This comes after OnePlus Admits to Collecting Your Data, Promises Fix exposed how cheap phones come with a massive asterisk. This cheap mechanical keyboard will send your data in plaintext to nobody knows where.
Multiple online user reports claim that the MantisTek GK2 mechanical keyboard's configuration software is sending data to an Alibaba server. One of the reports even includes an analysis of the software’s traffic, which seems to include typed keys.
The MantisTek GK2 is a cheap RGB mechanical keyboard from China that costs half as much (or less) as the mechanical keyboards from better known companies. Multiple gadgets that come from China seem to have either poor security or privacy issues caused by collecting user data without consumers' explicit permission. The MantisTek GK2 seems to be one of those products.
The main issue seems to be caused by the keyboard’s “Cloud Driver,” which sends information to IP addresses tied to Alibaba servers. Alibaba sells cloud services, so the data isn’t necessarily being sent to Alibaba, the company, but to someone else using an Alibaba server.
The data being sent—in plaintext, no less—has been identified as key presses. This should worry people who bought this keyboard, because that could include email addresses, logins, and even passwords they may have typed at one point or another.