Privacy issues with China's Qihoo 360 Technology are becoming more public Published: 2013-4-10 13:15:22

China's Qihoo 360 Technology Co. Ltd. (Nasdaq:QIHU), whose free antivirus software has captured more than 80 percent of the market -- estimated at about 1.5 billion people -- is being accused of stealing confidential information from hundreds of millions of users.

Early last month, National Business Daily, a Chinese economic news outlet, published a story titled "The Mystery of 360 Black Box," accusing Beijing-based Qihoo of inserting illegal software into its antivirus software and Internet browser and stealing users' private information and business secrets to gain more market share and serve its own interests. The report described the conduct as "cancerous cells of the Chinese Internet."

The National Business Daily article cited a third-party programmer who goes by the name "Independent Investigator" as  saying that Qihoo 360 used the backdoor of its software in conjunction with its cloud service to steal user information and uninstall competitors' software from users' computers. The article said Qihoo has for years been using its products to gather personal information such as email addresses, medical records, financial information and passwords.

The ensuing discussion and public attention saw users abandon Qihoo's antivirus software in droves. In the city of Nanjing, one user even took Qihoo to court, alleging that its 360 Internet browser uploads users' surfing history to the company's server.

The news story reflected concerns that date back several years and have in at least one case resulted in a lawsuit. The plaintiff in that suit said consumers' suspicion and anger at Qihoo are well justified. The company's explanations for having collected private information without consent have been unsatisfactory.

Concerns about Qihoo increased last fall when Wan Tao, a well-known former hacker who now leads a nonprofit called IDF Lab that monitors Internet threats, investigated Qihoo. Specifically, IDF spent about two weeks studying the 360 security browser's v5.0.8.7 version, and on Nov. 26, 2012, Wan and his team published a report on 360, documenting a hidden backdoor of the software. The IDF report alleged that "through its application, 360 security Internet browser has downloaded DLL files from 360 servers and applied them without user knowledge, providing no clear file application and usage explanation."

Aware of the highly sensitive nature of the overall issue as well as its own investigation, Wan explained some of the precautions IDF took in conducting its research.

"We had the test results quite some time ago, but we took some time, and we made the wording more neutral," said Wan. He said the purpose of the tests was to raise awareness, not to make a profit. Before publishing, IDF contacted Qihoo, asking its tech team to provide answers to some questions. But the only response came from Qihoo's public relations team, consistently denying IDF's requests for answer, said Wan. In fact, he added, they not only denied requests for information but also suggested IDF was engaging in attempted extortion.

Concerns about privacy with Qihoo products led Apple Inc. (Nasdaq:AAPL) earlier this year to remove Qihoo apps from its App Store, including core products such as 360 Mobile Phone Guard and its Internet browser.

Qihoo's chairman, Zhou Hongyi, has long maintained his company's innocence, saying the criticisms stem from rivals' resentment at his company's competitive successes.

Posted in: Press Release

blog comments powered by Disqus