Southern Metropolis Daily: Jinshan in the name of the user benefits War 360

Jinshan and 360 again spat war. CFP Map

Before the uproar of the 3Q War, is 360 accused Tencent QQ software suspected of spying on the user's privacy and ignited, unexpectedly a few months later, the same accusation fell to 360 of their own body. On the last day of 2010, Jinshan held a press conference, pointing out that "360 is suspected of collecting user's privacy" and showing evidence on Google snapshots, including user name, password, access record, with unique identification characteristics of the machine code and other information. 360 in the New Year's Day emergency response said that there is no "collection of user privacy" situation, and refers to Jinshan move is Xiangzhong to promote their products.

Jinshan War 360, became the beginning of the year the Internet industry's most concerned about the event, the event is still continuing to ferment. As personal privacy is the basic interests of hundreds of millions of netizens, once personal privacy is exposed to threats, the vast number of netizens will naturally be worried and highly concerned. Industry insiders called for, how to define "the collection of user privacy" has gone beyond the scope of the enterprise's ability, need to be clarified from the level of administrative legislation to resolve.

Jinshan said to have "360 Record privacy Information" evidence

December 31, 2010, Jinshan Company convened an emergency press conference, Jinshan Network CEO Fu pointed out that the recent Jinshan received a large number of users reported that Google to search their own username and password. After tracing, Jinshan found these privacy information from 3,601 servers (upload.360safe.com) on a text file. The server details the full network access process for a large number of 360 users, including browsing Web pages, downloaded applications, search keywords, and so on, and linking these access records to unique users.

Jinshan Network in the day of the press conference, also shows some of the cases, these cases are related to the netizen in Baidu, Google, Sogou search engines, such as searching for keywords, access to specific Web site links, mailboxes and other services such as user name password and some of the company's internal network login address, document information and so on.

Since the suspected leaked packets are unencrypted in plaintext, this means that the most common Internet users can be queried in this packet, so that many 360 of users of the Internet behavior, user name password and other important information are seriously threatened.

Fu said the 360 leak exposed the company's collection of user-privacy content that security software does not need. While leading the 360 security team (note: Fu once served in 360), there has never been a collection of user privacy behavior. Fu said that violations of user privacy, must be controlled by the government, he called for the Ministry of Industry and the Ministry of Public Security, including the relevant government departments, the introduction of effective measures to the safety of the use of "cloud security" technology management and norms.

That night, Jinshan to the window to release the "first-level security warning", said that hundreds of millions of user names and passwords exist risk of leakage, it is recommended that users uninstall 360.

360 said the leak originated from the server being attacked.

January 1, 2011, 360 issued a public statement, the accusation of Jinshan made a related explanation, and said Jinshan move is to restore the market downturn smear 360.

360, Jinshan announced the so-called "360 collection of user privacy", is actually 360 to help users to identify malicious Web site uploaded to the 360 Cloud Security Center to query the temporary web site access records. When a user visits a Web page, the 360 software will compare the URL of the user's visit to the malicious Web site of the Cloud Security Center to identify and intercept malicious Web pages such as horse-hanging, fishing, and fraud. 360 does not collect any user name and password information. When a very small number of sites with security vulnerabilities to write user name and password information in the URL, 360 software in the cloud query these URL URLs, do not actively identify the user name and password, so the Web site Cloud Security query log these URLs. "360 software through cloud query to identify and intercept the user may visit the Malicious Web page, this is including Jinshan, domestic and foreign security software for malicious Web site interception using the general mechanism, will not violate user privacy." ”

360 explained that the incident is because the 360 storage Web site Cloud Security query log an internal server was attacked, making the search engine can not crawl the log data by Google Spiders crawl to a small amount of data. After checking with Google, the 360 web site Cloud Security query log data appearing in its search results is very small, and Google has deleted this part of the data. As a result, the risk of disclosure of user privacy information may be very limited.

360 emphasis, Jinshan release of the log, part of the Google search, "We are investigating how Jinshan get 360 servers in the malicious Web page interception log." ”

In this regard, Jinshan Network marketing director Chazy said that 360 leaked out of the user's privacy, involving Sina, NetEase, Taobao and other domestic mainstream Internet Application services username and password. "Our information is found from Google, welcome to google out of the three sides together to prove." ”

Experts call for legislation to resolve disputes as soon as possible

The 3Q war, and the dispute between Jinshan and 360, make the Internet user privacy protection of the importance and urgency increasingly prominent.

China Electronic Commerce Association Policy Law Committee members, Sheng law firm director lawyer Yu Guofu in the interview with reporters in south, said that 360 suspected disclosure of user privacy incidents exposed two issues: first, 360 users to collect information is legitimate; It is safe enough to preserve the user information. "360 with the user is a contractual relationship, if the user signed an online agreement with 360 allow 360 to upload user privacy information, then its collection of user information is legal." However, if the information is likely to pose a significant threat to the user's personal property, 360 will need to do enough reminders. Even if the legal collection of user privacy information, but if the security measures, resulting in the disclosure of user privacy information, 360 also bear certain responsibilities. ”

Yu Guofu said that although academics have been calling for a decade, legislation on the protection of personal information on Internet users has not been put on the agenda. With more and more Internet public events happening, it is urgent to improve the protection of personal information by legislation. "However, legislation has very strict procedures." Prior to this, users are advised to actively help themselves, to avoid personal important information leakage. ”

Nancy reporter Gao Lingyun intern dan