But the privacy pledges made by UCWeb are misleading, according to
security researcher Gabi Cirlig. His findings, verified for Forbes
by two other independent researchers, reveal that on both Android
and iOS versions of UC Browser, every website a user visits,
regardless of whether they’re in incognito mode or not, is sent to
servers owned by UCWeb. Cirlig said IP addresses - which could be
used to get a user’s rough location down to the town or
neighborhood of the user - were also being sent to
Alibaba-controlled servers. Those servers were registered in China
and carried the .cn Chinese domain name extension, but were hosted
in the U.S. An ID number is also assigned to each user, meaning
their activity across different websites could effectively be
monitored by the Chinese company, though it’s not currently clear
just what Alibaba and its subsidiary are doing with the data.
“This could easily fingerprint users and tie them back to their
real personas,” Cirlig wrote in a blog post handed to Forbes
ahead of publication on Tuesday.
Not what you want.