SpywareWatchdog/articles/slimjet.html

108 lines
7.4 KiB
HTML
Raw Normal View History

2020-07-25 12:33:15 +03:00
<!--Old Style-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-type" content="application/xhtml+xml;charset=utf-8"/>
2020-07-30 14:34:56 +03:00
<title>Slimjet — Spyware Watchdog</title>
2020-07-25 12:33:15 +03:00
<link rel="stylesheet" href="../style.css"/>
</head>
<body>
<div class="case">
<div class="nav"><a href="index.html">&larr; Catalog</a></div>
<div class="main">
<img src="../images/slimjet_logo.png" alt="Slimjet Logo"/>
<h1>Slimjet</h1>
<p>
Slimjet is a clone of the SlimBrowser web browser from FlashPeak that uses the Chromium as a base.
</p>
<h2>Spyware Level: <span class="red">EXTREMELY HIGH</span></h2>
<p>
2020-07-30 14:34:56 +03:00
Slimjet's website claims that it is very committed to user privacy, and that it blocks Google tracking, unlike Google Chrome<sup><a href="#s1">[1]</a></sup>. However, this claim is <b><font color=red>not true</font></b>. Slimjet is constantly sending information to google and connecting to google
2020-07-25 12:33:15 +03:00
services. Slimjet claims to be concerned about privacy but ultimately retains just about all of the spyware features found in Google Chrome, as well as additional spyware added on by FlashPoint. In this way, Slimjet manages to implement all of the spyware that is found in browsers like Google Chrome, except instead of one company having this information, it's split up among several companies...
</p>
<h3>Phoning Home</h3>
<p>
Even though on its site, FlashPeak claims that: <i>"Slimjet doesn't send any usage data back to Google like Chrome."</i><sup><a href="#s1">[1]</a></sup>
the moment I turn it on with MITMproxy running, I am greeted with this:
</p>
<img class="screenshot" src="../images/sj_google_requests.png" alt="Slimjet sending requests to all sorts of google services">
<p>
2020-07-30 14:34:56 +03:00
So, this claim just isn't true at all. It's still got a lot of Google's spyware in it, if it's still connecting to so many Google services. What's kind of surprising is that it didn't seem to connect to any servers explicitly operated by FlashPeak when I was testing it. Even though, it claims to collect information about its users for internal usage.<sup><a href="#s2">[2]</a></sup> So, it must be phoning home as well as sending information to Google. Maybe it sends information through some kind of Google web service?
2020-07-25 12:33:15 +03:00
</p>
<h3>Default Search Engine is Spyware</h3>
<p>
The default search engine is <a href="../articles/bing.html">Bing</a>, which sells your information to advertisers. If that isn't enough, it's
<i>"served from fpseek.com"</i> which means that not only are you exposing your information to Bing, this is also being logged by fpseek, which
2020-07-30 14:34:56 +03:00
has its own privacy policy<sup><a href="#s3">[3]</a></sup>. Whenever you search something using the default search engine, requests are sent to both Bing and fpseek.
2020-07-25 12:33:15 +03:00
</p>
<img class="screenshot" src="../images/fpseek.png" alt="Fpseek connection">
<p>
So, not only are you sharing everything with Microsoft, now there is another company looking at all of your searches. This is a uniquely bad
default search engine because of how much information it leaks out. Fpseek itself is a company that seems to be tracking how users interact
2020-07-30 14:34:56 +03:00
with advertisements and it says that it uses information it collects about its users to:
2020-07-25 12:33:15 +03:00
</p>
<p><i>
"...maintain and improve the quality and operation of the Software & Services, including, monitoring viewability of and interaction with advertisements, search results and other products and services provided by Company."
</i><sup><a href="#s3">[3]</a></sup></p>
<p>
So, it looks like your searches are sent to two advertising companies instead of just one. At the very least when the search engine is changed to
an alternative like DuckDuckGo the requests to fpseek stop.
</p>
<h3>Collecting Information about Users</h3>
<p>
2020-07-30 14:34:56 +03:00
Slimjet claims to collect <i>"some anonymous feature usage statistics information"</i>, and claims not to record your IP or sell that information
to advertisers. However, it is still opt-out spyware.
2020-07-25 12:33:15 +03:00
</p>
<h3>Using the Microsoft BITS service to upload search history to Google servers</h3>
<p>
When you start Slimjet, it will begin using the BITS (Background Intelligent Transfer Service) which is designed to use spare bandwidth to transfer
updates and other information. These requests are sent between Slimjet and a Google server, with confirmation from Process Monitor and MITMproxy:
</p>
<img class="screenshot" src="../images/sj_google_BITS.png" alt="Bits1">
<img class="screenshot" src="../images/sj_google_BITS_2.png" alt="Bits2">
<img class="screenshot" src="../images/sj_google_BITS_3.png" alt="Bits3">
<p>
Personal information was censored from these images. It's unclear what this is for specifically but this is probably being done to implement the
2020-07-30 14:34:56 +03:00
"CLOUD SYNC OF BOOKMARK & DATA" that is advertised on Slimjet's website. This is probably how they upload all of your search history and bookmarks into their cloud services, which seem to be provided by Google. There are no other features or requests made that would require large amounts of data to be sent to an external server in this way, so by process of elimination this is my theory as to how it's implemented.
2020-07-25 12:33:15 +03:00
</p>
<img class="screenshot" src="../images/sj_cloud.png" alt="cloud sync feature">
<p>
Obviously you can tell that any kind of service to sync your search history "in the cloud" is a privacy nightmare. Now both Google and Slimjet have access to your search history...
</p>
</div>
<hr>
<div class="footer">
<div class="sources">
<h4>Sources:</h4>
<ol>
<li id="s1">
<a href="https://www.slimjet.com/">Fastest web browser that automatically blocks ads</a>
<a href="http://web.archive.org/web/20180624103729/https://www.slimjet.com/">[web.archive.org]</a>
<a href="http://archive.is/67qZa">[archive.is]</a>
</li>
<li id="s2">
<a href="https://www.slimjet.com/en/privacy-policy.htm">Privacy Policy</a>
<a href="http://web.archive.org/web/20180624104143/https://www.slimjet.com/en/privacy-policy.htm">[web.archive.org]</a><br>
</li>
<li id="s3">
<a href="http://info.fpseek.com/privacy-policy/">Privacy Policy Fpseek</a>
<a href="http://web.archive.org/web/20170619202653/http://info.fpseek.com/privacy-policy/">[web.archive.org]</a>
<a href="http://archive.is/fHly1">[archive.is]</a><br>
</li>
</ol>
</div>
<hr>
<b>This article was last edited on 8/4/2018</b>
<!--Dont change-->
2020-11-17 22:52:15 +02:00
<p>If you want to edit this article, or contribute your own article(s), visit us at the git repo on <a href="https://codeberg.org/shadow/SpywareWatchdog">Codeberg</a>.</p>
2020-07-25 12:33:15 +03:00
<p>All contributions must be licensed under the CC0 license to be accepted.</p>
2021-01-02 07:54:37 +02:00
<a href="../LICENSE.txt"><img class="icon" src="../images/cc0.png" alt="CC0 License"/></a>
2020-07-25 12:33:15 +03:00
<!--Dont change-->
</div>
</div>
</body>
2020-07-30 14:34:56 +03:00
</html>