14 DAY TRIAL // Apple has always posed as one of the largest privacy advocates in the entire world, claiming most of its investments are based on efforts to protect users and their data.
On the other hand, the company sometimes comes in the spotlight for matters that have little to do with user privacy. One such example is a recent discovery that certain browsing data on an iOS device might be sent to none other than Chinese tech giant Tencent.
If the name of this company doesn’t ring any bells, Tencent is one of the Chinese firms involved in censorship scandals and linked to various questionable programs launched by the Beijing government.
Without a doubt, news that Apple might be sending some browsing data to such a company doesn’t sit well with privacy-obsessed customers, especially because iPhones and iPads were supposed to guarantee this never happens.
According to this discovery, it all comes down to a security control bundled into Safari in iOS 13.
Technically, Safari fights against dangerous websites that could be used for phishing and other malicious tactics by scanning the links that you enter and determining whether a page poses a threat or not. This feature is called “Fraudulent Website Warning,” and as its name suggests, its purpose is to display a warning when loading a possibly-dangerous page.
To determine if a link is dangerous or not, and therefore to determine if a warning should be shown, Safari sends some browsing data, including the page that you’re attempting to load, to two different services. One of them is Google’s Safe Browsing engine, which is currently used by several other browsers, including Google’s very own Chrome. The other belongs to Tencent.
Apple doesn’t clearly say what information it sends to either of them, but it’s pretty clear that most people are concerned about the details that end up on Tencent servers.
“Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent. These save browsing providers may also log your IP address,” Apple says.
So technically, what we do know for sure is that both the link and your IP address are sent to these two services, and security experts warn that this could lead to users being de-anonymized when using Safari.
In Google’s case, the company says it only collects a hashed, partial copy of the URL and determining the full URL is not possible. On the other hand, Google says that blocking certain content might require the full URL of the site or potentially dangerous file to also be send to its servers for a more accurate analysis.
Safe Browsing collects so-called standard log information, which according to Google also includes your IP address and cookies.
Fortunately, iOS users can easily disable this behavior in Safari, and it all comes down to just a simple toggle in the Settings screen. To do this, follow this path:
Settings > Safari > Privacy & security > Fraudulent Website Warning
Of course, this means that you may end up lacking the security controls that can otherwise be pretty useful, but for the time being, there’s no way to block Tencent without blocking Google too. Apple has remained completely tight-lipped on this browsing data sharing with Tencent, so it’ll be interesting to see how the company deals with this new wave of criticism given its privacy focus.
