China chat log leak shows scope of surveillance


China chat log leak shows scope of surveillance

Chinese law requires internet cafes to record the identities and "relevant" online activity of users, and provide them to the public security bureau on request

07/03/2019 - 12:04

Beijing (AFP) A leak of around 364 million online records in a Chinese database, including private messages and ID numbers, has again highlighted the size and scope of Beijing's mass surveillance system.

The files show a wealth of information linked to online accounts, including GPS locations, file transfers, and chat logs, according to the database discovered by Victor Gevers, a security researcher at Dutch non-profit GDI Foundation.

The data collection appears indiscriminate -- some conversations are simply banter between teenagers, like one commenting on someone's weight and clothing size.

"They know exactly who, when, where and what," Gevers told AFP, explaining that thousands of records were piped daily to different databases for local law enforcement to review.

Government procurement documents and database records shared by Gevers show that the database is linked to an "internet cafe management system" developed by HeadBond.com, a tech firm based in eastern Shandong province.

In 2017, the public security bureau in Yancheng city, eastern Jiangsu province -- where at least one internet cafe named in the database is based -- contracted HeadBond for a system that monitors online activity at internet cafes.

On its website, the company calls its internet cafe management system "the best solution" for identifying online users for police on its website.

HeadBond declined to comment, and the Yancheng city government and public security bureau did not respond to AFP's request for comment.

- Internet cafe dragnet -

Over the past decade, the Chinese government has cracked down on internet cafes -- especially underground venues that serve minors -- over concerns of game addiction and crime.

Chinese law requires internet cafes to record the identities and "relevant" online activity of users, and provide them to the public security bureau on request -- which has resulted in an entire market of internet cafe monitoring systems like those offered by HeadBond.

"This also explains why data leaks that involve personal information are more prevalent in China," said Lokman Tsui, an expert on internet policy at the Chinese University of Hong Kong.

"Beijing requires most network services to register their users with real names," he told AFP.

"This means that every single mobile phone operator, internet cafe, social media website, and so on, are legally required to have databases filled with personal information, and all these databases are potentially vulnerable to attacks and leaks."

The capture of extensive user data, such as chat logs, also extends well beyond the stated purpose of catching minors surfing the web or playing games.

A government procurement notice posted last month by Liaoyuan city in northeastern Jilin province, for instance, outlines specifications for another "internet cafe management system" for local police, with explicit requirements for features that support querying and analysis of content on QQ, a popular messaging app in China.

"It's shocking the amount of personal data that is being collected on Chinese people," said Bob Diachenko, a security researcher who has reported on exposed databases in the US and Europe for the past few years, and is now looking at cases in China.

In particular, it is surprising to see the amount of additional data that is linked with a user's login data, Diachenko told AFP, such as their IP address, name, and even information about their family members.

"Sometimes it's just big data and it doesn't even make sense to collect that from a user perspective," he said.

- GPS tracker -

Last month, Gevers had found another publicly accessible database containing personal information such as ethnicity and GPS tracking data of 2.6 million people in Xinjiang. Access to the database has since been closed.

The restive northwestern region is home to most of China's Uighur ethnic minority, which has been under heavy police surveillance in recent years after violent inter-ethnic tensions.

"I would argue that good personal data protection is neither in the interest of the companies who gather the data for profit, nor the government who can (ab)use that data for power and surveillance," Tsui wrote in an email.

"It is the people in China and their basic human rights, in this case privacy, who end up drawing the short stick."

© 2019 AFP

https://www.france24.com/en/20190307-china-chat-log-leak-shows-scope-surveillance

Comments

Post a Comment

Popular posts from this blog

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that the patient is 3,000 kilometers away,”  he said.
Read more

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke
Read more

Visualizing The Power Of The World's Supercomputers

Visualizing The Power Of The World's Supercomputers   BY TYLER DURDEN FRIDAY, JAN 21, 2022 - 04:15 AM   A supercomputer is a machine that is built to handle billions, if not trillions of calculations at once. Each supercomputer is actually made up of many individual computers (known as nodes) that work together in parallel. A common metric for measuring the performance of these machines is  flops , or  floating point operations per second . In this visualization,  Visual Capitalist's Marcus Lu uses  November 2021 data from  TOP500  to visualize the computing power of the world’s top five supercomputers. For added context, a number of modern consumer devices were included in the comparison. Ranking by Teraflops Because supercomputers can achieve over one quadrillion flops, and consumer devices are much less powerful, we’ve used  teraflops  as our comparison metric. 1 teraflop = 1,000,000,000,000 (1 trillion) flops. Supercomputer Fugaku  was completed in March 202
Read more