Sometimes, I wonder about the short-term memory of people who deal with Chinese companies. The is an interesting article in the
Wall Street Journal today about some of the biggest and how they deal with “privacy data” being collected by Baidu, Alibaba, Tencent et al, who seem to be collecting things that one has to wonder how that data relates to the function of the applications the user is being provided. Anyone who follows this knows they are collecting much more than just web information about what a user is searching for. The University of Toronto has been researching some of the things they have been collecting and it clearly is astounding to the average citizen. But it would not be nearly so surprising to someone who worked for an intelligence agency anywhere in the world. These guys are spying on their own citizens - and on anyone who uses their software on their own computer. You do not have to be a citizen of China to have your data collected. This is an extract from a slide I did a couple of years ago that shows what was found in examining browsers from these Chinese companies. They were collecting all of these types of information. Why do they need the serial number of my hard drive, the WiFi address around me, or the network MAC address?
Does Google or Microsoft collect this kind of data? No.
|
|
|
|
Personal Data
User Operating System
GPS coordinates plus last GPS update time
International Mobile Station Equipment Identity (IMEI)
Nearby wireless networks including MACs
Search terms entered into address bar
URLs visited
The Windows version of Baidu Browser also transmits a number of personally identifiable data points, including a user’s search terms, hard drive serial number model and network MAC address, URL and title of all webpages visited, and CPU model number…
Neither the Windows nor Android versions of BaiduBrowser protect software updates with code signatures, meaning an in-path malicious actor could cause the application to download and execute arbitrary code…
|
The Internet Protocol address of a user’s device.
The Media Access Control addresses of all nearby WiFi access points.
The name of the WiFiaccess point to which the user is connected.
The unique serial number of a user’s hard drive.
The full URL of each page entered into the address bar.
|
Device info sent unencrypted: IMSI, IMEI, Android ID, and Wi-Fi MAC address
Search queries sent unencrypted
Location data received unencrypted: longitude/latitude and street name
IMSI, IMEI, MCC, MNC, LAC, CellId, nearby cellular towers and Wi-Fi access pointsUser data, including IMSI, IMEI, Android ID, and Wi-Fi MAC address are sent without encryption to Umeng, an Alibabaanalytics tool, in the Chinese language version.
User geolocation data, including longitude/latitude and street name, are transmitted without encryption by AMAP, an Alibaba mapping tool, in the Chinese language version.
User search queries are sent without encryption to the search engine Shenma (in the Chinese language version) or Yahoo! India and Google (in the English language version).
|
|
|
|
|
|
|
|
|
|
|
|
|
•Reports by Citizen Lab, an interdisciplinary laboratory
within the Munk School of Global Affairs, University of Toronto
No comments:
Post a Comment