The China-made generative artificial intelligence (AI) app DeepSeek is making waves for all sorts of reasons, not least of which is its significant data privacy and security issues.
Five countries and some US states and government agencies have already banned the AI chatbot that shook the US tech industry and stock market on its release in late January 2025.
Countries cite DeepSeek’s data collection and offshore storage, poor encryption practices, national security risks, and non-compliance with privacy laws as reasons for banning the app, mostly on government devices and in some cases from broader use.
Indeed, on its US release day January 20, 2025, the DeepSeek-R1 chatbot was the most-downloaded free app on Apple’s App Store and had a massive data leak that exposed one million sensitive records, compounding privacy and security fears. Malicious attacks on the app only a week later didn’t instil confidence.
The fears stem from DeepSeek storing its user data in China, where it cannot legally deny the Chinese government access to it, and the model’s inherent security vulnerabilities, particularly for AI jailbreak attacks where hackers bypass the model’s safety guardrails to produce malicious content such as malware instructions. Cisco, one of many agencies to have studied DeepSeek’s security posture, revealed the model is 11 times more likely to be exploited by cybercriminals than other AI models and in testing had failed to block all harmful prompts, including prompts related to cybercrime and misinformation. Its competitors, including OpenAI’s GPT-4o and Google’s Gemini, did much better.
Cybersecurity researchers has also found that the DeepSeek mobile and web apps contain hidden code that is transmitting user data to state-controlled telecom company China Mobile, and possibly other Chinese state-owned entities. China Mobile was banned from operating in the U.S. in 2019 due to national security and law enforcement risks.
So, within that hotbed of issues, everyday users – and entire countries – need to determine whether the benefits of using the new kid on the AI block outweigh the risks to privacy and safety.
If you’re determined to try it, here’s the latest advice for staying private and safe on DeepSeek:
1. Don’t use your Gmail or Apple accounts to sign up to DeepSeek. That way, the data on those accounts is kept away from DeepSeek.
2. Don’t ask the app questions that reveal any identifying or highly personal information, since all inputs are used to train the model.
3. Avoid using the app altogether if you work for a government agency or other sensitive organization.
4. Use a virtual private network, like MySudo VPN, to hide your IP address and location when using the app.
5. Don’t access DeepSeek’s AI models through DeepSeek’s web site, apps or API. Instead, consider using the DeepSeek AI model hosted by a service provider you trust. The app (iOS, Android, and web) sends data back to China, while US-based third-party platforms on which you can run DeepSeek don’t. Many US-based providers are running DeepSeek through their own data centres, such as Perplexity and Amazon Web Services for non-developers and GitHub for developers. This short news clip is a good explainer:
6. Finally, get an alternative email and phone number from MySudo app to open and log into your DeepSeek account. MySudo has digital identities called Sudos that offer different identity credentials from you own and therefore protect your personal information and make it impossible for data aggregators to correlate your data. Signing on to DeepSeek (or any app) with your Sudo details is like adding a privacy and security buffer between you and DeepSeek. Download MySudo. Set up your Sudos.
We don’t know how DeepSeek’s technology and security issues will unfold from here, or where the world will go next with generative AI. Our best advice is to stay vigilant and proactive about protecting your own data privacy and security when using AI chatbots and other tools.
Discover Anonyome Labs’ other privacy and security apps, beyond MySudo:
- Tools for individuals (protect yourself)
- Tools for business (protect your customers)
