Hello and welcome back to TechCrunch’s China roundup, a digest of recent events shaping the Chinese tech landscape and what they mean to people in the rest of the world.
This week, the gaming industry again became a target of Beijing, which imposed arguably the world’s strictest limits on underage players. On the other hand, China’s tech titans are hastily answering Beijing’s call for them to take on more social responsibilities and take a break from unfettered expansion.
China dropped a bombshell on the country’s young gamers. As of September 1, users under the age of 18 are limited to only one hour of online gaming time: on Fridays, Saturdays and Sundays between 8-9 p.m.
The stringent rule adds to already tightening gaming policies for minors, as the government blames video games for causing myopia, as well as deteriorating mental and physical health. Remember China recently announced a suite of restrictions on after-school tutoring? The joke going around is that working parents will have an even harder time keeping their kids occupied.
A few aspects of the new regulation are worth unpacking. For one, the new rule was instituted by the National Press and Publication Administration (NPPA), the regulatory body that approves gaming titles in China and that in 2019 froze the approval process for nine months, which led to plunges in gaming stocks like Tencent.
It’s curious that the directive on playtime came from the NPPA, which reviews gaming content and issues publishing licenses. Like other industries in China, video games are subject to regulations by multiple authorities: NPPA; the Cyberspace Administration of China (CAC), the country’s top internet watchdog; and the Ministry of Industry and Information Technology, which oversees the country’s industrial standards and telecommunications infrastructure.
As analysts long observe, the mighty CAC, which sits under the Central Cyberspace Affairs Commission chaired by President Xi Jinping, has run into “bureaucratic struggles” with other ministries unwilling to relinquish power. This may well be the case for regulating the lucrative gaming industry.
For Tencent and other major gaming companies, the impact of the new rule on their balance sheet may be trifling. Following the news, several listed Chinese gaming firms, including NetEase and 37 Games, hurried to announce that underage players made up less than 1% of their gaming revenues.
Tencent saw the change coming and disclosed in its Q2 earnings that “under-16-year-olds accounted for only 2.6% of its China-based grossing receipts for games and under-12-year-olds accounted for just 0.3%.”
These numbers may not reflect the reality, as minors have long found ways around gaming restrictions, such as using an adult’s ID for user registration (just as the previous generation borrowed IDs from adult friends to sneak into internet cafes). Tencent and other gaming firms have vowed to clamp down on these workarounds, forcing kids to seek even more sophisticated tricks, including using VPNs to access foreign versions of gaming titles. The cat and mouse game continues.
While China curtails the power of its tech behemoths, it has also pressured them to take on more social responsibilities, which include respecting the worker’s rights in the gig economy.
Last week, the Supreme People’s Court of China declared the “996” schedule, working 9 a.m. to 9 p.m. six days a week, illegal. The declaration followed years of worker resistance against the tech industry’s burnout culture, which has manifested in actions like a GitHub project listing companies practicing “996.”
Meanwhile, hardworking and compliant employees have often been cited as a competitive advantage of China’s tech industry. It’s in part why some Silicon Valley companies, especially those run by people familiar with China, often set up branches in the country to tap its pool of tech talent.
The days when overworking is glorified and tolerated seem to be drawing to an end. Both ByteDance and its short video rival Kuaishou recently scrapped their weekend overtime policies.
Similarly, Meituan announced that it will introduce compulsory break time for its food delivery riders. The on-demand services giant has been slammed for “inhumane” algorithms that force riders into brutal hours or dangerous driving.
In groundbreaking moves, ride-hailing giant Didi and Alibaba’s e-commerce rival JD.com have set up unions for their staff, though it’s still unclear what tangible impact the organizations will have on safeguarding employee rights.
Tencent and Alibaba have also acted. On August 17, President Xi Jinping delivered a speech calling for “common prosperity,” which caught widespread attention from the country’s ultra-rich.
“As China marches towards its second centenary goal, the focus of promoting people’s well-being should be put on boosting common prosperity to strengthen the foundation for the Party’s long-term governance.”
This week, both Tencent and Alibaba pledged to invest 100 billion yuan ($15.5 billion) in support of “common prosperity.” The purposes of their funds are similar and align neatly with Beijing’s national development goals, from growing the rural economy to improving the healthcare system.
Apple has encountered monumental backlash to a new child sexual abuse material (CSAM) detection technology it announced earlier this month. The system, which Apple calls NeuralHash, has yet to be activated for its billion-plus users, but the technology is already facing heat from security researchers who say the algorithm is producing flawed results.
NeuralHash is designed to identify known CSAM on a user’s device without having to possess the image or knowing the contents of the image. Because a user’s photos stored in iCloud are end-to-end encrypted so that even Apple can’t access the data, NeuralHash instead scans for known CSAM on a user’s device, which Apple claims is more privacy friendly, as it limits the scanning to just photos rather than other companies which scan all of a user’s file.
Apple does this by looking for images on a user’s device that have the same hash — a string of letters and numbers that can uniquely identify an image — that are provided by child protection organizations like NCMEC. If NeuralHash finds 30 or more matching hashes, the images are flagged to Apple for a manual review before the account owner is reported to law enforcement. Apple says the chance of a false positive is about one in one trillion accounts.
But security experts and privacy advocates have expressed concern that the system could be abused by highly resourced actors, like governments, to implicate innocent victims or to manipulate the system to detect other materials that authoritarian nation states find objectionable. NCMEC called critics the “screeching voices of the minority,” according to a leaked memo distributed internally to Apple staff.
Last night, Asuhariet Ygvar reverse-engineered Apple’s NeuralHash into a Python script and published code to GitHub, allowing anyone to test the technology regardless of whether they have an Apple device to test. In a Reddit post, Ygvar said NeuralHash “already exists” in iOS 14.3 as obfuscated code, but was able to reconstruct the technology to help other security researchers understand the algorithm better before it’s rolled out to iOS and macOS devices later this year.
It didn’t take long before others tinkered with the published code and soon came the first reported case of a “hash collision,” which in NeuralHash’s case is where two entirely different images produce the same hash. Cory Cornelius, a well-known research scientist at Intel Labs, discovered the hash collision. Ygvar confirmed the collision a short time later.
Hash collisions can be a death knell to systems that rely on cryptography to keep them secure, such as encryption. Over the years several well-known password hashing algorithms, like MD5 and SHA-1, were retired after collision attacks rendered them ineffective.
Kenneth White, a cryptography expert and founder of the Open Crypto Audit Project, said in a tweet: “I think some people aren’t grasping that the time between the iOS NeuralHash code being found and [the] first collision was not months or days, but a couple of hours.”
When reached, an Apple spokesperson declined to comment on the record. But in a background call where reporters were not allowed to quote executives directly or by name, Apple downplayed the hash collision and argued that the protections it puts in place — such as a manual review of photos before they are reported to law enforcement — are designed to prevent abuses. Apple also said that the version of NeuralHash that was reverse-engineered is a generic version, and not the complete version that will roll out later this year.
It’s not just civil liberties groups and security experts that are expressing concern about the technology. A senior lawmaker in the German parliament sent a letter to Apple chief executive Tim Cook this week saying that the company is walking down a “dangerous path” and urged Apple not to implement the system.