Maxthon browser reportedly collects sensitive data without asking
It's encrypted, but not necessarily enough to prevent info from getting out.
Moving to an alternative web browser is no guarantee that you'll be less susceptible to privacy and security issues. Researchers at Exatel have published a report claiming that Maxthon's browser transmits sensitive user information, whether or not you enroll in the software's User Experience Improvement Program. The data includes not only things you'd expect for support, such as software versions and whether or not ad blocking is turned on, but also your entire web history -- including Google searches. The info is encrypted (the ZIP file that stores it is even disguised as an image file), but Exatel's discovery clearly shows that it wasn't too difficult to crack with some reverse engineering.
We've asked Maxthon about the report and will let you know if it has a response. In its forums, the company did acknowledge that it collected info outside of UEIP, but maintained that it wasn't scooping up anything that "involves the user's privacy." That's an odd statement when history and searches are the very definition of private content. While Maxthon may not be doing anything wrong with the info it receives, there's a risk that an attacker could intercept that content and use it to learn more about potential targets. And that's no small issue when estimates suggest that there may be hundreds of millions of Maxthon users worldwide.
[Thanks, Kristy]
