Apple Clarifies Tencent's Role in Fraudulent Website Warnings, Says No URL Data is Shared and Checks are Limited to Mainland China

[seek3r]

I get that (I'm a programmer) but what I don't get is how regularly this mishap occurs to Apple and how they never seem to see it coming, especially as their entire PR machine is directed at privacy and transparency. At best it shows an incompetent process.

No real answer for you there. Though, honestly, it may just be selection bias. Apple's a lot bigger and under a lot more scrutiny than most other companies, so things that would skate by unnoticed elsewhere get noticed in Apple's case - *especially* because their PR is so about privacy, so in that area they're even more under a microscope.

Or they just could be really bad at catching these things, a systemic problem and it's getting reported more often now ?‍♂️. Hard to tell without more data

So why can't that 2nd list be stored locally on the iPhone?

Probably the same reason your phone doesnt cache the entire DNS structure of the web: they're big lists and they change

 

[jonblatho]

I am more comfortable with Google telling me that something "fraudulent" than China telling me that some website is "fraudulent".


We know what Chinese criteria for "fraudulent" can be.

Then don’t set your iPhone region setting to China. Problem solved.

 

[doboy]

All this hoopla over nothing, haha. Here's a sobering thought, the apps you use very likely leak more info than this safe list. Heck, your ISP definitely knows more about your browsing habits and they likely sell or use that info. Bottom line, YOU (including me) are not that important or interesting.

 

[FaustsHausUK]

I like news stories like this because - aside from all the FUD and fearmongering and over-reaction - they get people to pay attention to privacy and security more intently, if just briefly.

 

[ikir]

A Chinese company is your "safe" browsing partner ... what are you smoking Apple.
[automerge]1571070868[/automerge]

In China sadly it is ok. This is only for China BTW

 

[Westside guy]

I like to bash Apple as much as anyone, when they deserve it. But I’m not sure we should be hammering them for using Google’s Safe Browsing API in the manner it was designed.

Overview | Safe Browsing APIs (v4) | Google for Developers

The Safe Browsing APIs allow client applications to check URLs against Google's constantly updated lists of unsafe web resources.

developers.google.com

Now, one could argue that Apple should write their own protocol and filter these safe browsing queries through their own servers. They’d have to pay Google a pretty penny if they still wanted to use Google’s master list, but Apple could probably dig up that money somewhere. ? However that’s a completely different conversation (and then people would probably complain about Apple collecting addresses...).

 

[BWhaler]

The same Tencent that now owns Reddit..?

Wait, is this really true?

 

[PieTunes]

Wait, is this really true?

No.

 

[jonblatho]

So you are just conveniently ignoring Google's collection of safari users data that apple sends directly to Google's servers? The same google that apple has trained their users to be afraid of?

If you’d read the article, you’d see that it’s retrieving a locally cached list of known fraudulent/malicious sites and browsing data isn’t being sent to Google. IP addresses are sent when Safari requests an updated list, but that’s of limited utility for tracking as an IP address is often not linked to exactly one person and will change over time.

 

[citysnaps]

... for Chinese users.

Funny how that’s conveniently ignored.

 

[nwcs]

It’s good that Apple clarified but I think they’re beginning to realize that they need to be in front of these issues and not bury them in obscure sections.

 

[StellarVixen]

The thing is that with this Apple basically supports everything that China is doing with their people.


First, they allowed China to be able to sift through data on iCloud servers as they wish. Second, banning app that helped Hong Kong protesters to gather and organize their protest, using lame excuse that protestors used app to "target individual police officers and harass and assault them (how little of brain do you have to have to actually believe this).


Now this, this is another in a row of supporting China's oppression towards Chinese people. Tencent's "fraudulent website list" can be anything that Chinese doesn't see fit. Anything. If Chinese government is uncomfortable with it, than it is gonna be on "fraudulent sites list".


I am wondering where is the limit to Apple's hypocrisy?

 

[Khedron]

If Tencent is safe and trustworthy then why only use it for Chinese users?

Sort your story out Tim.

 

[iGeneo]

Much ado about nothing

To accomplish this task, Safari receives a list of websites known to be malicious from Google, and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of a website you visit is never shared with a safe browsing provider and the feature can be turned off.

Of course, you guys can keep blathering on about how Apple is evil

 

[apolloa]

Hmm call me cynical but I don’t believe what Apple claims these days... history has proved them not to be trusted anymore.

 

[siddavis]

Dre should get 50cent to do it.

 

[iGeneo]

Why doesn't safari check with apples' servers instead and then apples servers can check with google/chinese servers. Then those servers only have apples IP, not the users.

Thats what they are doing

 

[mejsric]

when you sell tegridy to chinese.

 

[macfacts]

Thats what they are doing

But that isn't what they are doing. That's not what the small print says

 

[Khedron]

Much ado about nothing




Of course, you guys can keep blathering on about how Apple is evil

Same as how Apple never shares your Siri requests with contractors... they just make transcripts and give those to contractors

More weasel words from Tim who only gives the Communist Party the general website you're visiting not the specific page

 

[Bigsk8r]

I am more comfortable with Google telling me that something "fraudulent" than China telling me that some website is "fraudulent".


We know what Chinese criteria for "fraudulent" can be.

Reading - and comprehending - the article and material would illustrate for you how you are not at all informed about that which you speak.

For the last time... only people physically connected to a Chinese IP address get routed to the Chinese apparatus, Tencent.

This is a huge nothing-burger.

 

[ersan191]

I love how the posts in this thread, complaining that people are overreacting and not reading critically, are just as spastic as the posts they are complaining about. It doesn't help your argument if you load your replies with condescension. But, here I am assuming you're trying to educate when you might be seeking to be rude with this topic as a pretense.

Says one of the most condescending posts here...

 

[Count Blah]

If you can't explain how this is a privacy concern then your obligation is to not be freaked out about it. And if you are freaked out about I can confidently state that you can't explain how this is a privacy concern.

People who understand how this system works are unconcerned. That's the opposite of "flippant disregard."

I think you are missing the part where companies USED to sweep this stuff under the rug / downplay things. With a ‘tell us and TELL US NOW!!’ Type attitude toward me security now, we are finally getting some info out of companies. Now we just need more whistle blowers to let us know if they are full of crap or not, with their(not just apple) responses.

 

[Eorlas]

The same Tencent that now owns Reddit..?

Tencent owns a lot of things. They're not even slightly a company with one industry focus, they have ownership of different organizations across many industries. Their goal is clearly as much power as they can get a hold of.

 

[gleepskip]

Says one of the most condescending posts here...

?‍♂️