Baidu's browser sends everything back homeby Nikola Strahija on February 25th, 2016 China's top search engine Baidu is now providing it's own web browser and it collects a lot of personal data which it then transmits back home.
After several weeks of careful analysis a report has been published by Citizen Lab's Jeffrey Knockel and co-authors Adam Senft and Sarah McKune.
Their findings are that Baidu Browser collects and transmits a lot of personal user data back to Baidu servers and it does so without encryption or with easily decryptable encryption. While the Windows version (220.127.116.119) sends search terms, hard drive serial numbers, MAC addresses of your NICs, titles of visited webpages, GPU model number, while the Android version (18.104.22.168) send GPS coordinates, IMEI numbers and identifiers of nearby WiFi access points. On top of the fact that this data is collected and transmitted insecurely they raise concern over the fact that third parties can modify and intercept this data along the way.
The researches asked Baidu a number of questions such as:
"Which laws, regulations, or policies (internal or external) govern Baidu's collection of user data? What user data is Baidu required to collect pursuant to such law, regulation, or policy?"
and Baidu's response was:
Unable to comment.
They also ask about the partnership with Cloudflare that they announced back in September 2015:
Why does the Windows version of Baidu Browser contain a feature to automatically proxy requests to certain websites hosted outside of China? Is this feature related to the partnership between Baidu and CloudFlare announced in September 2015?"
and the answer was similarly vague:
"[First question:] Unable to comment.
No, this had nothing to do with the CloudFlare partnership.
If you're interested, Baidu did answer some questions and the full Q&A list is available here.
Honestly, I was expecting this and much worse. It's Baidu's duty to collect information and obide by it's country's laws written and unwritten. Users have a choice to use other browsers, preferably open-source such as Mozilla Firefox or Google Chrome. Reports like these just give China a bad rep.