Tencent, You son of B*tch

2 min read Original article ↗

How Tencent QQ scraping all browser history.

Summary:

Chinese instance message QQ from tech giant Tencent, stole your browser history, after 10 minutes of logon

  • Read all folders and files under %LocalAppData%
  • Read IE history (FindFirstUrlCacheEntryW)

The version with that behavior was released before June 2018, in both QQ and Tim (another instance messenger app). So, users had been watched for at least 2 years. Tencent admitted those accuses, three days after public criticize and made an updated version on Jan 17, 2021.

Tencent QQ is watching your private part from https://twitter.com/FanKetchup/status/1350748314690486273

Who is Tencent? Founded 1998, a $US 70 Billion revenue (2020) tech giant, who dominant the Chinese Instance Message market with its two products: WeChat and QQ. https://en.wikipedia.org/wiki/Tencent

What is QQ? Arguable Tencent‘s best product that dominant Chinese Instance Message market for last two decades until recent years, outstripped by WeChat, another Tencent’s product. According to Wikipedia, there were 899 million active account at the end of 2016. https://en.wikipedia.org/wiki/Tencent_QQ

Early in Jan 2021, one of the users, mengyx, posted a thread mentioned unexpected behavior of QQ, https://www.v2ex.com/t/745030, s/he suspect the QQ is reading history of chrome. Later on, more and more people tested and confirm this was happening. Notably, qwqdanchun, make a detailed post at https://bbs.pediy.com/thread-265359-1.htm described the detailed behavior.

So the scrapping behavior started exactly after 10 min

It reads everything

user qwqdanchun connected with x32dbg

Then with IDA

Notably

It basically reads all Urls …

Same thing happens on Tim, another instance messager from Tencent

On Jan 17, 2021, Tencent admitted it and states that data were not uploaded to the cloud. But do you believe that?

However, if you know the history of Tencent, a similar thing happened back in 2010, when Tencent fought against Qihu 360. 360 accused Tencnet QQ of leaking users’ privacy by reading user files, including MSN, Office, shockwareFlash (that’s really old school!) https://m.nbd.com.cn/articles/2010-09-28/386789.html

It reminds me that, “history repeats itself". And I even suspect after things settled down, those code may be added back, AGAIN.

Early this year, I was thinking about using Oversec to protect privacy, https://www.oversec.io/ . Even thinking about custom build Chinese Input Method. But anyway, I think I am “too young, too simple, and sometimes naïve."

Some other reference:

https://jishuin.proginn.com/p/763bfbd37edc

https://news.ycombinator.com/item?id=25810000

http://dgdkgs2.com/b/2012227943.html

By the way, the blog title is exactly translation of an Chinese article back in 2010 from Chinses Computer Magazine. https://baike.baidu.com/item/%E2%80%9C%E7%8B%97%E6%97%A5%E7%9A%84%E2%80%9D%E8%85%BE%E8%AE%AF