Items tagged with: huawei
The Microsoft Defender Advanced Threat Protection (ATP) service featured in Windows 10 version 1809 alerted researchers to an NSA-inspired backdoor vulnerability in Huawei laptops. The PCManager…
Article word count: 452
HN Discussion: https://news.ycombinator.com/item?id=19617150
Posted by DyslexicAtheist (karma: 12055)
Post stats: Points: 127 - Comments: 87 - 2019-04-09T17:41:33Z
#HackerNews #backdoor #found #huawei #laptops #microsoft #nsa-style
The Microsoft Defender Advanced Threat Protection (ATP) service featured in Windows 10 version 1809 alerted researchers to an NSA-inspired backdoor vulnerability in Huawei laptops.
The PCManager software included in some Huawei’s Matebook systems allows unprivileged users to create processes with superuser privileges, according to a 25 March Microsoft security post.
Upon investigation, researchers found a driver containing components that run with ring-0 privileges in the kernel.
"We traced the anomalous behaviour to a device management driver developed by Huawei," researchers said in the post. "Digging deeper, we found a lapse in the design that led to a vulnerability that could allow local privilege escalation."
This type of vulnerability is similar to a technique used in the NSA’s DOUBLEPULSAR that was leaked by the Shadow Brokers. In 2017 hackers attacked scores of computers with malware inspired by the exploit following the NSA data leak.
Researchers who reported the vulnerability to Huawei said the company responded and cooperated quickly and professionally. A patch was released earlier this year on 19 January.
In an email to SC Media UK Oleg Kolesnikov VP of threat research and head of research labs at Securonix noted that whether deliberate or not, the flaws emphasised the need for betting testing: "While there currently is no direct evidence that the software security issues were intentionally added for Huaweiʼs driver code to be leveraged for a malicious backdoor, these vulnerabilities appear to align with the earlier National Cyber Security Centre, GCHQ etc (HCSEC) report regarding Huawei products and the lack of proper software security practices in the Huaweiʼs approach to software engineering likely significantly increasing the risk to the operators.
"Given the ongoing debate about Huawei and fear around backdoors, one of the key takeaways from this is that it can be very challenging to determine whether a software security issue present is a result of an intentional/backdoor vs. unintentional error, so it is critical not only to have the ability to perform an in-depth software and hardware security analysis related to the vulnerabilities, but also to ensure that the proper software development process and best practices are in place since software vulnerabilities often do not occur in isolation--where there is one, there is often much more to find.
"Specifically, process hollowing is a relatively well-known software security attack technique, so had Huawei developers followed the proper software security design, development, and testing processes when implementing the MateBookService and the corresponding driver software components IRP/IOCTL functionality, chances are that the software security issues reported could have been mitigate and/or addressed proactively."
Last week, the European Union ignored recent calls from the US to ban Huawei products out of fear of Chinese cyber-espionage, as the EU rolled out its 5G security guidelines.
HackerNewsBot debug: Calculated post rank: 113 - Loop: 105 - Rank min: 100 - Author rank: 38
Our discovery of two privilege escalation vulnerabilities in a driver highlights the strength of Microsoft Defender ATP’s sensors. These sensors expose anomalous behavior and give SecOps personnel the…
Article word count: 2094
HN Discussion: https://news.ycombinator.com/item?id=19567399
Posted by trtobe (karma: 165)
Post stats: Points: 158 - Comments: 56 - 2019-04-03T21:27:57Z
#HackerNews #driver #escalation #finds #huawei #microsoft #privilege #vulnerability
With Microsoft continuously improving kernel mitigations and raising the bar for exploiting native kernel components, third-party kernel drivers are becoming a more appealing target for attackers and an important area of research for security analysts. A vulnerability in a signed third-party driver could have a serious impact: it can be abused by attackers to escalate privileges or, more commonly, bypass driver signature enforcement—without the complexity of using a more expensive zero-day kernel exploit in the OS itself.
Computer manufacturers usually ship devices with software and tools that facilitate device management. These software and tools, including drivers, often contain components that run with ring-0 privileges in the kernel. With these components installed by default, each must be as secure as the kernel; even one flawed component could become the Achilles’ heel of the whole kernel security design.
We discovered such a driver while investigating an alert raised by Microsoft Defender Advanced Threat Protection’s kernel sensors. We traced the anomalous behavior to a device management driver developed by Huawei. Digging deeper, we found a lapse in the design that led to a vulnerability that could allow local privilege escalation.
We reported the vulnerability (assigned CVE-2019-5241) to Huawei, who responded and cooperated quickly and professionally. On January 9, 2019, Huawei released a fix: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-pcmanager-en.
In this blog post, we’d like to share our journey from investigating one Microsoft Defender ATP alert to discovering a vulnerability, cooperating with the vendor, and protecting customers.
Detecting kernel-initiated code injections with Microsoft Defender ATP
Starting in Windows 10, version 1809, the kernel has been instrumented with new sensors designed to trace User APC code injection initiated by a kernel code, providing better visibility into kernel threats like DOUBLEPULSAR. As described in our in-depth analysis, DOUBLEPULSAR is a kernel backdoor used by the WannaCry ransomware to inject the main payload into user-space. DOUBLEPULSAR copied the user payload from the kernel into an executable memory region in lsass.exe and inserted a User APC to a victim thread with NormalRoutine targeting this region.
Figure 1. WannaCry User APC injection technique schematic diagram
While the User APC code injection technique isn’t novel (see Conficker or Valerino’s earliest proof-of-concept), detecting threats running in the kernel is not trivial. Since PatchGuard was introduced, hooking NTOSKRNL is no longer allowed; there’s no documented way drivers could get notification for any of the above operations. Hence, without proper optics, the only sustainable strategy would be applying memory forensics, which can be complicated.
The new set of kernel sensors aim to address this kind of kernel threat. Microsoft Defender ATP leverages these sensors to detect suspicious operations invoked by a kernel code that might lead to code injection into user-mode. One such suspicious operation, though not related to WannaCry, DOUBLEPULSAR, or other known kernel threats, triggered this investigation that led to our discovery of a vulnerability.
Investigating an anomalous code injection from the kernel
While monitoring alerts related to kernel-mode attacks, one alert drew our attention:
Figure 2. Microsoft Defender ATP kernel-initiating code injection alert
The alert process tree showed an abnormal memory allocation and execution in the context of services.exe by a kernel code. Investigating further, we found that an identical alert was fired on another machine around the same time.
To get a better understanding of the observed anomaly, we looked at the raw signals we got from the kernel sensors. This analysis yielded the following findings:
* A system thread called nt!NtAllocateVirtualMemory allocated a single page (size = 0x1000) with PAGE_EXECUTE_READWRITE protection mask in services.exe address space * The system thread then called nt!KeInsertQueueApc to queue User APC to a services.exe arbitrary thread with NormalRoutine pointing to the beginning of the executable page and NormalContext pointing to offset 0x800
The payload copied from kernel mode is divided into two portions: a shellcode (NormalRoutine) and a parameter block (NormalContext). At this point, the overall behavior looked suspicious enough for us to proceed with the hunting. Our goal was to incriminate the kernel code that triggered the alert.
Incriminating the source
In user-mode threats, the caller process context could shed light on the actor and link to other phases in the attack chain. In contrast, with kernel-mode threats, the story is more complicated. The kernel by nature is asynchronous; callbacks might be called in an arbitrary context, making process context meaningless for forensics purposes.
Therefore, we tried to find an indirect evidence to third-party code loaded into the kernel. By inspecting the machine timeline, we found that several third-party drivers were loaded earlier that day.
We concluded based on their file path that they are all related to an app from Huawei called PC Manager, a device management software for Huawei MateBook laptops. The installer is available on Huawei website, so we downloaded it for inspection. For each Huawei driver we used dumpbin.exe to examine imported functions.
And then we had a hit:
Figure 3. dumpbin utility used to detect user APC injection primitives
HwOs2Ec10x64.sys: Unexpected behavior from a driver
Hunting led us to the kernel code that triggered the alert. One would expect that a device management software would perform mostly hardware-related tasks, with the supplied device drivers being the communication layer with the OEM-specific hardware. So why was this driver exhibiting unusual behavior? To answer this question, we reverse-engineered HwOs2Ec10x64.sys.
Our entry point was the function implementing the user APC injection. We found a code path that:
1. allocates RWX page in some target process;
2. resolves CreateProcessW and CloseHandle function pointers in the address space of the target process;
3. copies a code area from the driver as well as what seemed to be a parameter block to the allocated page; and
4. performs User APC injection targeting that page
The parameter block contains both the resolved function pointers as well as a string, which was found to be a command line.
Figure 4. User APC injection code
The APC normal routine is a shellcode which calls CreateProcessW with the given process command line string. This implied that the purpose of the code injection to services.exe is to spawn a child process.
Figure 5. User shellcode performing process creation
Inspecting the xrefs, we noticed that the injection code originated from a create-process notify routine when Create = FALSE. Hence, the trigger was some process termination.
But what command does the shellcode execute? Attaching a kernel debugger and setting a breakpoint on the memcpy_s in charge of copying the parameters from kernel to user-mode revealed the created process: one of Huawei’s installed services, MateBookService.exe, invoked with “/startup” in its command line.
Figure 6. Breakpoint hit on the call to memcpy_s copying shellcode parameters
Why would a valid service be started that way? Inspecting MateBookService.exe!main revealed a “startup mode” that revived the service if it’s stopped – some sort of watchdog mechanism meant to keep the Huawei PC Manager main service running.
Figure 7. MateBookService.exe /startup code path
At this point of the investigation, the only missing piece in the puzzle was making sure the terminated process triggering the injection is indeed MateBookService.exe.
Figure 8. Validating terminated process identity
The code path that decides whether to inject to services.exe uses a global list of watched process names. Hitting a breakpoint in the iteration loop revealed which process was registered: it was MateBookService.exe, as expected, and it was the only process on that list.
Figure 9. Breakpoint hit during process name comparison against global list
HwOs2Ec10x64.sys also provided process protection against external tampering. Any attempt to force MateBookService.exe termination would fail with Access Denied.
Abusing HwOs2Ec10x64.sys process watch mechanism
The next step in our investigation was to determine whether an attacker can tamper with the global watched process list. We came across an IOCTL handler that added an entry to that list. MateBookService.exe process likely uses this IOCTL to register itself when the service starts. This IOCTL is sent to the driver control device, created from its DriverEntry.
Figure 10. HwOs2Ec10x64.sys control device creation with IoCreateDevice
Since the device object is created with IoCreateDevice, Everyone has RW access to it. Another important observation was that this device isn’t exclusive, hence multiple handles could be opened to it.
Nevertheless, when we tried to open a handle to the device \.\HwOs2EcX64, it failed with Last Error = 537, “Application verifier has found an error in the current process”. The driver was rejecting our request to open the device. How is access enforced? It must be on the CreateFile path; in other words, in HwOs2Ec10x64.sys IRP_MJ_CREATE dispatch routine.
Figure 11. IRP_MJ_CREATE dispatch routine
This function validates the calling process by making sure that the main executable path belongs to a whitelist (e.g., C:\Program Files\Huawei\PCManager\MateBookService.exe). This simple check on the initiating process name, however, doesn’t guarantee the integrity of the calling process. An attacker-controlled instance of MateBookService.exe will still be granted access to the device \.\HwOs2EcX64 and be able to call some of its IRP functions. Then, the attacker-controlled process could abuse this capability to talk with the device to register a watched executable of its own choice. Given the fact that a parent process has full permissions over its children, even a code with low privileges might spawn an infected MateBookService.exe and inject code into it. In our proof-of-concept, we used process hollowing.
Figure 12. Procmon utility results showing POC process start/exit & IL
Because watched processes are blindly launched by the watchdog when they’re terminated, the attacker-controlled executable would be invoked as a child of services.exe, running as LocalSystem, hence with elevated privileges.
Figure 13. Procexp utility process-tree view showing LPE_POC running as LocalSystem
Responsible disclosure and protecting customers
Once we had a working POC demonstrating the elevation of privilege from a low-integrity attacker-controlled process, we responsibly reported the bug to Huawei through the Microsoft Security Vulnerability Research (MSVR) program. The vulnerability was assigned CVE-2019-5241. Meanwhile, we kept our customers safe by building a detection mechanism that would raise an alert for any successful privilege escalation exploiting the HwOs2Ec10x64.sys watchdog vulnerability as we described.
Figure 14. Microsoft Defender ATP alerting on the privilege escalation POC code
Abusing a second IOCTL handler
Having been able to freely invoke IOCTL handlers of the driver from user-mode, we looked for other capabilities that can be abused. We found one: the driver provided a capability to map any physical page into user-mode with RW permissions. Invoking this handler allowed a code running with low privileges to read-write beyond the process boundaries—to other processes or even to kernel space. This, of course, means a full machine compromise.
We also worked with Huawei to fix this second vulnerability, which was assigned CVE-2019-5242. Huawei addressed the flaw in the same security advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-pcmanager-en.
We presented our research at the Blue Hat IL Conference in February. Watch the video recording here, and get the slide deck here.
While the original alert turned out to be benign, in the sense that it didn’t detect an actual kernel threat like DOUBLEPULSAR, it did trigger an investigation that eventually led us to finding vulnerabilities. The two vulnerabilities we discovered in the driver prove the importance of designing software and products with security in mind. The two vulnerabilities we discovered in a driver prove the importance of designing software and products with security in mind. Security boundaries must be honored. Attack surface should be minimized as much as possible. In this case, the flaws could have been prevented if certain precautions were taken:
* The device object created by the driver should be created with a DACL granting SYSTEM RW access (since only the vendor’s services were communicating directly with the driver) * If a service should persist, developers should check that it’s not already provided by the OS before trying to implement a complex mechanism * User-mode shouldn’t be allowed to perform privileged operations like writing to any physical page; if needed, the driver should do the actual writing for well-defined, hardware-related scenarios
Microsoft’s driver security checklist provides some guidelines for driver developers to help reduce the risk of drivers being compromised.
Our discovery of the driver vulnerabilities also highlights the strength of Microsoft Defender ATP’s sensors. These sensors expose anomalous behavior and give SecOps personnel the intelligence and tools to investigate threats, as we did.
Anomalous behaviors typically point to attack techniques perpetrated by adversaries with only malicious intent. In this case, they pointed to a flawed design that can be abused. Nevertheless, Microsoft Defender ATP exposed a security flaw and protected customers before it can even be used in actual attacks.
Not yet reaping the benefits of Microsoft Defender ATP’s industry-leading optics and detection capabilities? Sign up for free trial today.
Amit Rapaport (@realAmitRap)
Microsoft Defender Research team
HackerNewsBot debug: Calculated post rank: 124 - Loop: 107 - Rank min: 100 - Author rank: 78
Workers of the World, Unite - on GitHub!
The original anonymous developer first posted the project on the Chinese social platform V2EX, saying that such an intense work schedule kept them from “resting and having time to speak to family members.”Pretty Communist, this Chinese "people's" republic, eh? No? Well, must be the fact that the workers are indeed being exploited, when you're working for more than 12 hours a day, six days a week, just to then be sent somewhere to recreate, to be ready to join this vicious circle again. Yes, that's what Marx had in mind when he wrote his famous "Kapital": Not as a solution, but as the literal problem of what the workers had to stand up against.
To get a submission accepted, people are supposed to present evidence, often in the form of social media posts or news articles, but sometimes including internal evidence within the company. The developers of the repository warn users not to screenshot companies’ internal data directly, but to use screen capture, so as to avoid detection a bit better. They also offer anyone who believes a company has been incorrectly accused a chance to correct or delete the data.
Chinese developers say Huawei encourages workers to voluntarily give up paid leave, overtime pay, and parental leave in exchange for large annual bonuses, pointing to a 2010 Chinese news article as evidence.
#Capitalism #CapitalismKills #Corporatism #CorporatismKills #News #Politics #China #PRChina #Alibaba #Kuaibao #GitHub #Microsoft #Internet #996ICU #Huawei #LateStageCapitalism #Exploitation #Oppression #Voluntariness #Voluntary
Chinese woman attempted to infiltrate Trump's Palm Beach residence to speak with member of the family
Despite my rather confusing headline, and regarding the items she brought with her, I would rather say that was told to install spyware in his residence to wiretap him. Remember what he was speaking about shortly after the inauguration?, that Obama was wiretapping him? I guess he confused Obama for the Chinese. 😁
On second thought, maybe they didn't want to try to wiretap him, but steal data either for ransom or to take revenge on what they did to their economy by pulling pressure on Huawei. I don't know, to be honest, we will have to see how this proceeds, now that they (fortunately) caught her in the act.
Watch the video here:
#US #USA #MarALago #Trump #DonaldTrump #Infiltration #Burglary #Malware #Espionage #China #Chinese #Florida #Huawei #CyberSecurity #Hacking
The Register pitted the P30 Pro against Samsung and Apple's best – and this is what they found with regards to the cameras
#huawei #P30 #photography
Under some circumstances, the Huawei camera does do wonders but maybe not so in the case of general camera usage? Huawei is doing to zoom much what Google did for night mode. Still, this article gives some context to how different situations are handled by these phones.
#huawei #P30 #photography
The Huawei P30 Pro’s cameras are miraculous
Huawei wants to establish a new smartphone imaging frontier (again) with the P30 Pro, and it looks like it's succeeding. With up to 10X zoom, a wide-angle lens, a similarly killer night-shooting mode and a time-of-flight camera that might be this year's secret weapon, can all this hardware best the Pixel 3's software smarts?#photography #smartphone #Huawei #P30
The social media giant is a growing global force, and it does Beijing's bidding.
Article word count: 1696
HN Discussion: https://news.ycombinator.com/item?id=19519661
Posted by Ultramanoid (karma: 685)
Post stats: Points: 99 - Comments: 60 - 2019-03-29T06:54:44Z
#HackerNews #about #closer #huawei #look #take #tencent #worried
WASHINGTON - It has long been understood that Tencent — the Chinese firm that owns WeChat and QQ, two of the world’s most widely used social media applications — facilitates Chinese government censorship and surveillance. But over the past year, the scale and significance of this activity have increased and become more visible, both inside and outside China.
During the last month alone, several events have illustrated the trend and Tencent’s close relationship with the Chinese authorities. On March 2, Dutch hacker Victor Gevers revealed that the content of millions of conversations on Tencent applications among users at internet cafes are being relayed, along with the users’ identities, to police stations across China. Just three days later, the company’s founder and chief executive, Pony Ma, took his seat among 3,000 delegates to the National People’s Congress, the country’s rubber-stamp parliament. Ma reportedly raised the issue of data privacy even as security agencies were using data from his company’s applications to root out unauthorized religious activity.
On March 16, China watcher Chenchen Zhang shared an anecdote on Twitter about a member of the Uyghur Muslim minority who was stopped at mainland China’s border with Hong Kong and interrogated for three days simply because someone on his WeChat contact list had recently “checked in” with a location setting of Mecca, Saudi Arabia. The authorities apparently feared that the Uyghur man had traveled on pilgrimage to Mecca without permission, warning that such a move could yield 15 years in prison.
As Tencent’s pattern of censorship and data-sharing with China’s repressive government continues and intensifies, now is the time to consider actions that might help protect the basic rights of all users, regardless of their location and nationality.
Tencent’s role in China
Founded in 1998, Tencent and its popular applications have quickly emerged as ubiquitous elements of China’s communications, financial and social fabric. In January, the company declared that WeChat alone had a billion active daily users. While the company has been forced since its inception to comply with strict Chinese Communist Party information controls, the combination of growing government demands and WeChat’s near market saturation in China has increased the scope and impact of its complicity.
In the realm of censorship, media reports and expert research indicate that WeChat has been refining the use of artificial intelligence to identify and delete images, which netizens commonly employ to evade censorship and surveillance of text communications. The platform has also shuttered thousands of social media accounts that produced unauthorized news and analysis.
These and other forms of censorship significantly distort the information received by Chinese users on vital topics. Analysis by researchers at Hong Kong University’s WeChatscope project, which tracks deletions from some 4,000 public accounts on the platform, found that among the most censored topics in 2018 were major news stories like the U.S.-China trade dispute, the arrest in Canada of Huawei chief financial officer Meng Wanzhou, the #MeToo movement and public health scandals.
Monitoring of user activity on the platform has been made simpler by enhanced enforcement of real-name registration requirements for cellphones, the electronic payment features of WeChat, large-scale police purchases of smartphone scanners and new rules facilitating public security agencies’ access to data centers. As indicated above, content from Tencent applications is being directly given to police in some cases.
This surveillance is increasingly leading to legal repercussions for ordinary users. A sample of cases tracked in Freedom House’s China Media Bulletin over the past year feature penalties against numerous WeChat users for mocking President Xi Jinping, criticizing judicial officials, commenting on massive floods, sharing information about human rights abuses, or expressing views related to their persecuted religion or ethnicity, be they Uyghur Muslims, Tibetan Buddhists or Falun Gong practitioners. The punishments have ranged from several days of administrative detention to many years in prison, in some cases for comments that were ostensibly shared privately with friends. These dynamics have inevitably encouraged self-censorship on the platform.
Although WeChat’s primary user base is in China, an estimated 100 to 200 million people outside the country use the messaging service. Among them are millions of members of the Chinese diaspora in countries like Canada, Australia and the United States, but there is also broader expansion in much of Asia. Malaysia is reportedly home to 20 million WeChat users, out of a population of 31 million. In Thailand, an estimated 17 percent of the population has a WeChat account. In Mongolia, WeChat was the second most downloaded application in 2017. Merchants in Myanmar’s Shan state along the border with China have taken up the app and the number of retailers in Japan that accept WePay (mostly when serving Chinese tourists) increased 35-fold last year. Tencent recently purchased a $150 million stake in the news aggregator Reddit and is eyeing an entrance into the online video market in Taiwan, according to Taiwanese officials.
Evidence that politicized censorship and surveillance may affect Tencent users outside China has begun to emerge. A 2016 study by Citizen Lab found that conversations between an overseas user and a contact inside China were subject to certain forms of keyword censorship, and that once an account is registered with a Chinese phone number, it remains subject to Chinese controls even outside the country.
In Australia, a more recent study of news sources available to the Chinese diaspora found negligible political coverage of China on the WeChat channels of Chinese-language news providers. Incredibly, between March and August 2017, none of the WeChat channels published a single article on Chinese politics, despite the run-up to the important 19th Party Congress that fall. In Canada, WeChat censors have deleted a member of Parliament’s message to constituents praising Hong Kong’s Umbrella Movement protesters, manipulated dissemination of news reports related to Meng’s arrest, and blocked broader media coverage of Chinese government corruption and leading officials.
Amid a crackdown in Xinjiang, Chinese police have also harnessed WeChat to connect with overseas Uyghurs, demand personal information or details about activists and insert state monitors into private groups.
How to respond
Regardless of whether Tencent is a reluctant or an eager accomplice to the Chinese government’s repressive policies, the reality is that Tencent employees can be expected to censor, monitor and report private communications and personal data, in many cases leading to innocent people’s arrest and torture. This should be the starting point for anyone considering using, regulating, or investing in the company’s services.
For those inside China, it is nearly impossible today to function without using WeChat to some extent. But users would be well advised to exercise caution, restricting the application to its most practical functions and consulting available guides on enhancing digital security and accessing information on current affairs more safely.
Users outside China, particularly those without family or friends on the mainland, should rethink whether WeChat is really essential to their daily lives. Individuals who do communicate with personal contacts in China can help protect them by directing them to more secure applications if a sensitive topic comes up, or using homonyms to replace potentially problematic terms, as some journalists have reported doing. Users in the Chinese diaspora should explore ways of expanding their sources of news and information beyond what is available on WeChat.
As governments around the world try to tackle problems related to “fake news,” political manipulation and weak data protections on social media platforms like Facebook and Twitter, Chinese counterparts like WeChat should be subject to at least as much scrutiny and regulation — and be held accountable for any violations. Governments and corporations should also restrict usage of WeChat among their employees, particularly those who work with sensitive information, as the governments of Australia and India have recently done. Politicians communicating with their Chinese-speaking constituents should make sure to do so across a diversity of platforms, not just those that are subject to Chinese government control.
International civil society groups can assist users and democratic governments by maintaining up-to-date digital security guides available in Chinese, documenting the extent to which content outside China is censored or monitored on WeChat and exploring legal recourse for those whose rights may have been violated by Tencent’s practices.
Lastly, investors in Tencent should consider the moral and political implications of their support for the firm. Anyone concerned about human rights, electoral interference by foreign powers or privacy violations by tech giants should divest from the firm, including retirement funds. Socially responsible investment plans should exclude Tencent from their portfolios if they have not already.
Even from a financial perspective, Tencent shares may not be a wise purchase. The price has dropped 19 percent over the past year, in part because of tighter government controls on user communications. Given that Chinese regulators are now turning their attention to the gaming industry, the firm’s most profitable area of activity, its value is likely to dip further. As stock analyst Leo Sun has warned, “Investors in Chinese tech companies should never underestimate the government’s ability to throttle their growth.”
No amount of pushback from users, democratic governments, civil society groups, or investors is likely to change Tencent’s complicity with the Chinese government’s repressive activities. Its very survival depends on dutiful adherence to Communist Party directives. But the steps suggested above would do a great deal to limit the current and potential future damage caused by the company’s practices — for individual users, for the world’s open societies and for the very concept of free expression in the digital age.
Sarah Cook is a senior research analyst for East Asia at Freedom House and director of its China Media Bulletin.© 2019, The Diplomat; distributed by Tribune Content Agency
* Twitter * Facebook * LinkedIn
The consequences of global uncertainty
The global economy is weakening, in no small measure because of a deep, widespread sense of uncertainty. And a major source of that uncertainty is the ongoing Sino-American "trade war." As Lawre...
I told you so: Only idiots believed in Russiagate
There they go again. In 2002 and 2003, corporate media idiots speculated that Iraqʼs secular socialist leader Saddam Hussein might give nukes that he didnʼt and couldnʼt have to radical Islamist...
Traders work on the floor of the New York Stock Exchange on Tuesday.
Has the next bubble arrived?
There are still some economists who fear another crash. The latest is Eugene Steuerle of the Urban Institute, a liberal think tank in Washington. In a new article, he warns that the economy may ...
HackerNewsBot debug: Calculated post rank: 86 - Loop: 259 - Rank min: 80 - Author rank: 33