Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
China Privacy

Alibaba's Huge Browser Business Is Harvesting The 'Private' Web Activity Of Millions Of Android And iPhone Users (forbes.com) 50

Security researcher Gabi Cirlig's findings, verified for Forbes by two other independent researchers, reveal that on both Android and iOS versions of UC Browser, every website a user visits, regardless of whether they're in incognito mode or not, is sent to servers owned by UCWeb. From a report: Cirlig said IP addresses -- which could be used to get a user's rough location down to the town or neighborhood of the user -- were also being sent to Alibaba-controlled servers. Those servers were registered in China and carried the .cn Chinese domain name extension, but were hosted in the U.S. An ID number is also assigned to each user, meaning their activity across different websites could effectively be monitored by the Chinese company, though it's not currently clear just what Alibaba and its subsidiary are doing with the data.

"This could easily fingerprint users and tie them back to their real personas," Cirlig wrote in a blog post handed to Forbes ahead of publication on Tuesday. Cirlig was able to uncover the problem by reverse engineering some encrypted data he spotted being sent back to Beijing. Once the key had been cracked, he was able to see that every time he visited a website, it was being encrypted and transmitted back to the Alibaba company. On Apple's iOS, he didn't even need to reverse engineer the encryption because there effectively was none on the device (though it was encrypted when in transit). "This kind of tracking is done on purpose without any regard for user privacy," Cirlig told Forbes. When compared to Google's own Chrome browser, for instance, it does not transfer user web browsing habits when in incognito. Cirlig said he'd looked at other major browsers and found none did the same as UC Browser.

This discussion has been archived. No new comments can be posted.

Alibaba's Huge Browser Business Is Harvesting The 'Private' Web Activity Of Millions Of Android And iPhone Users

Comments Filter:
  • by IWantMoreSpamPlease ( 571972 ) on Wednesday June 02, 2021 @01:25PM (#61447834) Homepage Journal

    if something owned by the Chinese *didn't* spy on you or report back to the authorities.

    • by fermion ( 181285 )
      I think the Chinese are just more obvious. I stopped using Chrome for incognito as we actually do not know how clever they are, but certainly their business is tracking. Edge and Safari we donâ(TM)t know what is going on which leaves Firefox as the least worst option.
  • I'd never heard of this browser before today... Who is using and why?
    • I've never heard of it too, but it has 500+ millions installation on Android, insane... and 21'000 reviews (certainly most are fakes)

      • Re:who's using it? (Score:5, Informative)

        by aitikin ( 909209 ) on Wednesday June 02, 2021 @01:43PM (#61447892)

        UCWeb [wikipedia.org] has been around since '04 and has even in /.'s recent [slashdot.org] news [slashdot.org] stories. You've likely never heard of it, or only heard of it in passing as it is primarily a Chinese used browser (something like 2/3 market share) and it wasn't of note to most of us until Alibaba bought it in '14.

        • by eepok ( 545733 )

          Grade A+ informative post... but I have no points with which to mod. Please accept my gratitude.

      • UC Browser is popular in Asia. In addition to China, it is widely used in India and Indonesia.

        India banned it last year, but it is still widely used there.

  • Or make it OFF by default. Any company caught violating it should face massive fines and App Store takedown. We should not have to live under constant surveillance just because these companies canâ(TM)t make money in an honest way.
    • Any company caught violating it should face massive fines and App Store takedown.

      App store takedown is never going to happen as long as they pay the fees charged by the store. Or why else would Google keep known phishing apps in their Playstore?

  • by AndyKron ( 937105 ) on Wednesday June 02, 2021 @01:33PM (#61447858)
    If you trust ANYBODY you're an idiot
  • Sounds like it works like most browsers, where you are the product. I'll bet Chrome sends more in private mode than you think, its not zero.

    The real issue is that you can't trust any modern browser. As mush as I like Firefox, its hobbled since Chrome/Chromium is the new IE and no one tests with FF.

    Why do these companies need to catalog our every move? Advertising worked well long before the internet, and still could.

  • by Big Bipper ( 1120937 ) on Wednesday June 02, 2021 @01:53PM (#61447918)
    Oh yes, I remember. It sounds just like what Windows does, except to China instead of Redmond.
  • This is a feature (Score:4, Interesting)

    by JeffOwl ( 2858633 ) on Wednesday June 02, 2021 @01:55PM (#61447936)
    The point of UC Browser is that it compresses the data stream reducing the mobile data usage. In order to do that it has to route the traffic through a server under control of the company.
  • by TheNameOfNick ( 7286618 ) on Wednesday June 02, 2021 @02:46PM (#61448080)

    Chrome doesn't need to rat you out to Google. The web sites already do it when they make your browser contact Google servers to load fonts, analytics, ads, script libraries...

  • Comment removed based on user account deletion
  • Opera, a fine browser no doubt, was aquired by some Chinese entity some years ago.

    Their built in VPN immediately became highly suspicious.

  • Alibaba : We had cooperated with the NSA to Make China Great Again.

The trouble with being punctual is that nobody's there to appreciate it. -- Franklin P. Jones

Working...