Slashdot Mirror

← Back to Stories (view on slashdot.org)

Maxthon Web Browser Sends Sensitive Data To China (securityweek.com)

Posted by msmash on from the security-woes dept.

Reader wiredmikey writes: Security experts have discovered that the Maxthon web browser collects sensitive information and sends it to a server in China. Researchers warn that the harvested data could be highly valuable for malicious actors. Researchers at Fidelis Cybersecurity and Poland-based Exatel recently found that Maxthon regularly sends a file named ueipdata.zip to a server in Beijing, China, via HTTP. Further analysis (PDF) revealed that ueipdata.zip contains an encrypted file named dat.txt. This file stores information on the operating system, CPU, ad blocker status, homepage URL, websites visited by the user (including online searches), and installed applications and their version number. Interestingly, In 2013, after the NSA surveillance scandal broke, the company boasted about its focus on privacy and security, and the use of strong encryption.

22 of 119 comments (clear)

  1. color me surprised... by Anonymous Coward · · Score: 4, Insightful

    that a 'secure' browser developed IN china, sends user data back to china.

    1. Re: color me surprised... by sunderland56 · · Score: 2, Insightful

      How is this different from safari, Firefox or chrome or than the geographical location?

      Because it sounds much more scary to say "your private info is being sent to China" than "your private data is being sent to Mountain View".

      There's no *actual* difference, of course; but the press can run with this story, because China == scary and California == good.

  2. In today's news by Zontar_Thing_From_Ve · · Score: 4, Insightful

    Security researchers discovered that a Chinese developed web browser you've probably never heard of that claims to have great security actually sends all kinds of personal information about your PC and web searches to a site in Beijing. Also, other Chinese developed web browsers that claim to have great security may do similar things.

    1. Re:In today's news by The-Ixian · · Score: 5, Informative

      Not just Chinese companies...

      How about a NJ company too?

      https://www.comodo.com/home/br...

      Yeah, the same company behind superfish has a "secure" web browser too.

      --
      My eyes reflect the stars and a smile lights up my face.
    2. Re:In today's news by dc29A · · Score: 4, Insightful

      On the internet, if something is free, then the user is the product. Maxthon Browser is a free download. Draw your own conclusions ...

    3. Re:In today's news by Anonymous Coward · · Score: 2, Funny

      So Linux secretly sends data to china?

      According to many, it IS a communist plot.

      No, the linux kernel sends all your activity to Linus at his alma mater in Finland hosted on a personal computer running Intel 80386. The 400 MB hard driver is almost full.

    4. Re:In today's news by zlives · · Score: 4, Funny

      yup my windows 10 would never do that.

  3. Not untrue by Sneeka2 · · Score: 3, Funny

    the company boasted about its focus on [...] strong encryption.

    Well... they are using encryption to send that data, apparently. Can't say they didn't warn ya.

    --
    Bitten Apples are still better than dirty Windows...
  4. Its very secure by T.E.D. · · Score: 3, Insightful

    It is a very secure web browser. If you run that web browser, the Government of China feels far more secure.

    You westerners look at everything backwards.

    1. Re:Its very secure by lucm · · Score: 4, Insightful

      Contrary to what most people think, government in China is far from being a large, single-minded entity. It's more like the EU; lots of small factions and local fiefdoms.

      In the vast majority of cases, industrial or internet "spies" work for private concerns. Of course there's a blurry line because the government has their fingers in everyone's pie in China, either directly or via state employees who leverage their access to public resources to build their own small empire. But it's rarely a simple Big Brother thing.

      --
      lucm, indeed.
  5. What browser? by sjbe · · Score: 3, Insightful

    Security experts have discovered that the Maxthon web browser...

    Hands up from anyone who actually has heard of this web browser prior to reading this article. Anyone?

    (crickets)

    That's what I thought...

    1. Re:What browser? by Scoth · · Score: 2

      I remember it from years and years ago as an IE shell for 5.0, 5.5, and 6.0 that provided a lot of functionality that IE6 just didn't have - tabs, ad blocking, popup blocking, etc. It was hugely popular at the company I worked for at the time because we had an ActiveX IE-based CRM that required us to use IE, and it allowed a lot of features. Looks like they call it "Maxthon Classic" now.

    2. Re:What browser? by thegarbz · · Score: 3, Insightful

      Hands up from anyone who actually has heard of this web browser prior to reading this article. Anyone?

      You're asking on Slashdot if anyone has heard of a browser that has been covered 5 times on slashdot before several of which were directly about that specific browser?

      *raises hand*

  6. So, what about other browsers. by cloud.pt · · Score: 3, Insightful

    So are you telling me Chrome/Chromium, Firefox, Safari, IE/Edge, Opera and Vivaldi won't send sensitive data to the UK or the USA? Aren't those 2 countries also know to perform indiscriminate, bulk data collections for law enforcement use, even if there's no warrant?

    I doubt a Chinese citizen is gonna be using my sensitive data any different than any other countries'. You should be worried if you're a China national, or if your're traveling to China and you happen to be using that browser for your hardcore anti-commie endeavors. JUST LIKE IF TRAVELING TO THE US AND DOING STUFF THEY DON'T LIKE ON ANY BROWSER.

    There is a limit to hypocrisy and bias. Stop being biased. I hate what is being done to Chinese people's liberties as much as the next guy, but who the fck cares about a detail that also happens to be true in all other instances.

    Now, of course, Russia would be a whole 'nother story. They happen to be mining data like rabbits procreate. I would be worried about that. Am I also being biased now?

    1. Re:So, what about other browsers. by ArchieBunker · · Score: 3, Insightful

      If they did send anything sensitive we would know about it by now. I mean come on hundreds of millions of people use these browsers and not a single person has posted any packet sniffer logs or demonstrated any proof of malicious behavior. The neckbeards here love to claim Chrome does this but ask them to provide some details and they suddenly clam up.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    2. Re:So, what about other browsers. by CRCulver · · Score: 2

      So are you telling me Chrome/Chromium, Firefox, Safari, IE/Edge, Opera and Vivaldi won't send sensitive data to the UK or the USA?

      You can build Chromium and Firefox from source and see for yourself.

    3. Re:So, what about other browsers. by Anonymous Coward · · Score: 2, Informative

      You can see it with wireshark, the omnibar in Chrome is actually a keylogger. It sends each and every keypress as an individual TCP packet. This is how Google is able to give you informed decisions on websites to visit while you are typing.

    4. Re:So, what about other browsers. by ArchieBunker · · Score: 2

      Typing into the omnibar is the same as typing into google.com. What is your point? Are my passwords being sent? Is my browser history being sent? Again, put up or shut up with proof.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
  7. Forks and their security by LichtSpektren · · Score: 5, Informative

    Firefox and Chromium* have a lot of forks, but I would advise against using them. Mozilla and Google have world-class security experts working for them, and when you use generic Firefox/Chrome, you get their security updates the moment they're released out, not when your fork-team's got around to setting them out.

    Suppose you want to use Chromium as a base but are concerned about your privacy with respect to Google, so you don't want to use Chrome. That's perfectly understandable, but using Opera or Vivaldi or Maxthon instead is insanity, since they're all black boxes and you're not really sure what they're doing with your data (case in point, TFA). There's a 100% FLOSS fork of Chromium in the works called Iridium but I cannot recommend it yet because I don't know enough about the competency of their team, but it's definitely worth looking into. Until then, just use vanilla Chromium and rig your own auto-update system.

    As for Firefox, there's a great extension called Privacy Settings that can optimize all your config flags for privacy (i.e. turn off telemetry, network prefetch, etc.) in just one click. I would recommend however that you keep dom.storage.enabled on, since a lot of websites are unusable without it. Also be wary that security.ssl.require_safe_negotiation needs to be toggled if you need to connect to an insecure website, such as the USPS's.

    *For those unaware: Chromium is the base of Chrome. The only difference between them is that Chrome is shipped with an auto-updater and plugins for Flash and Widevine.

    1. Re:Forks and their security by T.E.D. · · Score: 2

      Mozilla and Google have world-class security experts working for them, and when you use generic Firefox/Chrome, you get their security

      Why didn't you also mention Microsoft here? *innocent blink*.

    2. Re:Forks and their security by LichtSpektren · · Score: 4, Interesting

      Mozilla and Google have world-class security experts working for them, and when you use generic Firefox/Chrome, you get their security

      Why didn't you also mention Microsoft here? *innocent blink*.

      Several reasons.

      1. Firefox and Chrome(ium) are cross-platform. IE/Edge and Safari are not.
      2. Microsoft might have a competent security team (wouldn't bet my life on it though), but their company policy inhibits their browsers from being secure. For instance, it is well known that they share vulnerabilities with certain three-letter agencies before pushing the patches downstream.
      3. Given the Windows 10 debacle, anyone who leaves auto-updates on for any Microsoft OS is either uninformed or a fool.
      4. Even on Windows, there is no particular reason to use IE/Edge instead of Firefox/Chrome(ium). Microsoft's browsers are slower and have less and worse extensions.
      5. Firefox and Chromium are FLOSS, which means (a) you can audit the code yourself for any backdoors/spyware and then compile it yourself, and (b) Mozilla and Google would have to be exceptionally daft to attempt to hide any backdoors/spyware. IE/Edge are proprietary and closed-source, which means they're just as much black boxes as are Maxthon and Opera.

  8. Eyeroll by sjbe · · Score: 2

    You're asking on Slashdot if anyone has heard of a browser that has been covered 5 times on slashdot before [slashdot.org] several of which were directly about that specific browser?

    Wow, 5 whole articles over 12 years with most barely mentioning a browser that literally almost nobody uses. How did I ever miss that... [/sarcasm]