The possibility that iPhone was sending Safari data to Chinese companies emerged, Apple denied



The safe browsing function of Safari, which is the standard browser of iPhone, is a function that protects the user's privacy by blocking the connection in advance when the user is browsing a

phishing site. However, it has been reported that this feature has discovered that website browsing history and user IP addresses may have been sent to Tencent , a Chinese company.

Apple Safari browser sends some user IP addresses to Chinese conglomerate Tencent by default
https://reclaimthenet.org/apple-safari-ip-addresses-tencent/

How safe is Apple's Safe Browsing? – A Few Thoughts on Cryptographic Engineering
https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/

Apple's Tencent privacy controversy is more complicated than it looks-The Verge
https://www.theverge.com/2019/10/14/20913680/apple-tencent-privacy-controversy-safe-browsing-blacklist-explainer

Apple insists it's totally not doing that thing it wasn't accused of: We're not handing over Safari URLs to Tencent – just people's IP addresses • The Register
https://www.theregister.co.uk/2019/10/14/apple_china_tencent/

Reclaim The Net , a tech media specializing in privacy-related information, said, “Safari and privacy, which explains Safari ’s Safe Browsing feature on iOS, displays the user ’s IP address and website URL in Tencent. It is clearly stated that it will be sent. ' Through the Chinese company Tencent, which works closely with the Chinese Communist Party, we reported that iPhone users' privacy may be leaked.

The statement that Reclaim The Net pointed out can be confirmed by the following procedure. First, select Safari from the iPhone settings.



Next, tap “About Safari and Privacy”.



As a result, the description displayed shows that “Safari sends information calculated from the website to Google Safe Browsing and Tencent Safe Browsing” as an effort to prevent access to fraudulent sites. It may be recorded. ”



“This setting is on by default,” says Reclaim The Net. This means that if you use Safari, Tencent or Google will record your IP address unless you turn it off manually. Pointed out. We accused Apple of sending website browsing history and IP addresses to third parties without the user's permission.

This function can be disabled by turning off “Scam Web Site Warning”. However, this setting also disables the safe browsing feature and increases the risk of accessing phishing sites.



According to Twitter user Stijn, 'Tencent's wording was added when iOS 12.2 beta 2 was released.'



After this incident was taken, Apple issued a statement in an email sent to IT media such as The Verge and ZDNet . In the statement, Apple said, “Safari is checking the URL of the website against the list of URLs of known scam sites. `` I will get it from Tencent, '' and explained that the URL itself is not actually sent to Google and Tencent, and that information about users outside China is not sent to Tencent .

Professor Matthew Greene of Johns Hopkins University, an expert in cryptography, said about Google's Safe Browsing function, `` Google hashes a known dangerous URL with the SHA-256 algorithm and the first character Truncate everything except the column and send it to a browser such as Safari, and the browser checks the database received from Google each time the URL is accessed, and if it matches, it queries the Google server for confirmation. 'And explained that URLs are never sent unless you actually visit a phishing site.

In addition, Professor Green said that Google ’s Safe Browsing feature is well worth the risk, saying that Google ’s Safe Browsing feature is worth the trade-off of privacy. . On the other hand, “Tencent is not Google. It may be as reliable, but at least it deserves to be considered,” he is cautious about leaking information to Tencent.


by Chris Yunker

The Verge also said, “Safe browsing can be diverted to tracking and monitoring users. Professor Green does not conclude that Tencent is doing this, but it is possible,” said China. He expressed his view that iOS user information could leak to the Chinese government through Tencent, a company.

'Apple once differentiated itself from other high-tech companies by protecting user privacy and security, so the recent weakness toward the Chinese government is a clear weakness. Facebook's Mark Zucker `` Burg CEO has set out a policy that `` Do not store confidential data in countries with low interests in human rights such as privacy and freedom of expression '' and shows a willingness to withdraw from the Chinese market. '' Again criticized Apple's attitude to tend to meet.

in Software,   Security, Posted by log1l_ks