Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security China Privacy

Maxthon Web Browser Sends Sensitive Data To China (securityweek.com) 119

Reader wiredmikey writes: Security experts have discovered that the Maxthon web browser collects sensitive information and sends it to a server in China. Researchers warn that the harvested data could be highly valuable for malicious actors. Researchers at Fidelis Cybersecurity and Poland-based Exatel recently found that Maxthon regularly sends a file named ueipdata.zip to a server in Beijing, China, via HTTP. Further analysis (PDF) revealed that ueipdata.zip contains an encrypted file named dat.txt. This file stores information on the operating system, CPU, ad blocker status, homepage URL, websites visited by the user (including online searches), and installed applications and their version number. Interestingly, In 2013, after the NSA surveillance scandal broke, the company boasted about its focus on privacy and security, and the use of strong encryption.
This discussion has been archived. No new comments can be posted.

Maxthon Web Browser Sends Sensitive Data To China

Comments Filter:
  • by Anonymous Coward on Thursday July 14, 2016 @09:47AM (#52509949)

    that a 'secure' browser developed IN china, sends user data back to china.

  • In today's news (Score:5, Insightful)

    by Zontar_Thing_From_Ve ( 949321 ) on Thursday July 14, 2016 @09:51AM (#52509973)
    Security researchers discovered that a Chinese developed web browser you've probably never heard of that claims to have great security actually sends all kinds of personal information about your PC and web searches to a site in Beijing. Also, other Chinese developed web browsers that claim to have great security may do similar things.
    • Re:In today's news (Score:5, Informative)

      by The-Ixian ( 168184 ) on Thursday July 14, 2016 @10:05AM (#52510071)

      Not just Chinese companies...

      How about a NJ company too?

      https://www.comodo.com/home/br... [comodo.com]

      Yeah, the same company behind superfish has a "secure" web browser too.

      • Oh come now, NJ is -- unlike Taiwan and Tibet and the reefs they're destroying -- really just part of the PRC.
    • Re:In today's news (Score:5, Insightful)

      by dc29A ( 636871 ) * on Thursday July 14, 2016 @10:07AM (#52510075)

      On the internet, if something is free, then the user is the product. Maxthon Browser is a free download. Draw your own conclusions ...

      • So Linux secretly sends data to china?

        • So Linux secretly sends data to china?

          According to many, it IS a communist plot.

          • Re: (Score:2, Funny)

            by Anonymous Coward

            So Linux secretly sends data to china?

            According to many, it IS a communist plot.

            No, the linux kernel sends all your activity to Linus at his alma mater in Finland hosted on a personal computer running Intel 80386. The 400 MB hard driver is almost full.

          • According to many, it IS a communist plot.

            This actually happened: someone where I used to work saw me carrying an OpenOffice manual and said, "What are you, a Communist? Around here we use Microsoft Office!"

            • by s.petry ( 762400 )

              According to many, it IS a communist plot.

              This actually happened: someone where I used to work saw me carrying an OpenOffice manual and said, "What are you, a Communist? Around here we use Microsoft Office!"

              And how exactly did you respond to the fascist? "How does that Chocolate Mussolini taste?"

              • This actually happened: someone where I used to work saw me carrying an OpenOffice manual and said, "What are you, a Communist? Around here we use Microsoft Office!"

                And how exactly did you respond to the fascist? "How does that Chocolate Mussolini taste?"

                What response is possible?
                Like the " Drill Baby Drill" crowd, these religious opinions are immovable by facts, logic or good sense.

        • Yeah, but only if the wifi drivers are working...

          (Only joking -- I've never had a serious problem with wifi under Linux...)
      • On the internet, if something is free, then the user is the product. Maxthon Browser is a free download. Draw your own conclusions ...

        On the internet EVERYTHING is a generalisation.

    • Eh, Maxthon was pretty popular back in the IE6 days. It was one of the IE shells that added tabbed browsing.

      Also, quoth Wikipedia:

      Maxthon won CNET WebWare 100 Awards in 2008 and 2009, and was #97 in PCWorld's list of the 100 Best Products of 2011

  • Not untrue (Score:4, Funny)

    by Sneeka2 ( 782894 ) on Thursday July 14, 2016 @09:53AM (#52509987)

    the company boasted about its focus on [...] strong encryption.

    Well... they are using encryption to send that data, apparently. Can't say they didn't warn ya.

  • Its very secure (Score:4, Insightful)

    by T.E.D. ( 34228 ) on Thursday July 14, 2016 @09:53AM (#52509993)

    It is a very secure web browser. If you run that web browser, the Government of China feels far more secure.

    You westerners look at everything backwards.

    • Re:Its very secure (Score:5, Insightful)

      by lucm ( 889690 ) on Thursday July 14, 2016 @10:23AM (#52510223)

      Contrary to what most people think, government in China is far from being a large, single-minded entity. It's more like the EU; lots of small factions and local fiefdoms.

      In the vast majority of cases, industrial or internet "spies" work for private concerns. Of course there's a blurry line because the government has their fingers in everyone's pie in China, either directly or via state employees who leverage their access to public resources to build their own small empire. But it's rarely a simple Big Brother thing.

  • by Anonymous Coward

    Like any other software make the same with the origin country, Google, Microsoft, Symantec, etc... Information have a price today!

  • What browser? (Score:4, Insightful)

    by sjbe ( 173966 ) on Thursday July 14, 2016 @09:57AM (#52510009)

    Security experts have discovered that the Maxthon web browser...

    Hands up from anyone who actually has heard of this web browser prior to reading this article. Anyone?

    (crickets)

    That's what I thought...

    • by Scoth ( 879800 )

      I remember it from years and years ago as an IE shell for 5.0, 5.5, and 6.0 that provided a lot of functionality that IE6 just didn't have - tabs, ad blocking, popup blocking, etc. It was hugely popular at the company I worked for at the time because we had an ActiveX IE-based CRM that required us to use IE, and it allowed a lot of features. Looks like they call it "Maxthon Classic" now.

    • I did. I then saw that it was being written by a company in China, and noped in the opposite direction.

      China, both it's gov't and it's citizens, are so breathtakingly corrupt that I do my best to avoid them where at all possible, whether it's cyberspace or meatspace. I wouldn't trust any software that comes out of there, for the same reasons that I refuse to eat any produce that they make. If they arn't being duplicitous in their intentions, then they are cutting every conceivable corner to give them a p

    • by Mashiki ( 184564 )

      Maxthon has been around for over a decade and got the best browser awards or best product of x year a couple of times. If you haven't heard of it you haven't been paying attention(aka the sites you read were pushing their own shit), and you were likely on the firefox bandwagon when it was getting all that attention.

    • I used to use this way back before I switched to FireFox (and before Chrome was even released). Back then, it was one of the best IE wrappers to give you tabs and other functionality that more modern (at the time) browsers were adopting. I ditched it after I switched to FireFox (and, later, Chrome). I didn't even realize they were still around since IE itself now has tabs.

    • Re:What browser? (Score:4, Insightful)

      by thegarbz ( 1787294 ) on Thursday July 14, 2016 @11:31AM (#52510721)

      Hands up from anyone who actually has heard of this web browser prior to reading this article. Anyone?

      You're asking on Slashdot if anyone has heard of a browser that has been covered 5 times on slashdot before [slashdot.org] several of which were directly about that specific browser?

      *raises hand*

      • You're asking on Slashdot if anyone has heard of a browser that has been covered 5 times on slashdot before [slashdot.org] several of which were directly about that specific browser?

        Wow, 5 whole articles over 12 years with most barely mentioning a browser that literally almost nobody uses. How did I ever miss that... [/sarcasm]

        • You are missing your opening tag. Therefor I am not able to parse your sarcasm.

        • How did I ever miss that... [/sarcasm]

          Inattention, bad memory, dunno. They were all incredibly popular with many stories.

    • I loved Maxthon back in 2009. It had tons of usability and security features built-in. They abruptly changed the look and feel at some point, and I switched to firefox with about two dozen unsatisfying plugins.

    • 10M downloads on Android Google Play store. Of course, one star reviews started coming in.

    • It came preinstalled on my Lenovo laptop. I wondered why. Now I know.

  • by cloud.pt ( 3412475 ) on Thursday July 14, 2016 @09:57AM (#52510011)

    So are you telling me Chrome/Chromium, Firefox, Safari, IE/Edge, Opera and Vivaldi won't send sensitive data to the UK or the USA? Aren't those 2 countries also know to perform indiscriminate, bulk data collections for law enforcement use, even if there's no warrant?

    I doubt a Chinese citizen is gonna be using my sensitive data any different than any other countries'. You should be worried if you're a China national, or if your're traveling to China and you happen to be using that browser for your hardcore anti-commie endeavors. JUST LIKE IF TRAVELING TO THE US AND DOING STUFF THEY DON'T LIKE ON ANY BROWSER.

    There is a limit to hypocrisy and bias. Stop being biased. I hate what is being done to Chinese people's liberties as much as the next guy, but who the fck cares about a detail that also happens to be true in all other instances.

    Now, of course, Russia would be a whole 'nother story. They happen to be mining data like rabbits procreate. I would be worried about that. Am I also being biased now?

    • by ArchieBunker ( 132337 ) on Thursday July 14, 2016 @10:00AM (#52510031)

      If they did send anything sensitive we would know about it by now. I mean come on hundreds of millions of people use these browsers and not a single person has posted any packet sniffer logs or demonstrated any proof of malicious behavior. The neckbeards here love to claim Chrome does this but ask them to provide some details and they suddenly clam up.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        You can see it with wireshark, the omnibar in Chrome is actually a keylogger. It sends each and every keypress as an individual TCP packet. This is how Google is able to give you informed decisions on websites to visit while you are typing.

        • Typing into the omnibar is the same as typing into google.com. What is your point? Are my passwords being sent? Is my browser history being sent? Again, put up or shut up with proof.

          • by brunes69 ( 86786 )

            TBF, Chrome *does* sync your passwords *AND* browser history with Google by default after you have logged it in. You have to know enough to manually turn those features off.

            • Exactly. Thank god someone who knows the least bit of contemporary distributed applications to know that all the defaults in the browsers mentioned are the problem. People will argue "but you can disable that" a lot, but they seem to forget the amount of non-tech savvy people that exist in the world. And what that lack of savvy entails to their privacy.
      • Um... it's called gag orders. Do you know why Google doesn't have a Warrant Canary? EXACTLY: they got gagged before the idea even surfaced. They have inferred they have been gagged multiple times, they are even making lawsuits against the state for disclosing this, together with Microsoft. You won't believe proof provided by the companies themselves and former employees of your top security agency, so why would I bother trying to prove anything to you.
    • Comment removed based on user account deletion
      • But you can't emulate Google's back-end, and you can't inspect the certificate authorities those browsers allow by default. You are missing the point. And even on Chromium, there is a reason why you can ad sync features and avoid them when compiling: sync features are Google's proprietary code. Just like Google Play Services in Android.
    • by Anonymous Coward

      >I doubt a Chinese citizen is gonna be using my sensitive data...

      And you would be right. Because 'citizens in general' are not the ones who end up with your data. This stuff does not go to an IoT toaster in someone's house. The data is collected, stored, and then sold by Maxthon to whom knows who. And you're right, it is not neighbourhood folks/citizens.

      Straw man.

      • Wait, isn't that exactly the same thing Google does with your data, sometimes even without proper consent? If not sell it, use it themselves for further enhancing their core business, you know, Ads... That thing everybody avoids like the plague and is the root of all browser-based malware infection (considering flash is pretty dead with the new paradigms on browsers disallowing them by default...). Yet you still don't see any major browser distribution shipping with adblock by default, do you?
    • by T.E.D. ( 34228 )

      So are you telling me Chrome/Chromium, Firefox, Safari, IE/Edge, Opera and Vivaldi won't send sensitive data to the UK or the USA?

      No, nobody is saying that. That's a strawman entirely of your own construction. But they aren't an open cesspool of centralized information thievery either (unless you pick up some malware, which is of course quite likely).

      But even if the implications of your comment were true (which it isn't), I'd be much more comfortable with my personal data going to countries that have rule-of-law than countries that don't. If a US-based person tries to blackmail you, you can have them arrested for that. If they do it

    • So are you telling me Chrome/Chromium, Firefox, Safari, IE/Edge, Opera and Vivaldi won't send sensitive data to the UK or the USA?

      Prove it. Or shut up. Crybaby arguments like "everybody else does the same thing" with no proof is meaningless.

      Here, bucko. Let me give you a real example about why you might not care what Maxthon does but Chinese people might. A few years ago I had a Chinese girlfriend. I mean she was born and raised in China and lived there most of her life. She told me a story about being in college. She shared a dorm room with 3 oe 4 other girls and one day the police called all of them in for questioning.

      • No idea what Fulan Gong is, but I know what Falun Gong is.

      • Let me give you a real example about why you might not care what Maxthon does but Chinese people might.

        I'm gonna quote myself to explain you exactly why I stopped expecting much from what came after that line:

        You should be worried if you're a China national, or if your're traveling to China and you happen to be using that browser for your hardcore anti-commie endeavors.

        At least I didn't stop at "bucko". Or "prove it or shut up", or any other of your "flammy" ways to keep a dialogue. Muricanism is killing slashdot. Real Americans talk Sense&Reason, not Redneck-Texan-Nationalist-bull. And for the sake of the conversation - I understand your ex-girl's problem completely. But this Maxthon issue has nothing to do with it or at least is not directly related enough to e

    • So it's okay for someone to take a dump in the middle of the driveway, because everyone else does it?

      • I never said that. I say this particular dump is being blown out of proportion, like most China-bound american cyberwarfare claims. Influencing people's opinion is no longer an art, it's commonplace, and nobody seems to notice the writings on the wall.
  • ...Web Browser browses you!

  • by Anonymous Coward

    Why wouldn't it.
    Every browsers send your data somewhere in the world, be it china or the US, it's just as bad.

  • by LichtSpektren ( 4201985 ) on Thursday July 14, 2016 @10:03AM (#52510063)
    Firefox and Chromium* have a lot of forks, but I would advise against using them. Mozilla and Google have world-class security experts working for them, and when you use generic Firefox/Chrome, you get their security updates the moment they're released out, not when your fork-team's got around to setting them out.

    Suppose you want to use Chromium as a base but are concerned about your privacy with respect to Google, so you don't want to use Chrome. That's perfectly understandable, but using Opera or Vivaldi or Maxthon instead is insanity, since they're all black boxes and you're not really sure what they're doing with your data (case in point, TFA). There's a 100% FLOSS fork of Chromium in the works called Iridium but I cannot recommend it yet because I don't know enough about the competency of their team, but it's definitely worth looking into. Until then, just use vanilla Chromium and rig your own auto-update system [woolyss.com].

    As for Firefox, there's a great extension called Privacy Settings that can optimize all your config flags for privacy (i.e. turn off telemetry, network prefetch, etc.) in just one click. I would recommend however that you keep dom.storage.enabled on, since a lot of websites are unusable without it. Also be wary that security.ssl.require_safe_negotiation needs to be toggled if you need to connect to an insecure website, such as the USPS's.

    *For those unaware: Chromium is the base of Chrome. The only difference between them is that Chrome is shipped with an auto-updater and plugins for Flash and Widevine.
    • by T.E.D. ( 34228 )

      Mozilla and Google have world-class security experts working for them, and when you use generic Firefox/Chrome, you get their security

      Why didn't you also mention Microsoft here? *innocent blink*.

      • by LichtSpektren ( 4201985 ) on Thursday July 14, 2016 @11:31AM (#52510713)

        Mozilla and Google have world-class security experts working for them, and when you use generic Firefox/Chrome, you get their security

        Why didn't you also mention Microsoft here? *innocent blink*.

        Several reasons.

        1. Firefox and Chrome(ium) are cross-platform. IE/Edge and Safari are not.
        2. Microsoft might have a competent security team (wouldn't bet my life on it though), but their company policy inhibits their browsers from being secure. For instance, it is well known that they share vulnerabilities with certain three-letter agencies before pushing the patches downstream.
        3. Given the Windows 10 debacle, anyone who leaves auto-updates on for any Microsoft OS is either uninformed or a fool.
        4. Even on Windows, there is no particular reason to use IE/Edge instead of Firefox/Chrome(ium). Microsoft's browsers are slower and have less and worse extensions.
        5. Firefox and Chromium are FLOSS, which means (a) you can audit the code yourself for any backdoors/spyware and then compile it yourself, and (b) Mozilla and Google would have to be exceptionally daft to attempt to hide any backdoors/spyware. IE/Edge are proprietary and closed-source, which means they're just as much black boxes as are Maxthon and Opera.

    • I enable every kind of telemetry, crash report on Firefox since they politely ask me to opt in and they are pretty clear about what they do with the data.

      Chrome, p0Edge and Opera (after becoming Chrome)? Never.

  • Big deal, Chrome probably does the same thing, only with the endpoint being at a server Google owns.

    And Win 10 with Edge? If you think that thing doesn't ship data by the borkload back to the lads at Redmond, then you're very, very naive. They even tell you it's shipping data back, except it's the browser AND the OS. I doubt you could so much as move the mouse without Microsoft knowing it.

  • Adding these 3 entries to your custom hosts file will block the data transmission:

    0.0.0.0 u.dcs.maxthon.com
    0.0.0.0 dcs.maxthon.com
    0.0.0.0 maxthon.com

    * Whether this "optional transmission" of data (full OR partial) is ON or OFF...

    APK

    P.S.=> So, IF I read the source article's research .pdf file here https://exatel.pl/advisory/max... [exatel.pl] correctly, that oughtta do it... apk

  • Just email the two or three people who use it and tell them to stop using it.

"To take a significant step forward, you must make a series of finite improvements." -- Donald J. Atwood, General Motors

Working...