Compare LLM Model vs LLM Service
I have seen many articles lately claiming that DeepSeek is dangerous, DeepSeek can steal your data, DeepSeek spies on you. The problem is that too many of these are not clear about what they are referring to, or simply misunderstand: There is a ๐๐ถ๐ด๐ป๐ถ๐ณ๐ถ๐ฐ๐ฎ๐ป๐ ๐ต๐๐ด๐ฒ ๐ฑ๐ถ๐ณ๐ณ๐ฒ๐ฟ๐ฒ๐ป๐ฐ๐ฒ ๐ถ๐ป ๐๐ฒ๐ฟ๐บ๐ ๐ผ๐ณ ๐ฟ๐ถ๐๐ธ ๐ฏ๐ฒ๐๐๐ฒ๐ฒ๐ป ๐๐ต๐ฒ ๐บ๐ผ๐ฑ๐ฒ๐น ๐ฎ๐ป๐ฑ ๐๐ต๐ฒ ๐๐ฒ๐ฟ๐๐ถ๐ฐ๐ฒ.
- ๐๐ฒ๐ฒ๐ฝ๐ฆ๐ฒ๐ฒ๐ธ ๐ฅ๐ญ, the open-source model that the company released, and
- the services that ๐๐ฎ๐ป๐ด๐๐ต๐ผ๐ ๐๐ฒ๐ฒ๐ฝ๐ฆ๐ฒ๐ฒ๐ธ ๐๐ฟ๐๐ถ๐ณ๐ถ๐ฐ๐ถ๐ฎ๐น ๐๐ป๐๐ฒ๐น๐น๐ถ๐ด๐ฒ๐ป๐ฐ๐ฒ ๐๐ฎ๐๐ถ๐ฐ ๐ง๐ฒ๐ฐ๐ต๐ป๐ผ๐น๐ผ๐ด๐ ๐ฅ๐ฒ๐๐ฒ๐ฎ๐ฟ๐ฐ๐ต ๐๐ผ., Ltd. offer running this model, such as the website, mobile apps and API.
Let try an analogy (somewhat):
- The Model, e.g., Deepseek R1
- This is the car blueprint. It might have defects and not be perfect. Everyone can look at it, test it, make sure it works well enough. But the blueprint wonโt hurt you. Itโs just a piece of paper. (well, it might blow your mind ๐คฏ๐)
- The service, e.g., a website (ChatGPT), mobile apps (Siri) or API (Perplexity API), provided using this model
- This is the actual car made following the blueprint. The car manufacturer might have followed the blueprint, resolved some issues (e.g., biases), added software to track your driving habits (e.g., register prompts) or added a GPS tracker without you knowing (e.g., collect privacy information).
The same model can be used in very different ways. And many risks related to the car manufacturer, more so than the blueprint itself.
I hope this helps clarify things a little.
Now, let look at the risk profiles:
| Risk | Deepseek R1 (Model) | Deepseek R1 run yourself | Deepseek R1 served by a trustworthy website, mobile apps or API provider | Deepseek R1 served by a website, mobile apps or API provider you donโt trust |
|---|---|---|---|---|
| Control | N/A - Itโs open source, you can look at it. | ๐ขย - Full control over model deployment, fine-tuning, and usage when self-hosted | ๐กย - It should be fine, but check these T&Cโs. | ๐ดย - Can disappear under you at any moment. |
| Privacy | N/A - The model itself donโt do anything. It canโt steal and exfiltrate date. | ๐ขย | ๐กย - If your account information (name, emailโฆ) and input (prompts / uploaded documents) are treated privately like it should, there is no major risk. | ๐ด - All the information you type or upload could be siphoned by the provider. |
| Security | ๐กย - There is a minimal risk of having malicious reasoning that could then be injected into your own code/answers | ๐ขย - if you donโt let the model connect elsewhere. Where is a theoretical possibility that the model could somehow hack itself out of its environment, but weโre not there (yet). | ๐กย - You rely on the providerโs security controls to protect your data. | ๐ด - This is particularly risky if the app has extended permissions on your device (looking at you, vibe-coders) |
| Bias / Censorship | ๐กย - Possible. | ๐กย - Same as Model | ๐กย - Same as Model | ๐ด - if the provider further filters the input or output. |
| Monitoring | N/A - Itโs there, you can look at it. | No built-in monitoring - depends on implementation | Provider can monitor usage, implement rate limits, and track user behaviour | Provider can monitor usage, implement rate limits, and track user behaviour |
| Cost | N/A - Itโs free and open source. | One-time cost of computing resources for deployment | Usually subscription or pay-per-use pricing models | Usually subscription or pay-per-use pricing models |
| Reliability | N/A | Dependent on the infrastructure you're running this on | Subject to provider uptime, server stability, and maintenance schedules | Subject to provider uptime, server stability, and maintenance schedules |
Conclusion
So, what's the takeaway? When you hear someone talking about the risks of DeepSeek (or any AI model), take a moment to ask: are they talking about the model itself, or the service running it? The distinction matters a lot.
The model is just the blueprint. It's the open-source code that anyone can inspect, test, and run on their own hardware. The real risks come from who's driving the car built from that blueprint, aka the service provider. That's where your data, privacy, and control are at stake.
If you're running it yourself, you're in the driver's seat. If you're using a trustworthy provider, you're probably fine, but always check the fine print. And if you're using a provider you don't trust? Well, you're essentially handing over the keys and hoping for the best.
Stay curious, stay critical, and don't let the hype cloud your judgement. The tech is exciting, but it's worth taking the time to understand what you're really signing up for.