DeepSeek AI arrived on the tech scene with a sudden bang last week, but it may well be disappearing as quickly as it arrived. Countless experts and organisations have warned against using the Chinese AI platform, and it has now been found to be collecting huge amounts of your data.
DeepSeek might be challenging the status quo and proving significantly cheaper to run, but this comes at a considerable data cost – one even tools like the best VPNs can't protect you from.
We have already begun to examine whether DeepSeek is safe to use, but further investigations are uncovering more and more red flags, resulting in warnings to avoid DeepSeek in order to protect your data.
Keystroke logging
I've already spoken about the safety of DeepSeek AI, and highlighted the sheer excess of data collected by the tool, as set out in its privacy policy.
Hidden within the list of "technical information" collected is "keystroke patterns or rhythms." Keystroke logging involves the tracking of every interaction you make with a button on your keyboard.
When you press a key, you're "speaking" to your computer, telling it what function you want it to perform. How it responds depends on the length, time, and velocity of the keypress, as well as the key's name.
This is a particularly concerning piece of data to collect and can reveal practically everything you do on your computer. By signing up and agreeing to its privacy policy, you are giving DeepSeek your consent to record and store every input you make on your keyboard.
DeepSeek also collects your IP address, email address, cookies, payment information, and every interaction with its chat tool. It also assigns you a device and user ID, meaning you can be tracked across multiple devices.
Combine this with the collection of keystroke patterns, and the sheer volume and detail of the data DeepSeek is chilling – and a major cause for concern.
Other AI tools, and many companies online, collect large amounts of your personal information and this isn't new. But they do not mention the collecting of keystrokes and this is one of the major red flags that makes DeepSeek worryingly different.
Is it possible to delete this data?
There's also no guarantee that DeepSeek will delete your data. Its privacy policy states it retains information "for as long as necessary" and doesn't mention how long this is.
Further down in the privacy policy it states "retention periods will be different depending on the type of information, the purposes for which we use the information and any legal requirements. For example, when we process your information to provide you with the Services, we keep this information for as long as you have an account."
However, it states that if you violate any of DeepSeek's terms then it may delete your information from public view but keep it to process the violation.
It does not give any more examples of what data it removes upon account deletion. So, it is unclear whether the technical information such as IP address, device and user ID, or keystrokes is retained or deleted.
DeepSeek states you "may have certain rights with respect to your personal information" but that depends on where you live. It says you "may" have the right to request that DeepSeek deletes your personal information – but again, it doesn't give examples of what data this is and whether all data can be deleted.
Data Security
DeepSeek does not explicitly say how it protects your data. There is no mention of encryption or how it safeguards your data to prevent unauthorized access.
What the privacy policy does say is that DeepSeek maintains "commercially reasonable technical, administrative, and physical security measures that are designed to protect your information from unauthorized access, theft, disclosure, modification, or loss."
It says it reviews its security measures regularly but warns that "no internet or email transmission is ever fully secure or error free."
Relationship with the Chinese government
A further cause for concern is DeepSeek's links to the Chinese Communist Party. The information collected is stored in servers in China and its terms of service document states they "shall be governed by the laws of the People's Republic of China in the mainland."
The exposes a potential national security issue and reignites the debate which fuelled the TikTok ban over China's potential collection of the data of millions of Americans and other users in the Western world.
China's government exercises control of the country's internet, censorship is common, and it has some of the strictest VPN laws in the world. There have been reports that DeepSeek AI censors certain material that the Chinese government does not want it to disclose. Users have reported instances of censorship when the AI tool is asked about Tiananmen Square and Taiwan.
DeepSeek’s newest AI model is impressive—until it starts acting like the CCP’s PR officer. Watch as it censors itself on any mention of sensitive topics. 🧵👇 1/9 https://t.co/nN6EwHsnoeJanuary 20, 2025
Disclaimer
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
