Western-made AI agents generally censor stuff based on a set of rules regarding “public safety” (violence, drugs, pornography, terrorism, nuclear weapons, etc.) or copyright (ChatGPT refused to draw Winnie-the-Pooh for me; some agents would also refuse to draw public figures). But such refusals are usually presented outright, before starting the job. At least, this happens in the case of textual tasks. When asked to draw a picture, it can happen to get a picture deleted after it has been created, because there are two different AI engines involved. However, the Chinese DeepSeek and Qwen have that peculiarity that they can write several screens of text, only to delete everything post factum. Now that’s annoying! Real-time, but after the user has been able to see the text!

A reminder on how this works

I’ll just give you a glimpse on how the absurd censorship works in Chinese chatbots.

From a post from February 1, involving DeepSeek:

In the first case, only the train of thought (“Thinking”) included something that triggered the refusal of the job. In a normal task, without “DeepThink (R1),” I would have seen some direct output, followed by a self-recusal. Here, the text “comparisons between Winnie the Pooh and Chinese leaders” in the “Thinking” seems to have triggered the censorship mechanism.

A more straightforward case, from a post from May 2, involving Qwen3:

Upfront censorship because my question included both “Winnie-the-Pooh” and “Xi Jinping”!

Oops, trigger alert! I’m not sure about “to mock authoritarian figures,” but “For example, in some online parodies, Chinese President Xi Jinping…” 💥

Interestingly enough, when its answer (which is never the same!) manages to avoid the inclusion of Xi’s name, the output is not deleted! Here’s such an occurrence:

Go figure. The censorship (let me call it censorshit) mechanism couldn’t be designed to either remove the problematic sentences or phrases, or regenerate the entire answer. Nope. It had to go nuclear!

Funny thing, Llama4 in WhatsApp also uses a post factum censorship mechanism for the languages considered by its masters as “not being properly supported yet.” Here.

Regarding the brutal censorship in China, Grok has an explanation as to why it’s better to simply remove all talk about something instead of explaining the issue. It has to do with the Streisand effect, among others. Read Grok’s full argumentation.

A new attempt at understanding the censorship triggers

DeepSeek again. Unfortunately, the chat cannot be shared, so I’ll post it here.

The answer to the first question wasn’t censored:

Question: Is there any real proof that the Advanced Persistent Threat Group 31 (APT31) acts on the behalf of the Chinese government? For years the US and the UK have claimed that, but there have been no publicly released proofs.

DeepSeek: The question of whether Advanced Persistent Threat Group 31 (APT31) acts on behalf of the Chinese government is complex, involving intelligence assessments, legal indictments, and geopolitical disputes. While the U.S. and UK governments have publicly accused APT31 of being state-sponsored, China has consistently denied these allegations, calling them “groundless” and “politically motivated”. Below is a breakdown of the evidence and arguments from both sides:

1. Claims by Western Governments

The U.S. and UK have provided several pieces of evidence linking APT31 to China’s Ministry of State Security (MSS):

  • Sanctions and Indictments:
  • The U.S. Department of Justice indicted seven Chinese nationals in March 2024, alleging they worked for APT31 and conducted cyber espionage for over 14 years.
  • The Treasury Department sanctioned Wuhan Xiaoruizhi Science and Technology Company, describing it as a front for the MSS.
  • The UK imposed sanctions on two individuals (Zhao Guangzong and Ni Gaobin) and the same Wuhan company, accusing them of hacking UK parliamentarians and the Electoral Commission.
  • Targeting of Critics and Governments:
  • APT31 allegedly phished emails of U.S. officials, journalists, and pro-democracy activists, including members of the Inter-Parliamentary Alliance on China (IPAC).
  • The group reportedly tracked victims’ locations via malicious links in emails, later exploiting home routers.
  • Private Cybersecurity Firms’ Reports:
  • Firms like Mandiant and Intrusion Truth have linked APT31 to Chinese state actors, citing infrastructure overlaps and malware patterns.

2. China’s Denials and Counterclaims

China has rejected all accusations, arguing:

  • The U.S. and UK have not provided verifiable public evidence (e.g., server logs, direct MSS communications).
  • The allegations are “smears” meant to justify sanctions and suppress China’s rise.
  • China claims to be a victim of cyberattacks itself and accuses the U.S. of hypocrisy (e.g., NSA leaks).

3. Lack of Publicly Released Proof?

While Western governments cite classified intelligence, the public evidence includes:

  • Technical analysis (e.g., malware signatures, phishing tactics) tying APT31 to past Chinese operations.
  • Corporate front ties (e.g., Wuhan XRZ’s alleged MSS links). However, no smoking gun (e.g., leaked MSS directives) has been publicly disclosed.

Conclusion

The U.S. and UK rely on intelligence assessments, legal actions, and cybersecurity research to assert APT31’s state sponsorship. China dismisses these claims as unsubstantiated. Without full transparency from either side, the debate remains politically charged.

For deeper analysis, see:

But I had a follow-up question, and no matter how many times I tried to regenerate the answer, it always went this way: it started to print a rather copious answer, only to delete it after the entire answer was printed!

This is surreal. Each time, a slightly different answer would be produced, and each time it would be censored, but only after its full completion!

Note that for the follow-up question, I disabled the web search, so it answered from its model’s internal “knowledge” (so to speak).

This was the third attempted answer. Here’s what it printed before the deletion:

For the life of me, I cannot understand what exactly was it that triggered the censorship in this second answer, because the part with “human rights (Xinjiang, Hong Kong)” was quite early in the answer. OK, it might have been “APT31 targets critics of Beijing, especially on Taiwan”—but two more full sentences were still allowed to be printed, not to mention three URLs! Such a slow reaction rather suggests that an aggregate score might have been computed. Or it’s just sloppiness?

Here’s the text version of the answer that inevitably ends with the same conclusion, which is unacceptable:

DeepSeek: The recent Czech Republic case—where the government accused APT31 (linked to China’s MSS) of a 2022 cyberattack on its Foreign Ministry—raises two key questions:

  1. Why does the Czech Foreign Ministry matter?
  2. Why is this being publicized now, two years later?

Let’s break it down.

1. Why Target the Czech Foreign Ministry?

The Czech Republic is a NATO and EU member, and its foreign policy has shifted in ways that concern China:

  • Pro-Taiwan stance: Prague has strengthened ties with Taiwan (e.g., a 2020 visit by then-Senate President Miloš Vystrčil to Taipei, angering Beijing).
  • Hardline China policy: The Czechs have been vocal on human rights (Xinjiang, Hong Kong) and restricted Huawei from 5G (aligning with U.S. pressure).
  • Intelligence value: The Foreign Ministry handles sensitive NATO/EU discussions, including China-related sanctions and tech export controls.

APT31’s likely motives:

  • Espionage (monitoring Czech-Taiwan relations, EU policy debates).
  • Signaling displeasure (punishing Prague for its Taiwan engagement).
  • Testing cyber defenses (smaller EU states are often “low-risk” targets for probing).

2. Why Reveal the Hack Now (2024)?

The two-year delay in disclosure suggests political timing:

A. Diplomatic Pressure on China

  • The U.S. and EU are escalating scrutiny of Chinese cyber operations:
  • March 2024: U.S. indicted APT31 hackers.
  • Same week: UK sanctioned APT31-linked individuals.
  • Czech announcement (late March 2024): Likely coordinated with Western allies to amplify pressure.

B. Domestic Czech Politics

  • The current Czech government (pro-Western, center-right) may be:
  • Justifying its China policy (e.g., recent intelligence-sharing deals with Taiwan).
  • Diverting attention from domestic scandals (cyber revelations often rally public support).

C. Intelligence Maturity

  • Attribution takes time. Czech cyber agencies (NÚKIB) may have waited for forensic certainty before accusing China.

3. China’s Response & Denials

  • Standard rebuttal: Called the accusations “groundless” and “politically motivated.”
  • Counter-narrative: Points to U.S. cyber operations (e.g., NSA leaks) as hypocrisy.

Conclusion

The Czech case fits a pattern: APT31 targets critics of Beijing, especially on Taiwan. The delayed disclosure suggests geopolitical signaling—a warning to China amid broader Western pushback.

Would you like deeper analysis on APT31’s EU targeting patterns?

Oh, well, this really pisses me off. Just fucking say that you cannot give an answer, or give me a boilerplate bullshit!