Archived

This topic is now archived and is closed to further replies.

MaxthonJeff

Security and Privacy are Top Priorities at Maxthon

2 posts in this topic

Security and Privacy are Top Priorities at Maxthon

 

This week Exatel published a report saying that Maxthon collects sensitive user information and sends the URLs to the Maxthon server. We take the allegations from the Exatel report very seriously and have fully investigated this matter.

 

User Experience Improvement Program (UEIP)

Maxthon implements a User Experience Improvement Program (UEIP), a standard industry practice to improve the user experience. Users are supposed to have full control when it comes to opting in or out of the UEIP. If a user opts out, the UEIP is not supposed to collect information. However, upon investigating the situation based on the Exatel report, we located a bug in our 2007 code library which will cause the setting being ignored under some rare condition.We have immediately fixed this bug. We thank the Exatel team for helping us identify the problem.

We’d like to note that the user information the UEIP program collects follows industry standard practice, and we share this practice with our users in the Maxthon UEIP policy. As pointed out in the Exatel report, the software information Maxthon collects is designed to improve the user experience by better configuring the software our users run in the system. Thanks to the UEIP program, we are able to analyze and solve configuration issues across all kinds of software. We will update our UEIP policy and provide even more transparency to our users.

 

Sending URLs to the Maxthon server

Exatel also reported that Maxthon sends URLs back to its server. Just as all URL security checks work, Maxthon’s cloud security scanner module (cloud secure) checks the safety of the websites our users visit. By implementing this URL security check, Maxthon sends URLs to its server to check if the website is safe or not. As a result of these security checks, we have prevented our users from visiting millions of fake and malicious websites since 2005. In our latest version, we will add an option for users to turn off the scanner.

security_scanner.png

 

Our Promise to Users

We at Maxthon take users’ privacy and information security seriously. We keep our users’ information secure and private. Maxthon has been in business for over 10 years and there has NEVER been a privacy leak to any third party. We are a truly international company with servers located in the U.S., EU, and Asia. We take endless efforts to improve our product to protect users’ security and privacy. 

We are about to release our next-generation browser, the MX5, with enhanced features to protect user’s data and privacy.

1.       MX5 requires registration so that MX5 users are protected by a secure username and password.

2.       MX5’s Passkeeper feature provides triple encryption and multi-channel security using the AES256 algorithm. This algorithm strengthens the local database encryption and provides safer transmission to the cloud via https.

3.       MX5’s UUmail is a virtual email box that helps protect users real email addresses and get rid of spam emails.

Please check www.maxthon.com for the latest information.

 

Jeff Chen (CEO of Maxthon)

11:00pm EST, July 14, 2016

10 people like this

Share this post


Link to post
Share on other sites

Some comments about other issues mentioned in the report,

1. So called "man-in-the-middle " attack, related to MxEncode.ll,

I don't think any security expert will call it a security breach, since the attack is conducted at local machine. If the atacker has gained control of user's local machine, there is little  any regular software could do. Usually it shall be handled by security software.

The security breach usually means attack happens without local control.

2. The report seems quit uncomfortable with us encode/hide actual user data. It is exactly how we protect valuable information. We don't want to save the data in a way any another third party could read easily. We would enhance it in later version. Maxthon users shall feel safer knowing we encode all important data.

7 people like this

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.