Update: An Apple spokesperson reached out to us with this statement: "Apple protects user privacy and safeguards your data with Safari Fraudulent Website Warning, a security feature that flags websites known to be malicious in nature. When the feature is enabled, Safari checks the website URL against lists of known websites and displays a warning if the URL the user is visiting is suspected of fraudulent conduct like phishing. To accomplish this task, Safari receives a list of websites known to be malicious from Google, and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of a website you visit is never shared with a safe browsing provider and the feature can be turned off."
Apple's Safari browser has been sending user data to Chinese tech giant Tencent, reports have claimed.
By examining Safari's Fraudulent Website Warning disclaimer, users discovered that iOS 13 (and possibly other versions of iOS starting at 12.2) sends data to Tencent Safe Browsing in addition to Google Safe Browsing, where it helps protect users from phishing scams.
As of now, it is not clear whether Tencent collects any information on users outside of China. However, in its disclaimer, Safari does inform users that their data is being sent to the company to protect users from visiting fraudulent websites, saying:
- Phishing is the top security threat for businesses
- Apple now offers USB security key support for Safari
- Also check out the best free privacy software of 2019
“Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent. These safe browsing providers may also log your IP address.”
While the practice of sending browser data to a company to help users avoid fraudulent websites and phishing scams is nothing new, some are concerned over what Tencent may do with the data it receives.
Google and Tencent both have the ability to log user's IP addresses so that their anti-phishing systems can work but since Tencent frequently cooperates with the Chinese government, concerns have been raised over how its data could be used for surveillance or other nefarious purposes.
According to John Hopkins University professor Matthew Green (opens in new tab), a malicious provider could theoretically use Google's Safe Browsing to de-anonymize someone by linking site requests. If Tencent employs a similar method, the data it collects could be used to identify users if the Chinese government puts pressure on the company to reveal dissidents.
To avoid unwanted data collection by Safari, you could turn off its Fraudulent Website Warning feature (which Apple enables by default) but this could leave you even more at risk of falling victim to fraud. If you're more concerned over Tencent having access to your data, then it might be a better idea to use a different, more privacy-focused browser instead.
Via Engadget (opens in new tab)