Apple, in a statement to iMore:
Apple protects user privacy and safeguards your data with Safari
Fraudulent Website Warning, a security feature that flags websites
known to be malicious in nature. When the feature is enabled,
Safari checks the website URL against lists of known websites and
displays a warning if the URL the user is visiting is suspected of
fraudulent conduct like phishing. To accomplish this task, Safari
receives a list of websites known to be malicious from Google, and
for devices with their region code set to mainland China, it
receives a list from Tencent. The actual URL of a website you
visit is never shared with a safe browsing provider and the
feature can be turned off.
After quoting Apple’s statement, Rene Ritchie has more details on how the feature works, including the fact that the URLs you visit aren’t sent to Google (or Tencent) — hashed prefixes of the URLs are sent. This became a story over the weekend when a story by Tom Parker at Reclaim the Net ran under the alarming headline “Apple Safari Browser Sends Some User IP Addresses to Chinese Conglomerate Tencent by Default”.
My assumption was that Apple was only using Tencent in mainland China, where Google services are banned. Apple’s statement today makes it clear that that is true. But Apple brought this mini-controversy upon itself, because Apple’s own description of the feature doesn’t specify when the Fraudulent Website Warning feature uses Google and when it uses Tencent. Apple’s description simply says:
Before visiting a website, Safari may send information calculated
from the website address to Google Safe Browsing and Tencent Safe
Browsing to check if the website is fraudulent. These safe
browsing providers may also log your IP address.
★ Monday, 14 October 2019