Apple's Fraudulent Website Warning feature in Safari for iOS and Mac has [url=https://reclaimthenet.org/apple-safari-ip-addresses-tencent/]come under scrutiny[/url] for using Chinese internet giant Tencent as one of its Safe Browsing providers.
The Safari feature has long sent data to Google Safe Browsing to cross-reference URLs against a blacklist and protect users against phishing scams and sites that attempt to push malware. However, it's unclear when Apple started sending user data to Tencent as well.
Apple notes in iOS that it sends some user IP addresses to Tencent, but most users are probably unaware of the fact. The mention can be found in the "About Safari & Privacy" screen, which is linked via small text under the Privacy & Security section in Settings -> Safari. The Fraudulent Website Warning feature also found here is enabled by default, so users aren't likely to know that their IP address may be logged unless they opt to view the information screen.
Apple's reference to Tencent has been found on devices running [url=https://www.macrumors.com/roundup/ios-13/]iOS 13[/url], but some [url=https://rd2.huaren.us/huaren.php?hrtopic_id=2462962&hrurl=https%3a%2f%2ftwitter.com%2fStijnDV%2fstatus%2f1092515697694003200%3fref_src%3dtwsrc%255Etfw%257Ctwcamp%255Etweetembed%257Ctwterm%255E1092515697694003200%26amp%3bref_url%3dhttps%253A%252F%252Freclaimthenet.org%252Fapple-safari-ip-addresses-tencent%252F]tweets[/url] suggest versions as early as iOS 12.2 also included the Chinese company as a safe browsing provider.
At this point, it's difficult to know for sure whether Apple users residing outside of China are having their data sent to Tencent, but the company appears to be mentioned on iPhones and iPads registered in the U.S. and the U.K., and possibly in other countries, too.
The privacy implications of shifting Safe Browsing to Tencent's servers are unknown, because Apple hasn't said much about it. However, according to Johns Hopkins University professor [url=https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/]Matthew Green[/url], a malicious provider could theoretically use Google's Safe Browsing approach to de-anonymize a user by linking their site requests.
Apple's [url=https://www.macrumors.com/2019/10/13/apple-tv-shows-told-avoid-china-criticism/]relationship with the Chinese government[/url] has come in for [url=https://www.macrumors.com/2019/10/11/tim-cook-defends-removal-hkmaplive-from-app-store/]increasing criticism[/url] lately, and that could make customers uneasy about Apple's links to Tencent, which is known to [url=https://www.bloomberg.com/news/articles/2019-08-06/tencent-helps-communist-party-pay-homage-to-the-china-dream]work closely with the Chinese Communist Party[/url].
As such, Green believes users "deserve to be informed about this kind of change and to make choices about it. At very least, users should learn about these changes before Apple pushes the feature into production, and thus asks millions of their customers to trust them."
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our [url=https://forums.macrumors.com/forumdisplay.php?f=47]Politics, Religion, Social Issues[/url] forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
The Chinese Communist Party appears to have “superuser” access to the entire data on more than 100 million Android-based cellphones through a back door in a propaganda app that the government has been promoting aggressively this year.
The Safari feature has long sent data to Google Safe Browsing to cross-reference URLs against a blacklist and protect users against phishing scams and sites that attempt to push malware. However, it's unclear when Apple started sending user data to Tencent as well.
Apple notes in iOS that it sends some user IP addresses to Tencent, but most users are probably unaware of the fact. The mention can be found in the "About Safari & Privacy" screen, which is linked via small text under the Privacy & Security section in Settings -> Safari. The Fraudulent Website Warning feature also found here is enabled by default, so users aren't likely to know that their IP address may be logged unless they opt to view the information screen.
Apple's reference to Tencent has been found on devices running [url=https://www.macrumors.com/roundup/ios-13/]iOS 13[/url], but some [url=https://rd2.huaren.us/huaren.php?hrtopic_id=2462962&hrurl=https%3a%2f%2ftwitter.com%2fStijnDV%2fstatus%2f1092515697694003200%3fref_src%3dtwsrc%255Etfw%257Ctwcamp%255Etweetembed%257Ctwterm%255E1092515697694003200%26amp%3bref_url%3dhttps%253A%252F%252Freclaimthenet.org%252Fapple-safari-ip-addresses-tencent%252F]tweets[/url] suggest versions as early as iOS 12.2 also included the Chinese company as a safe browsing provider.
At this point, it's difficult to know for sure whether Apple users residing outside of China are having their data sent to Tencent, but the company appears to be mentioned on iPhones and iPads registered in the U.S. and the U.K., and possibly in other countries, too.
The privacy implications of shifting Safe Browsing to Tencent's servers are unknown, because Apple hasn't said much about it. However, according to Johns Hopkins University professor [url=https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/]Matthew Green[/url], a malicious provider could theoretically use Google's Safe Browsing approach to de-anonymize a user by linking their site requests.
Apple's [url=https://www.macrumors.com/2019/10/13/apple-tv-shows-told-avoid-china-criticism/]relationship with the Chinese government[/url] has come in for [url=https://www.macrumors.com/2019/10/11/tim-cook-defends-removal-hkmaplive-from-app-store/]increasing criticism[/url] lately, and that could make customers uneasy about Apple's links to Tencent, which is known to [url=https://www.bloomberg.com/news/articles/2019-08-06/tencent-helps-communist-party-pay-homage-to-the-china-dream]work closely with the Chinese Communist Party[/url].
As such, Green believes users "deserve to be informed about this kind of change and to make choices about it. At very least, users should learn about these changes before Apple pushes the feature into production, and thus asks millions of their customers to trust them."
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our [url=https://forums.macrumors.com/forumdisplay.php?f=47]Politics, Religion, Social Issues[/url] forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
赶紧把它关了
你要是长期在美国呆的话那就不一定了
☆ 发自 iPhone 华人一网 1.14.05
文章里面就是提醒要关了,disable,不然会在发送欺诈钓鱼网站的同时把使用者手机的IP地址也发给腾讯。
https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html
The Chinese Communist Party appears to have “superuser” access to the entire data on more than 100 million Android-based cellphones through a back door in a propaganda app that the government has been promoting aggressively this year.
https://pincong.rocks/article/6553
https://www.msn.com/en-us/news/technology/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/ar-AAIGo5K
Chinese app on Xi’s ideology allows data access to users’ phones, report says
https://www.cnbc.com/2019/10/14/china-xi-jinping-ideology-app-has-backdoor-that-could-let-beijing-snoop-on-users-report.html
Chinese app pushing Xi’s ideology has ‘backdoor’ that could let Beijing snoop on users, report says
mitbbs的某猥琐男经常发的帖子里有钓鱼网页链接,iphone开着这个选项,你的信息和手机电脑就很难被泄漏被黑。
腾讯和google获取你的信息,只要装了微信和引擎,信息自动收录。NSC也有你的全套信息。
类比一下,你的信用卡信息,可以被大公司知道,但不能被黑客和个人钓鱼。
如果你想去一个银行网站,然后去的是假的那个。如果enable了,网页会显示这个是个假网站。如果disable了,你就不知道然后会照常输入你的密码,就给盗用了。你觉得第三方认证能拿到你什么信息?只是你的IP和去的网站而已,有什么大不了的?
嗯,你别关,在每天用个强国软件最安全。
☆ 发自 iPhone 华人一网 1.14.05
你的IP和去什么网站,你知道你输入网址到打开网页一路上多少服务器有记录你这个request吗?从你的internet provider,到路上的路由器,到那个网站的服务器,都有这个记录,不要说政府也有记录。你以为关了那个就没有了,只是少一个而已,而且自己风险大好多。