UPDATE: Apple has sent iMore the following statement. We've also explained how the Fraudulent webite warning system works and how you can disable it if you don't like it:
Apple protects user privacy and safeguards your data with Safari Fraudulent Website Warning, a security feature that flags websites known to be malicious in nature. When the feature is enabled, Safari checks the website URL against lists of known websites and displays a warning if the URL the user is visiting is suspected of fraudulent conduct like phishing. To accomplish this task, Safari receives a list of websites known to be malicious from Google, and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of a website you visit is never shared with a safe browsing provider and the feature can be turned off.
A report via Reclaim the Net has revealed Apple added Tencent Safe Browsing checks to the existing Google Safe Browsing checks as early as February of 2019. As part of that service, when checking if a website is fraudulent or not, Apple may send the IP address of the user to Tencent. Given the recent press cycle concerning Chinese influence over U.S. tech companies in general and apple in particular, this has raised some concerns.
According to the report:
Now it's been discovered that Apple, which often positions itself as a champion of privacy and human rights, is sending some IP addresses from users of its Safari browser on iOS to Chinese conglomerate Tencent – a company with close ties to the Chinese Communist Party.
Apple admits that it sends some user IP addresses to Tencent in the "About Safari & Privacy" section of its Safari settings which can be accessed on an iOS device by opening the Settings app and then selecting "Safari > About Privacy & Security." Under the title "Fraudulent Website Warning,"
When you access the Fraudulent Website Warning feature inside settings and click the "About Safari & Privacy..." link, users are met with the following disclaimer.
"Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent. These safe browsing providers may also log your IP address."
Reclaim The Net notes that the security feature is toggled on by default, so unless you have intentionally accessed these setting to disable the feature, there's a chance that at some point your IP address may have been logged by Tencent or Google whilst you've been browsing in Safari. According to one Twitter user, the addition of Tencent to this policy may have begun as early as February of this year with the iOS 12.2 beta. Apple has of course used Google Safe Browsing for some time.
In iOS 12.2 beta 2 Safari now uses Tencent Safe Browsing in addition to Google Safe Browsing. pic.twitter.com/92pZKBmwWs— Stijn de Vries (@StijnDV) February 4, 2019
Apple doesn't maintain its own list of fraudulent websites and so relies on Google for most of the world's websites, and Tencent for websites in China.
It seems that this went unnoticed at the time, and has likely come to light in wake of reports surrounding Apple's dealing in and with China over recent days. Of course, users can avoid having their IP address logged by disabling the feature, however this leaves users vulnerable to accessing fraudulent websites, which of course is the whole point of this security feature.
You could install a third-party browser, however if you view a web page inside of an app, you'll be accessing it through Safari View Controller, and by default links within apps also open Safari. Essentially, it's very hard to avoid using Safari on iOS.
Tencent of course owns WeChat, and works closely with the Chinese Communist Party to facilitate government censorship, preventing the spread of negative information about the government. WeChat's censorship is so severe that it sometimes (unintentionally) censors neutral information published by approved state media outlets.
With regards to the logging of IP addresses, Reclaim The Net notes that an IP address can reveal a uers location, and can be used to profile users across devices:
If Tencent logs the IP address of an iPhone or iPad user through its Safe Browsing service, this information could potentially be used to identify the owner of the device by searching for instances of the IP address across Tencent's other services.
This article was updated to explain how and why the fraudulent website warnings work.
totallee announces UV Phone Sanitizer that kills germs on your phone
totallee has announced a new UV Phone Sanitizer that can kill germs and bacteria on your phone, AirPods, wallet and keys!
iPhone maker Foxconn sees its Q1 sales fall 12% likely thanks to pandemic
Foxconn's Q1 of 2020 was always going to be impacted by coronavirus. It was just a question of how bad the numbers would be.
How well does the iPhone 11 hold up 6 months later? Rene Ritchie reviews.
After 6-months of abuse and just as many software updates, we're taking another look at Apple's current iPhone 11 and iPhone 11 Pro flagship phones.
Best 2018 11-inch iPad Pro Cases in 2020
The 2018 11-inch iPad Pro is no longer Apple's latest model, but it's still an outstanding product and deserves an awesome case. Here are some of our favorites.