corporate networks.
  • Strengthen Supply Chain Due Diligence: When adopting AI solutions, ‘geopolitical due diligence,’ which analyzes the developer’s nationality and the country’s legal system, must be mandatory.

The low-cost innovation shown by DeepSeek was effectively an illusion. Its cost was paid for by us, the users, with our ‘personal information’ and ‘security’ as collateral. Technology is no longer neutral. Will we fall for the convenience at hand and willingly hand over our data to surveillance, or will we choose the path of protecting our freedom and sovereignty, even if it’s a little inconvenient?

Before that expensive bill arrives, it is time for all of us to answer.

**References**
#DeepSeek#Data Leak#AI Security#ByteDance#National Security#Cybersecurity#Privacy#China National Intelligence Law#Digital Sovereignty

Recommended for You

40% of Data Center Power Isn't Used for Computation — Where Does That Money Go?

40% of Data Center Power Isn't Used for Computation — Where Does That Money Go?

18 min read
The Thermodynamics of Intelligence: Power Bottlenecks and Global Energy Wars Sparked by AI (Survival Strategies for the US, China, and South Korea)

The Thermodynamics of Intelligence: Power Bottlenecks and Global Energy Wars Sparked by AI (Survival Strategies for the US, China, and South Korea)

10 min read
2025 Data Catastrophe: Is Your Privacy Still Intact? (A Digital Social Contract for Survival)

2025 Data Catastrophe: Is Your Privacy Still Intact? (A Digital Social Contract for Survival)

10 min read

Advertisement

Comments