Monday, January 30, 2023

Safari Safe Browsing Blocks GitLab in Hong Kong

Sam Biddle (tweet, via Tim Sweeney):

When Safari users in Hong Kong recently tried to load the popular code-sharing website GitLab, they received a strange warning instead: Apple’s browser was blocking the site for their own safety. The access was temporarily cut off thanks to Apple’s use of a Chinese corporate website blacklist, which resulted in the innocuous site being flagged as a purveyor of misinformation. Neither Tencent, the massive Chinese firm behind the web filter, nor Apple will say how or why the site was censored.


The episode raises thorny questions about privatized censorship done in the name of “safety” — questions that neither company seems interested in answering: How does Tencent decide what’s blocked? Does Apple have any role? Does Apple condone Tencent’s blacklist practices?


The block came as a particular surprise to Ka-cheong and other Hong Kong residents because Apple originally said the Tencent blocklist would be used only for Safari users inside mainland China. According to a review of the Internet Archive, however, sometime after November 24, 2022, Apple quietly edited its Safari privacy policy to note that the Tencent blacklist would be used for devices in Hong Kong as well. (Haija, the Apple spokesperson, did not respond when asked when or why Apple expanded the use of Tencent’s filter to Hong Kong.)


The block on GitLab would not be the first time Tencent deemed a foreign website “dangerous” for apparently ideological reasons. In 2020, attempts to visit the official website of Notepad++, a text editor app whose French developer had previously issued a statement of solidarity with Hong Kong dissidents, were blocked for users of Tencent web browsers, again citing safety.


3 Comments RSS · Twitter · Mastodon

I find the discourse around this tiring, but Tim Sweeney’s second tweet is really something else:

> Google Chrome and Microsoft Edge on Windows and Android do nothing of the sort. Further, Apple’s browser engine competition ban means that any web browser released on iOS will be also locked into this grotesque surveillance regime. Apple must be stopped!

I tested iCab on my iPhone and didn’t encounter any Safe Browsing warnings. The same test site¹ triggered warnings on both Firefox (macOS) and Safari (iOS). It appears his claim that “any web browser released on iOS will be also locked into this grotesque surveillance regime” is simply false, although I’m willing to be shown evidence to the contrary for iOS devices in China and Hong Kong. Likewise, is there any evidence that users in these regions can’t disable Settings › Safari › Fraudulent Website Warning?

The App Store pisses me off too but it really doesn’t help when he makes shit up. (Also, doesn’t Tencent have a 40% stake in Epic Games? Something something glass houses…)

¹I won’t link directly to the site for obvious reasons, but it ranks highly in Google results for “test google safe browsing,” and is cited in this Stack Overflow answer:

Old Unix Geek

One cause of Chinese censorship is providing information telling people how to install VPNs.

@Ghost Quartz I think Sweeney is wrong about that part. There seems to be an API to turn it off. That said, I do think the warning presents a barrier that many users will not be able to overcome. They may believe it’s genuine or not know how to get around it or not want to be without protection for other sites. Personally, I sometimes have to use my Mac to read sites that that for whatever reason have bad certificates because the procedure to tell Mobile Safari that I want to read it anyway simply doesn’t work.

Leave a Comment