QQ Messenger, a popular Chinese instant messaging app by Tencent, was caught scraping web browser history with their desktop client. The discovery was made by Chinese internet users on the Q and A platforum Zhihu. Here is a Chinese language thread that documents the QQ Messenger web browsing history scraping investigation. Basically, all Chromium based web browsers store your internet history in an sqlite file in local storage. QQ Messenger would seek out this file and scrape the information, comparing it to a list of keywords and then phoning home if any matches were found.
After the spying revelation, Tencent quickly released a new version of QQ Messenger without the web history scraping functionality and claimed that the Chinese company was only previously looking at its millions of users’ web browsing history as a way of ”checking whether malicious programs were using certain websites to access QQ.”
This isn’t the first time Tencent has spied on users for the Chinese government
Since last year, QQ messenger has lost 6% of its active users – possibly because users have already started distrusting QQ and Tencent. Over the years, similar revelations about Tencent’s anti-privacy and weak security practices have come out especially in regards to QQ products. Back in 2016, the University of Toronto’s CitizenLab revealed that Tencent’s QQ Browser regularly sent personal information back to Tencent unencrypted. Furthermore, it became known that this overt lack of encryption was likely explicitly requested by “higher powers.”
Besides QQ Messenger, Tencent also owns the most popular instant messaging app in China: WeChat. It’s long been known that instant messaging apps in China, particularly the large ones run by companies like Tencent, need to kowtow to government requests at all times. For instance, all of these apps come with screening functionality that checks the pictures you’re about to send to make sure that they aren’t offensive – and will stop your recipient from receiving your message if you send it.
Most users already know, as an example, that they won’t be able to send a Xinnie the Pooh meme through QQ messenger or WeChat without consequences. That Tencent was able to access the web browsing history of millions of individuals in the world – for whatever reason – is plain ol’ scary. The question on internet users’ minds around the world is this: Will Tencent try this kind of spying with software that they have recently gotten access to… like Reddit?