Maxthon Web Browser Sends Sensitive Data To China

Reader wiredmikey writes: Security experts have discovered that the Maxthon web browser collects sensitive information and sends it to a server in China. Researchers warn that the harvested data could be highly valuable for malicious actors. Researchers at Fidelis Cybersecurity and Poland-based Exatel recently found that Maxthon regularly sends a file named ueipdata.zip to a server in Beijing, China, via HTTP. Further analysis (PDF) revealed that ueipdata.zip contains an encrypted file named dat.txt. This file stores information on the operating system, CPU, ad blocker status, homepage URL, websites visited by the user (including online searches), and installed applications and their version number. Interestingly, In 2013, after the NSA surveillance scandal broke, the company boasted about its focus on privacy and security, and the use of strong encryption.

Re:Forks and their security

[LichtSpektren]

Mozilla and Google have world-class security experts working for them, and when you use generic Firefox/Chrome, you get their security

Why didn't you also mention Microsoft here? *innocent blink*.

Several reasons.

1. Firefox and Chrome(ium) are cross-platform. IE/Edge and Safari are not.
2. Microsoft might have a competent security team (wouldn't bet my life on it though), but their company policy inhibits their browsers from being secure. For instance, it is well known that they share vulnerabilities with certain three-letter agencies before pushing the patches downstream.
3. Given the Windows 10 debacle, anyone who leaves auto-updates on for any Microsoft OS is either uninformed or a fool.
4. Even on Windows, there is no particular reason to use IE/Edge instead of Firefox/Chrome(ium). Microsoft's browsers are slower and have less and worse extensions.
5. Firefox and Chromium are FLOSS, which means (a) you can audit the code yourself for any backdoors/spyware and then compile it yourself, and (b) Mozilla and Google would have to be exceptionally daft to attempt to hide any backdoors/spyware. IE/Edge are proprietary and closed-source, which means they're just as much black boxes as are Maxthon and Opera.