A web browser developed by Chinese company Maxthon has allegedly been collecting telemetry about its users.
Polish security consultancy Exatel warns [PDF] that Maxthon is phoning home information such as the computer's operating system and version number, the screen resolution, the CPU type and speed, the amount of memory installed, the location of the browser's executable, whether ad-block is running, and the start page URL.
The Maxthon browser collects this data without the knowledge or consent of surfers, we're told. This information could be used to tailor attacks against a particular target, according to Fidelis Cybersecurity, the firm that supplied the tools used in Exatel's analysis.
On the other hand, the data is either benign or the kind of information handed over to every web server by browsers in their HTTP request headers.
Exatel researchers said they came across the issue after looking into the source of suspicious traffic in a customer's environment.
Maxthon's cloud-connected browser is the sixth most popular form of web surfing software in both Poland and China (occupying 0.3 per cent and 2.6 per cent market share, respectively).
Beijing-based Maxthon claimed its browser – available as freeware for Windows, OS X and Linux PCs – offers surfers a safe haven from the prying eyes of America's NSA and its PRISM program while seemingly spewing information about them over the web. El Reg asked Maxthon to comment. No one was available to talk to us.
Back in February, Canada's Citizen Lab claimed a web browser made by China's top search engine Baidu leaked all sorts of sensitive information.
The Android version of Baidu's browser exposed unencrypted GPS coordinates, search terms and URLs visited. The Windows version was rated as even leakier, sending out search terms, hard drive serial numbers, network MAC addresses, the title of all webpages visited, and the GPU model number, apparently. ®