发现他们在用明文 http 传递用户发布的内容。
意味着,你连接的 WiFi 热点管理员(比如星巴克)、中国电信、国安国保、入侵网络的攻击者、NSA 不但知道你在刷小红书,还知道你在看的是哪条帖子。
https://citizenlab.ca/2025/02/network-security-issues-in-rednote/
https://www.eff.org/deeplinks/2025/02/crimson-memo-analyzing-privacy-impact-xianghongshu-aka-red-note
5202年了啊,爷,还明文http,你小红书是真的牛逼



RE: https://mastodon.social/users/eff/statuses/114027750205976229

Network Security Issues in RedNote - The Citizen Lab
Our first network security analysis of the popular Chinese social media platform, RedNote, revealed numerous issues with the Android and iOS versions of the app. Most notably, we found that both the Android and iOS versions of RedNote fetch viewed images and videos without any encryption, which enables network eavesdroppers to learn exactly what content users are browsing. We also found a vulnerability in the Android version that enables network attackers to learn the contents of files on users’ devices. We disclosed the vulnerability issues to RedNote, and its vendors NEXTDATA, and MobTech, but did not receive a response from any party. This report underscores the importance of using well-supported encryption implementations, such as transport layer security (TLS). We recommend that users who are highly concerned about network surveillance from any party refrain from using RedNote until these security issues are resolved.