Citizen Lab Report: ‘Privacy and Security Issues in Baidu Browser’

Baidu Browser, Thousands of Apps Gather and Transmit User Data Insecurely
Wed, 2016-02-24 18:34

Chinese Internet browser Baidu tracks personal user data and then sends that information to Baidu servers without or with weak encryption, making it susceptible to malicious attacks, according to a new Citizen Lab report co-authored by ICFP fellow Jeffrey Knockel.

“Baidu’s and Don’ts: Privacy and Security Issues in Baidu Browser” finds that the popular Baidu browser, along with thousands of apps that run Baidu-produced code, run with significant security vulnerabilities that would allow a third-party to obtain sensitive user data through a relatively simple “man-in-the-middle” attack.

“It’s either shoddy design or it’s surveillance by design,” Citizen Lab director Ron Deibert told Reuters.

View the full Citizen Lab report here.

Read Reuters’ coverage here.