China rejects worry over domain rules

China has responded to concerns that broad new rules, which could allow the blocking of sites without a Chinese domain name registered, are simply misunderstood.

China's technology regulator has rejected criticism of proposed internet rules that could block access to foreign websites, insisting the measures are not just a covert way to tighten control over cyberspace.

Experts have said the draft regulations, like many laws in China, could be interpreted broadly and, in extreme cases, could give authorities the power to shut off access to all websites that have not registered their web addresses in the country.

The Ministry of Industry and Information Technology said in its proposed revisions to domain name management regulations that Chinese websites must use domestic domain registration services or risk being cut off in China, and are facing fines up to 30,000 yuan, approximately AU$6,000.

The ministry has since told Reuters there was "misunderstanding" about the regulations which "did not fundamentally conflict" with global practices.

The rules "do not involve websites that are accessed overseas, do not affect users from accessing the related internet content and do not affect the normal development of business for overseas companies in China," it said in an email on Wednesday.

"We are closely examining the draft regulation and will provide appropriate input," a Baidu spokesman told Reuters.

China has long operated the world's most sophisticated online censorship mechanism, known as the Great Firewall. The websites for Google's services, Facebook, and Twitter are all inaccessible in China, although Google reappeared briefly earlier this week.

Under President Xi Jinping, the government has implemented an unprecedented increase in internet control, and sought to codify the policy within the law.

China's top internet regulator, Lu Wei, has said the government is not being too restrictive. Officials say controls help maintain social stability and national security in the face of threats such as terrorism.

At the beginning of last year, China upgraded its Great Firewall and began to crack down on the use of VPNs within the Middle Kingdom.

"Cyberservices need to abide to Chinese laws, and bad information will be dealt with in accordance with the laws," Wen Ku, Ministry of Industry and Information Technology Director of Telecom Development, said at the time. "With the development of the internet, the country will come up with new methods to tackle these new issues."

In recent months, Citizen Lab, a research group within the University of Toronto, has found a number of Chinese web browsers to be transmitting personally identifiable data with little or no encryption, leaving users open to man-in-the-middle data collection.

This week, Citizen Lab revealed the QQ browser from Tencent not only sends a large amount of users' personal data back to its servers, but is also vulnerable to arbitrary code execution thanks to an insecure update process.

"QQ Browser phones home information on your device's hardware serial numbers, and tracks your location and every page you visit," said Jeffrey Knockel, senior researcher at Citizen Lab at the University of Toronto's Munk School of Global Affairs. "Even the person you trust most does not have access to this amount of information on you, and yet QQ receives it from everyone who uses their browser."

In February, Citizen Lab found that Baidu Browser for Android and Windows was also transmitting personal data in the open, or with an easily breakable encryption scheme.

"Baidu endeavors to collect data in a way consistent with the highest standards of security and user privacy in the industry," Baidu said at the time.

With AAP