This WeChat link actually sells your private information
"Precise positioning" "Little Three Stars" "A link to easily locate the old Lai" ... The reporter found that there are many "precise positioning to find people" businesses on Taobao, WeChat public account and Baidu Post Bar, they claim that only one With a simple link, you can easily locate the person you are looking for.
The reporter searched for related keywords on Taobao.com and found that the only product sold in a shop called "Informer Cloud Platform" was named "Car Mini GPS Tracker Remote Wireless Magnetic Mini Tracker". .
Xinhua News Agency’s “China Network Affairs” reporter communicated with the seller in the name of requiring location services. The seller told the reporter that the current WeChat linking method is the most used and the positioning effect is the best. There are three kinds of WeChat positioning links that are more frequently used. Form: The first is to send the article link to each other to get the other's geographic location; the second is to invite the other party to play the mini-game to get the other's geographical location; the third is to send the red envelope to the other party to get the other's geographical location.
The seller stated that when the targeted person clicks on these links, he/she will receive only one application for obtaining information such as geographic location. If the targeted person clicks “OK”, the geographic location information will be accurately positioned and will be opened later. Similar links will be "permitted" by the positioning software. If the targeted person clicks "Cancel", the system will still be located by IP address, but the positioning accuracy will be reduced.
Later, the reporter tried a location service in another location-based service provider with similar operations. The whole process was very simple. Just send an article link or red package link to the locationee, and locate the location information of the locationee and the actual location. Location information is highly consistent.
On Baidu, the keyword "WeChat Locator" is used as a keyword to search. The second search result is "depth analysis of the method and application scope of locating others quietly through WeChat", which belongs to Baidu's "Baidu Experience" column. The page introduction will guide readers to add a "sh25622" micro signal. After adding the micro signal, the reporter also obtained three ways to locate friends in the WeChat.
After testing, when positioning a buddy in a WiFi environment, the accuracy of the feedback location information is extremely high. When locating a friend in an ordinary mobile network environment, the accuracy is relatively poor.
How does WeChat become a privacy leak?
The reporter has learned in depth that there are many illegal ways to use the WeChat link to perform positioning operations. Some merchants stated that the price for purchasing positioning software is around RMB 1,000, but the use time is limited and often only a few days. After that, if it still needs to be positioned, the buyer will need to recharge. The cost of each WeChat loca- tion link is mostly about 100 yuan. Some merchants do not have external software and send the specified link directly in a third-party page to obtain the positioning. The use time varies from day to year, and the recharge price ranges from 29 yuan to 299 yuan.
According to the Infuser Security Engineer, the positioning request of disguising a news link or a third-party company’s red envelope is not a “smart” approach. "Only using the platform's open API interface, and then package the features of location and location information return, in this way to sell money." The engineer said that such operations are not for people with little programming knowledge Difficult to do.
Experts analyze the reporters that from the point of view of the technical means of obtaining other people's location information, it is maliciously exploiting the platform's technical and regulatory loopholes to steal the position information of unsuspecting users. This is in line with the daily technical maintenance and supervision of the platform. There is a close connection with the presence of errors.
Many netizens reported that they can find posts on how to locate WeChat friends without knowing about each other on the Internet. It is easy to find sellers through various types of information such as “positioning plus QQ”.
Industry experts stated that there are many links in the process of WeChat use that require obtaining authorizations including geographical location information. The lack of screening methods for ordinary users makes it difficult to identify which link's authorization may be a malicious authorization, and thus WeChat official is responsible. There is also an obligation to strengthen the cleanup of such malicious links and to safeguard the legitimate rights and interests of users.
As early as April of last year, some science and technology categories have revealed that illegal companies have profited from betraying WeChat positioning rights. The exposed positioning method is exactly the same as the three types of positioning methods used in the test of the reporter, indicating that this problem was not discovered for the first time. However, the reporter did not find that the platform has issued detailed regulatory measures for this issue.
“A loophole that has been exposed by the media a year ago has not yet been 'filled in', and it has even led to a black and grey industrial chain. The platform should assume corresponding regulatory responsibilities. It should also reflect on whether or not the corresponding gap-filling mechanism is There is a problem," said an industry insider who declined to be named.
Obtaining location information or suspected crimes without the knowledge of the other party
Zhu Jian, a lawyer of Shanghai Jianwei (Hefei) Law Firm, stated that the merchants that provide WeChat location services are suspected of constituting the crime of infringing on citizens’ personal information.
On May 8, 2017, the Supreme People's Court and the Supreme People's Procuratorate jointly issued the "Interpretation on Several Issues Concerning the Application of the Law in Criminal Cases of Infringement of Citizens' Personal Information." The first article of the interpretation is the 250th of the "PRC Criminal Law." A clear interpretation of “citizen’s personal information” as prescribed in Article 13 refers to various types of information, including names, that are recorded electronically or otherwise and that can be used alone or in combination with other information to identify the identity of a particular natural person or to reflect the activity of a particular natural person. ID number, communication and contact information, address, account password, property status, whereabouts, etc.
According to the provisions of Article 253 of the Criminal Law of the People's Republic of China, in case of violation of the relevant provisions of the State, the sale or provision of personal information of citizens to others, if the circumstances are serious, the person shall be sentenced to fixed-term imprisonment of not more than three years or criminal detention, and shall be concurrently executed or a single fine; If the circumstances are particularly serious, they shall be sentenced to fixed-term imprisonment of not less than three years but not more than seven years and be fined.
According to Shi Baozhong, an attorney with Anhui Zhongjia Law Firm, providing WeChat positioning services may also be suspected of illegal business. “The judiciary can only locate a certain person because of the need to solve the case. These merchants provide paid positioning services and have business nature, but they do not have legitimate business qualifications.”
Article 225 of the Criminal Law of the People's Republic of China stipulates that franchises, monopoly items or other articles that restrict sales or purchases without the approval of operating laws or administrative regulations constitute the crime of illegal business.
“Platform parties shall bear corresponding legal liabilities for the malicious use of their own technology or the loss of supervision to the user’s rights.” Zhu Chen said that if a user’s malicious link causes a leakage of location information and his own legitimate rights and interests are seriously In case of damage, and the WeChat platform has not yet fulfilled its supervisory responsibilities, the victimized users can legally pursue the legal responsibility of the platform through judicial channels.
Industry experts suggest that ordinary citizens should have legal awareness on the one hand and refuse to use services that illegally obtain information from others. On the other hand, they should be vigilant when receiving unfamiliar links so that their personal safety is not threatened.