Current location: home page > Industry trends >Text content

Tencent's "infinite law" questioned collection of user agent information Tencent response: anti plug in

Dazzle Yi Two years ago (2019-01-19) Industry trends six hundred and twenty-nine

This morning, microblog user hackl0us questioned tencent The law of infinity game The privacy policy contains "may collect user's shadowlocks service configuration information", which is suspected of excessive collection of user's privacy information, which is beyond the scope of privacy that a game should collect.


  Shadowsocks Software It is mainly used for proxy server climbing over the wall. If users are found out, they may be subject to administrative punishment. Tencent said in its privacy policy to collect proxy service information, and users are worried that this information will be leaked to the relevant departments for blocking and punishing. At the beginning of this year, the network supervision team of Nanxiong Public Security Bureau of Guangdong Province issued a decision on administrative punishment. Zhu Yunfeng, 30, has since August 2018 By December, he was fined 1000 yuan for installing software to surf the Internet on a mobile phone. The reason for the penalty is "establishing and using illegal channels for international networking without authorization".

 Tencent's "infinite law" questioned collection of user agent information

In response to this, Tencent game official microblog responded to this query, saying that the practice of collecting the configuration information of shadowlocks service is mainly to detect whether it is the external server IP for blocking punishment based on the characteristics of the shadowlocks proxy used by popular mobile phone radar hanging on the PC in similar games. This is a embedded scheme, because of the mobile phone radar The plug-in does not specify roe, so the relevant functions are not enabled (i.e. no data of users using shadowlocks is scanned and collected). Tencent will highly respect the wishes of the majority of players. Next, Tencent will remove the embedded scheme and replace it with others security In order to better guarantee the fair competition experience of all Tencent game products, the strategy should be external plug-in of mobile phone radar.

 Tencent's "infinite law" questioned collection of user agent information

The following is the full text of Tencent's response:

Description of roe shadowlocks detection function

 Tencent's "infinite law" questioned collection of user agent information

  Tencent game center


With regard to the query of the microblog user @ hackl0us on the collection of shadowlocks service configuration information for the game of infinite rules (hereinafter referred to as ROE) in the early morning of this morning, thank the majority of players for their attention. Tencent game security center makes the following explanation:


I. principle of detection technology:


With the popularity of "chicken eating Games", the related plug-ins can get rich profits, and the plug-in writers emerge in an endless stream, especially in FPS In the traditional perspective function, a new mobile phone radar plug-in appears. On this machine, only the game data is intercepted and forwarded, which is analyzed on the external server. Then, the real-time location information of the game (including players, vehicles, weapons, supplies, etc.) is displayed through the mobile app or web page to realize the penetration function. For example, one of the well-known mobile phone radars is used to realize the proxy and proxy Besides, the proxy server only uses the proxy server to detect the behavior of the proxy server.

 Tencent's "infinite law" questioned collection of user agent information

 Tencent's "infinite law" questioned collection of user agent information

So TP security system Detection will be made according to the characteristics of shadowlocks proxy used by the mobile phone radar hanging on the PC to detect whether it is the external server IP for blocking punishment. This is a embedded scheme. Since the mobile phone radar plug-in does not specify roe, the relevant functions are not enabled (i.e. no data of users using shadowlocks are scanned and collected).


2. Why is there a description of shadowlocks in the gdpr privacy clause?


In order to respect users' right to know and comply with gdpr's privacy disclosure requirements, we have truthfully disclosed this treatment method in the privacy clause. But did not carry on the more detailed technical principle introduction, causes the general player's misunderstanding, hereby apologizes to everybody.


3、 Follow up strategy optimization


When TP security system is committed to plug-in confrontation, it will also highly respect the wishes of the majority of players. Next, we will remove the embedded scheme and adopt other security strategies to deal with mobile phone radar plug-in, so as to better guarantee the fair competition experience of all Tencent game products.


Related articles

 Why don't I like wechat

Why don't I like wechat

This question is one of my answers in Zhihu. The original question is "what kind of users don't like wechat"? For data backup reasons, keep a copy here in case it is lost. The following is the original answer: I am a technical background, I do not like wechat, also do not like QQ, but in order to contact friends have to use. The reason why I don't like wechat is very simple, because on wechat, my data does not belong to me. Tencent wechat official does not provide the function of exporting chat records to CSV or txt files, nor does it provide the backup function of chat records

 How to crack the latest version of [Android] wizard 1.60

How to crack the latest version of [Android] wizard 1.60

After decompiling with Android kill, find the registration failure information, locate the code, comment out the registration code in the red box, compile it back, enter any registration code to register, and then there is no more. As for the software, download it yourself. ...

 Hawking warns China: don't answer

Hawking warns China: don't answer

On August 18, 2017, China's Guizhou Radio Telescope "Tianyan" received a suspicious signal from outer space 4 light years away. On August 19, 2017, Hawking solemnly warned China: "don't answer! Don't answer! Don't answer!" On September 1, 2017, after careful consideration and analysis of various possibilities of contact with alien civilizations by the Chinese government, it was decided that this once-in-a-lifetime opportunity should not be missed. China did not answer, and other countries would also answer, and pointed out that this exchange may trigger a great leap forward in science and technology for all mankind

 Prevention of onion bitcoin blackmail virus one click fast shutdown port 135445

Prevention of onion bitcoin blackmail virus one click fast shutdown port 135445

RT is a piece of code, do not need to set your own, download and unzip, right-click to run as an administrator. The size of onion.rar: 568.0b has been tested by the safety software, so please feel free to download it. ...

  PHP5 version stopped changing at the end of the year, and 60% of webmaster websites involved in security vulnerabilities

PHP5 version stopped changing at the end of the year, and 60% of webmaster websites involved in security vulnerabilities

PHP version 5.0 will not be updated by the end of 2012 and will not be supported by all PHP versions! The security vulnerabilities caused by the old version of PHP will harm the website and even users, and may lead to website degradation. Nearly 60% of users are still using low version WordPress driven by PHP. If they can't get security updates, they will be directly attacked by malicious attacks! Data shows that the proportion of using PHP5 website has reached 61.8%, from the official website of PHP support

 Apply for SSL certificate for free

Apply for SSL certificate for free

SSL certificate is a kind of digital certificate, similar to the electronic copy of driver's license, passport and business license. In short, it is to add a small green lock to the website, that is, add SSL layer under HTTP, and the website can be accessed through the secure channel of HTTPS. This article introduces the entrance to apply for a free SSL certificate. Click → https://freessl.org/freessl. With the help of the API provided by TrustAsia and let's encrypt, as well as using the web cryptography API, you can use the browser completely

Comment

 visitor

Welcome to participate in the discussion. Please express your views and exchange your views here.
Call for istwar