Apple today is facing criticism for sending web browsing data, including IP addresses, to China’s Tencent Holdings Ltd.
For about two years, Apple has been sending data to Tencent as part of an iPhone and iPad security feature that warns users if a website is malicious or unsafe before they load it. The U.S. company checks addresses against an existing list of sites known to be problematic. That list is maintained by Tencent for users in mainland China and by Google for other regions, including in the U.S.
In newer versions of Apple’s iOS operating systems, the company says this feature “may also log your IP address,” potentially providing Tencent, a Chinese internet conglomerate with government ties, data such as a user’s location… “We deserve to be informed about this kind of change and to make choices about it,” Matthew Green, a cryptographer and professor at Johns Hopkins University, wrote in a blog post. “Users should learn about these changes before Apple pushes the feature into production, and thus asks millions of their customers to trust them.”
Apple said in a statement that the feature protects user privacy and safeguards people’s data. The checks occur on the devices, and the actual web addresses are never shared with Tencent and Google, the safe browsing providers. The feature is on by default, but can be switched off, Apple also said.
MacDailyNews Take: While we’re happy to see Apple finally communicated to users what was happening, why did it take Apple two years to do so?
Apple’s statement (via Slashdot): Apple protects user privacy and safeguards your data with Safari Fraudulent Website Warning, a security feature that flags websites known to be malicious in nature. When the feature is enabled, Safari checks the website URL against lists of known websites and displays a warning if the URL the user is visiting is suspected of fraudulent conduct like phishing. To accomplish this task, Safari receives a list of websites known to be malicious from Google, and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of website you visit is never shared with a safe browsing provider and the feature can be turned off.
To turn off this “feature” on your iOS 13 or iPadOS 13 device: Settings > Safari > toggle off “Fraudulent Website Warning.”