Though Apple sends user’s browsing data to China’s Tencent in order to help protect users from fraudulent website, it is stirring up another controversy. The data being shared not only includes websites that are visited but the IP address of the iOS user as well.
It is certainly the best of intentions, however, because Apple is sending this information to a Chinese conglomerate eyebrows are being raised. According to Wikipedia, Tencent is a Chinese multinational conglomerate holding company that was founded in 1998. It specializes in internet-related services, technology, entertainment, and artificial intelligence. It is also both the world’s largest gaming company and social media company.
For a long time, to protect its users from phishing sites, Apple has used Google’s Safe Browsing technology so that while using Apple’s Safari, if a user attempts to visit a site with an URL that Google has flagged as a phishing site or as a source of malware, Safari will display a warning advising the user to not proceed.
In Apple’s iOS 13, there is small print which is advises the user that there is a change, in that data may be sent not only to Google but also to Tencent.
So what will happen is that prior to visiting a website, Safari will send that website address to both Google Safe Browsing and Tencent Safe Browsing for a check as to whether the website is fraudulent or not. But along with that info, your IP address is also sent and this is where the controversy arises.
Matthew Green, who is a Johns Hopkins University professor and cryptographer, says that with your IP address info, a cookie may also be dropped on your device which could potentially then be used to build up a profile of your browsing behavior.
Evidence does show that Apple only sends browsing data to Tencent only if the users iOS region is set to China. But its not really clear, as the warning appears on both US-registered iPhones as well as Chinese-registered ones.
Google does have safety measures in place for ‘safe browsing’ and claims it does not know exactly which website a user is attempting to visit because it is allowing a user’s bowser to do the checking of what is listed as fraudulent on Google’s Safe Browsing. Green is hoping that Tencent can also be trusted for doing the same thing.