GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Tech PRIVACY ALERT! Maxthon web browser sends private data about users to China

Bladewire · 07-16-2016, 10:24 PM

Someone here hypothesized on this a while back and they were right.

---

In the world of web browsers, there are four or five big names to choose from but no end of smaller alternatives. One such browser is Maxthon, and security researchers have just discovered that this Chinese-produced browser is transmitting a wealth of data about users back to China.

Researchers at Fidelis Cybersecurity and Exatel found that Maxthon frequently sends zip files to Beijing over HTTP and this contains a terrifying amount of data about users? browsing habits. The ueipdata.zip file incudes, among other things, details of the sites visited by users, the applications they have installed, and what searches have been performed.

The data is contained within an encrypted file in ueipdata.zip called dat.txt, but the necessary decryption key can be easily calculated, researchers showed. They also demonstrated how the data could be intercepted as it made its way to China using a man-in-the-middle attack, and this data could then be used for malicious purposes.

The company behind the browser says that the data is collected as part of its optional User Experience Improvement Program (UEIP) and is completely anonymous. But security experts found that data was collected regardless of whether users opted in or out of the program. FULL STORY

07-16-2016, 10:24 PM
Bladewire StraightBro Industry Role: Join Date: Aug 2003 Location: Monarch Beach, CA USA Posts: 56,232	PRIVACY ALERT! Maxthon web browser sends private data about users to China Someone here hypothesized on this a while back and they were right. --- In the world of web browsers, there are four or five big names to choose from but no end of smaller alternatives. One such browser is Maxthon, and security researchers have just discovered that this Chinese-produced browser is transmitting a wealth of data about users back to China. Researchers at Fidelis Cybersecurity and Exatel found that Maxthon frequently sends zip files to Beijing over HTTP and this contains a terrifying amount of data about users? browsing habits. The ueipdata.zip file incudes, among other things, details of the sites visited by users, the applications they have installed, and what searches have been performed. The data is contained within an encrypted file in ueipdata.zip called dat.txt, but the necessary decryption key can be easily calculated, researchers showed. They also demonstrated how the data could be intercepted as it made its way to China using a man-in-the-middle attack, and this data could then be used for malicious purposes. The company behind the browser says that the data is collected as part of its optional User Experience Improvement Program (UEIP) and is completely anonymous. But security experts found that data was collected regardless of whether users opted in or out of the program. FULL STORY