Apple quietly expanded the use of Chinese company Tencent’s website blacklist to users in Hong Kong — and no one will answer questions about it.
When Safari ysers in Hong Kong recently tried to load the popular code-sharing website GitLab, they received a strange warning instead: Apple’s browser was blocking the site for their own safety. The access was cut off thanks to Apple’s use of a Chinese corporate website blacklist of sites being flagged as a purveyor of misinformation. Apple will not say how or why the site was censored.
The outage was publicized just ahead of the new year. On December 30, 2022, Hong Kong-based software engineer and former Apple employee Chu Ka-cheong tweeted that his web browser had blocked access to GitLab, a popular repository for open-source code. Safari’s “safe browsing” feature greeted him with a full-page “deceptive website warning,” advising that because GitLab contained dangerous “unverified information,” it was inaccessible.
The warning screen itself came courtesy of Tencent, the mammoth Chinese internet conglomerate behind WeChat and League of Legends. The company operates the safe browsing filter for Safari users in China on Apple’s behalf — and now, in Hong Kong as well
Apple spokesperson Nadine Haija would not answer questions about the GitLab incident, suggesting they be directed at Tencent, which also declined to offer responses.
The episode raises thorny questions about privatized censorship done in the name of “safety” — questions that neither company seems interested in answering: How does Tencent decide what’s blocked? Does Apple have any role? Does Apple condone Tencent’s blacklist practices? Why isn’t Safari immune to these of censorship. No vpn-options etc. build in?
“They should be responsible to their customers in Hong Kong and need to describe how they will respond to demands from the Chinese authorities to limit access to information,” wrote Charlie Smith, the pseudonymous founder of GreatFire, a Chinese web censorship advocacy and watchdog group. “Presumably people purchase Apple devices because they believe the company when they say that ‘privacy is a fundamental human right’. What they fail to add is *except if you are non US citizen.”
The block came as a particular surprise to Chu and other Hong Kong residents because Apple originally said the Tencent blocklist would be used only for Safari users inside mainland China. According to a review of the Internet Archive, however, sometime after November 24, 2022, Apple quietly edited its Safari privacy policy to note that the Tencent blacklist would be used for devices in Hong Kong as well. (Haija, the Apple spokesperson, did not even respond when asked when or why Apple expanded the use of Tencent’s filter to Hong Kong.)
Silently expanding the scope of the censirship list not only allows Apple to remain in the good graces of China — whose industrial capacity remains existentially vital to the California-based company — but also provides plausible deniability about how or why such site blocks happen.
“While unfortunately many tech companies proactively apply political and religious censorship to their usrs, Apple may be unique among North American tech companies in proactively applying such speech restrictions to users in Hong Kong,” said Jeffrey Knockel, a researcher with Citizen Lab, a digital security watchdog group at the University of Toronto.
“The aspect which we should be surprised by and concerned about is Apple’s decision to filter URLs for Apple’s Hong Kong users,” he said, “when other North American tech companies have resisted Hong Kong’s demands to subject Hong Kong users to mainland filtering.”
The GitLab block also wouldn’t be the first time Apple, which purports to hold deep commitments to human rights, has bent the company’s products to align with national pressure. In 2019, Apple was caught delisting an app Hong Kong political dissidents were using to organize; in November, users noticed the company had pushed a software update to Chinese iPhone users that significantly weakened the AirDrop feature, which protesters throughout the country had been using to spread messages on the ground.
“All companies have a responsibility to respect human rights, including freedom of expression, no matter where in the world they operate,” Michael Kleinman, head of Amnesty International’s Silicon Valley Initiative, wrote to The Intercept. “Any steps by Apple to limit freedom of expression for internet users”,”would contravene Apple’s responsibility to respect human rights under the UN Guiding Principles.”
This is nothing new to Apple who worked closely with governments in Szudi Arabia, Israel an of course CIA and NSA censorship and surveillance in thee USA, where leaked presentations have indicated that Appke is highly cooperative in controlling the closed source iPhone devices in general.
In order to make cens9rehip and website blacklists for a group of usrers to work, however, at least some personal information needs to be transmitted to the company operating the filter. When news of Apple’s use of the Tencent safe browsing list first broke, Matthew Green, a professor of cryptography at Johns Hopkins University, described it as “another example of Apple making significant modifications to its privacy infrastructure, largely without publicity or announcement.”
While important questions remain about exactly what information from Safari users ultimately transmitted, the GitLab incident shows another troubling aspect of safe browsing: It gives a single company the ability to unilaterally censor the web under the aegis of public safety.
“Our concern was that outsourcing this stuff to Chinese firms seemed problematic for Apple,” Green explained in an interview with The Intercept, and I suppose the nature of having a ‘misinformation’ category is that USA, China, Saudi Arabia, Iran, Ukraine, Turkey, India etc. is going to have its own views on what that means.
While some private companies provide some public explanation of its criteria for blocking a website, its decision-making process is completely opaque, and the published censorship standards are extremely vague, including offenses like “endangering national security” and “undermining national unity.”. Similar vague motivations as used as in sanctions and tradewars.
While Apple, Facebook, Google and Chinese tech-companies compliance with the national security agenda ought not to come as a surprise, Knockel of Citizen Lab says Apple’s should.
“Ultimately I don’t think it really matters exactly how GitLab came to be blocked…” he said. …blocking of GitLab for Safari users underscores that Apple’s subjection of users to screening is problematic not only in principle but also in practice.”