The most popular Chinese keyboard app which is used by more than 450 million monthly users sends every key typed to Tencent in China.
The most popular Chinese keyboard app which is used by more than 450 million monthly users sends every key typed to Tencent in China.
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could...
Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
I live in China and this software is cancerous not just in the encryption failure, it also nestles into a computer like a trojan. Creates 2 fallback installations and will reinstall itself after removal if you reboot in between, unless you get rid of all 3 installations at once, where they are deliberately trying to obfuscate the uninstall button (triple confirmation, swapping the confirm/cancel buttons and button background colors, etc.).
It's a nasty piece of crap that come preloaded on any phone (android, at least) and Windows-PC here.
It's time to switch to Linux!
Then they'll install the Linux version. People here are so indoctrinated, they like it.
Do people generally try to circumvent it? Are they too scared to uninstall it? Or do they just not care?
Be careful jumping the firewall.
Sure. Foreigners aren't really sanctioned though, that's more of a risk for the locals. But even then usually only if they want to get someone disappeared and don't have anything substantial against them.
Alright China shills, you can stop changing the subject to how Google and the US are the "same".
The troops advanced into central parts of Beijing on the city's major thoroughfares in the early morning hours of 4 June and engaged in bloody clashes with demonstrators attempting to block them, in which many people – demonstrators, bystanders, and soldiers – were killed. Estimates of the death toll vary from several hundred to several thousand, with thousands more wounded.[15][16][17][18][19][20]
https://en.m.wikipedia.org/wiki/1989_Tiananmen_Square_protests_and_massacre
If you lived in China you'd likely not know about this, since people who talk about it go to prison.
Yeah the US is exactly like this so let's not talk about the Chinese government being awful to their citizens /s
Simple solution is to block lemmygrad and hexbear in your app. That cuts down quite a few tankies and mainlaind Taiwan shills.
A must have on apps to be able to block/filter instances
mainland Taiwan
You must mean West Taiwan. Sadly they refuse to acknowledge the authority of Taiwans government.
No one is saying Google massacred protestors, but if you're gonna be against keyboard apps spying on you it should be irrelevant who they're spying for. Criticizing shitty things American companies do doesn't make you a China shill and calling everyone who does it a China shill is intellectually dishonest.
claiming that the dozen people in this thread falsely equating what China is doing to the things that happen in the US -- ignoring that they are very different, and ONLY considering that they are moving attention away from the posted article -- is not so much "intellectually dishonest" as it is an intentional lie with a goal. Good bye.
I mean, ill always say that China is worse than the US. But you can find plenty of examples of the US doing awful things to its people too.
Like the MOVE bombing https://en.wikipedia.org/wiki/1985_MOVE_bombing
or The Tusla Massacre that involved law enforcement bombing black neighbourhoods https://en.wikipedia.org/wiki/Tulsa_race_massacre
Or any of the countless of times cops perpetrated mass violence against black people during the civil war era and cracked down harshly on protests.
Or when the did the same to anti-war protestors during the vietnam war.
Or the numerous times they experimented on their own citezens such as MK ultra, The Tuskegee Syphilis Experiment, or any of the dozens upon dozens of radiation experimentation, like when almost 1000 pregnant mothers were injected with radioactive iron, causing many miscarriages and cancers(and thats not the only time they injected pregnant mothers with radioctive material to see if it fucked up the baby), or when inserting radium rods up the nostrils of school children and then observing how their health declined, or when they dosed hundreds of inuit with radioactive iodine to see its affects on the thyroid.
Like I dont think this makes China's atrocities any more excusable, but the reverse is true to. The US really isnt much better than China.
The US really isnt much better than China.
The world ain't just good or bad and there's various degrees of "bad". The fact that many US people can even talk about this stuff makes them already just ever so slightly better for many outsiders. This is how it is, neither country is "good" but they align more with western ideals than an authoritarian state which for many of us is bad by default...which it is of course. :)
Don’t forget operation sea spray! Next time you laugh at someone talking about chemtrails remember the us government actually did chemtrails!
Sir this is a Wendy's
Or more specifically, a thread about a phone keyboard.
But it is true that Google and Microsoft phone home with your key strokes. That's how they develop their predictive typing and autocorrect.
If you can't see the fundamental intertwining of Google (or any other fortune 500 company) and the US State, then you should really start looking harder. Lobbyists, revolving door membership, corruption, tax writeoffs, corporate power being used to influence day-to-day life, really, US companies' control over the US state is pretty similar to the Chinese State's control over Chinese Companies. I just don't think corporations should be in charge like y'all seem to.
That's false equivalence.
China killing protesters and silencing dissidents does not make it OK for Google or anyone else to spy on you.
The troops advanced into central parts of Beijing on the city’s major thoroughfares in the early morning hours of 4 June and engaged in bloody clashes with demonstrators attempting to block them, in which many people – demonstrators, bystanders, and soldiers – were killed.
Here's a video of an interview with Chai Ling recorded on May 28, 1989 with reporter Philip Cunningham. Chai Ling was arguably the most influential leader of the student protesters at Tiananmen Square. In the interview she openly wishes for the soldiers to massacre the students after her instrumental role in blocking attempts by other activists to move the protest back to campuses, all while refusing to sacrifice herself.
Notable quotes from this interview include:-
"You, the Chinese are not worth my struggle. You are not worth my sacrifice"
"The students keep asking what shall we do next? What can we accomplish? I feel so sad, because how can I tell them what we're actually hoping for is bloodshed - for the moment when the government has no choice but to brazenly butcher the people?"
"Only when the square is awash with blood will the people of China open their eyes. Only then will they really be united"
"If we allow the [protesters] movement to collapse on its own, then the government will be able to wipe out all the leaders of the movement"
Upon being asked if she will stay in the square herself after urging the students to stay she simply responded, "No, I won't".
When the Tiananmen Square incident erupted in violence on June 3rd, Chai Ling escaped from Beijing by train. She was eventually smuggled to Hong Kong via Operation Yellowbird, an MI6/CIA led initiative to extract dissidents who they hoped would form the nucleus of a "Chinese democracy movement in exile". To my knowledge, no details exist about how and when she made contact with them. She was subsequently invited to study at Princeton on a full scholarship due to her pivotal role in the Tiananmen protests. She studied Politics and International Relations there, eventually picking up an MBA from Harvard. Today, she runs an internet company called Jenzabar that she founded with her husband, the lawyer Robert Maginn, a long time associate of the Republican party, having even served as the chairman of the Massachusetts Republican party between 2011 and 2013. Their company serves more than 1300 higher education institutions worldwide, whom they provide with ERP software.
Here is an alternative Piped link(s): https://piped.video/5__ESiklA1A
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source, check me out at GitHub.
What even is your point? Does one protester's desire for violence justify the Chinese government's violence?
This is one of my favorite things about kbin over Reddit. So neat to see gifs in chat.
If you think that's a kbin thing, you've not used reddit in years, you haven't looked at anything lemmy, etc.
It’s viewable in Memmy for lemmy as well, also been on Reddit for years just not used much due to the culture there dog piling it all the time.
I wish there was a setting to get rid of them in the app I use, hate inline images and gifs
Didn't swiftpad or whatever its called send every key pressed to Microsoft?
Not a China shill. China is horrible. Microsoft less so as they don't commit genocide in slow motion. But still, I think this sort of thing is more common than we think.
Use FOSS.
What are the best FOSS options for Android keyboard apps? I've been struggling with this lately.
I use OpenBoard (it's available on fDroid. Maybe the play store too).
I don't know if it's the best but I like it. If you type in multiple languages you do need to hit a "language switcher" key on the keyboard to switch to the autocorrect for that language. A very minor complaint. Otherwise it's great.
And it will learn swear words. No more ducking ducks.
I'm partial to thumbkey. It even has a Lemmy community: [email protected]
OpenBoard with Gesture
Using FlorisBoard right now, no auto correct but you'll adapt
Think you mean SwiftKey which Microsoft just introduced bing AI into that you can't turn off. I 100 percent assume they now use all your typing data to train their ai too. They won't even let you use themes without logging in to an account so I again assume they also tie data to accounts.
Yes that's why I've disabled Internet access for my keyboard since I haven't found a FOSS one with all the features I want. Not that I need them but they're nice and blocking network access is built in GrapheneOS anyway.
It's stories like this that don't surprise me as much as make me ask: How the fuck do you store and process this much data to get anything useful out of it.
I could be wrong, and this is a generalization of any country you can name, but my impression is data is stored on everyone so when they decide someday to look you up they already have all the data collected. It's not really processed until needed.
And how can autosuggest / autocorrect be so bad with so much training data
Did you ever see how an average person types? It's not the amount of data that is the problem. We have too much dumb data!
The real answer is compute power. At the moment it's very expensive to run the computations necessary for big LLMs, I've heard some companies are even developing specialized chips to run them more efficiently. On the other hand, you probably don't want your phone's keyboard app burning out the tiny CPU in it and draining your battery. It's not worth throwing anything other than a simple model at the problem.
Oh wow, who would have ever thought they'd do that? What a fucking surprise.
As if other keyboard apps are any different, I don't think Microsoft bought SwiftKey just for fun?!
Really? Isn't this kind of thing scandalous enough to tank companies?
It's in their EULA read their terms of services
What a shocker!
I don't get it? Why are they talking in the article about not using the right type of encryption. The problem isn't the encryption, but the fact that it is sending your keystrokes to the mothership, right?
In a surprise to absolutely nobody, China spies on their people.
And everyone's people
TIL this only happens in China
I feel like there should be a Lemmy version of everything now
I recommend free and open source software for everyone. Everything on this list is curated to feature the best alternatives to common proprietary software (according to Linux Cafe):
https://gitlab.com/linuxcafefederation/awesome-alternatives/-/blob/master/README.md
This list is good free, open source (FOSS) Android keyboards:
https://github.com/offa/android-foss#-keyboard
I think the best two are Simple Keyboard and AnySoftKeyboard. Simple Keyboard is pleasant to use, but is missing a several advanced features. ASK would be perfect if the swipe typing worked (it's currently listed as beta, and is mostly actuate, but unfortunately when it does make a mistake fixing it is almost painful).
Finally, try to get comfortable going to alternativeto.net when you get frustrated with software. Worst case scenario you get frustrated with different software for a bit and switch back. Of course it notes the price and license model for each alternative.
ASK would be perfect if the swipe typing worked (it’s currently listed as beta, and is mostly actuate, but unfortunately when it does make a mistake fixing it is almost painful).
It crashes for me so often that I finally gave up using it.
Also there was a weird bug of where if you were working on a long document, towards the bottom of the document all of a sudden it will drag you all the way up to the top of the document, so then you had to scroll all the way back to where you were before, at the bottom of the document.
I use Florisboard
The people here acting like their Gboard doesn't do the same is so funny.
Edit : never used nor installed tiktok.
It probably doesn't though. Obviously it's closed source making it harder to tell what's actually happening, but there's nothing stopping security analysts from looking at network usage and such. I would imagine that Google doesn't install a keylogger on every Android phone, not out of the goodness of their hearts, but because they don't want the bad publicity and lawsuits when it would inevitably be discovered.
If you have any evidence that it does, it would be big news. Please share.
I mean he's not wrong, but also not really the same thing. Gboard does send a substantial amount of data about the things you typed to google. It is supposedly anonymous, but they do this to get anylitics, and they use this data to improve the suggestions given to you.
There has been at least one article where someone intercepted the data leaving from Gboard and found it's either unencrypted or just hashed into something like base64. This was a while back so things hopefully changed.
While google does try not to phone home users passwords, how can you tell what is and isent private?
I'm going to guess you're one of the people who defends tiktok and compares it to every other social media app by saying the US government is basically the same as the Chinese government
Not op, I know for sure that China's been trying to grab as much intelligence as possible going as far as installing sniffing type software in network controllers and servers, and grabbing keystrokes from a keyboard is absolutely despicable and something they would do to grab more intelligence.
The thing I have trouble figuring out is why in the hell people would care about TikTok. What signal intelligence is coming from my wife swiping through 14,000 cat and home organization videos.
Location is turned off The app is sandboxed It's not allowed to access the camera or the speaker without giving some minor notification that they're on and people would notice.
I totally get the China will do bad if they can but I fail to see the ultimate danger of TikTok.
No one is acting. It doesn't do the same. There you have it.
Did you read it ? Can you share the part with relevant info. I tried to read it but it kept going abouts how Gboard and the Microsoft keyboard both gather huge amount of data and yet that both are opaque and you can't know what data is sent to the server backend.
Also, ever heard of 5,9 and 14 eyes ?
The big issue is Google isn’t owned by the state.
Man, Snowden wasted his entire life to tell you USA literally spy on everything you do and when caught their answer was : yeah, so what you gonna do about it, maybe you should do the same.
Instead they are about to be their own state.
Btw, companies are absolutistic by default.
They are the state at this point. So same thing.
no they are just compelled by the state and secret courts which is totally different obviously
Total false take, don't just say your suspicions like they are facts.
It's not a bug, it's a feature.
These findings underscore the importance for software developers in China to use well-supported encryption implementations such as TLS instead of attempting to custom design their own.
lol.
The writer out here acting like this wasn’t an intended feature lol
And this is the only point of the article. Idk what all these other comments are on about, but this article is outlining lack of standardized protocols that made the software vulnerable to network eavesdropping.
This doesn't point to a big CCP conspiracy, it's just bad design.
And the Platinum Award for Least Surprising News Headline goes to...
And gboard or SwiftKey don't?
Every single time something sketchy is happening in Chinese tech a Lemmy user will slide the conversation and accusations to American tech. It's a rule.
Is not about American/Chinese government, is about privacy. ANY company or government storing your data can be extremely problematic in the future.
Yeah the Sogou Keyboard send data to Tencent, the same thing happens or could happens with others proprietary keyboards in the future. How about trying a FOSS one?
On all social media, that seems to happen and it makes me sick.
People not knowing how scary the Chinese government is speaks volumes about the future of other countries. We had all the opportunity to see it happen and avoid it and these morons dismiss the truth and whatabout every damned thing
Well, we have actual evidence here of dodgy shit happening, but what about this other thing I assume is also happening based on absolutely nothing? See, both just as bad!
While GBoard is closed source, they have documented that they use federated learning. Meaning their model is generated on-device and only the inferences are sent to Google.
That being said, I use OpenBoard.
Plus it also has the feature where you can drag on the space bar to move the letterhead!
Never use a closed source keyboard app. It can read what you send for messages, websites you go to, search engine queries.
Just to state the obvious for the less tech-literate out there: an open source one could do the same.
It's just very easy for anyone to find out by inspecting the code, that's why no developer in their right mind would pull such a move.
"Notice the lack of surprise."
God bless gdpr
This is news? I would have been extremely surprised if it wasnt. This is normal for China, the CCP is eavesdropping on everything
In fact it's hard to find open source Chinese input methods that work well enough, the only ones I know of are Trime and Fcitx5_for_android.
I can agree. It feels like most of the keyboard apps I tried either don't have Asian language support or have other problems.
I am definitely gonna have to look up Trime and Fcitx5_for_android.
i use trime on android and the default takes quite a while to get used to. for example, the symbol key that is usually on the bottom left corner is now a language switching key and the symbol key is one tiny key beside it. custom configuration seems like a pain and i haven't done it. one of the defaults however comes with a menu that lets you type all sorts of symbols including greek, russian, japanese, IPA and mathematical operators. haven't sen fcitx5 for android though
edit: currently using fcitx5 android and i can say just go with this. everything comes right out of the box (no screwing around with config files) and has all the features trime has and more (i can even type unicode! ☻). only feature i would miss is that trime types both round brackets at once and places your cursor in the middle whereas fcitx5 android needs you to type them individually.
Well, some links below: Trime: https://github.com/osfans/trime Fcitx5_android: https://github.com/fcitx5-android/fcitx5-android I'm currently using Fcitx5_android
Same with Microsoft keyboard and almost every other keyboard app.
Cite evidence
"Your keyboard may occasionally capture ‘snippets’ of your typing. This includes short phrases, plus data about the keypresses you made to type the words, and whether you deleted or changed anything. These snippets are captured anonymously and you do not need to be signed in to share them."
https://support.microsoft.com/en-gb/topic/microsoft-swiftkey-keyboard-sharing-your-typing-data-faq-d737059d-8810-448e-b376-9af56171a37d#:~:text=If you are signed in,separate Microsoft product improvement service. From Microsoft themselves
Naomi Wu has literally been talking about pwnd Chinese IMEs for years in her sidechannel critiques of Signal.
Joke's on them I don't tap I swipe
strong seven proxies energy here, I like it.
It's to help improve the user experience right? ...right?
Just gonna plug FlorisBoard here. A bit barebones for now but at least it respects your privacy.
I wish the development was active , i been using florisboard since years now
Typed with florisboard:
https://discuss.tchncs.de/post/1629183In short word suggestions are hard to implement
How does it compare to OpenBoard?
Tencent began investing on Reddit several years back.
that's why i use my dick to type haha
What if you need to type other words?
What if he needs to type long words, lol
FOSS keyboards for Android:
Neither of which supports Chinese, so that's useless for any actual users of Sogou.
I use https://github.com/osfans/trime to type Chinese.
To repeat a comment I made a bit back, I'm a little disappointed even by the state of English-language Android FOSS onscreen keyboards.
Thanks for the unexpexted Keyboard link, didn't knowabout it.
surveillance fetish going strong
The article states the software users external endpoints, whether encrypted or not. The CCP already has the ability to obtain all of this information from those endpoints. The article identified poor software design choices that may expose user keyboard data to anybody on the network..
surprised pikachu face - who would’ve thought?
Imagine willingly installing a keylogger, lol
This is beyond creepy
What's the deal with Android "keyboards"? Why is it just an app that you can install? And why can it have more functionality/permissions from the OS beyond just being a local keyboard? As an iOS user this is very bizarre and foreign to me.
I feel like every time the topic of Android keyboards (again, why is this a thing?) comes up it's some kind of big spyware thing. Seems like most every app on Android and iOS is spyware anyway, of course.
All aspects of android (pretty much) are customisable. It's not the os that is the problem, but the developers who program on all this telemetry.
There keyboards on android are much more useful than what's available on iOS. There is a similar issue with launchers. They, by their nature, need more access to other apps and more permissions. In most cases, that means more features, but meta and Microsoft have launchers too...
I use android and iOS. I find both good but the customisable nature of android is what drove me away from iOS.
there are more than 1 keyboard when you go shopping for physical keyboards..... is that bizarre and foreign? different keyboards on android have different features and customizability just like real keyboards.
Unlike iOS pretty much every part of the Android OS is replaceable. There is technically no "unified" version of Android, each Android phone manufacturer has their own unique spin on it, and since its open source, or at least most of it is, anyone can make their own version. For example: Lineage OS, /e/OS, and Graphene OS.
3rd party keyboards exist for iOS - I used to use them too. Keyboards can access every app that you use a keyboard in, so basically everything from your passwords to credit card can be logged. There'd be a popup warning about it on installation that everyone ignores.
But the native keyboard does adopt parts of other good apps + lack of substantial development in said apps (looking at you, Swiftkey iOS). Once the native keyboard added slide to type + spacebar navigation years back, third party keyboards lost their lustre for me lol.
Technically Apple could log all our keypresses too. It's just a matter of whether that sort of data is worth it for them to collect, or are they prioritising security with their current focuses on privacy features in newer updates.
You can install 3rd party keyboards on iOS too to be fair. GIF keyboards etc.
Old article but still relevant: https://www.macobserver.com/tips/how-to/ios-11-install-third-party-keyboards-on-iphone/
I don’t know if the iOS walled garden has any further security measures over Android.
For an aac user, it can be super helpful to be able to install a custom communication system as a keyboard as then they can use it with all the other apps. The keyboard apps have the same disclosures as all the others and you should avoid giving it the ability to export data with access to the Internet. Really any app can do this while you're in it and ask those name brand apps you bank with or whatever are made by third parties and could be logging anything to anywhere if no one bothered to check.
That said, I am unhappy with how android play store has never allowed you to filter apps by permission and has made it harder and harder to even see what permissions an app will request or "require". The permissions system is so good, should be made more fine-grained but instead they seem focused on "data safety statements" that are just cya for the platform as far as I can tell.
You need something that can watch/report your Internet traffic around the clock and selectively "fail" dns lookups you don't like or something. I think iPhone does have something like this built in?
what permissions an app will request or “require”.
This is something I dislike about iOS, too. The app store doesn't distinguish in its privacy summaries.
As someone that hasn't drank that Apple flavoured Kool-aid, I can't understand why people thinking the inabality to use a device you own in the way you want to is considered a feature.
It is something of a controversy to just be unaware that something can be done.
I would hate it if I was just given a keyboard and told that this is all you can use, take it or leave it. I need the options.
Doesn't the iOS keyboard have all kinds of apps tied to it and do more than just a keyboard? Also can't iOS users install 3rd party keyboards like Gboard on iOS just like Android? I'm not sure what the deal is, but having more than one option is good for everyone.
The iOS keyboard definitely has integrations that I never use, but I am just learning that you can, in fact, download wholesale keyboard apps on iOS as well. Skimming them through, they have a ridiculous number of installs (judging by the number of reviews) and atrocious privacy policies. The last part is concerning! 😅
There are some legitimate reasons to have a separate keyboard. I use Keepass2Android's keyboard to enter passwords from Keepass. This way, there's direct access to the password database instead of copying passwords/usernames/other fields to the system clipboard.
I think the origins of this was back at the inception of Android when the default keyboard didn't have slide technology, so at that time I think it made reasonable sense that you could bring your own keyboard app, now that Gboard is full featured it probably wouldn't hurt to lock it down, but it also depends on if every vendor doesn't provide their own keyboard app that is horrible to use and sets that as the only keyboard option.
Can you point to where it says that in the report? It actually says:
an IME will commonly reach out over the network to a cloud-based service for suggestions if suitable suggestions are not available in the input method’s local database.
So it doesn't send "every key typed".
Until you realized what sequence of letters most commonly not have any suggestion. That's right, when you type your password.
Literally says in bold even:
the keystrokes of Sogou Input Method users can be decrypted by a network eavesdropper, informing the eavesdropper of what users are typing as they type.
AKA every keystroke
I assume they mean "if suitable suggestions are not available in the input method’s local database". Like you start typing a word, and when it doesn't find any match locally, it goes to the server. After that, any additional keystroke gets reported to the server "as they type".
Wow, who would've thought?
Is that really a surprise?
Hmm...
I use AnySoftKeyboard instead of the default android keyboard or the Samsung keyboard just to preemptively avoid these kind of “issues” creeping up in the future.
Should I still be worried?
Is there a way to sandbox or scope the software keyboards to never see the network (wired ethernet, Wi-Fi, LTE, 5G or otherwise) on stock Android 13 ?
Other than:
Settings > Connections > Data Usage >
Allowed networks for apps > {app} > Wi-Fi only (and not use Wi-Fi) or Mobile data only (and not use Mobile data)
and
Mobile data usage > {app} > Allow background data usage > Disabled
Moreover, there is no "Network Permissions" setting option from what I can see even within Permission manager > Additional permissions.
So use Fcitx 5 Android instead. It's a open source IME application without requesting any permission except Notification, especially without network permission.
https://github.com/fcitx5-android/fcitx5-android
If it's a app, including fucking tik tok you bunch of morons, that was developed by a Chinese company all of the data on your device is going back to the CCP. It's just that fucking simple people.
That's a bit over the top. The app only has access to the data you give it permission to access. So TikTok may have access to your contacts (don't give TikTok access to your contacts, guys), but it won't have access to your text messages or activity data.
So when the Chinese do it it's scary, but when the Americans do it it's just "established practice"?
Neither of the groups should be allowed to do it.
But when Usonians do, nothing happens.
Whataboutism doesn't really apply when pointing out a double standard. It's true that both places shouldn't do the bad thing, but it's more about the individual's reaction to that thing depending on who does it. The average US citizen will criticise the CCP for doing plenty of the same things their government currently does, or has done in the past, that they support.
Furthermore, it's important to note that when this kind of thing happens, people treat it as China's government's fault, but when Tesla cars explode, people don't consider that the US government's fault.
I'm willing to bet that Google keyboards do the same.
Google isn't owned by a government
it doesn't matter: https://en.wikipedia.org/wiki/CLOUD_Act
Looks like very few people have actually read the article, and that the cancerous anti-China sentiment migrated from reddit to lemmy too.
The most popular Western OS (and probably the other commercial OSs too) sends every key typed back to base. Plus every website visited. Plus every document amended.
You know, network sniffers exist. You can verify if this is true yourself if you know how to use one. Kill all other network services and just start typing and see if it starts spewing packets.
The internet is not some black box where us regular users can't see what's going on.