Nanjing sued qihoo 360 Internet users steal “privacy”

years ago, “crusader against fang” and “red soldier” profile on the Internet caused a war of words with a bang, the war spread to the Internet in the field of information security. 315 party this year, and exposes the Cookies analysis of user behavior online many netizens have started to look for ways to clear Cookies to protect the privacy of personal information, only weibo search volume of more than 100. Melissa, nanjing consumers surprised (at the request of the consumer to use a pseudonym), 360 secured browser, for their own use in almost “peeping” to move themselves on the Internet, and in a rage, will 360 to tell. The reporter understands, at present the nanjing drum tower district court has made.

after chat with friends

find privacy by “leaked”

the words “Internet privacy”, for many people, is a new word. What did I browse the Internet web site, what is the be fond of, use what software, such protected “privacy”? Last September day, Melissa and some of IT industry friends get together to chat, we will talk about the “Internet privacy”. Melissa on a whim, really want to know, what you use the 360 secured browser, is it true that safeguard the privacy of his “safety”? So he entrusted IT industry friends to help him find out.

IT industry friends using a software to view, this software is Microsoft’s official software, named “Fiddler”. This software do you use? We have learned, Fiddler is an HTTP debugging agent, it can record and check all the HTTP communication between your computer and the Internet, set breakpoints, view the Fiddle all the “in and out of the” data. And by showing all the HTTP communication, can easily demonstrate which used to generate a page, you can see that you request a page, a total of how much the request, and how many bytes have been transformed.

sounds very complicated, what mean? Melissa carte Blanche in jiangsu bo matter of meng attorney to prosecute the case all the matters in a law firm, and meng sent the journalist a example. “It’s like you go to the New York times web site, you need to send a command to the server, and then commands sent to the New York times, and then the New York times feedback on the other side of the server, you can see this web site. Fiddler this behavior can be reflected, be equivalent to the site with your behavior like ‘video’ record, by “caught” can monitor data to other sites on your interaction “.

unexpectedly, after using this software, Melissa unexpectedly found that his “privacy” seems to be revealed. He found two points: first is oneself through 360 browser ever read such as taobao, industrial and commercial bank, and renren browsing history, and 360 of server interaction, namely 360 browser will real-time upload users browse the site record to the server.

more let his surprise, he found that 360 can even “scan” is already installed in your computer software, when its install or uninstall 360 secured browser, the browser will monitor the software installed in a computer. He has found, as long as the computer installed the QQ, QQ housekeeper, jinshan drug gangsters, navigate the browser, sogou input method, tencent TT browser, firefox, Chrome, alibaba browser, such as more than 10 kinds of software, the browser will upload installation information collection to 360 on the server.

consumers demanded an apology from 360

and claims 50000 yuan

Melissa after get the result, are unhappy, feel personal privacy was leaked, Melissa thinks, browse the web belongs to the privacy act, what is the web site, should not let the other people all know, is just like what I do at home are being stared at. Meng said, if so, the user of the software operating habits, work and rest time, web browsing behavior is exposed.

Melissa felt, not himself, one is “peeping” use 360 browser users, many have the same problem. But in the use of 360 browser, clearly there is a user agreement, oneself is made a “hook” in this agreement, to install the browser. The “360 browser installed license agreement” promised, “will not monitor users online and offline behavior, not collect user use other software, documents, and other personal information, will not leak privacy”. Meng said, the behavior of the 360 secured browser has been beyond the basic function and role of the browser, agreement in violation of the installation.

so Melissa found jiangsu bo da meng in a law firm lawyers, 360, decided to Sue for of his “privacy”. Nanjing gulou district court after receiving the complaint, this year on January 10, given the case acceptance notice. The reporter sees in the notice, the court said the indictment “conform to the legal condition, accept our decision to initiate an accepted”.

Huang Jiayou any requirements? In the indictment, Melissa said that calls for immediate 360 stop invading their privacy, as well as the legal daily on his website on 10th consecutive apology, and ask for compensation of mental damages of 50000 yuan, and so on.

360 companies:

“url cloud security” is the general practice of all security software

360, the company has received the court complaint service by mail. Has reached the 360 relevant person in charge of the company, in 360 the company written answers to the morning paper reporter, 360 for the clarification.

360 said, “put consumers browse the site records uploaded to the server” that itself is not accurate. 360 company, said the fact is that the user to access the site through irreversible hash algorithm is converted into a string, the string in plain words, is “url fingerprint”, and then compares with server-side malicious url library, so that users access to hang to intercept malicious sites, such as horses and go fishing. This function is called “url cloud security”, is a general practice of all security software, including symantec, the trend of foreign science and technology, Google browser, domestic rising, jinshan, etc, all in the same mechanism to intercept malicious url.

why cloud security “url” function must be used to intercept a malicious web site? 360 company said, first of all, this method is relatively fast, can be in the cloud, real-time update of malicious url library client up in the first place; Second is also very save resources: the user’s computer without loading large malicious url library, also need not updated daily about 3 MB web site features (one year is about 1.1 GB); Finally, because of its high efficiency, through the cloud URL/IP/credit multidimensional database, such as correlation analysis, can greatly improve the effect of fishing tackle.

360 companies to the journalists use a 360 secured browser intercept fake icbc e-currency phishing site instance, when industrial and commercial bank of enter a fake site, will jump out a window, said after 360 Internet security center certification, the current page is fake industrial and commercial bank of China the login interface, and prompt the user to access the real industrial and commercial bank of China.

“if users don’t want sites submitted to compare the fingerprint and server-side malicious url library, as long as in the 360 software set off ‘url cloud security. But it will not be able to identify and intercept all kinds of fishing and hang the horse site.”

Such as

for the user to use the QQ software has also been “feedback” to 360 companies, 360, according to the feedback of QQ browser information, just QQ browser program file fingerprints, digital signature safety testing required parameters, such as is not involved in the personal use of the data. “For example, when a user download and install the QQ browser or QVOD player, he may be through some pirated software downloaded bundles of Trojan software installation package. At this point, any a security software testing installation package, otherwise cannot intercept the Trojan virus.”

can Sue in nanjing

And as a focal point in

the interview, some people think that the woman be said on both said shiva in the right, there are also some IT bound the personage inside course of study thinks, the interpretation of the 360 companies don’t seem to justify. Security software practice is to “suspicious url” collection to the server side and compare. And “taobao, sohu, renren” obviously not “suspicious web sites”, but it has been 360 collect users’ browsing information to the server, this kind of behavior seems to be beyond the scope of security software and indeed feel violated the privacy of users. Second, if is to intercept trojans, viruses, should be in the download or install the software (such as QQ browser) on the relevant parameter detection and information, but now 360 browser behavior is to detect when install or uninstall 360 browser user’s computer is equipped with the parameters of the other products information and back, so “to block the virus” say seemed untenable.

and Melissa found, even if you will “cloud security” closed, still can upload their browsing history.

“the case was scheduled at the end of march the hearing, but now 360 companies to the drum tower district court puts forward ‘to the jurisdiction of the court”. Meng said that 360 companies, points out that Beijing qihoo’s location is in Beijing xicheng district people’s court, the user should not be in nanjing in the court.

meng said, in accordance with the law, tort can Sue in tort results occurred or the defendant is located, and results of infringement occurred, there is no doubt that computer is Melissa nanjing. So consumers can, of course, don’t have to struggle to go to Beijing, in nanjing is taken for granted. Results but 360 company thinks, “infringement can appeared in any networked computer terminal, so many places are available as a result of infringement occurred, has significant diffusivity, but not with certainty, so unfair” for the applicant. 360, the company also believes that “Internet infringement cases under the jurisdiction of confirmation, should be based on principles of implementation to the defendant has his domicile or where the tort, tort results occurred as exception”.

what can Sue in nanjing? After company puts forward to the jurisdiction of the court in 360, nanjing drum tower district court legal procedures will need to go, ruled that whether this discrepancy was created or not. So the original 3 at the end of the hearing, obviously not possible.

Defects

system

my privacy who is leading?

Melissa and meng said, in fact, to Sue, 360, is hoping to draw attention to their online privacy protection consciousness. “It’s like I please a security guard, but you can’t in the name of security, turn all my things again”, “personal privacy is hard to define, the law is not perfect, the case shows that human activities are off to the network, the right to privacy in the network problem to be solved how to embody and protect a law, and personal privacy and property of the consumer economy and property directly, as consumers can be part of the assignment operator information, but not without borders, consumers have been told? Did the operator follow the principle of minimum use, or aggressively to collect all the information? Meng said lawyer when it comes to safeguard consumer privacy.

360, the company said he has been actually attaches great importance to the privacy of consumers. Themselves not only joined the world’s biggest privacy groups IAPP (privacy professionals international association), and will introduce to absorb international advanced experience on user privacy protection, and their according to the requirements of international standards. “User privacy protection white paper” released in 360, and the working principle of the software, which function realize what needs to be interactive data are all open, transparent, accept the strict supervision of the public.

in fact about the behavior of the violation of user privacy is not uncommon, the United States had Google violation of user privacy has opened a huge fines. In early 2012, Google company was revealed with the aid of apple’s Safari browser vulnerabilities, bypassing the browser’s privacy Settings to track the user’s online habits. Subsequently, the federal trade commission (FTC) an investigation on the Google infringement. In August, Google and the FTC settlement agreement, the FTC requires Google to pay a $22.5 million fine and completely stop track users surfing habits of infringement. In early November, the United States district court approved the FTC the penalty decision.

on February 1, 2013, China promulgated the first national standard of personal information protection in the information technology security public and commercial service information system of personal information protection guide, the guide of the implementation of the marks China will say goodbye to personal information processing behavior “no standard can depend on” the history of citizens, effectively solve the demands for protection of personal information.

jing-jing wang reporter giudice lc

source: Beijing morning post