https://www.engadget.com/2019/10/13/safari-in-ios-sends-safe-browsing-data-to-tencent/
一場反送中運動,令不少香港人終於開始識得用VPN,關心網上私隱。蘋果iOS原被認為最安全的操作系統,但隨著不停向中共跪低,令人擔心其安全性,就算是在香港也受有關跪低事件影響。網站reclaimthenet.org報道指出,其實由iOS 12.2測試版開始,蘋果就不斷向大陸騰訊,用家就算安裝其他瀏覽器或VPN,都未必能作出保護。
報道指,原來在iOS系統設定中Safari有一項,預設會自動啟動網站安全檢查Fraudulent Website Warning,在當中有一項條款,寫明會向大陸騰訊傳送IP等私隱資料,以便成功作出檢查。據稱,要成功檢查用戶瀏覽的網站是否安全,大陸騰訊必然要知道用家正在瀏覽那一個網站。
最恐怖的,是有關設定幾乎影響全球用戶,不只是香港或中國大陸而已。用家安裝其他瀏覽器亦未必能解決問題,因為蘋果強制App Store的瀏覽器使用WebKit引擎,亦即是說上述的系統設定有可能都套用至所有瀏覽器。
目前唯一解決方法,是進入系統設定把其關閉。方法是按系統設定,選擇Safari,向下撥,找到如下圖把Fraudulent Website Warning詐騙網站警告關閉
Apple's Safari browser has long sent data to Google Safe Browsing to help protect against phishing scams using its Fraudulent Website Warning feature, but it now appears Chinese tech giant Tencent gets some information as well. Users have discovered that iOS 13 (and possibly versions starting from iOS 12.2) sends some data to Tencent Safe Browsing in addition to Google's system. It's not clear at this stage whether Tencent collects any information outside of China -- you'll see mention of the collection in the US disclaimer, but that doesn't mean it's scooping up info from American web surfers.
The concern, as you might imagine, revolves over what Tencent might do with that data. Both Google and Tencent may log IP addresses in order for their anti-phishing systems to work, but Tencent's frequent cooperation with the Chinese government raises concerns that its data could be used for surveillance or other nefarious ends. Johns Hopkins University professor Matthew Green noted that a malicious provider could theoretically use Google's Safe Browsing approach to de-anonymize someone by linking site requests. So long as Tencent's method is similar, it could have a way to identify users if the Chinese government pressures it to reveal dissidents.
Credit: Engadget & winandmac
