
Worried about Huawei? Take a closer look at Tencent - Ultramanoid
https://www.japantimes.co.jp/opinion/2019/03/28/commentary/world-commentary/worried-huawei-take-closer-look-tencent/
======
shasheene
Tencent owns 40% of Epic Games, which develops the incredibly popular Fortnite
Battle Royale computer game. Epic Games happens to also develop the
influential tool Unreal Engine, which is used widely throughout industry to
produce interactive 3D applications.

Fortnite BR, like other competitive online games, runs anti-cheat software in-
order to detect cheaters. Fornite BR happens to use Easy Anti-Cheat and
BattlEye [1] [2].

Anti-cheat software runs with very high privilege. More importantly, with many
anti-cheat software, every session a new binary payload is downloaded directly
from the internet.

Anti-cheat software seems like a great platform to launch targeted malware in-
order to achieve a beachhead on a computer network: highly targeted, and
effectively undetectable.

I would expect most software developers don't sandbox their gaming machines
from their work-from-home environments.

[1]
[https://www.reddit.com/r/FortNiteBR/comments/82xyhb/launch_e...](https://www.reddit.com/r/FortNiteBR/comments/82xyhb/launch_error_easyanticheat_not_installed/dvdng3a/)

[2] [https://www.thesun.co.uk/tech/7446514/fortnite-cheats-
beware...](https://www.thesun.co.uk/tech/7446514/fortnite-cheats-beware-epic-
games-buys-game-security-firm-kamu/)

~~~
yorwba
40% ownership won't grant them the ability to abuse the anti-cheat software,
unless I misunderstand how partial ownership works.

~~~
huffmsa
They only need to get another 11% to vote with them.(assuming they have 40%
voting representation).

That's one or two other shareholders you need to bribe / convince. Not
difficult, especially when the company you just invested in is learning what
it's like to have scrooge McDuck money and want more.

~~~
AnthonyMouse
> They only need to get another 11% to vote with them.(assuming they have 40%
> voting representation).

This depends a lot on who owns the other 60%. If it's one other party, the 40%
effectively has no control. If it's a public company with a million other
owners and they're the largest individual shareholder, many of the others
won't even show up to vote their shares and their 40% of all shares will
generally be >50% of the ones that show up to vote for anything.

~~~
gubbrora
I imagine they don't hold a vote on whether to put backdoors or not on a board
meeting. So that raises the question. If not like that, then how does it
actually happen?

~~~
jerf
You just go to the executives and point out that you own 40% of the ownership,
and you'd really like them to hire these couple of guys and put them on this
team, and then not ask too many questions about what they're doing, or you'll
use your 40% ownership to make their lives more difficult, which at 40% can
easily involve ousting them personally. (See other people's comments about the
difficulty of getting enough voters to actually vote to prevent a 40% stake
from being the vote winner.)

The literal thing I just said isn't even _that_ unethical; suppose you own
100% of a company, then telling it to hire someone specific and pay them this
much and put them here would be fully within your rights as owner. (There's
probably a legal hurdle or two to clear, but AFAIK it's nothing that will
actually stop you.) How that changes ethically as your ownership stake
decreases I'll leave as an exercise for the reader. What's unethical is what
they'll be doing when they get there, and who else is tainted ethically
depends on how much they know and what they do about it.

~~~
skinnymuch
The other examples are public companies. Epic Games isn’t. Something shady
could still happen but there are only a few shareholders that control the vast
majority of the company. I think a few other firms and the founder.

------
dalbasal
The way security and surveillance is developing globally is incredibly
worrying.

Security establishments are treating domestic companies, infrastructure, data
hosting and anything else they can as vectors for intelligence. Legislators
are supporting them. No one is taking the higher ground because they're doing
it too.

Meanwhile, the meatiest cash cows in tech are advertising businesses, and the
technologies that make their money are ad-tech, which at this point is
extremely adjacent to spy-tech. Facebook's ad-tech, for example, would be very
good at narrowing down a list of people likely to go on Hajj... I'm sure
tencent's is too.

China is more open/public/brazen about their domestic activities (we noticed
that your friend went to Mecca) where the US is cagey about domestic
operations (eg Snowden). They're more discreet about foreign surveillance,
where the US is a little more public. Both are doing both. So are dozens of
nations and probably few non state players.

Now we seem to have an arm's race, with spooks publicly "outing" rivals and
simultaneously demanding (publicly and privately) legislatures and companies
improve their access.

At best, we get technology and digital culture balkanization. At worst, we get
stasi-on-steriods.

There doesn't seem to be any meaningful political force pushing in the freedom
direction.

~~~
Moru
The political forces that do exist gets actively ignored. People are just
happy as it is, getting everything for free and/or conveniently. And "As long
as you don't have anything to hide..." is the mantra of today.

The thing is, we don't know what we need to hide tomorrow.

~~~
Vinnl
> The thing is, we don't know what we need to hide tomorrow.

Or what others, such as journalists and whistle-blowers, need to hide today.

------
DarkWiiPlayer
I'm really torn between two thougts.

Of course this kind of censorship shouldn't happen. What they are doing is
wrong and I find it mostly just sad that the Chinese government can't function
without such a degree of censorship.

On the other side though, people are being warned again and again about
centralized platforms, and they never cared one bit. Even with China as a
perfect example of how terribly that can go wrong, people just won't believe
that maybe, just maybe, they shouldn't be relying 100% on centralized
messaging and social media platforms.

We can't change the Chinese government; nobody can. It's a political monolith
built from the ground up to maintain its own stability above all else. What we
can do, however, is the way we think about software; not as something that
just seems to grow on trees on its own, but tools that can and will be used
for political purposes whenever possible.

~~~
ardy42
> We can't change the Chinese government; nobody can. It's a political
> monolith built from the ground up to maintain its own stability above all
> else.

People once thought the same thing about Soviet Russia, and they were wrong.
The Chinese government can be changed, it's just that none of the actions "we"
can do to help with that have any clear path to quick success. I think it'll
be more an exercise of doing what one can (like refusing to cooperate with
censorship. tying to subvert it, amplifying dissidents, etc.) and waiting.

Just to clarify, I'm taking "we" to mean all of us opposed to
authoritarianism, across _all_ national boundaries.

~~~
alexandre_m
That's foolish to believe that.

Soviet Russia in the 80s was falling apart after economic stagnation, then the
perestroika and glasnost would make it open to critic communism itself, even
some events like Chernobyl contributed to some extent.

You wouldn't have even dreamed to make Soviet Russia regime fall with "social
pressure" under Stalin.

China is not regressing nor stagnating, it's peaking. You can't take it out
from the inside so easily.

------
bibyte
I am wondering how popular WeChat and QQ is outside of China. The most
worrying news for me is Tencent investment in Reddit.

~~~
Ultramanoid
> _Although WeChat’s primary user base is in China, an estimated 100 to 200
> million people outside the country use the messaging service. Among them are
> millions of members of the Chinese diaspora in countries like Canada,
> Australia and the United States, but there is also broader expansion in much
> of Asia. Malaysia is reportedly home to 20 million WeChat users, out of a
> population of 31 million. In Thailand, an estimated 17 percent of the
> population has a WeChat account. In Mongolia, WeChat was the second most
> downloaded application in 2017. Merchants in Myanmar’s Shan state along the
> border with China have taken up the app and the number of retailers in Japan
> that accept WePay (mostly when serving Chinese tourists) increased 35-fold
> last year. Tencent recently purchased a $150 million stake in the news
> aggregator Reddit and is eyeing an entrance into the online video market in
> Taiwan, according to Taiwanese officials._

Edit : Also, remarkably, there's this : _...once an account is registered with
a Chinese phone number, it remains subject to Chinese controls even outside
the country._

And the article gives some examples about it and how the control is not
limited to within China itself.

~~~
ilamont
I've said it before, and I'll say it again: If the PRC can't control
individuals, it controls the platforms, either directly or through proxies. It
started with mass media ([https://freedomhouse.org/blog/media-control-china-
model-comp...](https://freedomhouse.org/blog/media-control-china-model-
complexity-and-thoroughness)), social media, the Internet
([https://www.bloomberg.com/quicktake/great-firewall-of-
china](https://www.bloomberg.com/quicktake/great-firewall-of-china)), and
telecommunications in the PRC, expanded to "overseas Chinese" communities in
Southeast Asia, Australia, and North America
([https://www.rfa.org/english/news/china/monitoring-0327201811...](https://www.rfa.org/english/news/china/monitoring-03272018113611.html)),
global tech companies ([https://money.cnn.com/2018/04/05/news/economy/china-
foreign-...](https://money.cnn.com/2018/04/05/news/economy/china-foreign-
companies-restrictions/index.html)), and now global social media communities
([https://mashable.com/2016/11/22/facebook-censor-
china/#PGexF...](https://mashable.com/2016/11/22/facebook-censor-
china/#PGexFR6YsiqJ) and
[https://news.ycombinator.com/item?id=19121882](https://news.ycombinator.com/item?id=19121882)).

------
Brain_Thief
It seems like every week brings an ever-quickening deluge of this kind of
information, whether about some surveillance corporation lying to / exploiting
its users or an oppressive government edging ever closer toward a full-on 1984
nightmare scenario (some are just about there).

At this point the decision tree facing privacy activists, those concerned with
human rights, and those who support the expansion of western moral aspirations
is unambiguous.

Do you dislike Google fucking up the internet and assisting with totalitarian
censorship regimes? Stop using their services. Stop letting them pay you to
improve their services. If you're good enough to work at Google, you're
uniquely positioned to get another high-paying job somewhere else. Same with
the other big offenders.

Do you dislike FaceBook's scummy behavior on everything from censorship, to
digital stalking of non-users, to psychological experimentation with unwitting
human subjects? Stop adding fuel to the fire. Quit. Today. Now.

Are you uncomfortable with China's aggressive censorship, human rights abuses,
and surveillance? Stop buying shit from them. Stop using their software. Nine
times out of ten you don't need it.

Exceptions arise, and no one's behavior is perfect. But the 1/10 case where
you absolutely MUST use a certain surveillance app or buy a certain widget
made by slaves in another country is not an excuse for throwing your hands up
and capitulating in the other nine cases you encounter every day.

------
philprx
Both Telco equipment and social chat backdoor or interception is possible but:

Reach of Huawei (or other manufacturer) potential backdoor is bigger and more
business focused than social media and games.

So the risk is still great to economy with Telco compromise, but the social
and political risk is probably equal or comparable with social media.

A bit comparing apples and oranges still, but interesting anyway.

------
alias_neo
Let's not forget Tencent also owns ~40% of Epic Games.

All of those sweet Fortnite hours-played are going to do well for your social
credit score.

~~~
icebraining
> All of those sweet Fortnite hours-played are going to do well for your
> social credit score.

On the contrary, Chinese regulators have been forcing gaming companies -
including Tencent - to impose playtime limits.

~~~
alias_neo
Same result though right? The government decides how much gaming you can do.

EDIT: Just to be clear, my original comment was sarcastic; gaming is bad for
your social credit score under the new system. Just in case you thought I
actually meant good.

~~~
yorwba
> gaming is bad for your social credit score under the new system

No it isn't. The idea is popular, probably because it plays into the simple
narrative of a totalitarian government doing a single big thing to control
everything at once. But the "social credit system" essentially amounts to
separate government departments trying to coordinate their actions. Here's the
best-informed article I've read so far on the topic:
[https://foreignpolicy.com/2018/11/16/chinas-orwellian-
social...](https://foreignpolicy.com/2018/11/16/chinas-orwellian-social-
credit-score-isnt-real/)

~~~
alias_neo
Thanks for the link.

Although this may be the case now, we can't just dismiss the fact that any
government or service provider can (and will) continue to develop these
systems and in the future control and deny more rights and access to services
based on people's lifestyles.

As the NHS struggles more in the UK, I can imagine a future where your
lifestyle habits, bought from banks and retailers are used to decide on your
entitlement to care.

Insurance companies already use profiling, employers have been guilty of it,
even countries using your social media to make decisions on entry.

These things will continue to be eroded, and if we just simply dismiss it,
because a statement is too "matter of fact" like mine was, were in danger of
losing sight of the fact that this is happening everywhere, it just doesn't
necessarily have a nice marketing name yet.

------
CalRobert
I was surprised to see them recruiting at Defcon.

------
zimpenfish
Weird “whataboutism” - social media you opt into vs telco network hardware
you’d have (presumably) no choice with. Don’t get me wrong - they’re both bad
but one is a distinct level up.

~~~
huffmsa
I'd say it's the other way around. You can avoid Huawei devices because it's
easy to say "this brand is bad."

But he average consumer doesn't know what software Tencent has ties to. You
think you're getting North Carolina's Epic Games, but you're also getting
Shenzhen's Tencent.

~~~
auiya
> You can avoid Huawei devices because it's easy to say "this brand is bad."

You know for a fact not a single packet any of your devices have sent or
received have traversed a Huawei device?

~~~
everdrive
I think this is a great example of an equivocation that often gets made. A
security risk that a company might be able to reliably implement on a large
scale, vs. a technical security risk that might only be true in a research
lab.

ie, a single packet going through a Huawei devices doesn't pose me any threat.
Not really. If I signed up for a Tencent service, though, quite a bit of my
information would be voluntarily handed to the Chinese government.

(and to be clear, there is a real risk to Huawei infrastructure, but it's not
the rare possibility that I may never be able to avoid it as I sometimes use
the internet.)

~~~
lightedman
"A security risk that a company might be able to reliably implement on a large
scale, vs. a technical security risk that might only be true in a research
lab."

Man can make it, man can break it. One of the most valuable lessons taught to
me during my times at Solectron Global.

You think you're secure in any way? No. The absolute nature of computer
science makes 'security' a laughable goal.

See: Ghidra. I've already used it to pull out several 0-days from Windows 7
and 8+ (including 10 since it is based on 8.)

Your train of thought is good, but doesn't hold up to actual reality.

And while you think those packets hold no threat to you, try going overseas if
you've said anything bad (I had to deal with this in Thailand after
criticizing the King while living in the USA.)

Don't be naive - watch what these people in charge are doing.

