Slashdot Mirror
Maxthon Web Browser Sends Sensitive Data To China (securityweek.com)
Reader wiredmikey writes: Security experts have discovered that the Maxthon web browser collects sensitive information and sends it to a server in China. Researchers warn that the harvested data could be highly valuable for malicious actors. Researchers at Fidelis Cybersecurity and Poland-based Exatel recently found that Maxthon regularly sends a file named ueipdata.zip to a server in Beijing, China, via HTTP. Further analysis (PDF) revealed that ueipdata.zip contains an encrypted file named dat.txt. This file stores information on the operating system, CPU, ad blocker status, homepage URL, websites visited by the user (including online searches), and installed applications and their version number. Interestingly, In 2013, after the NSA surveillance scandal broke, the company boasted about its focus on privacy and security, and the use of strong encryption.
that a 'secure' browser developed IN china, sends user data back to china.
Security researchers discovered that a Chinese developed web browser you've probably never heard of that claims to have great security actually sends all kinds of personal information about your PC and web searches to a site in Beijing. Also, other Chinese developed web browsers that claim to have great security may do similar things.
Contrary to what most people think, government in China is far from being a large, single-minded entity. It's more like the EU; lots of small factions and local fiefdoms.
In the vast majority of cases, industrial or internet "spies" work for private concerns. Of course there's a blurry line because the government has their fingers in everyone's pie in China, either directly or via state employees who leverage their access to public resources to build their own small empire. But it's rarely a simple Big Brother thing.
lucm, indeed.