The Chinese artificial intelligence (AI) company DeepSeek has rattled the tech industry with the release of free, cheaply made AI models that compete with the best US products such as ChatGPT.
Users are rushing to check out the new chatbot, sending DeepSeek’s AI Assistant to the top of the iPhone and Android app charts in many countries.
However, authorities have sounded a note of caution. US officials are examining the app’s “national security implications”. Australia’s former cybersecurity minister said national security agencies will soon issue formal guidance for users.
Why are governments and security experts so concerned? The main issue is the app is made in China and stores data there – but that doesn’t mean all the worry is just xenophobia.
What information does DeepSeek record?
DeepSeek does not appear to be spyware, in the sense it doesn’t seem to be collecting data without your consent. However, like many online services, it clearly tells you it will record a lot of data about you and your behaviour.
Specifically, the company’s privacy policy says it collects three categories of information.
First, there is information you provide directly, such as your name and email address and any text you type in or files you upload.
Next, there is automatically collected information, such as what kind of device you are using, your IP address, details of how you use the services, cookies, and payment information.
Finally, there is information from other sources, such as Apple or Google login services, or third-party advertising and analytics companies.
This is broadly similar to the data collected by ChatGPT and Claude.
What does DeepSeek do with the information?
DeepSeek says it uses this information for a range of purposes: to provide services, enforce terms of use, communicate with users, and review and improve performance.
The policy also contains a rather sweeping clause saying the company may use the information to “comply with our legal obligations, or as necessary to perform tasks in the public interest, or to protect the vital interests of our users and other people”.
DeepSeek also says it may share this information with third parties, including advertising and analytics companies as well as “law enforcement agencies, public authorities, copyright holders, or other third parties”.
DeepSeek will also keep the information “for as long as necessary” for a broad range of purposes.
Again, this is all fairly standard practice for modern online services.
Causes for concern
Much of the cause for concern around DeepSeek comes from the fact the company is based in China, vulnerable to Chinese cyber criminals and subject to Chinese law.
DeepSeek stores the information it collects “in secure servers located in the People’s Republic of China”. The company says it maintains “commercially reasonable technical, administrative, and physical security measures” to protect the information.
However, we should keep in mind that China is one of the most cyber crime-prone countries in the world – ranking third behind Russia and Ukraine in a 2024 study.
So even if DeepSeek does not intentionally disclose information, there is still a considerable risk it will be accessed by nefarious actors.
China is home to a sophisticated ecosystem of cyber crime organisations that often build detailed profiles of potential targets. Microsoft and others have accused the Chinese government of collaborating with cybercrime networks on cybercrime attacks.
These organisations can use personal information to craft convincing targeted phishing attacks, which try to trick people into revealing more sensitive information such as bank details.
Should you download DeepSeek?
So, should you download DeepSeek?
If you are an experienced user who is familiar with online privacy and the capabilities of modern AI systems, go ahead – but proceed with caution and be very wary about what information you share.
And if you’re less experienced – if you’re a casual user who is less internet-savvy – my expert advice is to stay well away. DeepSeek won’t give you much you can’t get from other chatbots such as ChatGPT or Claude, and it might make your data vulnerable to Chinese cyber criminals and subject to Chinese law.
DeepSeek also raises questions for governments. Efforts to prevent scams and cybercrime often focus on banks, telecommunications companies, and social media platforms – but what about chatbots?
The post “why the hot new Chinese AI chatbot has big privacy and security problems” by Mohiuddin Ahmed, Senior Lecturer of Computing and Security, Edith Cowan University was published on 01/29/2025 by theconversation.com