According to Polish security researchers at Exatel, Maxthon Cloud currently engages in multiple spyware activities. An English translation of the report can be found here: https://exatel.pl/advisory/maxthonreporten.pdf
User ksdev on Hacker News summarizes it:
TL;DR: It doesn't matter if you agree to join "User Experience Improvement Program" in Maxthon or not - the browser regularly sends this data to Beijing servers:
- Windows service pack version,
- screen resolution,
- Maxthon version,
- CPU freq,
- Maxthon path,
- adblock info,
- startup site address,and the most important:
- ADDRESS OF EVERY VISITED SITE - full history, with every query entered in google,
- every ~5 reports - FULL LIST OF INSTALLED SOFTWARE (with exact versions).
This is from the HN discussion located here: https://news.ycombinator.com/item?id=12094930
The above data is purportedly sent via a channel which can be intercepted by a third party and decrypted due to errors in the Maxthon encryption code.
As this story unfolds, I'll be looking for independent confirmation. If the above is correct, we will be immediately pulling Maxthon from our app directory and pushing out an update to users with the warning.
UPDATE: It appears the research was done on Maxthon 5 (which would likely apply to the current 4.9 release from their site as well). Maxthon Portable packaged as a PAF by the Maxthon France group that we make available is only at version 4.4 so this may not apply.
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
In that report, the initial User Agent is shown on page 4 as being 4.4.5.10. On the last page, the final paragraph states that as of 4.9.3.1000 the behaviour still existed.
Accordingly, based on that, IMHO, we may be safer with pulling the browser now.
[EDIT] I'm going to see if I can get confirmation in a VM.