iOS and iPadOS are not mentioning at the Fraudulent Website Warning setting but macOS Catalina explicits that the data go to Google. Why hiding it? Obviously Apple do not want users know. That makes Apple products no longer safe.
Turn it off, you may lose some protection from some malicious websites, but it is a necessary step in avoiding being traced by a thuggish régime.
For concerned US users: "Tencent is used for devices that have their region code set to mainland China. Users in the United States, the UK, and other countries do not have their website browsing checked against Tencent's safe list."
Whether you are pro Apple sharing info with Tencent or against it, it doesn’t change the fact that Apple has been spending considerable amounts of goodwill and trust that they have spent years accumulating with the public at large.
The last 7-10 days will have made many causal observers and customers of Apple begin the think differently about the company and not in a beneficial way for Apple. And in this latest case it seems Apple “left out” the information on Tencent and the sharing of data when they published the original TOS. If I’m wrong, my apologies. At its best that is a sloppy way to go about your business and customer service.
There’s plenty to criticize American companies for over China. And privacy is important. But sometimes I swear people are wearing tinfoil hats. Honestly if you’re that worried you’re being tracked then all you can do is get off the internet.
These 'tin foil hat' 'conspiracies' have a nasty tendency to become reality, and at an increasingly alarming rate. Social Credit Score is happening, be afraid.
What do you mean? What conspiracies are becoming reality at an increasing and alarming rate?
Well, that’s the issue with conspiracy theorists. They put it out there without proof or even corroboration. They expect you to just accept their mental illness as truth.
I put this squarely on AppleInsider’s editorial staff. They ran with this very clickable, scary China article before checking the facts. They didn't want to be scooped by MacRumors or 9to5Mac. Only now comes the update after the usual trolls here jumped on it.
Apple does not send your browsing habits to Google or Tencent. Instead Apple compares the URL against databases it obtained from Google and Tencent. Nothing leaves Apple. You are not tracked by Google or Tencent. Apple is merely using lists of suspicious websites it has in its possession to warn the user that the website they are visiting may be compromised. End of story.
Yet another gotcha story planted to stir the pot and all the Apple tech blogs took the bait without investigating. It was on the Internet so it must be true, right? Is that how online tech journalism works? God help us all.
This would all be great if Apple didn’t share your IP address, but that spoils it. So we know that they don’t share the exact URL, but we don’t know how much of the exact URL (of every single website you visit) they do share. And we don’t know why Google and Tencent want to be able to match up our IP addresses with the sites we visit, but presumably they’re doing something with it, and they’re not saying what.
Maybe what we all need is a browser plug-in that randomly surfs the Internet whenever we’re not actively doing so ourselves, to pad the data with lots of random hits and weaken any claims based on the data collected, including both quality and number of targeted ads viewed.
This is UNACCEPTABLE! I have disabled the feature immediately, my browsing is FAR safer than the possible risk of Chinese abuse of our Internet usage data! Apple is really selling us out to China, including the ass-kissing Hong Kong pro-democracy apps removal just to appease their Chinese gov't cash cow.
To accomplish this task, Safari receives a list of websites known to be malicious from Google, and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of a website you visit is never shared with a safe browsing provider
Apple gets a Black-List from these services. That's it. It's a one way transaction. This was another piece of Apple bashing BS dumped on the web to see who would fall for it. I've learned when I see one of these stories to wait a few hours for, as Paul Harvey used to say The Rest Of The Story. It always makes all the difference.
I put this squarely on AppleInsider’s editorial staff. They ran with this very clickable, scary China article before checking the facts. They didn't want to be scooped by MacRumors or 9to5Mac. Only now comes the update after the usual trolls here jumped on it.
Apple does not send your browsing habits to Google or Tencent. Instead Apple compares the URL against databases it obtained from Google and Tencent. Nothing leaves Apple. You are not tracked by Google or Tencent. Apple is merely using lists of suspicious websites it has in its possession to warn the user that the website they are visiting may be compromised. End of story.
Yet another gotcha story planted to stir the pot and all the Apple tech blogs took the bait without investigating. It was on the Internet so it must be true, right? Is that how online tech journalism works? God help us all.
Exactly this. I thought AI was better than this. I've enjoyed their editorials bashing sites doing exactly this and they're now guilty of it. What you wrote here is the REAL STORY behind today's mis-events. For shame AI.... for shame...
Tencent makes a list of "suspicious" URLs (malware, piracy, terrorism, pro-democracy, etc.)
It hashes all the URLs and makes the list available for download. It retains a map of all of the hashes and the URLs for each hash.
Safari downloads the hash list.
Whenever you try to visit a URL whose hash is on the list, Safari phones home to Tencent and tells them the hash (revealing your IP address in the process.)
Tencent looks up the suspicious URL list (URLs matching that hash) in its hash->URL map and returns the suspicious URL list to Safari.
Tencent logs your IP address, the hash/list of suspicious URLs, and the timestamp
If the URL is actually on the suspicious URL list, Safari blocks the site saying that it is suspicious.
Tencent forwards the information (your IP address, list of suspicious URLs that you might have been trying to visit, and the date/time of each attempt) to the appropriate Chinese authorities for further investigation.
I put this squarely on AppleInsider’s editorial staff. They ran with this very clickable, scary China article before checking the facts. They didn't want to be scooped by MacRumors or 9to5Mac. Only now comes the update after the usual trolls here jumped on it.
Apple does not send your browsing habits to Google or Tencent. Instead Apple compares the URL against databases it obtained from Google and Tencent. Nothing leaves Apple. You are not tracked by Google or Tencent. Apple is merely using lists of suspicious websites it has in its possession to warn the user that the website they are visiting may be compromised. End of story.
Yet another gotcha story planted to stir the pot and all the Apple tech blogs took the bait without investigating. It was on the Internet so it must be true, right? Is that how online tech journalism works? God help us all.
Gotcha click bait story - I don’t know. I do know that if you reside in mainland China and/or HK, authorities, through Tencent, are gaining information about you that, while difficult to pin down exactly, will put you on someone’s radar somehow through at least your URL and basic info of the type of site you are trying to visit. It’s easy to be disgusted at a click bait article if you live in a free country where you have options to browse however you like. Others around the world don’t have that luxury and need to be very concerned about what the government knows about them.
Tencent makes a list of "suspicious" URLs (malware, pro-democracy, etc.)
It hashes all the URLs and makes the list available for download. It retains a map of all of the hashes and the URLs for each hash.
Safari downloads the hash list.
Whenever you try to visit a URL whose hash is on the list, Safari phones home to Tencent and tells them the hash (revealing your IP address in the process.)
Tencent looks up the suspicious URL list (URLs matching that hash) in its hash->URL map and returns the suspicious URL list to Safari.
Tencent logs your IP address, the hash/list of suspicious URLs, and the timestamp
If the URL is actually on the suspicious URL list, Safari blocks the site saying that it is suspicious.
Tencent forwards the information (IP address, time/date, list of suspicious URLs that you might have been trying to visit) to the appropriate Chinese authorities for further investigation.
Profit!
Nope. The hash list is local. Nothing goes from your device to Tencent.
I put this squarely on AppleInsider’s editorial staff. They ran with this very clickable, scary China article before checking the facts. They didn't want to be scooped by MacRumors or 9to5Mac. Only now comes the update after the usual trolls here jumped on it.
Apple does not send your browsing habits to Google or Tencent. Instead Apple compares the URL against databases it obtained from Google and Tencent. Nothing leaves Apple. You are not tracked by Google or Tencent. Apple is merely using lists of suspicious websites it has in its possession to warn the user that the website they are visiting may be compromised. End of story.
Yet another gotcha story planted to stir the pot and all the Apple tech blogs took the bait without investigating. It was on the Internet so it must be true, right? Is that how online tech journalism works? God help us all.
Exactly this. I thought AI was better than this. I've enjoyed their editorials bashing sites doing exactly this and they're now guilty of it. What you wrote here is the REAL STORY behind today's mis-events. For shame AI.... for shame...
By itself, this is a benign service Apple provides to customers through Google and Tencent. Cast against the light of Apple's recent takedown of the HK and Quartz apps and their previous acquiescence, people can rightfully question Apple's motives. Especially since Tencent can be a willing proxy in China's efforts to punish any and all who show support for the HK protesters. https://deadspin.com/adrian-wojnarowski-upset-former-espn-reporter-who-helpe-1838922338 Woj like the tweet from the NBA Exec. Tencent, acting as proxy for the gov't (my opinion) doled out the punishment for liking the tweet. Show cancelled by Tencent. Viewed in isolation this Safe Browsing thing ain't much. Viewed in the context of what's going on in the world, it still ain't much but people have every right to give this situation the side eye considering the player involved.
Tencent makes a list of "suspicious" URLs (malware, pro-democracy, etc.)
It hashes all the URLs and makes the list available for download. It retains a map of all of the hashes and the URLs for each hash.
Safari downloads the hash list.
Whenever you try to visit a URL whose hash is on the list, Safari phones home to Tencent and tells them the hash (revealing your IP address in the process.)
Tencent looks up the suspicious URL list (URLs matching that hash) in its hash->URL map and returns the suspicious URL list to Safari.
Tencent logs your IP address, the hash/list of suspicious URLs, and the timestamp
If the URL is actually on the suspicious URL list, Safari blocks the site saying that it is suspicious.
Tencent forwards the information (IP address, time/date, list of suspicious URLs that you might have been trying to visit) to the appropriate Chinese authorities for further investigation.
Profit!
Nope. The hash list is local. Nothing goes from your device to Tencent.
As Apple explains, "information calculated from the website address" is sent to Tencent. That's the hash. Then Tencent returns the full URL list.
I put this squarely on AppleInsider’s editorial staff. They ran with this very clickable, scary China article before checking the facts. They didn't want to be scooped by MacRumors or 9to5Mac. Only now comes the update after the usual trolls here jumped on it.
Apple does not send your browsing habits to Google or Tencent. Instead Apple compares the URL against databases it obtained from Google and Tencent. Nothing leaves Apple. You are not tracked by Google or Tencent. Apple is merely using lists of suspicious websites it has in its possession to warn the user that the website they are visiting may be compromised. End of story.
Yet another gotcha story planted to stir the pot and all the Apple tech blogs took the bait without investigating. It was on the Internet so it must be true, right? Is that how online tech journalism works? God help us all.
It's funny how quick people are to bash Apple.
Surprised I didn't see the ironic "Am switching to android" posts. lol
What is worrisome is that phoning home to Tencent or Google when you have a URL hash hit is a clear and massive violation of privacy even if only "information calculated from the website address" (i.e. a hash) is sent to Tencent or Google.
Apple can truthfully claim that they don't send the URL to Tencent - but sending the hash isn't a whole lot better, as it can be easily abused. Specifically, when you send the matching hash, then Tencent learns that you were most likely attempting to visit one of a known list of "suspicious" URLs.
The media typical behavior of post-first, verify later. I expect better of AI.
When I first read the article, I didn't post my piece only because it just didn't sound right. I found it hard to believe that Apple would actually do something like that. Sure enough... before knowing any facts... trolls, haters, conspiracy-theorists, and of course AI ran with it.
It's a f****g shame as to how news is reported nowadays. Sure, you make your money on web clicks, but damn it AI, have a shred of decency before posting such clickbait.
I expect this from rag-sites like MacRumors, but not AI.
I put this squarely on AppleInsider’s editorial staff. They ran with this very clickable, scary China article before checking the facts. They didn't want to be scooped by MacRumors or 9to5Mac. Only now comes the update after the usual trolls here jumped on it.
Apple does not send your browsing habits to Google or Tencent. Instead Apple compares the URL against databases it obtained from Google and Tencent. Nothing leaves Apple. You are not tracked by Google or Tencent. Apple is merely using lists of suspicious websites it has in its possession to warn the user that the website they are visiting may be compromised. End of story.
Yet another gotcha story planted to stir the pot and all the Apple tech blogs took the bait without investigating. It was on the Internet so it must be true, right? Is that how online tech journalism works? God help us all.
It's funny how quick people are to bash Apple.
Surprised I didn't see the ironic "Am switching to android" posts. lol
Tencent makes a list of "suspicious" URLs (malware, pro-democracy, etc.)
It hashes all the URLs and makes the list available for download. It retains a map of all of the hashes and the URLs for each hash.
Safari downloads the hash list.
Whenever you try to visit a URL whose hash is on the list, Safari phones home to Tencent and tells them the hash (revealing your IP address in the process.)
Tencent looks up the suspicious URL list (URLs matching that hash) in its hash->URL map and returns the suspicious URL list to Safari.
Tencent logs your IP address, the hash/list of suspicious URLs, and the timestamp
If the URL is actually on the suspicious URL list, Safari blocks the site saying that it is suspicious.
Tencent forwards the information (IP address, time/date, list of suspicious URLs that you might have been trying to visit) to the appropriate Chinese authorities for further investigation.
Profit!
Nope. The hash list is local. Nothing goes from your device to Tencent.
Without further info this doesn't make sense.
If the hash list were local then there wouldn't be a need to ping tencent or Google. Years ago chrome had a bloom filter with such urls inside chrome but even that was quite large and they switched to a cloud based system.
Hashing itself doesn't make anything private except during because transport the receiver knows the crosswalk between urls and hashes. Exception if somehow apple would hash it themselves but then they could host this service and tencent would not have to be involved at all.
Maybe apple just sends domain in which case it's correct that the full URL isn't sent. But it would still reveal to Tencent that user X browsed freetibet.org or that you browse Western news or whatever else.
Comments
Turn it off, you may lose some protection from some malicious websites, but it is a necessary step in avoiding being traced by a thuggish régime.
The last 7-10 days will have made many causal observers and customers of Apple begin the think differently about the company and not in a beneficial way for Apple. And in this latest case it seems Apple “left out” the information on Tencent and the sharing of data when they published the original TOS. If I’m wrong, my apologies. At its best that is a sloppy way to go about your business and customer service.
Apple does not send your browsing habits to Google or Tencent. Instead Apple compares the URL against databases it obtained from Google and Tencent. Nothing leaves Apple. You are not tracked by Google or Tencent. Apple is merely using lists of suspicious websites it has in its possession to warn the user that the website they are visiting may be compromised. End of story.
Yet another gotcha story planted to stir the pot and all the Apple tech blogs took the bait without investigating. It was on the Internet so it must be true, right? Is that how online tech journalism works? God help us all.
Maybe what we all need is a browser plug-in that randomly surfs the Internet whenever we’re not actively doing so ourselves, to pad the data with lots of random hits and weaken any claims based on the data collected, including both quality and number of targeted ads viewed.
Apple gets a Black-List from these services. That's it. It's a one way transaction. This was another piece of Apple bashing BS dumped on the web to see who would fall for it. I've learned when I see one of these stories to wait a few hours for, as Paul Harvey used to say The Rest Of The Story. It always makes all the difference.
It's funny how quick people are to bash Apple.
Surprised I didn't see the ironic "Am switching to android" posts. lol
Apple can truthfully claim that they don't send the URL to Tencent - but sending the hash isn't a whole lot better, as it can be easily abused. Specifically, when you send the matching hash, then Tencent learns that you were most likely attempting to visit one of a known list of "suspicious" URLs.
If the hash list were local then there wouldn't be a need to ping tencent or Google. Years ago chrome had a bloom filter with such urls inside chrome but even that was quite large and they switched to a cloud based system.
Hashing itself doesn't make anything private except during because transport the receiver knows the crosswalk between urls and hashes. Exception if somehow apple would hash it themselves but then they could host this service and tencent would not have to be involved at all.
Maybe apple just sends domain in which case it's correct that the full URL isn't sent. But it would still reveal to Tencent that user X browsed freetibet.org or that you browse Western news or whatever else.