- cross-posted to:
- technology@lemmy.world
www.techtransparencyproject.org
- cross-posted to:
- technology@lemmy.world
cross-posted from: https://lemmy.sdf.org/post/31957116
Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.
TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.
[…]
VPNs allow users to mask the IP address that can identify them, and, in theory, keep their internet browsing private. For that reason, they have been used by people around the world to sidestep government censorship or surveillance, or because they believe it will improve their online security. In the U.S., kids often download free VPNs to play games or access social media during school hours.
However, VPNs can themselves pose serious risks because the companies that provide them can read all the internet traffic routed through them. That risk is compounded in the case of Chinese apps, given China’s strict laws that can force companies in that country to secretly share access to their users’ data with the government.
[…]
The VPN apps identified by TTP have been downloaded more than 70 million times from U.S. app stores, according to data from AppMagic, a mobile apps market intelligence firm.
[…]
The findings raise questions about Apple’s carefully cultivated reputation for protecting user privacy. The company has repeatedly sought to fend off antitrust legislation designed to loosen its control of the App Store by arguing such efforts could compromise user privacy and security. But TTP’s investigation suggests that Apple is not taking adequate steps to determine who owns the apps it offers its users and what they do with the data they collect. More than a dozen of the Chinese VPNs were also available in Apple’s App Store in France in late February, showing that the issue extends to other Western markets.
[…]
You must log in or register to comment.
that’s why, as a mere user myself, someone that will never be able to write a line of code, let alone develop an app, I still want my apps do be Free/Libre software. I want for those many more competent people all over the world to be able to identify any such a turd and flush them down the drain. I don’t trust any corporation to do a good job at that, even Apple (disclaimer: I use an iPhone…)
people all over the world
They always try to make us feel alone but we are not. The easiest way to fix privacy is to make an in-person group with people you know. Then it only takes one of you to find something for the whole group to see it.
So much this.
Stallman was and still is right probably on almost every single point he ever made. I’m afraid we will only understand that once it’s too late if it not already is.
How many of these apps are AGPL?
None. The Apple App store straight up disallows AGPL and GPL licensed code on it.
Sometimes people mistake platforms banning or refusing to use A/GPL licensed code as restrictions of the license itself, and that’s what they refer to by “The A/GPL is ‘restrictive’” — because A/GPL licensed code can’t be used on every platform.
More often, only those lying about the AGPL being restrictive are the scammers it protects us from, those taking libre software and turning it into anti-libre software, taking software we do control and turning it into software we do not control. Copyleft libre software licenses like the AGPL defend us from this but all libre software licenses help protect our privacy.
The Apple App store straight up disallows AGPL and GPL licensed code on it.
No surprise we get no privacy from software we do not control.
I found this helpful article about what the AGPL is, and how it can be really beneficial- with examples.
Can you provide a source about Apple not letting you distribute GPL licensed code? Or is that basically what this StackOverflow question mentions? I’m just trying to figure out whether Apple’s evil here is business as usual, or particularly pernicious.
Here’s an older article by the FSF:
https://www.fsf.org/blogs/licensing/more-about-the-app-store-gpl-enforcement
The short version is that Apple applies further restrictions what you can do with apps from the App Store, that conflict with the GPL’s explicit requirement that software distributed is freely usable.
Apple is not unique in this, as other locked down app stores, like console app stores have similar issues.
It should also be noted that Apple themselves refuses to use GPL code in MacOS. They used to be using a very outdated bash version (since newer versions were GPL licensed), but it seems they’ve switched to zsh instead.
Google is similar, in that they have an internal policy to never touch AGPL code — You’re not even supposed to install AGPL apps.
whether Apple’s evil here is business as usual, or particularly pernicious
Both have the same result for our privacy.
Right, but does that mean GPL-licensed apps are still getting removed left and right from the App Store, and/or that people are self-censoring?
I see VLC (back from the original contention) is still up, though MPL licensed on there (it appears to be GPL on their official website), and I don’t touch iOS devices nearly enough to recognize much else. It’s been fifteen years.
Not sure but I get the question now.
Qihoo is just a typical tech company with a “security” focus. It having a VPN is like Norton having a VPN - like Norton VPN.
Using a shell company is likely just a way to avoid sanctions.
A Chinese app talking to Chinese servers is no more alarming than a Swedish app talking to Swedish servers or an American app talking to American servers. Imagine writing a breathless “report” about how searching the App Store phones home to the United States. You know, to search for and download apps.
So basically the Tech Transparency Project is just doing some nationalist orientalism.
From their website: “TTP is a research initiative of Campaign for Accountability (CfA), a 501©(3) nonpartisan, nonprofit watchdog organization that uses research, litigation, and aggressive communications to expose misconduct and malfeasance in public life.”
Their director: “Katie Paul, TTP’s Director, specializes in tracking criminal activity on online platforms such as Facebook. She also serves as co-director of the Antiquities Trafficking and Heritage Anthropology Research (ATHAR) Project and a founding member of the Alliance to Counter Crime Online (ACCO).”
They are somewhat opaque about their funding. They claim to not accept corporate funding but every funder they list is just a middleman NGO for corporate/billionaire funding.
So, a typical NGO run by a cop.
Tech companies are generally terrible and tied to financialized nonsense, but there is nothing out of the ordinary here. The outrage is premised entirely on xenophobia.
A data sucking capitalist corporation from an imperialist power, all of which you hate because you aren’t an orientalist hypocrite, I presume?
