Slashdot Mirror

← Back to Stories (view on slashdot.org)

Baidu Browser Acts Like a Mildly Tempered Infostealer Virus

Posted by timothy on from the ever-so-gentle dept.

An anonymous reader writes: The Baidu Web browser for Windows and Android exhibits behavior that could easily be categorized by a security researcher as an infostealer virus because the browser collects information on its users, and then sends it to Baidu's home servers.

Both versions collected waaaaay to much information that has nothing to do with analytics, like hard drive models, CPU serials, and personal browsing history. The browser collected and sent this information on startup, when the user started typing content in his address bar, and on any page view. Some of this was sent via unencrypted connections. Additionally, the browser update did not use code signatures, meaning you could man-in-the-middle the connection and send anything you'd like to the browser, from Pokemon games to banking trojans, and have it installed locally.

97 comments

  1. Frist Psot by Anonymous Coward · · Score: -1

    Have a nice day.

    1. Re:Frist Psot by Anonymous Coward · · Score: 1

      Have a rice day.

    2. Re:Frist Psot by Anonymous Coward · · Score: 1

      Have a lice day.

    3. Re:Frist Psot by Anonymous Coward · · Score: 0

      There is no such thing as Frist Psot or Nice Day. They are merely social constructs.

    4. Re:Frist Psot by Anonymous Coward · · Score: 0

      So what's the big deal? Windows 10 collects telemetry too and privacy is a thing of the past. If you are OK with Windows 10, then you cannot complain about this.

  2. Crome by Anonymous Coward · · Score: -1

    How is that different from chrome?

    1. Re:Crome by ArchieBunker · · Score: 4, Interesting

      I keep hearing this. Where are the packet dumps showing what info is collected?

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    2. Re:Crome by HexaByte · · Score: 1

      It's different in that it's information are set to those horrible Chinese people, instead of those wonderful people at Google who have that sweet "Do no evil" motto.

      --
      HexaByte - he's a square and a half!
    3. Re:Crome by Anonymous Coward · · Score: 0

      Well I guess someone from China needs to pop in here and give their opinion. Fact is though Baidu is a blight on the internet. They are not a search engine or other internet related "company", they are a Chinese government collection tool. In typical Chinese fashion, they steal and cheat instead of innovate.

    4. Re:Crome by Anonymous Coward · · Score: 0

      I've been asking for the same from the anti-Microsoft crowd about the Windows 10 packets, and all I've ever been given was a link to a hosts file with a section called "Windows 10 telemetry blocking."

    5. Re:Crome by Alypius · · Score: 1

      Thought they got rid of that motto?

    6. Re:Crome by tnk1 · · Score: 1

      It is definitely different in the scope of what is being collected. It is important to make a distinction even if they are both intrusive to some degree.

    7. Re:Crome by nnull · · Score: 1

      You can use Baidu to actually search for plans all over China that was stolen over the years. It's all out in the open. Proprietary stuff, code, designs, it makes me laugh.

    8. Re:Crome by U2xhc2hkb3QgU3Vja3M · · Score: 2

      They just got rid of the "no".

    9. Re:Crome by buck-yar · · Score: 5, Interesting

      Found this on reddit:

      've seen theres a lot of speculation on whether the observed network connections from Windows 10 with privacy options on are actually spying or not, and figured some actual evidence would be in order.

      Anyone can recreate this for themselves:

              Fresh install of Windows 10.
              Set all privacy options to off, disable cortana, disable web search
              Ensure all updates are done. Close all programs.
              Install Fiddler, and enable HTTPS sniffing. (If you use wireshark, you wont be able to view the HTTPS)
              Press stream in fiddler.
              Click the windows search bar, type any letter, watch the HTTPS session to bing.com appear.

      Im still trying to figure out exactly what it is that it is transmitting, but its for sure sending a user-agent string that identifies itself as Cortana.

      Some observed behaviors:

              Clicking on a link from an application (in this case, a download link from within Fiddler) submits the URL you are visiting to urs.microsoft.com.
              Opening applications-- even with SmartScreen disabled-- opens sessions to apprep.smartscreen.microsoft.com and, among other things, submits the hash of the application. EDIT: Apparently you must also disable smartscreen in edge. Even so, it will initiate a connection to w.apprep.smartscreen.microsoft.com
              Typing anything into the search bar will, regardless of settings, initiate an HTTPS session to www.bing.com. It will transmit a cookie, though so far I have not seen anything in there that looks like keystroke monitoring, as the only thing that appears to change between attempts is an HV section of the cookie. It appears to be downloading javascript, and submitting identifying data (screen resolution, install date, SID). The URL it uses is https://www.bing.com/manifest/...
              Opening the settings app and going into account options sometimes opens a session to public-family.api.account.microsoft.com:443. I suppose this would be expected.

    10. Re:Crome by Anonymous Coward · · Score: 0

      Found this on reddit:

      've seen theres a lot of speculation on whether the observed network connections from Windows 10 with privacy options on are actually spying or not, and figured some actual evidence would be in order.

      Anyone can recreate this for themselves:

              Fresh install of Windows 10.

              Set all privacy options to off, disable cortana, disable web search

              Ensure all updates are done. Close all programs.

              Install Fiddler, and enable HTTPS sniffing. (If you use wireshark, you wont be able to view the HTTPS)

              Press stream in fiddler.

              Click the windows search bar, type any letter, watch the HTTPS session to bing.com appear.

      Im still trying to figure out exactly what it is that it is transmitting, but its for sure sending a user-agent string that identifies itself as Cortana.

      Some observed behaviors:

              Clicking on a link from an application (in this case, a download link from within Fiddler) submits the URL you are visiting to urs.microsoft.com.

              Opening applications-- even with SmartScreen disabled-- opens sessions to apprep.smartscreen.microsoft.com and, among other things, submits the hash of the application. EDIT: Apparently you must also disable smartscreen in edge. Even so, it will initiate a connection to w.apprep.smartscreen.microsoft.com

              Typing anything into the search bar will, regardless of settings, initiate an HTTPS session to www.bing.com. It will transmit a cookie, though so far I have not seen anything in there that looks like keystroke monitoring, as the only thing that appears to change between attempts is an HV section of the cookie. It appears to be downloading javascript, and submitting identifying data (screen resolution, install date, SID). The URL it uses is https://www.bing.com/manifest/...

              Opening the settings app and going into account options sometimes opens a session to public-family.api.account.microsoft.com:443. I suppose this would be expected.

      Looks like I have some more firewall rules to add.

    11. Re:Crome by LichtSpektren · · Score: 2

      It's different in that it's information are set to those horrible Chinese people, instead of those wonderful people at Google who have that sweet "Do no evil" motto.

      Chromium is open source, so you know exactly what's being transmitted, and you can audit it yourself if you like. Baidu is a black box and you have no idea what's coming or going.

    12. Re:Crome by TheDarkMaster · · Score: 5, Insightful

      I think the most correct action to take is to not install Windows 10.

      --
      Religion: The greatest weapon of mass destruction of all time
    13. Re:Crome by Anonymous Coward · · Score: 0

      It's different in that it's information are set to those horrible Chinese people, instead of those wonderful people at Google who have that sweet "Do no evil" motto.

      Don't Be Evil. FTFY.

    14. Re:Crome by Anonymous Coward · · Score: 0

      It's different in that it's information are set to those horrible Chinese people, instead of those wonderful people at Google who have that sweet "Do no evil" motto.

      It's different in that I'm not mandated by my government to use Chrome, and they aren't going to come throw me in jail for using a different browser or interfering with the data collection. Assuming the data collection is even remotely on par, which it isn't.

    15. Re:Crome by Anonymous Coward · · Score: 0

      > Found this on reddit:

      not sure why you didn't link the original.

      https://www.reddit.com/r/Windo...

    16. Re:Crome by sehlat · · Score: 1

      No. They got rid of it and replaced it with "Do as we say, not as we do."

    17. Re:Crome by Anonymous Coward · · Score: 0

      Microsoft encrypts everything that it steals from you, not to protect you, but the prevent you from knowing what they are stealing.

  3. All 'telemetry' is SPYING. by Anonymous Coward · · Score: 4, Insightful

    All 'telemetry' is SPYING.

  4. True to life by avandesande · · Score: 0

    The is the first time I have heard of the browser and the name 'Baidu' elicits the sense of something that you would not trust from some Asian origin.

    --
    love is just extroverted narcissism
    1. Re:True to life by Anonymous Coward · · Score: 0

      Baidu is the Chinese "Google", the biggest Chinese search engine provider. According to Alexa, it's one of the five most visited web sites in the world. Would you like fries with your ignorance?

    2. Re:True to life by tnk1 · · Score: 2

      Yes. You should not instantly mistrust it because it sounds Asian. That would be wrong.

      You should mistrust it because this is Baidu you're talking about here.

    3. Re:True to life by Anonymous Coward · · Score: 2, Insightful

      Baidu is the Chinese "Google", the biggest Chinese search engine provider. According to Alexa, it's one of the five most visited web sites in the world. Would you like fries with your ignorance?

      As a Chinese "Google," it also 100% caves into any and all government requests for censorship, page removal, data, whatever. You know there's a reason why there is no google.cn, right? And why half the time Google and all its services are blocked (not sure of the current state--it tends to go back and forth) in China.

    4. Re:True to life by wardrich86 · · Score: 1

      I could be mistaking it for another Chinese company, but I believe this is not the first time Baidu has come under fire for phoning home excessively and with unrelated data.

    5. Re:True to life by Flavianoep · · Score: 1

      Baidu is the Chinese "Google", the biggest Chinese search engine provider. According to Alexa, it's one of the five most visited web sites in the world. Would you like fries with your ignorance?

      Who cares about the Alexa rank of site? Yahoo.com is also one of the five most visited websites in the world and people here keep saying it's not relevant anymore.

      --
      Linux is for people who don't mind RTFM.
    6. Re:True to life by Anonymous Coward · · Score: 1

      Baidu is the equivalent of Google (which is blocked in China but wasn't that popular to begin with) for 1.3 billion Chinese. It's the first place they go to search. Like Google, there are alternatives. When my phone broke in China and I had to buy a new Android phone, it came (like most phones in the Chinese market) with Baidu everything -- Baidu app store, Baidu browser default, etc. Remember that Google (including Google play) is blocked, so these are the default Android apps. In other words, it has a pretty whopping huge installed base. I guess by default I just assumed that the Chinese government could easily acquire any information on that phone, so I just didn't store all that much. Not that it's really that different from being spied on by Google/NSA, but one gets the feeling that they sometimes act more directly on the information they collect.

    7. Re:True to life by softnewsit · · Score: 1

      By the way Google got forced out of China, that company is 101% in cahoots with the government.

      --
      Go away!
    8. Re:True to life by Anonymous Coward · · Score: 1

      According to Alexa, it's one of the five most visited web sites in the world. Would you like fries with your ignorance?

      There are 1.3 billion people in China, where google is banned and blocked, so I'm not sure why you're surprised that their government's replacement is one of the most heavily visited on the planet. Or why you'd be surprised that it's heavily monitored, or why you'd be surprised that the App for it does everything it can to suck as much data as it can on anyone who uses it.

    9. Re:True to life by barbariccow · · Score: 1

      yahooooooooooooooooooooooooooooooo toolbarrrrrr

    10. Re:True to life by allo · · Score: 1

      It's just wrong, yahoo is still the favourite search engine for many, even when they start by typing yahoo in their google searchtoolbar.

  5. China. by Anonymous Coward · · Score: 4, Insightful

    What else would you expect?

    1. Re:China. by Anonymous Coward · · Score: 2, Insightful

      microsoft, google, and facebook are u.s. companies... datamining users for fun and profit and for government goodwill is not country-specific.

    2. Re: China. by Anonymous Coward · · Score: 0

      A copy of something successful, so yeah, spot on, Chinese Google.

    3. Re:China. by DahGhostfacedFiddlah · · Score: 2

      With the number of hacks coming from China, I'd at least expect them to understand the value of signing their code.

      --
      Last post!
    4. Re:China. by mjwx · · Score: 1

      microsoft, google, and facebook are u.s. companies... datamining users for fun and profit and for government goodwill is not country-specific.

      Yes, but Facebook, Google, Apple and Microsoft are all Companies, therefore any action they take is doubleplus(R) good(TM). Baidu is partially state owned by the Chinese, therefore that is Baaaaad.

      It seems like you're starting to de-capitalise comrade, report to the neared Rand centre for re-education citizen.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
  6. meh, grammer is way to bad by Anonymous Coward · · Score: 0

    http://www.urbandictionary.com/define.php?term=Way+Too

  7. waaaaay too pregnant by Pseudonymous+Powers · · Score: 3, Insightful

    Both versions collected waaaaay to much information that has nothing to do with analytics...

    This is a meaningless statement, mostly because "analytics" is always a just a weasel-word for "spying". The only acceptable amount is zero.

    1. Re:waaaaay too pregnant by vux984 · · Score: 1

      Not really.

      If you run a grocery store and you put X on the left in one store, and on the right in another, and you record that it sells better when on the left, and then change all your stores, that's analytics too. Its not "spying", its not a weasel word for spying.

      There are all kinds of ways one can do analytics without "spying". Hell, serving have your web visitors one ad, and half the other and seeing which has a better sales coversion rate, that's analytics too.

    2. Re:waaaaay too pregnant by Pseudonymous+Powers · · Score: 1

      Yes, okay, fine, I misspoke: The word "analytics" can mean things other than spying. Just not in the context of web browsers that phone home. There is no God damn thing about my browsing habits I want the maker of my browser knowing. Not what, not where, not when, not how long, not how much, not what type. I guess I'm not too worried about them knowing I downloaded it, but then again, if I could conceal even that datum from them, I would.

  8. hmmm.... by Anonymous Coward · · Score: 0

    Speaking of spyware.... Slashdot doesn't seem to concerned about people's privacy either.

    1. Re:hmmm.... by Anonymous Coward · · Score: 0

      Bye.

  9. Don't do viruses kids by Anonymous Coward · · Score: 0

    From my perspective, viruses are the most evilest thing since Dial Up Internet Service. I have dealt with them in the past and had bad results from them. Especially if it involves trojans... they might look nice on the outside, but on the inside... they're retarded and disgusting...

  10. Yeah, that's telemetry, not analytics by Anonymous Coward · · Score: -1

    Get with the times. To better serve our customers, it's necessary that we know what kind of hardware our software is used on. Our software, got that? Everybody does it.

    1. Re:Yeah, that's telemetry, not analytics by Anonymous Coward · · Score: 0

      Get with the times. To better serve our customers, it's necessary that we know what kind of hardware our software is used on. Our software, got that? Everybody does it.

      I hope you're trolling.

    2. Re: Yeah, that's telemetry, not analytics by Anonymous Coward · · Score: 0

      He's not.

      Every single company does this to an extent. Some aren't upfront about it like Google and Microsoft.

    3. Re:Yeah, that's telemetry, not analytics by Anonymous Coward · · Score: 0

      Trolling? What exactly do you find objectionable about that comment?

      Telemetry, not analytics? This kind of functionality is indeed called telemetry when it is embedded in applications and not in web sites.

      Get with the times? This ties in with both the "telemetry, not analytics" point and the "everybody does it" aspect. Things have changed. The outrage about an application collecting data, even though I completely understand it, is indeed anachronistic.

      To better serve our customers? That is the same kind of bullshit that literally everybody else uses to justify why their software phones home (another anachronism). See Valve's hardware stats for one example, but don't kid yourself. It is everywhere. Note that I left open who "our customers" are.

      Our software? Just for kicks, read a couple of EULAs. You don't own commercial software. You are merely granted temporary usage rights.

      Everybody does it? Yes, that's offensive, but it's also true. None of the big ones, not even well known open source projects, can throw the first stone at Baidu. They might point out that Baidu takes too much, but in principle they're all doing it.

  11. Windows 10? by Anonymous Coward · · Score: 0

    So the Baidu browser is a part of Windows 10?

    1. Re:Windows 10? by HexaByte · · Score: 1

      No, Redmond knows much more about your computer already. The Chinese are just trying to catch up!

      --
      HexaByte - he's a square and a half!
    2. Re:Windows 10? by Anonymous Coward · · Score: 0

      I read this and immediately thought of the Chinese spies from an 'American Dad' episode, ceaselessly asking for "launch codes".

  12. waaaaay to much leniency by Anonymous Coward · · Score: 2, Interesting

    timothy, do your job ffs. and by that I don't mean shill for your benefactors, I mean EDIT.

    1. Re:waaaaay to much leniency by U2xhc2hkb3QgU3Vja3M · · Score: 1

      I noticed that, to.

    2. Re:waaaaay to much leniency by Anonymous Coward · · Score: 0

      Agreed, "waaaaay" has extra 'a's.

      CAP === 'crowing'

  13. CPU serial by Anonymous Coward · · Score: 0

    WTF? How does a browser even get the serial number of the CPU?

    1. Re:CPU serial by mrchaotica · · Score: 1

      The same way any other locally-executing program gets it? We're talking about the browser executable itself here, remember, not some web page executing in the Javascript sandbox.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    2. Re:CPU serial by tnk1 · · Score: 1

      I actually think they meant the ProcessorId, not the serial number.

      In a Windows command prompt, type:

      wmic cpu get ProcessorId

      You can get it for RAM
      wmic memorychip get serialnumber

      This information and others are exposed in APIs and is available to whoever wants to use it.

      There are similar capabilities in most OSes. They're actually useful informational commands to have, but certainly you don't want to just start throwing them around the Internet.

    3. Re:CPU serial by Anonymous Coward · · Score: 0

      There are similar capabilities in most OSes. They're actually useful informational commands to have, but certainly you don't want to just start throwing them around the Internet.

      Why?

      Give a specific example of how this is bad or harmful.

    4. Re:CPU serial by valdezjuan · · Score: 1

      Specifically within wmic and the statement: 'you don't want to just start throwing them around the internet" there are a few specific scenarios and these are just some of the issues.

      * accepting wmic from the internet (be it through an open port/MiTM/code injection/whatever) can allow the installing/removing/disabling of the windows firewall, patches, services, etc. - That qualifies as both bad and harmful.

      * passing the output of wmic commands on the internet can allow specific targeting of your machine based on the data given and by specific I mean, knowing exactly which payload will bypass that version of EMET or ASLR. Granted, this is a bit 'general' but if I know the specific lock you are using and its serial number, I can start working out which of the possible available keys are required.

      Just some things off the top of my head.

  14. Big deal! So does MS Windows!, Ubuntu, Google,etc! by Anonymous Coward · · Score: 0

    Get over it. You don't like it don't use it or circumvent it!

  15. Baidu is relentless by JustAnotherOldGuy · · Score: 5, Interesting

    The Baidu search spider is relentless...I see thousands of connections and scans from it every day on many of the sites I own and admin. The logs often contain literally tens of thousands of lines of Baidu requests, and the spider completely ignores the robots.txt file. For example, this usually does not work:

    #Baiduspider
    User-agent: Baiduspider
    Disallow: /     ...and neither do most of the other snippets and directives that are supposed to block the Baidu search spider, because it often misrepresents itself.

    The only relief is to block the IPs that Baidu comes from, but it's a huge range, hundreds of IPs. It's almost easier just to block all of China.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Baidu is relentless by Anonymous Coward · · Score: 1

      It's almost easier just to block all of China.

      I was going to make a joke about what a devilishly clever scheme this is - to make the rest of the world implement a great firewall of China, rather than having to do it themselves... but now I'm not completely positive anymore that it would not contain a grain of truth...

    2. Re:Baidu is relentless by Anonymous Coward · · Score: 0

      It's almost easier just to block all of China.

      I keep hearing Donald Trump's voice in my head as I read certain things. "CHAY-nuh". Kind of funny.

      Trump/Fallon '16!

    3. Re:Baidu is relentless by QuietLagoon · · Score: 1

      ...The only relief is to block the IPs that Baidu comes from, but it's a huge range, hundreds of IPs....

      I also have been assaulted by the baiduBot relentless search patterns.

      .
      It is one of the very, very few search bots that do not follow robots.txt directives. (bing and yandex being the other two that I've seen)

    4. Re:Baidu is relentless by Anonymous Coward · · Score: 0

      Try:
        Baiduspider

      Yònghù dàil: Baiduspider
      jìnzh:

    5. Re:Baidu is relentless by Anonymous Coward · · Score: -1

      When China sends its browsers, they’re not sending their best. They’re not sending Pale Moon. They’re not sending Sea Monkey. They’re sending browsers that have lots of problems, and they’re bringing those problems to us. They’re bringing drugs.They’re bringing crime. They’re rapists. And some, I assume, are good Browsers!

    6. Re:Baidu is relentless by sehlat · · Score: 1

      So who wrote the spider? Baidu or 3PLA?

    7. Re: Baidu is relentless by Anonymous Coward · · Score: 0

      Our company blocks all traffic except for the US to our servers. It's a local market, and this greatly reduces our surface of attack.

  16. it can't be worse than the redirects by Anonymous Coward · · Score: 0

    i'm getting on chrome and chromium.

  17. Who needs a new browser? by Anonymous Coward · · Score: 0

    Why bother?

  18. Virus? No. by Anonymous Coward · · Score: 0

    This is spyware, not virus.

  19. When should timothy have been fired? by Anonymous Coward · · Score: 0

    Waaaaay long ago

    1. Re:When should timothy have been fired? by Anonymous Coward · · Score: 0

      he's alright.... let him be

  20. robots.txt by ArchieBunker · · Score: 1

    This whole idea of robots.txt is dumb. Its based on the honor system. Imagine if the rest of internet security worked like that. Plenty of awesome sites have gone away and not been archived because of robots.txt.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
    1. Re:robots.txt by Gr8Apes · · Score: 1

      it would be better to have the robots.txt file delivered and then act upon it yourself for those known to be bad actors, like a proxy. Think of the wonderful results you could have search engines display if they ignored your robots.txt. Sometimes the best defense is a good offense.

      --
      The cesspool just got a check and balance.
    2. Re:robots.txt by Anonymous Coward · · Score: 0

      robots.txt isn't a security measure, and anyone trying to use it that way is doing it wrong. It came about due to poorly programmed crawlers inadvertently DoS'ing sites hosted on meager hardware. Legit crawlers have no real reason not to play nice: their whole intent is to spider the site, not hammer it beyond capacity and get a bunch of error pages in their index.

      Having a robots.txt file is like having a Terms of Service. Some people will never read it, some will read it and willfully break it, but most people cooperate. When you find someone who doesn't, you can point at the document as justification for firewalling them out.

  21. Where is "much"? by Anonymous Coward · · Score: 0

    And how does anyone follow the "waaaaay" there?

    In a related question, does timothy own a dictionary?

  22. Trojan not virus by Anonymous Coward · · Score: 0

    Don't you guys know the difference between a Trojan and a virus?

  23. OK, It collects information by Anonymous Coward · · Score: 0

    Of the user and the user machine and the user software.
    So aren't the users mostly in China?
    Or are some upstarts trying out the Baidu thingie in the rest of the world?
    BTW - how easy is it to totally block China? ( and MS, Apple, FB, Google, Yahoo.....)

    So the web browser is a virus/spyware....

  24. fixed it for you by elgholm · · Score: 1

    ", as requested by the Chinese government." --- There, I fixed it for you, since you accidentally stopped your last sentence too soon.

  25. Sounds about right... by Anonymous Coward · · Score: 0

    They are in good company.
    Windows 10 is tracking you. (Link)
    Google Chrome is tracking you (Link), well actually recording you, but still...
    Facebook tracks the hell out of you (Link), logged in or not (Link)

  26. Hmm by Anonymous Coward · · Score: 0

    "Both versions collected waaaaay to much information that has nothing to do with analytics..."

    Maybe someone could use Baidu to search for the difference between "to" and "too?"

  27. Hey! Stop that! by Opportunist · · Score: 1

    That's the OS' business!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  28. In China you don't surf your browser.... by Anonymous Coward · · Score: 0

    your browser surfs YOU

  29. Remember this, people by argStyopa · · Score: 2

    While I'd be the LAST one to exonerate the misdeeds of my own United States...for all those decrying the "US controls the internet" and all the painting of the US as some sort of malignant capitalist force in the world generally: understand that your actual choice ISN'T the US vs whatever utopia you have cooked up in your head where governments aren't power-hungry monsters and commerce is run by the pleasant hippy guy down at your local co-op who gives you free snacks and coffee "for whatever you feel is fair, dude".

    No, the ACTUAL choices in the world we live in are:
    - the US
    - China
    - maybe Russia ...as your superpowers.

    As much as the US is deeply flawed in many ways, it's still orders of magnitude more benign than the alternatives.

    --
    -Styopa
    1. Re:Remember this, people by Anonymous Coward · · Score: 0

      I for one welcome our American overlords!

    2. Re:Remember this, people by mjwx · · Score: 1

      While I'd be the LAST one to exonerate the misdeeds of my own United States...for all those decrying the "US controls the internet" and all the painting of the US as some sort of malignant capitalist force in the world generally: understand that your actual choice ISN'T the US vs whatever utopia you have cooked up in your head where governments aren't power-hungry monsters and commerce is run by the pleasant hippy guy down at your local co-op who gives you free snacks and coffee "for whatever you feel is fair, dude".

      No, the ACTUAL choices in the world we live in are:
      - the US
      - China
      - maybe Russia ...as your superpowers.

      As much as the US is deeply flawed in many ways, it's still orders of magnitude more benign than the alternatives.

      Swap Russia for the EU.

      Whilst they're slow to act, they are a force to reckon with once roused. They are the single largest economic bloc and are definitely a super power militarily.

      Russia has lost superpower status and has fallen in to the BRIC group of minor powers (Brazil, Russia, India, China).

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    3. Re:Remember this, people by Anonymous Coward · · Score: 0

      No, it's not.
      The option is mostly between one superpower which no one can take accountable, and many powers less super that give leeway for action - and eventually one day freedom.

      China can do much to some people in the world, and part of what it does is evil, but it can't do anything to me nor most of slashdot user - in particular it can't ban encryption at a worldwide level.

    4. Re:Remember this, people by argStyopa · · Score: 1

      The EU a "super power" militarily? Bwahaha.

      First, you need to have a military: They couldn't even bomb some Libyan bandits without running out of bombs and needing US air control and mid-air refueling. 5 of the 28 members of NATO even bother to meet their treaty-obligated minimum defense budgets, much less anything more. Most EU country militaries are barely more than ill-concealed jobs programs, and are populated a few patriots but mostly by the hopeless dregs that for some reason can't simply do nothing.
      Yes, they (UK...assuming it's still EU this time next year, and France) have nukes; then again, so does North Korea. That doesn't make DPRK a superpower, either.

      Second: you have to have the will to actually USE the military. Yes, some few EU states sent token forces to Afghanistan, usually with engagement orders that would be appropriate to kindergarten, not a war zone. Most EU countries are terrified of conflict, afraid to send soldiers into harm's way. For most EU states, they're more likely to wet their pants than use the military forcefully to exert policy

      Finally, we'll simply assume for this discussion that the EU actually continues to exist, and doesn't shatter into near-insignificance in the next several years.

      I don't disagree with you about Russia though, they're barely more than a 3rd-world state but Putin's aggressiveness and opportunism moves them up a little. But no, you're right, it's really US or China.

      My entire point was to illustrate that for all its problems, compared to a Pax Sinaticus, the Pax Americana is pretty benign.

      --
      -Styopa
  30. So it's exactly like Chrome and Edge by Anonymous Coward · · Score: 0

    but since it's Chinese, let's blow it all out of proportion.

  31. Re:Crome FORGET CHROME! by Anonymous Coward · · Score: 0

    How is this different from Microsoft? In what way is being spied by a corporation better/worse than being spied by another?

    Getting hardware details? I thought that was the idea behind that Genuine authentication... I really don't see any difference.

  32. Soon enough by Anonymous Coward · · Score: 0

    Mozilla Firefox will be inspired by this browser and roll up yet another forced donotwant update with similar features because people keep unchecking that damn Send Crash Report box!!!!

  33. Code signatures vs MiTM by Anonymous Coward · · Score: 0

    Lol. Avoiding MiTM doesn't require code signing, it requires encrypted connections (typically with certificate checks, but not always).

  34. Grammar Nazi says... by slashdotwannabe · · Score: 1

    Both versions collected waaaaay to much information that has nothing to do with analytics, like hard drive models,

    *too

    --
    This comment is my opinion and does not represent an official position of Donald Trump or others I do not work for