I posted on PortableApps.com but thought folks could benefit here, too:
According to Polish security researchers at Exatel, Maxthon Cloud currently engages in multiple spyware activities. An English translation of the report can be found here: https://exatel.pl/advisory/maxthonreporten.pdf
User ksdev on Hacker News summarizes it:
TL;DR: It doesn't matter if you agree to join "User Experience Improvement Program" in Maxthon or not - the browser regularly sends this data to Beijing servers:
- Windows service pack version,
- screen resolution,
- Maxthon version,
- CPU freq,
- Maxthon path,
- adblock info,
- startup site address,
and the most important:
- ADDRESS OF EVERY VISITED SITE - full history, with every query entered in google,
- every ~5 reports - FULL LIST OF INSTALLED SOFTWARE (with exact versions).
This is from the HN discussion located here: https://news.ycombinator.com/item?id=12094930
The above data is purportedly sent via a channel which can be intercepted by a third party and decrypted due to errors in the Maxthon encryption code.
The report is from the new MX5 series browser which PortableApps.com doesn't yet package (still 4.4) but the 4.9 release of it is listed on PFC here: http://www.portablefreeware.com/index.php?id=301
Maxthon Spyware-like Behavior Reported
- JohnTHaller
- Posts: 716
- Joined: Wed Feb 10, 2010 4:44 pm
- Location: New York, NY
- Contact:
Maxthon Spyware-like Behavior Reported
PortableApps.com - The open standard for portable software | Support Net Neutrality
Re: Maxthon Spyware-like Behavior Reported
That HN item is criminally undervoted if what it's claiming is correct.
- JohnTHaller
- Posts: 716
- Joined: Wed Feb 10, 2010 4:44 pm
- Location: New York, NY
- Contact:
Re: Maxthon Spyware-like Behavior Reported
It's likely related to the title of "Maxthon browser is a spyware" causing people to think it is a low-quality post. It was made when the only item available was in Polish likely by someone for whom English is not their first language.Specular wrote:That HN item is criminally undervoted if what it's claiming is correct.
PortableApps.com - The open standard for portable software | Support Net Neutrality
Re: Maxthon Spyware-like Behavior Reported
dang could probably be contacted for a title change, though I'm not sure it would help visibility by now. Or it could just be resubmitted using a modified URL.JohnTHaller wrote:It's likely related to the title of "Maxthon browser is a spyware" causing people to think it is a low-quality post. It was made when the only item available was in Polish likely by someone for whom English is not their first language.Specular wrote:That HN item is criminally undervoted if what it's claiming is correct.
In your position it's a hard call as there's only one report of this, though it certainly reads as plausible and there are other user reports of the file. Couldn't this be verified by using the decryption key mentioned in the PDF to decrypt the zip's contents?
Also, this is relevant to the Portable Freeware DB entry.
Re: Maxthon Spyware-like Behavior Reported
@JohnTHaller
Do you know whether previous versions of Maxthon (3 & 4 series) also have the same behaviour or only the 5 series are affected? As far as I can remember I have read an article about similar behaviour of another Chinese browser- UC Browser.
Do you know whether previous versions of Maxthon (3 & 4 series) also have the same behaviour or only the 5 series are affected? As far as I can remember I have read an article about similar behaviour of another Chinese browser- UC Browser.
- JohnTHaller
- Posts: 716
- Joined: Wed Feb 10, 2010 4:44 pm
- Location: New York, NY
- Contact:
Re: Maxthon Spyware-like Behavior Reported
I'm looking into whether 4.4 is involved or not as that is the last version we distributed. No one should be using 3.x at this point as it's unsupported and insecure.smaragdus wrote:@JohnTHaller
Do you know whether previous versions of Maxthon (3 & 4 series) also have the same behaviour or only the 5 series are affected? As far as I can remember I have read an article about similar behaviour of another Chinese browser- UC Browser.
We now know that Maxthon, Qihoo 360 Secure Browser, QQ Browser, UC Browser, etc all engage in spyware-like behavior due to various security analyses. It seems to be an ongoing pattern with all of the Chinese browsers. This doesn't bode well for Opera if the Qihoo folks wind up getting the purchase past regulators.
PortableApps.com - The open standard for portable software | Support Net Neutrality