Cybersecurity experts at Blokk, a well-established mobile application, have uncovered data security concerns related to Deepseek, an emerging AI chatbot competitor to ChatGPT. Despite Deepseek’s rapid growth and modest development budget—reported at $6 million—the service may expose users to serious privacy risks.
Investigation reveals suspicious domain calls
During a detailed analysis, the Blokk team monitored Deepseek’s network activity and found a noteworthy pattern. When accounts are created via email, Deepseek contacts the subdomain fp.it.fengkongcloud.com, a China-associated subdomain connected to device fingerprinting technologies.
Device fingerprinting collects unique combinations of hardware, software, and browser attributes to recognize and track devices. Reports from security sources, including Open Threat Exchange and MalwareURL, have also linked related domains—such as statiska.fengkongcloud.com—to malicious activity.
In initial tests this subdomain was called 34 times, and in a follow-up test 28 times, suggesting potential data transfers occurring without clear user control or explicit consent.
Requests tied to multiple countries
Further analysis showed network calls to domains located in several countries, including Russia, the United States, the United Kingdom, and Spain. Of particular interest to the Blokk team were two Russian subdomains:
- gator.volces.com
- tab.volces.com
While there are no confirmed reports directly labeling these specific subdomains as malicious, the parent domain Volces.com is known to be associated with device identification services.
To validate their findings, the Blokk team reset test devices, removed all associated data, and reinstalled Deepseek. These controlled tests showed that fp.it.fengkongcloud.com was contacted only during account creation, whereas the Russian and US subdomains were repeatedly contacted during regular app use.
Within the short timeframe of the investigation, Blokk blocked 36 domains—approximately 76% of the domains observed—after classifying them as privacy and security risks.
What users should know
Blokk’s researchers advise users to take common-sense security precautions before downloading or using Deepseek, just as they would for any app or website. If you decide to use the app, consider these precautions:
- Do not reuse the same login credentials across multiple accounts.
- Monitor your online accounts for signs of unauthorized access or data breaches.
- Use security tools that detect and block suspicious data transfers and tracking attempts.
When testing Deepseek, the Blokk team applied maximum blocking protections and took appropriate measures to isolate potential risks during signup and use.
About the Blokk app
Blokk provides protection at both the app and browser level, filtering traffic and blocking millions of known online scams and tracking domains that threaten user privacy and security. Its cybersecurity technology is designed to shield users from fraud, trackers, and phishing attacks.
Blokk’s mission is to empower people to navigate the digital world safely and confidently by offering advanced protection against online threats.
The Blokk application has achieved more than 1 million installs across the Google Play Store and Apple App Store.