Apple has issued a statement today following a slew of misleading and poorly-researched media reports that were published over the weekend, claiming that the Safari web browser was secretly sending user traffic to Chinese company Tencent…
For years, Apple has used Google’s Safe Browsing API inside Safari to check for bad links. Starting earlier this year, Apple also added Tencent’s safe browsing system to Apple as well.
But this update has been misinterpreted by several news outlets over the weekend under scary headlines of “Apple sends users’ web browsing history to China,” amid a recent rise in Chinese anti-sentiment and fearmongering triggered by the recent Hong Kong protests and the US-Sino trade war.
However, the reality is that this is not how modern safe browsing mechanisms work.
Most safe browsing mechanisms, such as those managed by Google and Tencent, work by sending a copy of the database to a user’s browser and letting the browser check the URL against this local database. According to Apple, this is also how Apple developers have implemented Safari’s safe browsing mechanism — to never send the user’s internet browsing traffic to safe browsing providers.
MacDailyNews Take: Apple’s statement (via Slashdot): Apple protects user privacy and safeguards your data with Safari Fraudulent Website Warning, a security feature that flags websites known to be malicious in nature. When the feature is enabled, Safari checks the website URL against lists of known websites and displays a warning if the URL the user is visiting is suspected of fraudulent conduct like phishing. To accomplish this task, Safari receives a list of websites known to be malicious from Google, and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of website you visit is never shared with a safe browsing provider and the feature can be turned off.
To turn off this “feature” on your iOS 13 or iPadOS 13 device: Settings > Safari > toggle off “Fraudulent Website Warning.”