Really? Chinese never care about privacy?

On March 26, 2018, Li Yanhong, chairman and CEO of Baidu, a Chinese search engine giant, said at an event:

I think the Chinese are more open and less sensitive to privacy issues. If they can trade privacy for convenience, security, or efficiency, in many cases, they are willing to do so.

This, of course, has brought Baidu a public relations nightmare, not because Robin Li was wrong, but because what he said was out of date.

It is true that Chinese netizens did not care about privacy-until 2017, but now Chinese netizens are almost as sensitive to privacy as those in Europe and the United States.

The Chinese once didn’t care about the privacy of the Internet.

Li Yanhong is the first Internet entrepreneur in China, from running a startup to CEO, a Chinese search engine giant, who has experienced the rise of the Chinese Internet commercial usage for 20 years.

So when he said at the event that the Chinese were willing to sell their privacy in exchange for convenience, it came to some extent from his own professional experience.

It was true that China’s Internet industry did not care about personal privacy in the early days, whether it was Internet companies or their users. Because of the history of the development of Chinese Internet companies, to some extent, it is a history of privacy invasion.

3721 plug-in dashboard

In 1998, a company called 3721 began to do so before the Internet entered most Chinese households. It captures the demand that Chinese Internet users are not good at English and provides Chinese domain name resolution services for browsers and websites through a plug-in.

In practice, however, the plug-in is difficult to uninstall, steals user data, and inserts its own ads into the browser。 The company has also been accused of blackmailing webmasters, who will invalidate the site’s English domain name in all browsers with 3721 if they do not buy expensive “Chinese domain names” from 3721.

The model was so successful that 3721 companies became one of the earliest profitable Internet companies in China, when all the Chinese Internet giants, including Baidu, Alibaba, and Tencent, were still in the middle of huge losses.

In 2001, Chen Shoufu, a teacher at the Beijing Institute of Technology Computing Center, began developing a QQ plug-in called Corals. QQ was the most popular chat tool on the Internet in China at the time.

Coral QQ, it replaces the advertisement in the upper right corner with the location information of the other party, deletes the advertisement in the lower right corner, and adds the coral chat robot to the user’s friend list.

Corals can view the IP of a remote user, query whether another QQ user is online, and remove annoying ads from the QQ. This product exists as a QQ plug-in, but QQ is not an open software that does not allow any form of a plug-in.

At that time, corals were widely used to hang outside coral insects. Because people think that deleting ads from softwareAndPeek at the benefits of other people’s privacy far greater than yourself privacy risk of being leaked. The act was not terminated until 2007, when Tencent sued Chen Shoufu and received court support.

Pirated Windows XP system is also another evidence that the Chinese have approved of “selling privacy in exchange for convenience.” In an era of piracy, many Chinese still install some pirated Windows versions even though they are clearly aware of the existence of system-level viruses. Because these versions are not only free but also provide a faster installation process.

In China, there is also a magical category of Internet products called “Wi-Fi Master key,” the earliest of which was made by a startup founded in 2013, and many different companies have since launched similar products.

The basic principle of the Wi-Fi master key is that you can connect to any Wi-Fi signal through Wi-Fi passwords shared by other users. In the United States, there are similar products, such as FON. But unlike FON, the Wi-Fi master key, for a long time, Wi-Fi sharing was not controlled by the Wi-Fi owner. This App automatically uploads all the Wi-Fi passwords saved on your phone and shares them with others.

This means that when you install the Wi-Fi master key on the phone, you become a “Wi-Fi spy.” The Wi-Fi password for your company, your family, and even your friend’s will be obtained by this company.

In 2015, before being blamed and revamped, the product had 460 million monthly active users in Asia.

But this environment, which abused privacy and was not blamed, changed around 2017.

The rise of Chinese Internet Privacy

On March 15, 2019, the 27th “315 Consumer Protection Gala“, jointly organized by a series of Chinese official departments and the China Consumer Association, was broadcast on CCTV.

No business wants to be presented on to “315 Consumer Protection Gala” stage, because this is a business community ” Golden Raspberry Awards”, select the most harmful companies to Chinese consumers each year.

Last year, 11 Internet companies appeared on the stage, and a black industrial chain about Chinese privacy was exposed nationwide.

In this industrial chain, different companies are responsible for collecting different user data, which is then traded in the black market to form a unified social engineering database, with the real name of the mobile phone number as the only ID. For the average user, this process is entirely invisible in most cases, because these companies are often silent or even illegal in the process of collecting data.

By bribing the mall property company, the illegal company places the “probe box” used to collect user information in the ceiling of the mall, which is invisible to consumers.

One of the companies, for example, tracks users by placing “probe boxes” on the ceilings of shopping malls online. When the user’s smartphone turns on Wi-Fi, it constantly searches around for Wi-Fi signals (even if you don’t connect to any suspicious WI-FI). The probe box receives the signal and records the phone’s MAC address and sends it to the company’s server.

Another company collects users’ cell phone numbers, installed App, and Mac addresses through App’s SDK. The SDK claims to developers that it can help it analyze user portraits of its App, but it actually illegally sells user portraits to any company it wants to buy.

Through repeated cross-comparison of the data, a complete database will eventually be formed on the black market, including hundreds of millions of people’s mobile phone numbers, real names, approximate action tracks, age, gender, shopping habits, and so on.

This is the first systematic exposure of the industrial chain, but in the two years before that, the privacy awareness of Chinese netizens has been increasing.

Since 2018, Taobao, Ctrip, Didi, Jinri Toutiao, and other most essential Internet products in China have fallen into different privacy storms.

January 3, 2018, Alipay online the “2017 annual bill”. This is Alibaba’s annual marketing campaign. It generates a desensitize HTML5 page for users, showing the user’s consumer behavior in all of Alibaba’s products over the past year in an interesting way. But soon, this year’s activities met with resistance from users.

Yue Shenshan, a partner at Yuecheng Law firm, said according to an article on Weibo, if users want to check Alipay Annual Bills, they default to authorize the data to another company called Ant Financial Services Group. Ant Financial Services Group is a credit company that is inconsistent with Alipay’s main operators, although they are all subsidiaries of Alibaba Group.

The charge caused a stir on Weibo, where Alibaba had to modify the interface to change the default option to “unauthorized” and change the font size of the option.

Before this, Alibaba’s such activities have been carried out for many years, but have never been challenged.

On 9 January 2018, media Bianews reports that Toutiao and Taobao “eavesdrop” on users’ conversations and use them for advertising recommendation after semantic analysis. It turned out to be a farce, and the App may have speculated on users’ purchase preferences through other data collection means but did not use mobile microphones to collect users’ conversations without the user’s permission.

Nevertheless, the incident has formed public opinion on the Internet and has been circulated as a rumor because it cannot be falsified.

On March 12, 2018, Ctrip, China’s largest online travel agent, was questioned by the Beijing Youth Daily about adopting a pricing strategy called Big Data Customer Defrauding.

The cause of the incident was a sharp rise in prices when a user found himself rescheduling a flight immediately after canceling the order for the flight.

Big Data Customer Defrauding refers to the Internet company using big data and artificial intelligence to layer users according to the degree of price sensitivity, and to set different prices for the same goods or services in different layers.

Chinese netizens verify whether Big Data Customer Defrauding is true. Didi’s showing different price for the same destination for different passengers.

In the same month, Didi, a Chinese online car-hailing service, suffered the same criticism, with users finding that prices were different when using different accounts at the same starting point, at the same time, and when they went to the same destination.

Didi responded that the estimated price was displayed on the call interface, which was affected by real-time road conditions, perhaps due to a few seconds of error in the user’s test. Of course, Didi also acknowledges that they issue coupons based on the user’s attributes, such as new users, which is also a factor affecting prices. But the move is to give discounts to new users, not to raise prices for older users.

On the other hand, in terms of passive privacy violations, there is also a lot of appalling news in 2018:

• On April 23, information leaked from a number of food delivery platforms, leading hundreds of millions of people to enter the black industrial chain with a history of accurate daily meals.
• On June 13, the database of AcFun, a Chinese video site, leaked, containing behavior data for about 10 million users.
• On June 16, the recruitment site 51 job’s dataset appeared on the Dark Web, containing 1.95 million of user resumes.
• On June 19 and August 3, the data sets of Yuantong Express and Shunfeng Express were sold by hackers, involving 1.3 billion package information, including the name, detailed address, and mobile phone number of the addressee and sender.

And what caused the biggest storm was The disclosure of Huazhu Group hotel order database.

One of the websites that inquire about the room history only needs to pay a little.

On Aug. 28, 500m hotel order information was publicly sold on Dark web, and to make matters worse, hackers bought the data and set up a query site that you can use your cell phone number, ID number, or name to search the entire database. This is a huge impact on Chinese people who are relatively conservative about sex and even caused some breakups and divorces.

All these explosive events have hit Chinese netizens in the past as “indifferent to privacy” and turned them to the other extreme.

Besides, two factors affect the Chinese concept of privacy, one is GDRP.

Like European and American users, with the formal implementation of GDPR in Europe, Chinese users have received a large number of GDPR Mail. Some of them come from foreign products they use, while others come from Chinese products that they use that have a business in Europe, such as QQ. During that period, the mainstream Chinese media also reported a lot of news about GDPR.

Another factor that makes Chinese people pay attention to Internet privacy is the artificial intelligence fever in China.

Since 2016, China’s Internet industry has abused “artificial intelligence” and “big data” in marketing in order to attract more public attention and investors.

Internet companies use magical scenes in science fiction to describe their products and the logic behind them, although in fact, their products do not reach that user experience.

Companies such as SenseTime and MEGVII, which specialize in artificial intelligence, have repeatedly claimed in public that their technology can serve every corner of a modern city. Their services can improve the efficiency of traffic, improve the security level of the city, optimize the energy use of factories, help retail stores increase sales, reduce the risk of financial default, and so on through ubiquitous Internet of things sensors and surveillance cameras.

Although they would not say so themselves, the public will naturally associate that since these technologies can be used for good deeds, they can certainly be used for evil, such as the abuse of privacy.

Then, continuous news events also prove that this is the case.

The current View of Internet Privacy in China

It has to be said that the Chinese concept of online privacy has suddenly changed from the far right to the far left.

As an example, this may be clearer:

In May 2019, Wechat Read sparked a discussion of privacy, but it seemed unnecessary. Some users have found that when you use Wechat to log on to Wechat Read, Wechat Read automatically gets your correspondence at Wechat as part of Wechat Read’s social features.

In fact, you can only log on to Wechat Read through Wechat because Wechat Read and Wechat are from the same department in Tencent. To some extent, Wechat Read is a separate App version of WeChat’s “online reading” feature, which is used to bring a better experience to users.

Your WeChat friends can see your reading time and record when you use WeChat Read. This information is shared by default, but can be turned off.

But the user said: “No, all data flows must be with my consent.” Although the data may have been in the same database from the beginning.

In China, the policy corresponding to “GDPR” takes effect at the same time as “GDPR”, that is, in May 2018. The document is called “Information security technology — Personal information security specification“(GB/T 35273 / 2017), signed by the Ministry of Industry and Information Technology.

Strictly speaking, however, “GB/T 352732017” is a technical specification rather than a legal document issued by the executive branch and can only manage specific products and impose limited administrative penalties.

And from the results, after fully referring to the “GDPR”, the Ministry of Industry and Information Technology itself is not satisfied with this document. Less than a year later, a revision of the document was launched in February 2019.

At present, the spontaneous “supervision” of corporate data privacy by Chinese netizens has exceeded that of the government.

In the private sector, the media, lawyers and ordinary netizens are examining the privacy policies and products of almost all Internet companies. Some people began to read dozens of pages of “terms of service” that had previously been ridiculed as “never noticed”.

Once a netizen finds out that there is unreasonable content in these terms of service, or that a company’s actual product violates a promise in the terms of service, they immediately point out the stains on social media.

In general, this will quickly gain the support of the media and lawyers, and evolve into a public relations crisis against Internet companies, whether the stain is actually illegal or not.

This may sound like a good thing, but it will also cause some problems.

The problem is: logically, in the second decade of the 21 century, few Internet products can be used without collecting user privacy.

This is not just a moral issue of “collecting user data for commercial use”, but that Internet products themselves need to be driven by user privacy data.

Toutiao, China’s largest news client, uses user interest data to push different articles for users.

• Tiktok, China’s largest short video client, uses user interest data (even sexual orientation) to push different content for users.
• Momo and Tantan, two China’s largest dating apps, use user portraits to match different strangers.
• Baidu, China’s largest search engine, uses user portraits to adjust the order of search results.
• WeChat, China’s most significant social software, is being blamed for providing social login services to third parties. Although WeChat’s social login function is completely different from Facebook, third-party developers have little access to any useful user data through social login, except for avatars and nicknames.

Of course, these companies also use user privacy data for business behavior, but the bigger premise is that the use of user privacy forms part of the product experience itself.

With the awakening of the privacy consciousness of Chinese netizens, these products themselves are also asked to be improved. But not all “requirements” are reasonable. For example, many people think that Internet products should ensure that the level of experience does not decline without asking for any user information.

In places not seen by the public, another reason Chinese Internet companies are used to excessive collection of user privacy is to protect their own security.

The black industry does not just steal and trade user privacy, they also use user privacy to fake robots as a “new user” to get discounts on Internet products.

In January 2019, Pinduoduo, an e-commerce company in China, was attacked, with criminal gangs using loopholes in the platform to obtain shopping vouchers worth more than 10 million yuan, according to an official statement by Pinduoduo.

In the fall of the same year, Luckin, a Chinese coffee chain, responded when it was accused by the Ministry of Industry and Information Technology of excessive collection of user privacy, saying it was intended to prevent the underground industry from registering new accounts infinitely to obtain free coffee exclusive to new users.

Throughout 2019, more than 15 big data companies in mainland China were investigated by police. These companies are often charged with other charges because the laws directly related to the data are not perfect. For example, if a company uses a crawler to crawl unauthorized data from other companies, this will be considered to apply in the Criminal Law of the people’s Republic of China. “Crime of destroying computer information system”。

But to some extent, it has dealt a blow to the illegal collection and trading of user privacy, but with unexpected consequences-China’s Internet financial industry has suffered a major blow. Because for some small Internet finance companies, they rely on user behavior data purchased from gray or even black industrial chains to calculate a user’s credit rating. Once the data disappeared, their bad debt rates soared and triggered a wave of collapse in China’s Internet finance industry in 2019.

In general, China may need a longer period of time to solve these problems.

Enterprises need to find a reasonable way to use data, and the digital literacy of citizens also needs to be further improved. And more importantly, there needs to be a law that is perfect enough to solve it. This law needs to clearly define the rights and obligations of each subject and the corresponding penalties in terms of data privacy.

But it is clear that Chinese netizens are no longer “never care about privacy”.