Baidu IME Banned for “Spying on Japan”

baidu-tan-1

Top Chinese portal Baidu has had its Japanese IME identified as a probable espionage tool after it transpired it is logging all Japanese text entered and sending it off to Baidu, causing such consternation that the government is warning against using it.

The IME (input method editor) needed to efficiently enter East Asian languages on PCs is included with Windows, but Microsoft’s offering is frequently replaced with those of other makers (most notably Google).

baidu-tan-2

Baidu’s freely distributed IME, already noted for its underhanded uninstaller, is now the subject of an official warning from both Japan’s National Information Security Center and its culture ministry MEXT.

According to analysis of the software, it automatically transmits all email, search history, word processor documents and other typing (including, most probably, password strings) to Baidu’s servers for “cloud conversion.”

NISC and MEXT have told some 140 governmental institutions they need to stop using the software lest what remain of their secrets end up in China.

Baidu’s Japanese subsidiary claims 2 million users of the IME, which even given their probable vast exaggeration amounts to a potentially significant trove of government secrets, and the company also provides “Simeji” smartphone software with similar functionality.

After the warning was widely reported they released a new version which they claim addresses the issue and helpfully explained that “no data is logged on our servers without permission from the user.”

Such is the extreme distrust of Baidu online already the only raillery to be seen looks to be against anyone dumb enough to be using it:

“We knew!”

“Nothing is more expensive than free?”

“2 million users…”

“I can’t believe anyone would consider using made in China software.”

“To think there were public bodies dumb enough to install this trash on their PCs….”

“Just avoid anything made in China and you are in the clear!”

“As expected of China quality.”

“This stuff mostly gets installed bundled with other software I think, so most probably don’t realise.”

“Lenovo.”

“Simeji has 7 million downloads so I’d be more worried about that…”

“Simeji was made in Japan but got bought up by Baidu.”

“Hopefully they can arrest the users with that new anti-spying law.”

“I’m left wondering about Google’s IME…”

Leave a Comment

53 Comments

    • @Anon 10:35

      “serves them right, for being that stupid”.

      Okay, that’s true. Yet, does that make you “stupid” for ever having had your messages routed through equipment made by:

      Airlink
      Apollo
      Apple
      AT&T
      Bay Networks
      Castelle
      Cisco
      Compaq
      D-Link
      Hawking
      Hewlett-Packard
      IBM
      Intel
      Motorola
      Netgear
      Nortel
      SynOptics
      Tektronix
      Wyse
      or Xerox, since you have no idea whether or not those companies have ever had their firmware modified by Chinese nationals, or companies or contractors influenced by the Chinese government (Communist or Nationalist)?

      BACKDOOR_VULNERABILITIES_R_US=YES; export BACKDOOR_VULNERABILITIES_R_US

  • China censors their own internet, what made these idiots think China wouldn’t use it to spy on them, while allowing them to do things their own people cannot?! Installing Chinese software, as expected of plebs.

  • Which is why you should have a firewall… which tells you when a software attempt to use the internet, so you can allow or block (temporarily or permanently) it’s access to the internet…
    Something like an IME client, other than maybe an update or two once in a while (which it shouldn’t need to begin with…) should NOT require internet access to work.

    • It is the Anti Virus software that says if your computer has software that acts like a virus (software that you installed accessing your computer etc) the firewall is just there to block outbound and inbound connections .. don’t get those things mixed up

      • The fuck you talking about

        He said firewall.

        You know… you get a warning when software wants to send a package somewhere (a.k.a. outbound connection)? Just like the guy said?

        Oh and btw, since you seem to be retarded, logging text and sending data isn’t behavior exclusive to viruses, so nothing would detect it.

        • A pure firewall doesn’t. Firewalls in the traditional sense only operate on network addresses. Being able to control access on per-binary basis makes them more of a capability based security system for networking.
          Windows firewalls are largely mis-named hybrids.

        • Actually, you won’t get that warning, since the software didn’t make a connection. It doesn’t send constantly like spyware, but rather do it during software updates that you would have authorized with the firewall already.

          The stuff that’s sent also isn’t encrypted like spyware, but in utf format that you can actually read, if you monitor it and want to for some reason.

          It’s also not coherent sentences that’s sent, but rather the number of times each character was typed.

          They’re also not interested in peeking into your sexting sessions, but rather info on how to to improve their IME.

          Here’s how Asian language system IMEs work: You type phonics using 26 letter standard English keyboard -> it gives a list of same/similar sounding characters -> you select the right one.

          There are many pages of characters for every sound, with most frequently used ones in front, and rare ones pages back. How do they know which one is most frequently used? The IME tells them.

          Microsoft did the same thing for their IME bundled in Japanese Windows up until 4 years ago, when they had gathered more than enough data to basically finalize their list.

          In fact, you wouldn’t want to use an IME that does not do this. Why? Because you’ll have to scroll pages for every character you type.

          I don’t know why I bother explain this stuff to you trolls…

  • Everyone’s spying on everyone these days. When Microsoft pulled something like this back in the early days it was big bad news, now everyone’s fine with google doing it. Oh.. but if the Chinese are doing it it’s bad again.

    So…

    SocialMedia: It’s fine because it’s their business model
    Google spying on us: fine, too
    NSA spying on us: no big deal, but remind them of the law from now and then

    Chinese spying on us: OH NOEZ.

    Can’t people have that kind of reaction on spying more often.. like.. always? Most of you are carrying a tracking device that doubles as a bug (the kinds that listen to the stuff you say without you knowing) – only people call it a phone.

    Why do people not care anymore for privacy?

    • Countries like to point at each other to make themselves look better, but they’re all hypocrites.

      I’d like to know why nobody complains about the ridiculous permissions required by mobile phone games. Why the hell do they need to know my name, the people I call, my exact location, the messages I’ve sent and received, etc?

    • The irony is, this is actually relatively harmless compared to Google logging surfing habits for market research.

      What is sent is how often each character is used, not the entire sentence in the order in which it’s typed. Calling this a invasion of privacy is like saying you can see what a shredded letter is saying just because you see words out of order on the pieces.

      East Asian language system IMEs give a list of characters as you type on the 26 letter keyboard. More commonly used characters are put on top, instead of pages back. The IME sends how often ppl select each character back to the company, so they can make revisions to the list.

      Microsoft did this to their Japanese IME up until 4 years ago, once they already have enough information. Baidu is new at IMEs, and thus needs to build up their own priority queue.

      This is just politicians pumping up the right wing nuts, who are the only ones voting in Japan.

      • Now imagine the IME sending your home address, credit card numbers + security codes etc. somewhere, to some unverified, unknown company in China, because you typed them in.

        Not so harmless now, huh

        • @14:43
          >I have seen the software’s source code and I personally am a part of Baidu staff, I know what they’re doing with the unencrypted, plain text they receive and there’s no chance it’ll get intercepted by 3rd parties

        • Hey Genius, it’s only the largest search engine in China and 3rd largest in the world.

          And the information is actually sent using utf format that you can read, not encrypted like spyware typically do.

          You also won’t catch anything on antivirus, as it’s not sent constantly, but only during updates that you would have authorized with the antivirus first. Those updates are two way, literally and figuratively.

          In any case, Baidu does spy on you, like all search engines do, just not through its IME.

  • I think those Chinese/Japanese input methods always need user’s input data to improve its accuracy/speed. Actually, if it’s a company that I trust, I would like them to stock my input habits in both offline and online form, encrypted though.

    But to say the truth, I seriously can’t allow any search history be recorded… Damn, NSA already has mine.