←back to thread

Bypass DeepSeek censorship by speaking in hex

(substack.com)
755 points MedadNewman | 1 comments | 31 Jan 25 19:41 UTC | HN request time: 0s | source
Show context
lxe ◴[31 Jan 25 20:13 UTC] No.42891381[source]
You can also intercept the xhr response which would still stop generation, but the UI won't update, revelaing the thoughts that lead to the content filter:

    const filter = t => t?.split('\n').filter(l => !l.includes('content_filter')).join('\n');

    ['response', 'responseText'].forEach(prop => {
      const orig = Object.getOwnPropertyDescriptor(XMLHttpRequest.prototype, prop);
      Object.defineProperty(XMLHttpRequest.prototype, prop, {
        get: function() { return filter(orig.get.call(this)); }
      });
    });
Paste the above in the browser console ^
replies(2): >>42891427 #>>42891516 #
tills13 ◴[31 Jan 25 20:25 UTC] No.42891516[source]
insane that this is client-side.
replies(8): >>42891775 #>>42891802 #>>42892213 #>>42892242 #>>42892457 #>>42896609 #>>42896617 #>>42896757 #
dheera ◴[31 Jan 25 21:40 UTC] No.42892457[source]
Not really if you understand how China works.

DeepSeek software developers are not the ones who want to censor anything. There is just a universal threat from getting shut down by the government if the model starts spitting out a bunch of sensitive stuff, so any business in China needs to be proactive about voluntarily censoring things that are likely to be sensitive, if they want to stay in business.

If your censorship implementation is good enough for 99.9% of people to get censored, you're good. A client-side implementation is good enough until/unless a lot of people start exploiting it, in which case you should put effort and proactively do something else to restore it to 99.9%, e.g. move it to the backend. If the government sees that you are being proactive about it, you'll still be fine. At that point, maybe you will still find 0.1% of people bypassing censorship with some highly obscure and difficult jailbreak, but that probably doesn't matter. If that difficult jailbreak becomes widely known, then be proactive again.

replies(2): >>42896627 #>>42897976 #
pineaux ◴[01 Feb 25 07:41 UTC] No.42896627[source]
This. What makes this extra "funny" is that it implies that at least every business that builds something that can move information around must be knowledgeable about tianenman square and other chinese atrocities. Or else they would not be able to censor relevant questions. I have been to China a bunch of times and generally, they know what horrible things the Chinese gov did. They either say something like: "Yeah well, we live in a dictatorship, but it's not that bad" Or: "Yeah, the government is fucked up, but look at the government of the USA! We don't start wars in other countries and put in puppet governments." And there are so many good counters to both these arguments.
replies(4): >>42896917 #>>42897223 #>>42897430 #>>42900046 #
nonrandomstring ◴[01 Feb 25 08:47 UTC] No.42896917[source]
> it implies that at least every business that builds something that can move information around must be knowledgeable about tianenman square

Everyone's heard of the "Streisand effect", but there's layers of subtlety. A quite famous paper in attachment psychology by John Bowlby "On knowing what you are not supposed to know and feeling what you are not supposed to feel" is worth considering. Constructive ignorance (literally ignoring certain things) is a survival mechanism. Yes, everyone in China knows about Tianamen, specifically because the government want to censor it. Much of how we navigate the social world is watching for the things people don't talk about, seeing where their fears lie.

replies(5): >>42897034 #>>42897421 #>>42897422 #>>42897580 #>>42899824 #
1. HPsquared ◴[01 Feb 25 11:23 UTC] No.42897580[source]
It's not so different to our situation here, the specific "topics to avoid" are just different.