Is Deepin Linux spying on you ? History and Spyware Controversy

preview_player
Показать описание
I got a lot of questions about Deepin, and a lot of you seem to have security concerns. I thought I'd address them as best I could, from the available information on the internet. Let's take a look at Deepin's history, and try to find if it does, indeed, spy on you !

Deepin's history
Deepin Linux is developed by a company called Wuhan Deepin Technology, which is based in China, in the city of Wuhan. The distro was created in 2004. At the time, it was knows as Hiweed Linux, which was the first debian-based localized Chinese distribution. It was driven by the community, and had no commercial backing.

Seeing that the name was a bit weird for us westerners, they renamed the distro to Deepin in 2008. In 2011, Deepin was incorporated to further the development of the distro, and received funding almost immediately, in part from contracts with the Chinese government. Deepin joined the Linux foundation in 2015.

From a technological standpoint, Deepin used a lot of different distributions as its base: first Morphix, for the initial 0.1 release in 2004, then Debian until february 2005, and then it migrated to Ubuntu until Deepin 2014.3, released in April 2015. Deepin the moved on to the unstable branch of Debian. It still uses this base as of tady, in its latest release, Deepin 15.8.

Deepin Desktop Environment:
Today, Deepin uses Deepin Desktop ENvironment, which it develops internally, but it hasn't always been the case. Deepin used iceWM for its first version, Hiwix 0.1, then moved to XFCE , LXDE, GNOME 2, and then GNOME 3. The Deepin DE only was made default in Linux Deepin 12.12, released in June 2013, and evolved from there, reaching version 3.0. Nowadays, Deepin DE is on par with the likes of GNOME in terms of features and stability, and is, arguably, one of the best looking desktop environments there is.

Software and spyware
Deepin comes from China, which means people will always have a certain preconceived notion about it.

As per spying on you, Deepin did suffer from a controversy in mid 2018: the Deepin Store sent unencrypted requests to CNZZ, the Chinese equivalent to Google Analytics. These requests seemed to give away the users browser agent, since the Deepin Store is an app that renders a webpage, as well as some other informations.

This controversy was quickly adressed by Deepin, which said that they did not collect personnal user data, only "harmless browser agents and browsing data". After some analysis, it appeared this tracking only did what regular old analytics do: collect width, heigt, browser agents, and other non-personnal data. They quickly removed that tracking from the Deepin Store. To be fair, this kind of tracking is pretty common in stores where you tend to sell some stuff, to try and make more money from it by tailoring it to how users browse said store. The problem here can be separated in three points :

- FIrst, Deepin didn't disclose out of hand that their store did such requests. Had they adopted a similar approach to Ubuntu's data collection, they would still have faced some criticism, but al least people would have been informed that it was taking place.

- Second, Deepin, after removing the incriminated data collection, still didn't disclose which data was collected, which lets something of a doubt lingering over the whole distro: if they didn't disclose it, then it was probably something bad.

- Third, Deepin is produced by a Chinese company. This might just be paranoia, but the Chinese government is know for trying to censure, add backdoors, and spyware to its partners. Deepin did, at some point, have some government contracts, which means their products are probably subject to some government meddling.

In the end, apart from looking at the whole source from the distro, which is available, and monitoring all outbound requests from the system, there is no easy way to know if Deepin really spies on you, or if it did in the past.
Calling it spyware at this point, is premature: nothing has been proved yet, but these suspicions need to be taken into account when you decide to use that distro: Deepin might be innocent until proven guilty, but if the doubt is too much of a risk for you, it's probably preferable to use their desktop environment on an other distro, such as Arch or Manjaro, or even avoid it altogether.
I, for one, won't bother too much about that. If you already have a Google, Facebook, or Microsoft account, chances are you are already giving away more of your data than what Deepin might collect.

I hope this shed a bit of light on Deepin and the security controversy surrounding it. As of know, I would consider it mainly paranoia, but if you live in China, and you don't want to take any risks, I'd recommend against using this distro, just in case.

No Copyright Motion Graphics

  1. The Linux Experiment
  2. linux
  3. deepin
  4. deepin linux
  5. deepin spyware
  6. spyware
Рекомендации по теме
Is Deepin Linux 0:05:18

Is Deepin Linux spying on you ? History and Spyware Controversy

🔥 Is Deepin 0:06:59

🔥 Is Deepin Linux Safe, or is it Spyware?

Is Deepin Spyware? 0:12:18

Is Deepin Spyware?

Linux Deepin Is 0:05:48

Linux Deepin Is Spyware

Deepin Linux Review 0:02:38

Deepin Linux Review - Is Deepin spying on you?

Linux Deepin Is 0:06:44

Linux Deepin Is Spyware Follow-up

Deepin Linux Spyware 0:01:01

Deepin Linux Spyware Controversy #keepittechie #techtalk #spyware

Is Deepin Os 0:07:11

Is Deepin Os 23 Spyware? or Beautiful? - Quick Overview

Is Linux Deepin 0:13:06

Is Linux Deepin Spyware?

Deepin Linux Review: 0:10:49

Deepin Linux Review: Stylish Distro or Spyware?

Linux Distros Tracking 0:10:09

Linux Distros Tracking You – From Deepin to Astra Linux | What’s The Truth

Linux Deepin é 0:09:49

Linux Deepin é um Spyware!? (Deepin is Spyware!?) [URGENTE]

Deepin 23: a 0:21:25

Deepin 23: a beautiful, really disappointing update

Is Deepin OS 0:13:45

Is Deepin OS Safe??

Does Deepin Linux 0:03:35

Does Deepin Linux safe for using?

Deepin To Remove 0:06:59

Deepin To Remove Web Analytics From App Store Due To Spyware Claims

About Deepin Linux 0:12:10

About Deepin Linux 20.2 | Deepin Linux Pros And Cons | Deepin Linux 20.2 Spying | Linux Deepin OS 20

Deepin 15.11 Vs 0:11:06

Deepin 15.11 Vs Ubuntu 18.04 LTS | Is Deepin stealing your personal data?

Deepin 23 First 0:14:43

Deepin 23 First Look | The Hottest Linux Release of the Year or a Risky Bet? (NEW)

Linux Deepin 15.6 0:07:24

Linux Deepin 15.6 is still Collecting Data

KDE Neon vs 0:02:49

KDE Neon vs Deepin Linux

Installing Deepin Linux 0:14:42

Installing Deepin Linux From Wuhan on Dell XPS 13 laptop

We Should Take 0:15:03

We Should Take Some Notes From This Chinese OS

Deepin Linux 20.5 0:05:15

Deepin Linux 20.5 Review

Комментарии
Автор

As part of the western culture, I find HiWeed to be a better name

mavhunter
Автор

Some extra info about the history linking to the bad reputation: Deepin used to be (before their Linux thing started) well known in China as a distributor of slimmed-down (the install media was like ~200MB comparing to original Windows XP ~600MB) pre-optimized & pre-activated(that means pirate, although most people use them already have a OEM license) version of Windows XP.

The releases was in ghost image form, provides a quick-install (comparing to install via CD) out-of-box experience (no first-time-setup, common used software bundled). The problem is they modified/removed the original Windows system component to make the OS take less disk space and provide extra features like patched uxtheme.

This leads to *some hardware fail to work due to dirvers being removed, some software fail to run on the OS as a result of required system component being removed, and some versions come with annoy things like changing IE homepage without user agreement, * which give it a bad reputation that carries till today among Chinese "power users".

(Although the developing team behind Deepin Linux is different from the theme behind the pirate Windows XP, it *is* still the same boss/company. The company dropped the pirate Windows XP product following a Microsoft lawsuit against another pirate Windows XP distributor and turned to Linux development.)

見崎未咲
Автор

That Corona virus has really been deepin everywhere fam....

CyberSkynet-ob
Автор

I’m glad you included the part about google and Facebook. Start talking about a product around your phone and you will get ads for it the next time your online.

TheDustin
Автор

Windows and google really are anytime.

victorlin
Автор

You're so calm you made me calm too.

cis
Автор

I use Deepin almost exclusively - I had a look at most other distros which use DDE but really the the features and apps that are not available using DDE distro quickly sent me scurrying back to Deepin. If I am at risk I am also at risk from FB and Google to a much greater extent.

colincomber
Автор

As a Chinese mainlander, I have to say my government don't care about what we did at most of the cases. Plenty of people complain our government branches in all kinds of social networks, which in theory they have access to (CIA and Pentagon also have access to US firms BTW), but they didn't do anything, unless someone report the potential malicious or hate speech post to the police.
My takeaway is "Don't anyhow believe whatever things the lamesteam media tell you." Most of the case they won't say anything good about China, especially when the tension start to get escalated lately.

parisqs
Автор

This collecting information are minor and not privacy issue.

Its like when Firefox collecting data for experience, or DAEMON Tools collecting statistical data, its things about resolution (how minimal size our software should be), file name length (how big should be text box showing filename below the icon), average tab names (like how wide maximum tab should be for a given font), your configurations (what things you like, in what order), and such, so the next version can be better (because what most peoples like is the best option in business), and this data can be sold every month, because things are changing rapidly.

In other hand Google collects data like what you search, and that can be the beginning of the privacy issue, but also as a security mechanism, for example if im searching for a bomb, it may be safer if security keep eyes on me, but if im searching for a simple table to buy, i do not wanna see the same ADS after a month because its already done.



China does not have this regulations so peoples automatically assume theres something hidden going on, but lets be real, they provide you free OS, and they earn money thanks to their users, because this collected data can be sold for money, that will keep driving them to continue their OS support and improvement. In other hand you pay for Windows OS, they spy on you with NSA, connecting all kind of stuff, preinstall bloatware, and other PC manufacturers also put bloatware in their software thats required for PC to work optimal, and that fine because of contracts.
For EU its fine if you can choose, even its already selected by default, thats why clean Windows for EU has been released (like LTSC N versions), because of laws, and same goes with China, they already know if they put something sketchy in OS, in other country, thats bad, they will be in trouble.

However, at least they provided open source code, while in other hand eg. Chrome does not, and it can happen that you speak some random korean nonsense from their anime and the next time you select translate page in google, english to korean will wait for you, even you are pretty sure you never did, and last thing was to french, german or someting like that, but peoples are still using it, because they have money to put their product in front of you, same goes with smartphones that went really crazy all around the world.

RadiusNightly
Автор

From Wuhan... I swear I've heard about that city before.

argonnath
Автор

love the look and feel of that OS. guess i will give it a go in my office pc since windows10 seem to be slowing me down lately. how is it for development? does store include some fancier IDEs like vscode?

Muphet
Автор

@The Linux Experiment, would you consider making a comparison video between the latest Manjaro Deepin and Elementary OS Juno?

atps
Автор

3:29 Ubuntu ratted you out to Amazon with no consent but I think Deepins biggest fault here is it being Chinese.
FB, YT, Ubuntu and half its distros, but its Deepins fault. Does NSA advise me not to use it?

abhabh
Автор

To be frank I would much rather trust the Chinese with my data rather than the big companies like Apple and Microsoft. Chinese are villified by the US propaganda, because the Chinese economic growth is really getting to the US, and they want to avoid it as much as possible. Xiaomi has so far been the best Android device I have used to date. Whether people like it or not, Deepin is really the only serious Linux competitor in the desktop market.

Even IF Deepin collects any data, this shouldn't be a concern for those outside China. People who would be worried are the Chinese, which are often spied on by the government.

rytisliaucys
Автор

Mac os spying you windows spying you to.... from years

seban
Автор

I thought we would have an analysis of the code or at least something, but it comes down to "you never know".

TonyVisconti
Автор

Thanks for what is likely the most rational video on this topic.

xemy
Автор

There is something wrong with it, I always get this error on different machines: "register_kretprobes failed, returned -7"!

maanvol
Автор

Debian base distros does not always seems to work on my system. Last time I tried ubuntu I got a kernel panic when I booted the installation medium. But Arch Linux distros always seems to work perfect on my laptop.

loyalty_cham
Автор

You introduced the "history" of deepin, but why don't you mention its cracking works on win XP? Every Chinese student born between 1980 to 2000 know that 「深度 XP」 is a famous "windows distro" in China's folk.
Since you have got the code, why not try to compile and compare with the published ISO file?

lylechen