Maxthon MX5 Browser: Review (Is it really secure?)
Maxthon is a 13-year-old company that has been making internet browsers since they stepped foot on this planet. Their newest browser is a sleek looking internet browser called MX5, or MX5 Cloud Browser.
Maxthon’s MX5 browser is promoted as a fast and secure web browser for Windows, Android, iOS, macO, and other platforms. Maxthon calls MX5 the fastest web browser available which is a very bold and possibly false statement.
If you look around the web for MX5 reviews you’ll notice that most of them, if not all, are sponsored by Maxthon; Maxthon paid the content creators and websites to review their product or offered them an upgrade in their VIP Program (that ended on September 31, 2016 – before the browser was publically launched). Whether or not that changes the outcome of the review is unknown, but it’s something to keep in mind. Additionally, this review is not sponsored by Maxthon.
i.maxthon.com is not encrypted and tracks the life out of you
When you first install MX5, sign up, and launch the browser you will be taken to http://i.maxthon.com/. Yes, HTTP, unencrypted, insecure. For a browser that promotes itself as “secure”, it certainly doesn’t take being secure very seriously. A webpage that does not utilize a security certificate and HTTPS puts you at risk and leaves you vulnerable to man in the middle attacks.
I.maxthon.com is entirely engulfed in tracking cookies as shown in the image above. The home page even has advertisements generated from the Google AdSense program and uses Google search which one would assume is their competitor.
Maxthon sites don’t use HTTPS
Just like the maxthon.com home page, other pages are not encrypted, on any internet browser for that matter (unless your browser forces HTTPS). For example, the extension center does not use HTTPS which is just utterly insane and gives me a headache.
Caught sharing sensitive data over an unencrypted connection
MX5 feels like a ghost town. That’s probably because people stay away from it since they were caught sharing their user’s sensitive information with Chinese servers. According to reports, in 2016, researchers from Fidelis Cybersecurity and Exatel discovered that MX5 was sending sensitive browsing and system data, such as ad blocker status, websites visited, searches conducted, and applications installed with their version numbers, to remote servers located in Beijing, China. Maxthon claimed that the data was sent as part of their ‘User Experience Improvement Program’ which is “voluntary and totally anonymous.” However, researchers found the data was still being sent to remote servers even after users opted out of the program.
Furthermore, the researchers discovered that the data was being sent over an unencrypted HTTP connection.
Create a shadow mailbox with UUmail
UUmail is actually a pretty cool gimmick. UUmail is promoted as a shield for your real email accounts that protects your real information from being revealed and keeps your real email accounts free from spam. UUmail will forward messages sent to the UUmail email address you create to your real email account.
To get started with UUmail you will use your real email address, verify the email address, create a shadow email account such as botcrawl@botcrawl.uu.me, and then you’re pretty much done.
UUmail is probably the most unique part of MX5; However, there are so many free shadow email services around the web, so this is just a gimmick and nothing more.
Conclusion
MX5 feels like it’s years behind other internet browsers like Opera, Brave, Chrome, and Firefox. It’s stuck in the past and that does nothing to benefit your security. If it’s not stuck in the past it was created as a cash-grab to make money selling user data.