Slashdot Mirror
Chinese QQ Browser Caught Sending User Data To Its Servers
An anonymous reader writes: A report from the Citizen Lab at the University of Toronto reveals that the popular QQ Browser is collecting sensitive user information and sending it in an insecure manner to its servers. The Android version is collecting data such as the user's search terms, browsing history, nearby Wi-Fi networks, and the user's device IMSI and IMEI codes. For the Windows version of QQ Browser, the app was caught collecting data such as the user's browsing history, hard drive serial number, MAC address, Windows hostname, and Windows user security identifier. All of this is sent unencrypted, or with a weak encryption, to Tencent's servers, QQ Browser's manufacturer. Additionally, the update process is flawed and delivered in an insecure manner that allows others to manipulate upgrade patches with malicious software. This is the third browser caught exhibiting this behavior after UC Browser and Baidu Browser.
I'm shocked! Shocked, I tell you!
If you want news from today, you have to come back tomorrow.
"In Communist China, internet browses YOU!"
I do not think chrome is syncing my fucking windows SID, but you know what? I never actually checked. so, for any app to sync my bookmarks, it needs my login to said app, then my bookmarks. so WTF is it doing sending :hard drive serial number, MAC address, Windows hostname, and Windows user security identifier.?
My hard drive serial number? That helps "sync my bookmarks?"
Come the fuck on man
Chrome does the same thing, when will it get a ./ article?
I've never even heard of the QQ browser, but my sentiments are along the same lines as yours.
When you live in the cloud, it's easier to get rained on.
slashdot: A failed experiment.
That sounds a terrible lot like the behaviour of both Google and Microsoft, which people seem to accept without a problem. How exactly is this any different, except whereas Google also tries to gather other things like the contents of your emails and your social contacts?
To be fair, both Microsoft and Google will probably use better encryption while stealing your data, so that it is not discovered that easily.
What would really be shocking is if it didn't send data back to some Chinese mothership somewhere.
Just cruising through this digital world at 33 1/3 rpm...
That sounds a terrible lot like the behaviour of both Google and Microsoft, which people seem to accept without a problem.
Perhaps this is the problem:
...and sending it in an insecure manner to its servers.
If you want news from today, you have to come back tomorrow.
The worlds most popular beer is or Snowflake beer but you probably haven't heard of that either.
Encoding screwed that post up. There's supposed to be a Chinese word in there that translates to "Snowflake beer".
The real problem is nonfree software—software which denies its users the freedoms of free software—which is also appropriately called user subjugating, proprietary software—not nationalism. There are plenty of software distributors in other countries that mistreat their users by distributing proprietary software. All proprietary software is inherently untrustworthy because proprietary software doesn't grant its users software freedom. Some distributors distribute proprietary software precisely because they know they stand a good chance of getting away with malware (including digital restrictions, spyware, ransomware, and backdoors).
Digital Citizen
Actually that might be a good thing. For one, the bad traffic was easily found, and for another it might be rather easy for some enterprising individual to mock-up some traffic and feed their servers with junk data...
Anyone know the reason why people in China would be using QQ, etc over more typical stuff elsewhere? It seems like these browsers are made by various Chinese online services - why are they popular? Or is just one of those things where a tiny minority of Chinese users are using these things and that's still a huge number?
I'd imagine you are correct. However, as devil's advocate - here we go.
Windows hostname - so that it can show you what tabs / sites you have had open on each device. Chrome also shows this. Also so it can show the machine name of any "suspicious" log on attempts.
Windows user SID - many people share a computer. One logs off, the next logs on. So it may need more than hostname to sync the bookmarks for more than one person.
HD Serial Number - yeah that one makes no sense. It isn't even useful information for the vendor as far as I can think of.
MAC Address - perhaps this is so that your bookmark sync doesn't get screwed up if you change the name of your computer?
Anyway, you are likely right, but it isn't hard to think of how some of this may indeed be needed.
I've never even heard of the QQ browser
QQ is huge, used by hundreds of millions of people. It is far more than just a browser. It is an entire social network, with forums, games, and even a virtual currency, QQCoin. When my daughter wanted a dog, I bought her a virtual dog on QQ instead, and told her that I would get her a real dog if she could take care of the virtual dog for a year, and give it virtual food and virtual water everyday (costing more QQCoin). Unfortunately, when we went on vacation, she forgot to suspend it, and it starved to death while we were gone. I also used QQCoin to buy a virtual mink coat for my wife's avatar. So she has a mink coat that all her chat-friends can see, yet no actual minks are harmed. Win-win.
I see a lot of comments about how this should just be assumed because it's China. The irony is that the very same assumptions are being made about U.S. tech based on the behavior of the government and corporations. Let's be clear here: It's wrong when the Chinese government or corporations do it, and it's wrong when the U.S. government or corporations do it. And, if we're not careful, the U.S. is going to look a lot more Chinese as time goes on, and the rest of the world will simply stop buying what we are selling.
given that Google Web Search, Chrome, and Windows, sends even more sensitive information on you back to Google and Microsoft? Typical anti-Chinese propaganda.
Doubtless, this is a 'feature' mandated by the Chinese government and not a bug.
'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman
Theres a browser that will one up QQ, Opera. Opera does all of that, and also reads what pages you have on speeddial, uploads to server and can inserts ads into speeddial based on it.
Forget about why it's sending the hard drive serial number. Why is windows (or any os) giving an app my hard drive serial number? What possible use could there be for that without some sort of security/privacy dialog?
Obviously, they have to give up all data to the chinese gov. This is so that the wonderful Chinese gov can keep their ppl safe. It would NEVER be about restricting their access or finding out who is locating information about freedom.
I prefer the "u" in honour as it seems to be missing these days.