An option in Apple’s Safari browser that’s supposed to protect Web surfers from malicious sites has raised privacy concerns in some quarters.
The option, called “safe browsing,” is turned on by default. Depending on where an Apple device is registered, the browser could be sending IP information to Tencent, a conglomerate with close ties to China’s government.
Apple offers the following explanation in Safari’s settings section: “Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent.”
That should concern consumers, maintained law professor Joel R. Reidenberg, founding academic director of the Center on Law and Information Policy at Fordham University School of Law in New York City.
“Safe browsing should not only mean you’re protected from visiting websites that are dangerous, but that your privacy is safe, too,” he told TechNewsWorld.
“The way this is structured, that’s not going to be the case,” Reidenberg continued. “The fact that browser history information is going to a Chinese company that may or may not be giving access to that data to the Chinese government is something that should raise a series of red flags from a security standpoint in the United States.”
Value of Browser Histories
A person’s browser history can reveal valuable data, noted Matthew Green, a professor specializing in cryptography in the computer science department at Johns Hopkins University in Baltimore, Maryland.
“If I were browsing websites of interest to the Chinese government, these systems could leak that information to Tencent,” he told TechNewsWorld.
Browser information also could be valuable to intellectual property thieves.
“Someone in an American company might be doing research on an innovative product. That browser history information now goes to Tencent, which gives Tencent information about the innovation in that U.S. company,” Reidenberg explained.
“There’s no reason to believe the Chinese government cares about this information right now, is going to use this mechanism, or doesn’t have other ways to acquire it, but it’s another way they can use to surveil people, if they chose to,” he pointed out.
“There are some pretty vulnerable people in China right now, people not being treated particularly well by the government,” Reidenberg said. “This could be another path by which those people’s private browsing history could become available to the state. I think that deserves a little more thought than I’ve seen from Apple.”
Apple did not respond to our request to comment for this story, However, in a statement to iMore, it explained that when the Fraudulent Website Warning feature is enabled, Safari checks the website URL against lists of known websites and displays a warning if the URL the user is visiting is suspected of fraudulent conduct like phishing.
“To accomplish this task, Safari receives a list of websites known to be malicious from Google,” Apple’s statement says, “and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of a website you visit is never shared with a safe browsing provider and the feature can be turned off.”
While it’s true the actual URL of a visited site isn’t delivered to a safe browsing provider, a determined provider could reconstruct the URL.
Safe browsing wasn’t designed to provide total privacy to users, but to degrade the quality of the browsing data that providers collect by using a system of hashed prefixes to disguise the actual URLs, Johns Hopkins’ Green explained in an online post.
Google has the compute power to reverse engineer the degraded URL data, he noted, but it’s unlikely the company would do it — or if it did, a whistleblower would expose it.
“But Tencent isn’t Google,” Green wrote. “While they may be just as trustworthy, we deserve to be informed about this kind of change and to make choices about it. At very least, users should learn about these changes before Apple pushes the feature into production, and thus asks millions of their customers to trust them.”
More Info Needed
Consumers concerned about the threat to privacy posed by safe browsing can turn it off in the privacy and security section of Safari’s settings. However, that means protection from malicious websites will be turned off, too.
“You have to know about it to do it,” Green said in an interview. “It needed a little more advertising, publicity and documentation than it got, which was nothing.”
Another alternative is to use a browser other than Safari. The problem there, though, is that when a Web page is viewed in an app, it’s displayed in something called “Safari View Controller” instead of the third-party browser. The same is true for tapping links in apps. So it’s difficult to avoid Safari entirely.
The safe browsing flap is another example of data collectors obscuring what they’re doing with user’s data.
“Apple pushes out these features that have a huge impact where data goes, and doesn’t advertise what’s happening or who’s the recipient of the data,” Green observed.
“These data-sharing arrangements are very opaque for the user,” Fordham’s Reidenberg said. “It’s very difficult for a user to know how significantly their privacy is going to be compromised by the tech company whose products they’re using.”
Since privacy and security are being touted mightily by Apple, the safe browsing fuss could undermine the company’s credibility in some consumer’s eyes. “It certainly contradicts the image they’re trying to put forward,” he noted.
It also seems to be part of what could be a worrisome pattern for Apple.
“At the very least, they don’t speak up about privacy concerns when it comes to China,” Green said.
“You can’t have a company that behaves one way regarding privacy in America and then behaves very differently overseas,” he added. “They may not have a choice in China, but at the end of the day, they have to be honest about the differences in their approach. If they can’t be honest about that, how can we trust them?”
The safe browsing problem is just part of a larger one that’s going to be a lot tougher to solve than toggling a virtual switch on an iPhone.
“Right now, we have an ecosystem that puts a premium on surveillance,” Reidenberg observed. “There are features and products to hinder that surveillance, but there are also core features — like safe browsing — with privacy compromises baked into them.”