Is DeepL unencrypted? Thread poster: Samuel Murray
|
|---|
Samuel Murray 
Netherlands
Local time: 16:42
Member (2006)
English to Afrikaans
+ ...
Hello everyone
[Starting a new thread to remain on-topic.]
In this post, the OP states that "DeepL say they don't store your translations anywhere. But of course, your data is transmitted over the Internet in an unencrypted state.". Is this true?
I see that the web version of DeepL... See more Hello everyone
[Starting a new thread to remain on-topic.]
In this post, the OP states that "DeepL say they don't store your translations anywhere. But of course, your data is transmitted over the Internet in an unencrypted state.". Is this true?
I see that the web version of DeepL uses HTTPS at least. What about the API version or the desktop version? Does anyone have any information about whether or not DeepL sends one's data over the internet unencrypted?
Samuel ▲ Collapse
| | | | Tom in London
United Kingdom
Local time: 15:42
Member (2008)
Italian to English
| Jan Kapoun
Czech Republic
Local time: 16:42
English to Czech
+ ...
Post removed
[Edited at 2022-05-04 19:52 GMT]
| | | | Samuel Murray
Netherlands
Local time: 16:42
Member (2006)
English to Afrikaans
+ ...
TOPIC STARTER | Google Translate API | May 4, 2022 |
The Google Translate API does send data unencrypted as part of the URL. The request itself is sent via HTTPS, but if the content of the data forms part of the URL that is being sent, then that is obviously unencrypted. It may be possible to send data to the Google Translate API without sending it as part of the URL, but I got the impression that many CAT tools use the "as part of the URL" method.
| | |
|
|
|
Gerard de Noord
France
Local time: 16:42
Member (2003)
English to Dutch
+ ...
| DeepL Pro is encrypted | May 4, 2022 |
This is what the company states at https://www.deepl.com/en/pro-data-security/
Data encryption
All data transferred between DeepL Pro subscribers and DeepL infrastructure is encrypted using state-of-the-art TLS encryption. We regularly review the cipher suites used and deprecate those which may become insecure in the future.
Cheers,
Gerard
| | | | Gerard de Noord
France
Local time: 16:42
Member (2003)
English to Dutch
+ ...
| Tom, the quoted text is not my English | May 4, 2022 |
"Everything except IPs and ports are encrypted when doing HTTP over SSL
The basis of this statement lies in the layered manner HTTP connections are built. These layers are logically isolated, and when two computers connect, each layer communicates with the corresponding layer in the other computer without the awareness of the other layers. And to describe HTTPS in terms of layers, SSL is done at a layer preceding HTTP.
Here’s how a HTTPS connection is built:... See more "Everything except IPs and ports are encrypted when doing HTTP over SSL
The basis of this statement lies in the layered manner HTTP connections are built. These layers are logically isolated, and when two computers connect, each layer communicates with the corresponding layer in the other computer without the awareness of the other layers. And to describe HTTPS in terms of layers, SSL is done at a layer preceding HTTP.
Here’s how a HTTPS connection is built:
The client uses the host portion ... of the URL to look up the IP of the server via a DNS request. This is not encrypted.
The client initiates a TCP connection by contacting the server by its IP, specifying the connection port. The two parties acknowledge each other’s intent to connect and thus establish a TCP connection. TCP provides the concept of a connection insuring that all packets are received as intended. This is not encrypted.
By connecting to a secure port, the client has implicitly indicated to the server the need for SSL. At this point, the two parties negotiate a shared secret used to encrypt the connection. This negotiation is done via public/private key cryptography and also allows both parties to verify each other’s identities via certificates. Everything past this point is encrypted and secure.
The client initiates the HTTP request by sending the path and query portion of the URL, the headers (cookies, user agent, etc), and the optional request body.
The server replies with its HTTP response and terminates the connection."
---
TLS is advanced SSL
When you connect to DeepL via an API, like when you use GT4T, you're using DeepL Pro, so all communication will be encrypted by design.
But even when you use a tool like IntelliWebSearch and use the URL to send the source text to the free version of DeepL the connection will be protected by encryption:
https://www.deepl.com/translator#nl/fr/Ik%20ben%20toch%20een%20beetje%20achterdochtig.
Cheers,
Gerard
[Edited at 2022-05-04 14:58 GMT] ▲ Collapse
| | | | Samuel Murray
Netherlands
Local time: 16:42
Member (2006)
English to Afrikaans
+ ...
TOPIC STARTER
Gerard de Noord wrote:
The client uses the host portion ... of the URL to look up the IP of the server via a DNS request.
Very interesting. This would mean that the data is encrypted after all, even if sent as part of the URL.
| | | | Gerard de Noord
France
Local time: 16:42
Member (2003)
English to Dutch
+ ...
| But read the fine print | May 4, 2022 |
I've just installed DeepL on my smartphone and had to agree to
https://www.deepl.com/en/privacy#section_9
There, things get less clear again.
3. Texts and Translations - DeepL Translator (free version)
When using our translation service, please only enter texts that you wish to transfer to our servers. The transmission of these texts is necessary in order for us t... See more I've just installed DeepL on my smartphone and had to agree to
https://www.deepl.com/en/privacy#section_9
There, things get less clear again.
3. Texts and Translations - DeepL Translator (free version)
When using our translation service, please only enter texts that you wish to transfer to our servers. The transmission of these texts is necessary in order for us to provide the translation and offer you our service. We process your texts, the documents you upload and their translations for a limited period of time to train and improve our neural networks and translation algorithms. This also applies to corrections you make to our translation suggestions. The corrections are forwarded to our servers to check them for accuracy and, if necessary, to update the translated text according to your changes. If you use the glossary feature and enter certain pairs of terms there, this data is only stored locally and is not forwarded to our servers. Therefore, you cannot use your glossary entries in another browser or on another device.
Please note that according to its Terms and Conditions, you may not use DeepL Translator for the translation of texts containing personal data of any kind. The translation of personal data is only possible as part of a DeepL Pro subscription (please see section 4).
4. Texts and Translations - DeepL Pro
When using our DeepL Pro subscription to translate texts, the texts or documents you submit will not be permanently stored and will only be kept temporarily to the extent necessary for the production and transmission of the translation. After complete performance of the contractually agreed services all submitted texts or documents and their translations will be deleted. When using DeepL Pro, your texts will not be used to improve the quality of our services. For further information on the processing of your data within the DeepL Pro subscription, please refer to section 5 of this privacy policy and our DeepL Pro Terms and Conditions.
Please note that using DeepL Pro for the translation of texts containing personal data of any kind is only permitted if there is a justification for this under data protection law. Therefore, our T&C provide for the conclusion of a data processing agreement (see section 8.1.3 of DeepL Pro Terms and Conditions). To enter into such an agreement, please contact sales(at)deepl.com.
---
So, your data can securely travel from your devices to the DeepL servers and back - it's all encrypted - but you must be very careful with "personal data of any kind".
Well, aren't we all?
Gerard ▲ Collapse
| | |
|
|
|
Gerard de Noord
France
Local time: 16:42
Member (2003)
English to Dutch
+ ...
| Without a doubt | May 4, 2022 |
Samuel Murray wrote: Gerard de Noord wrote:
The client uses the host portion ... of the URL to look up the IP of the server via a DNS request. Very interesting. This would mean that the data is encrypted after all, even if sent as part of the URL.
Even when you would write your own URL generator - I know you can - the only part of the URL that would become public is the part to resolve the IP address. Maybe translators with a subscription to DeepL Pro can enlighten us about the URLs they get when they don’t use an API. But I don't think the URLs will be shareable and circumventing the API for your own use makes little sense.
Cheers,
Gerard
| | | | Samuel Murray
Netherlands
Local time: 16:42
Member (2006)
English to Afrikaans
+ ...
TOPIC STARTER | For legal reasons only, I assume | May 4, 2022 |
Gerard de Noord wrote:
So, your data can securely travel from your devices to the DeepL servers and back - it's all encrypted - but you must be very careful with "personal data of any kind".
The way I understand it, the stipulations regarding the transmission of personal data relates to GDPR. If you share personal data with them, then they have personal data that was shared with them, and they prefer not to have that. So this isn't a red flag for me.
| | | | Multiverse Solutions s.r.o. (X)
Local time: 16:42
Polish to English
+ ...
Encrypted or not, secure or not, retention or not, it is all irrelevant.
First, nobody really knows how actually "security protocols" are implemented (the weakest link rule), we all rely on fairy tales with fancy phrases.
Then, nobody really knows how third parties (everybody else except the ordering party and the translator) operate in terms of ownership structure, operational agreements, interim relations, service operations, ad hoc measures like data dump, not to mention their se... See more Encrypted or not, secure or not, retention or not, it is all irrelevant.
First, nobody really knows how actually "security protocols" are implemented (the weakest link rule), we all rely on fairy tales with fancy phrases.
Then, nobody really knows how third parties (everybody else except the ordering party and the translator) operate in terms of ownership structure, operational agreements, interim relations, service operations, ad hoc measures like data dump, not to mention their security restrictions and obligations to all kinds of authorities or entities one, two, or n levels up their own declared specifications.
Then, the whole telecommunications infrastructure, completely embalmed in techno-gibberish.
All these things are beyond our control, as lawyers would put it. Literally - beyond our control.
We (users, translators) are simply incapable of ensuring any level of data confidentiality. Starting with the operating system that we use, which is quite easily hackable (see the number of "security patches").
Layering available solutions to harden the data envelope is for us an amateurish trick, 'I feel safe' or 'you see, this is secure'. For professionals, if it is not part of a large, coherent, well-designed, complex data security system, it means nothing.
If you think otherwise, read data security professional literature, watch conferences and presentations. It won't help, but at least will make this illusion go away.
What can we do about it?
1. Merge with the customer's system, if they have one and you feel comfortable with it.
2. Make the customer aware of the ocean of limitations and work with all best intentions, observing common-sense rules, following obvious data confidentiality recommendations: stop worrying and start translating.
PS. As a security professional once said, if you give your data to somebody bigger than you, it is not a matter whether they will use it, but when. Small print applies  ▲ Collapse
| | | | Samuel Murray
Netherlands
Local time: 16:42
Member (2006)
English to Afrikaans
+ ...
TOPIC STARTER
Multiverse Solutions s.r.o. wrote:
All these things are beyond our control, as lawyers would put it. Literally - beyond our control.
We (users, translators) are simply incapable of ensuring any level of data confidentiality.
The fact that there are many points at which our data can be compromised, and the fact that some of those points may be unknown or out of our control, doesn't mean that we should not care about data safety and that we should not make an effort to remain aware of how those aspects that we do know about, affect us.
People for whom HTTPS is satisfactory trust that their browser is not malicious, that the service they're connecting to is not malicious (it is an assumption, I know), that their browser and the service are both properly set up and that their browser will refuse to connect to a service that is improperly set up and vice versa.
The explanation of how an HTTPS handshake works, that was quoted by Gerard, makes sense to me.
| | |
|
|
|
Gerard de Noord
France
Local time: 16:42
Member (2003)
English to Dutch
+ ...
| Not irrelevant | May 5, 2022 |
Multiverse Solutions s.r.o. wrote:
We (users, translators) are simply incapable of ensuring any level of data confidentiality. Starting with the operating system that we use, which is quite easily hackable (see the number of "security patches").
Layering available solutions to harden the data envelope is for us an amateurish trick, 'I feel safe' or 'you see, this is secure'. For professionals, if it is not part of a large, coherent, well-designed, complex data security system, it means nothing.
We're translators, not spies, generals or prime ministers. Our job is to keep the data confided to us secure as long it's not public. I'll never run a press release or product announcement through MT providers. That’s just good déontologie, as we say in France.
If I have to translate a text that has already been published on the internet, I have no qualms. I don't see any reason why translators should be more careful in their use of the internet than what they agreed to in their contracts. I think I'm as professional as you claim to be.
Cheers,
Gerard
| | | | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Is DeepL unencrypted? | TM-Town | Manage your TMs and Terms ... and boost your translation business
Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.
More info » |
| | Wordfast Pro | Translation Memory Software for Any Platform
Exclusive discount for ProZ.com users!
Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value
Buy now! » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
