Most PRIVATE Keyboard Apps!
Summary
TLDREste video explora la privacidad de los teclados virtuales en los dispositivos móviles, destacando los riesgos asociados con los teclados de terceros que pueden comprometer datos sensibles al enviar pulsaciones de teclas a servidores centralizados. Se analizan las diferencias entre los teclados del sistema y los de terceros, y se discuten las implicaciones de privacidad de cada uno. Además, se ofrecen alternativas más seguras y se sugiere estar atento a los permisos y las actualizaciones de las aplicaciones para asegurar la privacidad en la comunicación digital.
Takeaways
- 🔒 La privacidad del teclado es crucial porque es la puerta de entrada a toda la información que ingresamos en nuestros dispositivos.
- 📱 Los teclados de terceros pueden ofrecer características avanzadas, pero también pueden presentar riesgos significativos de privacidad y seguridad.
- ⚠️ Es fundamental conocer al desarrollador del teclado y confiar en sus prácticas de privacidad antes de instalar cualquier aplicación.
- 🔐 Algunos teclados envían cada pulsación de teclas a servidores centralizados, lo que puede provocar filtraciones masivas de datos personales.
- 🚨 La configuración de privacidad y las prácticas de encriptación de datos son clave para evaluar la seguridad de un teclado.
- 🛑 Los permisos excesivos solicitados por los teclados de terceros pueden ser una señal de alerta sobre la recopilación de datos innecesarios.
- 🔍 Es posible investigar los rastreadores y permisos de cualquier aplicación mediante plataformas de auditoría de privacidad como Exodus.
- 🔏 Los teclados del sistema, como los de Apple y Google, varían en su enfoque de privacidad, y algunos recopilan datos de forma predeterminada.
- 🔧 Es recomendable optar por sistemas operativos y teclados enfocados en la privacidad, como GrapheneOS, que no dependen de servicios de empresas de datos.
- 🌐 Para los usuarios de iOS, desactivar el análisis de iPhone puede ayudar a reducir la recopilación de datos, aunque se recomienda precaución incluso con teclados incorporados.
Q & A
¿Qué es un teclado virtual y cómo funciona en dispositivos como teléfonos y tabletas?
-Un teclado virtual es un sistema basado en software que muestra una imagen de un teclado en la pantalla de un dispositivo y permite la entrada de texto mediante una pantalla táctil. Es usado en dispositivos que no tienen teclados físicos.
¿Cuáles son los diferentes tipos de teclados virtuales mencionados en el guion?
-Los tipos incluyen el teclado del sistema, que es el teclado predeterminado proporcionado por el sistema operativo del dispositivo, teclados específicos de aplicaciones para necesidades únicas, y teclados de terceros que los usuarios pueden descargar y configurar como predeterminados.
¿Qué riesgos de privacidad están asociados con los teclados de terceros?
-Los teclados de terceros pueden requerir permisos extensivos y a menudo tienen la capacidad de enviar todas las pulsaciones de teclas a servidores centralizados, lo que puede incluir información personal y sensible como contraseñas y detalles de tarjetas de crédito.
¿Cómo puede afectar un teclado a la privacidad de las aplicaciones enfocadas en la privacidad como Signal?
-Si un teclado no es seguro y envía pulsaciones de teclas a servidores antes de que los mensajes sean encriptados por aplicaciones como Signal, entonces puede comprometer completamente la privacidad del usuario.
¿Qué es la Privacidad Diferencial y cómo la utiliza Apple en su teclado?
-La Privacidad Diferencial es una técnica donde se añade ruido aleatorio a los datos antes de ser enviados para análisis, con el fin de evitar que se vinculen a usuarios individuales. Apple utiliza esta técnica, aunque la efectividad es cuestionada debido a la configuración de sus parámetros.
¿Qué es el Aprendizaje Federado y cómo lo utiliza Google en Gboard?
-El Aprendizaje Federado es una tecnología que permite mejorar los modelos de predicción de texto en el dispositivo del usuario sin necesidad de enviar datos brutos al servidor. Gboard utiliza esto para actualizar los modelos de texto de manera que los datos sensibles no abandonen el dispositivo.
¿Por qué es importante revisar los permisos solicitados por un teclado de terceros?
-Es crucial porque algunos permisos pueden exponer al usuario a riesgos innecesarios de privacidad. Los teclados no deberían necesitar acceso a ubicaciones precisas o a micrófonos, a menos que ofrezcan características específicas como entrada de voz.
¿Qué alternativas de teclado existen para los usuarios preocupados por la privacidad?
-Algunas alternativas seguras incluyen teclados de código abierto como AnySoftKeyboard y OpenBoard, que no envían datos fuera del dispositivo. También se menciona GrapheneOS como un sistema operativo enfocado en la privacidad con un teclado que no comparte datos.
¿Qué implicaciones tienen las fugas de datos ocurridas en teclados populares como AI.type y SwiftKey?
-Estas fugas revelaron información personal de millones de usuarios, incluyendo detalles de contacto y textos escritos, resaltando la importancia de elegir proveedores de teclado con prácticas de seguridad y privacidad robustas.
¿Cómo se puede reducir la recolección de datos en teclados del sistema como los de Apple o Google?
-Se puede optar por desactivar las analíticas y funciones de aprendizaje en la configuración del teclado, lo que minimiza la cantidad de datos enviados a los servidores del desarrollador y mejora la privacidad del usuario.
Outlines
🔒 Privacidad del teclado en dispositivos móviles
Este segmento explora cómo las configuraciones de privacidad en un teclado de dispositivo móvil pueden afectar la seguridad general del dispositivo. Aunque un usuario puede sentir que su dispositivo es seguro debido al uso de navegadores y mensajerías privadas, el teclado del dispositivo, a menudo ignorado, puede comprometer esta seguridad. Se describen los diferentes tipos de teclados virtuales: teclados del sistema, teclados específicos de aplicaciones y teclados de terceros, cada uno con implicaciones de privacidad distintas. Se enfatiza la importancia de entender cómo cada teclado maneja los datos personales, incluyendo si envía los golpes de teclado a servidores centralizados y cómo se transmite y almacena esta información.
🚨 Riesgos de privacidad de teclados de terceros
Este párrafo aborda los problemas asociados con los teclados de terceros en dispositivos móviles, que a menudo requieren permisos extensivos y pueden comprometer la privacidad del usuario. Se discute el concepto de 'Acceso Completo', permitiendo al teclado comunicarse fuera de su aplicación y posiblemente enviar datos a servidores externos. Se mencionan casos de brechas de seguridad, como la filtración de datos de usuarios de AI.type y SwiftKey, y se critica la práctica de recolectar datos excesivos, incluyendo ubicaciones precisas. También se analiza cómo estas aplicaciones pueden seguir presentando riesgos incluso cuando no están en uso activo.
🔐 Alternativas de teclados más seguras
Este segmento destaca alternativas de teclados más seguras y centradas en la privacidad. Se discute la diferencia entre los teclados del sistema y los de terceros, con un enfoque particular en las prácticas de recolección de datos de Apple y Google, y cómo estas pueden comprometer la privacidad del usuario. Se presenta GrapheneOS como una opción de sistema operativo que prioriza la privacidad, y se mencionan teclados de código abierto como Anysoftkeyboard y OpenBoard como opciones más seguras. El párrafo concluye sugiriendo que la elección de un teclado es fundamental para la integridad de la privacidad del dispositivo.
🚫 Cómo minimizar los riesgos de privacidad en teclados
Este párrafo ofrece consejos prácticos para usuarios que desean minimizar los riesgos asociados con los teclados en dispositivos móviles. Se advierte sobre la importancia de evaluar las actualizaciones y los cambios de permisos en las aplicaciones de teclados y se enfatiza el impacto que un teclado puede tener en la privacidad de aplicaciones enfocadas en la privacidad, como Signal. Se concluye recomendando a los usuarios ser cautelosos al seleccionar aplicaciones de teclados, dada su importancia crítica para la privacidad del dispositivo.
Mindmap
Keywords
💡teclado virtual
💡privacidad del teclado
💡teclados de terceros
💡permisos de aplicación
💡aprendizaje federado
💡privacidad diferencial
💡Gboard
💡GrapheneOS
💡OpenBoard
💡exposiciones de datos
Highlights
智能设备上的键盘可能成为个人隐私泄露的途径。
不同的键盘应用在隐私保护方面存在差异。
系统键盘通常与手机操作系统(如Android或iOS)自带的虚拟键盘。
某些应用可能有特定键盘需求,如银行应用可能使用自带键盘以增加安全性。
第三方键盘提供额外功能,如滑动输入、自定义主题或多语言支持。
选择第三方键盘时要考虑开发者的可信度和键盘处理数据的技术细节。
键盘是否会将按键信息发送到中央服务器是判断其隐私性的关键。
数据传输的安全性,如是否使用加密,也是评估键盘隐私性的重要因素。
开发者的技术能力对于确保应用安全至关重要。
第三方键盘常常请求广泛的权限,包括所谓的“完全访问”权限。
使用隐私审计平台如Exodus可以研究应用的跟踪器和权限要求。
AI.type和SwiftKey等流行键盘曾因安全漏洞导致用户数据泄露。
即使不使用,安装在手机上的第三方键盘也可能带来安全和隐私风险。
苹果iOS键盘默认记录一些数据,尽管使用了差分隐私技术。
谷歌Gboard键盘使用联合学习,将改进后的模型摘要发送到云端而非原始数据。
GrapheneOS是一个基于Android的安全和隐私为中心的移动操作系统,不依赖谷歌服务。
Anysoftkeyboard和OpenBoard是开源且注重隐私保护的第三方键盘选项。
即使是开源软件,如果没有人审计代码,也不能保证其安全性。
苹果用户最好使用内置系统键盘,并关闭iPhone分析功能。
第三方键盘应用不仅关乎用户体验,更关键的是用户隐私和整个设备的安全。
Transcripts
Let’s say you’ve really clamped down with privacy on your phone.
You’ve installed the best private messenger. You use the most private browser and search
engine. You feel pretty good, right? But there's one thing that might still
be leaking everything you do on the device: Your keyboard.
Think about it, our smartphones have become an extension of ourselves, allowing us to intimately
communicate, do sensitive work, and access the world around us by tapping on a screen.
And the gateway to this world is the keyboard: it's where we type our searches,
our credit card details, our passwords. How private is your phone keyboard?
It depends which keyboard you're using, not all keyboard apps on our phones are the same.
Some people just use their built-in system keyboards, others might download 3rd-party
keyboards. Some keyboards just talk locally to your device, but others
might be sending off all of your keystrokes to a centralized server. These have wildly
different privacy implications. How do you tell the difference?
In this video we're going to dive into keyboard privacy, and try to help you make sure you're not
accidentally giving away every key you type. Let's start by understanding what a
virtual keyboard is and how it interacts with your device.
When we use a computer, we have a physical device with keys that allows us to input
text or numbers into the computer. When we have a device with just a screen,
like an iPad or phone, we use a virtual keyboard which is a software-based system that renders an
image of a keyboard on the display and operates as a touchscreen for inputting keystrokes.
Let's look at 3 types of virtual keyboards. First, there's the System Keyboard. Your phone's
operating system, like Android or iOS for example, comes with a built-in virtual keyboard.
When you tap on a text input field, like in a search bar, SMS or Instagram comment,
by default your operating system's keyboard will appear. This is usually the case for all apps on
your phone: by default they generally use the operating system’s built-in keyboard.
But occasionally there are app-specific keyboards.
Some apps might have unique requirements, for example a musical instrument app
might need a piano instead of letters. Others, like some banking apps, might have their
own keyboard app for added security. Then there are Third-Party Keyboards,
keyboard apps that you install on your phone that you can set as your default keyboard
instead of using the system’s in-built keyboard. Some of the benefits of 3rd party keyboards are
that they might offer more features than your system-provided keyboard,
like swipe typing, custom themes, or support for multiple languages.
You can often personalize them, and do other specialized tasks like make custom emojis.
There are countless 3rd-party keyboard apps available that
offer all kinds of functionality. But while all these benefits are attractive,
it’s important we also look at how each app handles privacy. We conduct sensitive
activities on our keyboard, so it’s vital we make sure we can really trust it.
So what things do you need to look for when deciding whether to use a 3rd-party keyboard?
First, how well do you know the developer, and do you trust them?
Before using any software, a user needs to be able to trust that the software
isn't hiding anything malicious, and is actually doing what it says it's doing.
Your keyboard software is no different. This is a difficult problem to figure out.
Really you should only install something if you have heard of the company who manages it, and
you know that they have a good reputation. It seems unfair, because there might be countless
unknown developers who are creating really great products. But the stakes for your
privacy and security are really high. It’s kind of like accepting candy from strangers;
while many might have good intentions, the risk involved for those who don't is too significant
to ignore, so it’s smart to be super careful. Then you should understand the technical details
of how the keyboard handles your data. Does it send keystrokes – like all your personal
messages, passwords, and other sensitive information – to centralized servers?
This is how keyboards that allow you to do searches work,
and is also sometimes how those that check your spelling in real time work too.
That’s a huge privacy leak. Then there’s a question of how that data is being
transmitted back to these centralized servers: Is it being sent using proper encryption? Or can
it also be intercepted and read by others who want to snoop on your activity? And once these
keystrokes are collected, how is the information being stored and who has access to it? If there’s
a rogue employee or inevitable data breach, is all of your private information going to be leaked?
You also have to be able to have confidence in the developers' technical abilities to
ensure good security in the app, to make sure it doesn’t have bugs that
hackers can use to get your information. Major operating system developers have extensive
resources dedicated to security, while third-party developers can vary wildly in terms of their
technical abilities and security practices. Then there are permissions.
One big issue with 3rd party keyboards is that they often request extensive permissions,
including what's termed as "Full Access." This permission allows the keyboard to communicate
outside of its standalone application, potentially accessing the internet and sending
data back to its developers or servers. While some permissions may be understandable,
such as full network access for online functionalities like GIF search, the extent
of these permissions often raises eyebrows. If a keyboard is requesting a large number of
permissions, you should be skeptical. For example, what would a keyboard
need access to your location for? Does your keyboard really need access to storage?
Does it need access to your microphone, especially if it doesn’t have a voice-to-text option?
Does the app need to be running in the background while not in use?
Granting broad permissions can potentially expose users to unnecessary privacy risks
so you should be mindful about what permissions your keyboard asks for.
Finally, keyboards can also have trackers in them.
You can do research on both the trackers and permissions required by apps that you
install by using websites like Exodus, which is a privacy audit platform for Android.
So now that we know some potential red flags to look out for, let's take a closer look at
some different keyboard apps. The unfortunate reality is that
a lot of these keyboards actually don't hold up under scrutiny.
AI.type was a popular keyboard that in 2017 leaked the personal information of over 31
million customers because of a lack of password protection on the company's database server.
This breach exposed names, phone numbers, email addresses,
and even text typed using the keyboard. SwiftKey experienced a data leak after being
acquired by Microsoft. Apparently, users reported that the keyboard was suggesting
private email addresses to other SwiftKey users, which is a terrifying breach.
On top of that Swiftkey has 3 trackers and requires 21 permissions in order to operate
including your precise location. Why does my keyboard need my precise location?
Citizen Labs, a security firm in Canada, found serious problems in Sogou, a Chinese language
keyboard with several hundred million users. They reported that Sogou not only records and
sends out all keystrokes to centralized servers as part of its ordinary functionality but they used a
flawed custom encryption method that allowed this data to be intercepted and decrypted,
many people questioned whether this was done intentionally.
Having a 3rd-party keyboard installed on your phone, even if you don’t use it, can still pose
significant security and privacy risks because of all the permissions that you’re granting it.
Maybe you’re diligent about only granting the necessary permissions,
but keeping dormant software on your device increases the risk of vulnerabilities.
For example in 2019 Apple’s iOS13 had a bug that granted third-party keyboards full access to
iPhones even when users had them turned off. Now let's dive into System keyboards,
and see if those that Apple and Google have bundled with your phone are any better.
Built-in system keyboards provided by the OS can vary wildly in how they are implemented and how
they treat your data. We’ll start with Apple's iOS keyboard. By default, it does record some
data and Apple isn’t really transparent about what data it collects from the keyboard.
Apple’s documentation says that the data they collect from the keyboard
is used to find out what their users are doing: from the emojis we most frequently
use to identifying new trending words. This means that with iPhone analytics enabled,
some of our keyboard activity is being sent to Apple.
One thing that Apple does do to try to protect user privacy is implement
a technique called “Differential Privacy”. This is where random noise is added to keystrokes
before they're submitted to Apple, to prevent that data from being tied back to specific users.
The effectiveness of differential privacy depends on a variable known as the “privacy
loss parameter” or “epsilon” which is a measure of how specific the data being sent to Apple is.
Imagine you have a slider that, when set to the very left end, preserves total privacy of
individuals in the dataset by adding a large amount of noise to the data. The trade-off
is that the aggregate stats that Apple is now collecting are inaccurate. That same slider,
if set to the very right end, gives perfect accuracy to the aggregate stats, but now
users have lost all their privacy. The closer the epsilon value is to 0,
the higher the noise and therefore the higher the privacy protection.
To put it in perspective, many in the academic community consider an epsilon
value of 1 or less to be a good privacy protection standard, and anything above
1 a serious privacy compromise. But when researchers reverse-engineered
Apple’s software, the epsilon value was a whopping 14! This figure is way above what is acceptable
and basically means that while Apple does use differential privacy, at the level of settings it
uses, it offers very little privacy protection. On top of that, Apple keeps both the code and the
epsilon value secret, which means they could change it at any time.
One thing that we'd recommend is to opt out of iPhone analytics entirely,
which reduces the amount of data tracking. “I'm turning off the switch”.
However even with this setting opted out of, the security team Mysk uncovered that Apple
still collects extremely detailed data of your usage from different apps.
It’s unclear whether this includes data from your keyboard, because even if you inspect
the data being created inside the keyboard process while it is running, the keyboard process might be
caching the data somewhere and having another process pick it up and sending it off.
But switch off analytics regardless, your keyboard and everything else, will still function great
without it and you’ll have better privacy. Gboard, originally known as Google Keyboard,
can be considered both an in-built system keyboard and a 3rd-party keyboard,
depending on the device. Many Android devices include it as
the default keyboard, but on phones like Samsung and LG which don’t by default include Gboard,
users can choose to download and install it from the Play Store.
Instead of using differential privacy, which uploads your data with noise added, Google
uses what it calls Federated Learning. Federated Learning works by downloading the latest
text prediction model to your device, it improves it by learning from behavior data on your phone,
and then sends a summary of the changes to the cloud instead of the raw data.
This sounds great, because your raw data doesn’t leave your device.
Unfortunately, recent studies have shown attacks where the raw data can be reconstructed, breaking
the privacy of federated learning. For example this paper shows how the
sentence a user types on their mobile handset, when sending text messages
can be reconstructed with high accuracy. Federated Learning, while turned on by default,
can be opted out. Just go into Gboard settings and click on Privacy and turn it off. But this only
stops Federated Learning. And it’s important to know that your data is still being sent off your
device, only it’s very difficult to be able to tell whether that data is coming from the keyboard
itself or not. Ultimately, both Gboard and iOS keyboards are closed source, so there is no way to
verify that they don’t send off your keystrokes when analytics and learning are turned off.
And in both cases, there’s no easy way to disable keyboard permissions for network
access to rule this out. According to Exodus privacy, Gboard also requires 16 permissions,
including the ability to find accounts on the device
and read your contacts. So what are our options?
Ultimately, for the best privacy you might want to opt for an operating system that
isn’t collecting all your data like Google and Apple are for Android and iOS.
We recommend GrapheneOS, which is a security and privacy-focused mobile OS based on Android,
that doesn’t rely on any services from Google. GrapheneOS uses the Android Open Source Project
Keyboard as its built-in system keyboard, without relying on Google’s proprietary binaries.
It’s a complicated way of saying that it’s a clean version that doesn’t use any of the closed-source,
Google-specific components. Like the operating system itself, Graphene’s keyboard is designed to
prioritize privacy and security, ensuring that typed data isn't shared or compromised.
As it’s open-source, users have a better chance of being able to verify that the keyboard
is doing what it says it’s doing. And since GrapheneOS doesn't include Google
services or other telemetry services, there's no inherent data collection or phoning home
from the keyboard or the OS itself. Finally, GrapheneOS has no ties to any
large data-driven corporations. It doesn't have a central company
like Google or Apple behind it with a vested interest in user data for advertising.
So using the built-in system keyboard on an operating system like graphene
is a great choice for privacy. However if you aren’t willing to make the
switch to another operating system just yet, there are also some more privacy-preserving 3rd party
keyboards you can consider. Anysoftkeyboard is open source,
and one of the most mature alternative options out there jam packed with features and configurations.
It is one of the few keyboards with support for gesture typing and is also famous for its ability
to choose multiple keyboard layouts as well. It’s great for someone who wants to be able
to really customize their experience. Its auto correct and auto suggest features are not sending
your queries anywhere outside your phone but are based off of your local data and dictionaries.
OpenBoard is another solid option that is based on Android’s Open Source Project
keyboard. The keyboard offers a lot of the core features we expect from modern
keyboards such as multi language support, and autocorrect and suggestions.
In my experience, it offers the best autocorrect feature of all the open source options.
Like Anysoftkeyboard, OpenBoard’s auto correct is also based on local information and doesn’t
send queries off the phone. However it is still lacking features such as glide typing.
A popular newcomer is Florisboard which is still in early beta but has some nice
theming options and recently added gesture typing. It also lacks autocorrect features,
but that’s on its roadmap. Simplekeyboard is another option and, as its
name suggests, is minimalistic, offering the bare minimum of what a virtual keyboard should do.
All of these are open source and free. But keep in mind that just because something is open source,
it doesn’t mean that it’s safe. It depends if anyone is actually auditing the code, so you
should still be careful what you install. For those migrating from Gboard, OpenBoard
and AnySoftKeyboard probably offer the closest experience
and have decent autocorrect features. Apple users don’t have many choices, and are
probably best sticking with the in-built system keyboard with iPhone analytics disabled.
One potential option if you don’t want to use Apple’s keyboard, is Fleksy.
It claims to be privacy centric but because it is proprietary and closed source,
there is no way to verify its claims. Its privacy policy is somewhat tough to navigate
to, and says it can collect precise location data to provide ‘location-based’ services,
which in our opinion is outside the scope of what a keyboard should do.
According to Exodus they have 6 trackers and require 19 permissions.
So again, we think the best option for iOS is just the in-built keyboard
with analytics disabled. One thing to keep in mind with
software is that these apps can be updated and their permissions changed at any time,
so it's important to stay vigilant and check for updated information since this video’s
release before installing anything. It’s also important to understand that your
keyboard can undermine the privacy of even the most privacy-focused apps. For example,
you might be using Signal, a really great private messenger that encrypts your messages
before sending them out. But if you're using a keyboard app that doesn't protect your privacy
and is sending your keystrokes before the message is even encrypted, then you’ve
completely undermined your privacy. This feels wrong. I'm a peacekeeping
program created to help. A third-party keyboard app isn't
just something you should add to your phone because it offers some cool features. It's
a critical decision for user privacy, and the integrity of your keyboard underpins the privacy
of your whole device. Choose wisely. NBTV is funded by community donations. If
you’d like to support our free educational content, please visit NBTV.media/support.
And take a look at our book “beginner’s introduction to privacy” that also supports
our channel. Liking sharing and commenting on our videos also really helps us. Thank you so
much for watching through til the end!
تصفح المزيد من مقاطع الفيديو ذات الصلة
Privacidad en el uso de las redes sociales
Curso completo de informática basica (computación) MOUSE Y TECLADO [video 5]
No SIM? No Problem!
Is Your Phone Listening To You?
El teclado: Partes, Funciones y Formas de Interactuar con el Computador. Computación Básica Video #9
✅TODOS LOS TIPOS DE TECLADOS según sus materiales, distribución, tamaños, conexiones, y diseños.
5.0 / 5 (0 votes)