Is Deepin Linux spying on you ? History and Spyware Controversy

29 Comments | Server By · 27/11/2022



Is Deepin Linux spying on you ? History and Spyware Controversy

Is Deepin Linux spying on you ? History and Spyware Controversy

I got a lot of questions about Deepin, and a lot of you seem to have security concerns. I thought I’d address them as best I could, from the available information on the internet. Let’s take a look at Deepin’s history, and try to find if it does, indeed, spy on you !

Deepin’s history
Deepin Linux is developed by a company called Wuhan Deepin Technology, which is based in China, in the city of Wuhan. The distro was created in 2004. At the time, it was knows as Hiweed Linux, which was the first debian-based localized Chinese distribution. It was driven by the community, and had no commercial backing.

Seeing that the name was a bit weird for us westerners, they renamed the distro to Deepin in 2008. In 2011, Deepin was incorporated to further the development of the distro, and received funding almost immediately, in part from contracts with the Chinese government. Deepin joined the Linux foundation in 2015.

From a technological standpoint, Deepin used a lot of different distributions as its base: first Morphix, for the initial 0.1 release in 2004, then Debian until february 2005, and then it migrated to Ubuntu until Deepin 2014.3, released in April 2015. Deepin the moved on to the unstable branch of Debian. It still uses this base as of tady, in its latest release, Deepin 15.8.

Deepin Desktop Environment:
Today, Deepin uses Deepin Desktop ENvironment, which it develops internally, but it hasn’t always been the case. Deepin used iceWM for its first version, Hiwix 0.1, then moved to XFCE , LXDE, GNOME 2, and then GNOME 3. The Deepin DE only was made default in Linux Deepin 12.12, released in June 2013, and evolved from there, reaching version 3.0. Nowadays, Deepin DE is on par with the likes of GNOME in terms of features and stability, and is, arguably, one of the best looking desktop environments there is.

Software and spyware
Deepin comes from China, which means people will always have a certain preconceived notion about it.

As per spying on you, Deepin did suffer from a controversy in mid 2018: the Deepin Store sent unencrypted requests to CNZZ, the Chinese equivalent to Google Analytics. These requests seemed to give away the users browser agent, since the Deepin Store is an app that renders a webpage, as well as some other informations.

This controversy was quickly adressed by Deepin, which said that they did not collect personnal user data, only “harmless browser agents and browsing data”. After some analysis, it appeared this tracking only did what regular old analytics do: collect width, heigt, browser agents, and other non-personnal data. They quickly removed that tracking from the Deepin Store. To be fair, this kind of tracking is pretty common in stores where you tend to sell some stuff, to try and make more money from it by tailoring it to how users browse said store. The problem here can be separated in three points :

– FIrst, Deepin didn’t disclose out of hand that their store did such requests. Had they adopted a similar approach to Ubuntu’s data collection, they would still have faced some criticism, but al least people would have been informed that it was taking place.

– Second, Deepin, after removing the incriminated data collection, still didn’t disclose which data was collected, which lets something of a doubt lingering over the whole distro: if they didn’t disclose it, then it was probably something bad.

– Third, Deepin is produced by a Chinese company. This might just be paranoia, but the Chinese government is know for trying to censure, add backdoors, and spyware to its partners. Deepin did, at some point, have some government contracts, which means their products are probably subject to some government meddling.

In the end, apart from looking at the whole source from the distro, which is available, and monitoring all outbound requests from the system, there is no easy way to know if Deepin really spies on you, or if it did in the past.
Calling it spyware at this point, is premature: nothing has been proved yet, but these suspicions need to be taken into account when you decide to use that distro: Deepin might be innocent until proven guilty, but if the doubt is too much of a risk for you, it’s probably preferable to use their desktop environment on an other distro, such as Arch or Manjaro, or even avoid it altogether.
I, for one, won’t bother too much about that. If you already have a Google, Facebook, or Microsoft account, chances are you are already giving away more of your data than what Deepin might collect.

I hope this shed a bit of light on Deepin and the security controversy surrounding it. As of know, I would consider it mainly paranoia, but if you live in China, and you don’t want to take any risks, I’d recommend against using this distro, just in case.

No Copyright Motion Graphics
Motion Graphics provided by https://www.youtubestock.com
YouTube Channel: https://goo.gl/aayJRf

Follow me on Twitter : http://twitter.com/thelinuxEXP

Comments are closed.

53GB.COM GPTSTORE CPU Yougpt Gptsio Gpt-store-Nav