According to that post, they don't even upload the URLs that match, but just the fact that there was a match for one of three groups of keywords. Seems like a lot of effort for little information gain...
It’s also a massive source of spam. We’ve had to do a lot of work last year to prevent spam qq signups while also allowing legit users. Those spammers are freakin relentless.
Apart from a lot of other issues mentioned here, this looks to me for a good argument of app sandboxing. It is a thing on mobile but not much on the desktop.
No, please no. Make sand-boxing an optional feature the user has control over. Sort of like containerized tabs in Firefox. Not all apps have legitimate reasons for accessing your hard drive, but I'd argue that 90% of them that do, really need to. Let the user decide.
As an example, Adobe Acrobat. It's obvious why it needs 3 services, a persistent update checker, a couple shell extensions, 2 non services set to run at startup, and always running extensions for Outlook, Excel, and Word. All totally necessary things that a restrictive app model would unjustly break.
Don't forget it can randomly decide to try and render your computer inoperable because it guesses you might've had a dodgy version of Photoshop installed at some point in recorded history!
The mobile sandboxing parent comment mentioned lets the user decide: an app that requests permission to access files triggers an OS dialog asking if the user wants to allow the app to access them.
If you look at the android sandbox architecture (I m guessing ios is similar but I m less familiar with it) there are intentional "holes" in the sandbox that are managed by the user permissions (hence the user does have a say). I don't think a lot of people are arguing about 100% sandbox or nothing. I know that depending on where one stands they have feedback to give about how android permissions could be better, but still the ecosystem is better with it than without it.
The OP on V2EX mentioned[1] that they downloaded QQ from the Microsoft Store, specifically because it doesn't come with QQProtect. Didn't help, apparently.
There's a fatal issue with Microsoft Store apps: it allows both sandboxed and unsandboxed apps, and the developer can just upload a new version for their sandboxed app, that is not sandboxed. Updates are automatic, so the app, that looked like restricted to access only say calls will after update be able to access anything it wants.
I tried Tencent's app on Android a long time ago when they were offering 1TB of free cloud storage. It started uploading all my photos (and who knows what else) as soon as I allowed file access.
I immediately deleted it, who the hell does that? Even Google Drive asks for permission first. I guess that's what you trade for 1TB haha.
Apple tries sneaking in iCloud syncing regularly, Adobe did it to me with their cloud storage as well. Sadly, behavior like that seems ok with product managers.
I used to use camscanner plus on ios (camera -> pdf). It was bought by tencent and the privacy policy was either a broken link, or when it later worked - horrendous and basically said they take everything. I deleted it.
That was just someone who posted a link to the V2EX thread https://www.v2ex.com/t/745030 on Twitter. Kind of ironic that the original Chinese post is still up while the tweet was deleted.
Maybe you could consider that I didn't just make that up.
I have a Chinese person with me, albeit non tech person, that read it for me.
I could have added that "apprently it says this", but your phrasing is uncalled for.
I happen to know the language so don’t need a Chinese person with me. And I can tell you it doesn’t say that, or anything close to that, apparently or not; it’s not a long post so it’s not like I would miss anything. If you disagree, point to the specific sentence and we can have a discussion.
I guess it might be a misunderstanding based on 幸好之前用火绒的自定义拦截功能,设置了一些重要或敏感数据目录的保护。 "Luckily I had previously used Huorong's user-defined interception functionality to set up protection for a few important or sensitive data folders." (Which is how they noticed that QQ was trying to access them.)
So yes, if your antivirus allows you to deny QQ access to your browser history, it won't read your browser history. But most QQ users probably didn't do that, considering that it went undetected for so long.
There is no technical reason or requirement for Apple to be the ultimate gatekeeper of their walled garden just to sandbox file access. But I'm sure they are more than happy to conflate these things in the name of "security".
People loathe Apple for locking down their own access to their computer, not for security measures. Signed app distribution solves an entirely separate problem- making sure you get the app unmodified. This is a problem with sandboxing. Apple also does have sandboxing, but mostly that’s not what people complain about.
You can have signed apps and sandboxing without Apple being the sole arbiter of what you install. For example, Linux has multiple options available to solve this. Signed repos combined with SELinux, or flatpak, and snap all solve the same problem.
Doesn't Google Chrome do that already (log everything) and still many people use it? And wasn't there a recent article about how programs couldn't be run on Big Sur because some server somewhere could verify the hash before it was ran? It was discovered because the OS slowed down to an unbearable speed except when running Apple programs.
The difference is really that chrome is not a third party app doing it live to other browsers.
Chrome hides this as legitimate value to users - when I type out an URL on my desktop, I will get auto complete for it and shared history on my phone and my laptop. It's a trade-off.
I guess the people who loathe it (not me though) are very well aware of this particular benefit and still think isn’t enough justification to enable it by default.
I respectfully disagree. Apple prevents that kind of behaviour by requiring user to explicitly grant permission to a program trying to access certain parts of file system.
> This is the type of behavior Apple intends to prevent with their signed app distribution, loathed by so many here.
Just because something is a solution, it doesn't automatically make it good. I can _at the same time_say that it is problematic that people die in the traffic _and_ loathe banning cars altogether.
Letting Apple act as the internet court might help on some problems. But letting a commercial entity act as legislative, executive, and Judicial power in the software distribution realm is simply not a good solution.
This is an argument for putting more control in the hands of users, in the form of better sandboxing and permissions. It is not an argument for taking away control from users, as Apple is doing.
Not loathed here. As an end user I am consciously paying for the sand boxing and permissions features of iOS and the app review process. With so much shitty behaviour out there it’s a trade off I’ve had to make.
This is a smart phone practice. It's not acceptable or done anywhere else. Smart phones are terrible computers that say they have to restrict their users to protect them from themselves but they consistently fail to do so.
Something like this doesn't happen, and would not be acceptable, on a desktop computer.
That may mitigate the problem but it doesn't solve it especially when you didn't know it was occurring to begin with. The app is blatantly stealing your data. Would you accept that as a viable solution?
Unrelated, sort of, but I was watching Venom the other day and noticed QQ was heavily marketed in the film. Also sponsored and funded by Tencent. This made me feel a bit dirty. I’d never knowingly use any software by them.
That's right, but Epic is also in actively working against supporting Linux. Walled gardens are bad, but Epic is definitely not a company that will fight that fight. They just want the iOS userbase. There's no sense in supporting them.
If Epics wins the lawsuit against Apple, doesn't that set a precedent that all walled garden vendors need to allow an alternative way to install applications?
So you're asserting that the only reason developers would keep developing for the Apple App Store is if they have no other choice? Security guarantees are a sales-pitch, hard to get numbers on that but I bet I'm not the only one that avoids installing random proprietary apps out of fear for privacy violations. The recent move to showing "privacy promises" on the App store pages is an indication of that. If alternative stores can't give sufficient security guarantees, then users will prefer the official one.
Android is doing well with its multiple app-stores, security-conscious users can limit themselves to F-droid, and the rest can keep using the PlayStore for proprietary apps. Granted Android still lacks an independent option for paid apps, but I think it will come.
“If alternative stores can't give sufficient security guarantees, then users will prefer the official one.”
Nope. Users will use the stores where the apps they want are.
Players starting new stores will just pay for exclusives of popular apps, so that users are forced to install other stores, which will of course claim to support privacy and security in marketing terms that have no substance.
Android is why it is clearly wrong to intervene in Apple’s secure store.
If people want a choice of stores, Android is available and just as good as iPhone.
> Android is why it is clearly wrong to intervene in Apple’s secure store.
Why is Android wrong? The sky hasn't fallen over on the Android side.
Android's security woes are caused by lack of updates from carriers (which frequently delay or block Android updates), OEMs (which frequently don't bother to port security updates because they want to sell the newest devices, shenanigans similar to those pulled by Apple until it changed its stance about 2 years ago or so).
I don't know many people side loading apps or installing alternate app stores. The big alternative app stores are Chinese, which are there for obvious, non security related issues, and Amazon's app store, which is used primarily on their devices.
So I don't really see the problem. I do see a solid Stockholm syndrome.
Especially with Apple, the ecosystems are so big that the choice given to users is weak. Do users chose between an open phone and a closed one, or between a phone that connects with their laptop and their earphones, or a phone that can Facetime™ their friends and family?
Same kind of problem with presidential elections in democratic republics. Closed systems limit choice.
Are you sure about that? Chinese phones use Chine app stores because Google products are banned in China, but outside of China 99% of apps are installed through the Play Store.
If China wants to use protectionism to wage digital economy warfare, let's respond in kind. No more Wechat, TikTok, Alipay, or League of Legends or Valorant, until China gives equal treatment to foreign internet firms.
yeah. that's going to be more-and-more commonplace, too.
I don't know why it's suddenly fashionable/allowable to touch ring 0 as installed software, but here we are.
the irony of the whole thing is that while game-devs rootkit clients in order to pull in more marketing data/telemetry/whatever else the ToS allows them to steal, the real game cheaters out there are using extremely cheap CotS parts to create artificial man-in-the-middle clients that they can manipulate instead, with the host PC totally oblivious that the computer that's plugged into it as a HID is the one cheating.
I've said this thousands of times, I'll use this opportunity to say it again : the only method available to routinely and reliably find game-cheaters is through constant statistical analysis of the players performance/inventory/score versus the environment they're in.
The days of tuning such a system will be filled with false-positives, but it's the only way to accomplish anything near comprehensive anti-cheat.
Need to get a few bucks for the project? Call that statistical analysis machine learning and say that you're going to provide it as a service. Sit back and watch the money flow in.
China exported $125B worth of mobile phones. Cutting Google Play Store off would seriously harm their ability to sell outside - I wonder why Google doesn't play hard ball.
Because the Chinese market is extremely large. Cutting them of will hurt them in the short term, yes, but it will also force the development and popularization of local alternatives, which will hurt Google very much in the long term - see their recent examples with CPU development and Huawei's own Playstore.
This is not aimed personally at you; i've always had a problem understanding why big companies need to dominate all the market? If i have a successful local business, it's not hurting me that others do as well. I don't need to expand all over the globe to be successful. What's wrong with google not operating in china? Why can't google flourish as it is without dominating the market? I think you get my point here so i won't give more examples. I never did understand why people and organizations want to accumulate extreme amounts of power and wealth either. Like the bad guys in many movies. Of course that would defeat the purpose of the movie, but i often found myself thinking that if they spent half of that energy to the betterment of them selves (and others), it would probably be a pretty sweet life.
> i've always had a problem understanding why big companies need to dominate all the market? If i have a successful local business, it's not hurting me that others do as well.
Well, in this case, Google would leave billions of dollars in revenue and hundreds of millions of users on the table. Not only would it hurt their bottomline, it would also hurt their products as they train on user data, which has quite strong network effects.
This is really a different scale than a local business. If you have that with a single owner, she/he might be content with what she has and choose not to expand further. Google, on the other hand, has multiple of layers of management which need to report to thousands of owners, quite a few of which expect constant growth. This is really not one person who can be content with the size; it's multiple people who get their salaries based on growth and report to thousands of investors, which, for the most part, care about increasing their shares value. Leaving so much money on the table just for the sake of it is a hard sell in this structure.
Stock prices are tied to valuation which is based on expectations of growth. If you lower you growth goals and therefore projections, then the valuation tanks and the stockholders value drops. Management and employees are motivated by equity in companies like Google and therefore rely heavily on growth potential.
Correct, but it is much more typical and common of them than any other nation.
This has been a major issue for decades across many countries, all of whom have been lobbying (for instance in the WTO) to crack down on Chinese IP theft, their use of non-Chinese citizens' data for censorship training purposes, etc
Of course it happens here too but US companies are liable to US laws and civil penalties. Good luck filing a lawsuit in the US against a company in China. I'm sure the courts in China will make your US class action lawsuit their top priority.
That's basically the problem, isn't it? In order to address this behaviour, the West would have to admit that it was bad, and that it was also bad when done by western companies, and have a coherent theory of privacy.
To clone Chinese OSS, you need WeChat account or OTP+Phone in China. This feels totally against the principles of good faith in OSS dev. They can clone and take advantage of the rest of the world’s efforts while returning nothing back. Asshole, is the term for such entities.
To be fair, some cool Chinese developers do have repos on GitHub. They’re not the majority though.
Edit: Hold on folks, I need to find source of this.
Wait what? Last time youtube-dl got taken down on GitHub, someone advertised a Chinese mirror https://gitee.com/mirrors/youtube-downloader, and I was able to clone it just fine. Not sure where you got the idea that you need a WeChat account to clone. Are you talking about some other site?
> To clone Chinese OSS, you need WeChat account or OTP+Phone in China
Do you have a source for this? I tried signing up on Gitee (Chinese GitHub alternative), and it did not ask me to prove that I had WeChat or a phone number.
> some cool Chinese developers do have repos on GitHub
Mirroring their projects on GitHub might be fine, but given the current relationship between China and the US (where GitHub is hosted), Chinese developers would be better off hosting their main repo elsewhere.
I need to find the source. I didn’t use Gitee and it was a couple of years ago, forgot where I was trying to download. I remember getting a QR code to get access to the code. Other login options were Baidu, WeChat, and Weibo.
Too bad the government can't ban a communications platform under the First Amendment. Just give the offending companies huge fines (billions of dollars) instead.
Relax dude. Tencent QQ does not represent China. It’s just one company.
Facebook does some shady shit too. Like stealing all your phone contacts list, without your permission. This is also a terrible invasion of your privacy.
By your logic, since Facebook is an American company, then by extension, this shitty behavior is reflective of all of America.
>Facebook does some shady shit too. Like stealing all your phone contacts list, without your permission.
Without informed consent maybe, but without permission? I doubt it. Please enlighten me on how the facebook app is able to bypass the android/ios sandbox.
>By your logic, since Facebook is an American company, then by extension, this shitty behavior is reflective of all of America.
If facebook has a mandatory CCP err- DNC/RNC member on its board, I'd be inclined to agree with that.
What about getting a National Security Letter from the US government?
Apparently, your company and your industry, must be important enough that the government will send you a Top Secret document, forcing you to comply, and also forcing you to maintain the secrecy of its existence, and to even deceive your customers of ever enacting its mandates.
This sounds to me like the exact same thing as your argument here. That there are no private American companies, only American subsidiaries.
And if you’re just a small private company that runs a noodle restaurant, then I highly doubt that the CCP really gives a damn about your company. What are they going to monitor? What magic ingredients you put into your soup?
What about getting a National Security Letter from the US government?
A case by case basis, limited in reach, for only a small subset of companies, and overseen by the Justice Department.
In no way comparable to the Chinese law, which mandates every bit of every company to be surrendered to the state, on demand, without questions.
And the recent Ma/Ali affair should tell you the vast difference in state reach.
That there are no private American companies, only American subsidiaries.
Again, absurd comparison because the above.
And if you’re just a small private company that runs a noodle restaurant, then I highly doubt that the CCP really gives a damn about your company. What are they going to monitor? What magic ingredients you put into your soup?
Name the last American billionaire who fell off the face of the planet without an explanation that got traced back to the US government for critical. If it were true Theil and Koch (brothers) would have dropped out of the phone directory a long time ago. I think that sums up the way the chessboard is set up for for American vs Chinese style capitalism.
> If China wants to use protectionism to wage digital economy warfare, let's respond in kind. No more Wechat, TikTok, Alipay, or League of Legends or Valorant, until China gives equal treatment to foreign internet firms.
That's not how the US Judiciary systems works. You can't ban dozen of apps based on "suspicious behaviour". You need to start an investigation , then you need to collect proofs , then based on those proofs prosecutor we'll be able to decide to sue or not , and ultimately a judge will decide to ban those apps or not.
It's why our western constitutional democracy are doomed to fail.
Our democracies move and react slower than authoritarian regime like China , Russia plus we have many economic interest with them. It's unlikely any politician would ban those apps .
Trump tried with Tik Tok, a judge blocked the order[0], and I agree with the justice. You can't block an app because you don't like it. You need some solid evidence to prosecute and stop a private a entity.
I don't think we need to worry about western democracy when talking about a software company shopping your browser history. Apps and games have developed on all corners of the globe have done this and are doing this.
> I just noticed that someone linked my previous tweet on HN. Sorry I have to delete it in case something come after me
https://twitter.com/CodeColorist/status/1350798973431283712?...