Security researchers have uncovered code on DeepSeek’s website that could transmit user login information to China Mobile, a state-owned telecommunications company. The discovery was made by Canadian cybersecurity firm Feroot Security and independently verified by additional computer experts.
The code is integrated into DeepSeek’s account creation and user login process. According to Feroot’s analysis, it contains links pointing to China Mobile authentication and identity management computer systems, suggesting it may be part of the login process for certain users accessing DeepSeek. The integration supports China’s broader push for centralized network identity authentication systems, which the country’s Ministry of Public Security has been developing to enhance data security and real-name registration requirements.
The connection is particularly notable given that the U.S. Federal Communications Commission has previously denied China Mobile authority to operate in the United States, citing national security concerns. Additionally, the Biden administration has imposed sanctions limiting American investment in China Mobile following the Pentagon’s identification of links between the company and the Chinese military.
“It’s mindboggling that we are unknowingly allowing China to survey Americans and we’re doing nothing about it,” said Ivan Tsarynny, CEO of Feroot. “It’s hard to believe that something like this was accidental. There are so many unusual things to this. You know that saying ‘Where there’s smoke, there’s fire’? In this instance, there’s a lot of smoke.”
“DeepSeek raises all of the TikTok concerns plus you’re talking about information that is highly likely to be of more national security and personal significance than anything people do on TikTok,” said Stewart Baker, a Washington, D.C.-based lawyer and former Department of Homeland Security and National Security Agency official.
DeepSeek’s privacy policy acknowledges storing user data on servers within China. The discovered code appears to implement device fingerprinting, a technique commonly used for security verification and ad targeting that captures detailed information about users’ devices. The technology can collect data including device specifications, browser settings, and other unique identifiers that create a distinctive digital profile of each user.
As a Chinese company, DeepSeek operates under China’s National Intelligence Law, which requires companies to cooperate with government intelligence efforts. The law, which has been a key factor in international restrictions on Chinese technology companies, mandates that organizations and citizens support, assist, and cooperate with state intelligence work. Testing by Proton employees has documented instances of content censorship, including modified responses to queries about historically sensitive topics such as the 1989 Tiananmen Square protests.
Follow Us