Well, on cursory examination, the Aqara/Xiaomi hub was talking to a bunch of Chinese servers constantly. I didn't dive too deep into what all they were actually for. When I blocked the device from phoning home with my router, all the connected devices stopped working! None of the buttons or sensors would work, the RGB light on the hub couldn't even be changed. As soon as it lost the ability to ping its servers in China, the thing actually started strobe light flashing blue. Re-enable the outside network access on it, starts working again. This was totally antithetical to why I use HomeKit in the first place, so I removed the hub and paired all the Aqara accessories with a generic open source Zigbee hub (ConBee II) and added it to HomeKit with HomeBridge.
In the future I plan to give brands more scrutiny before investing time/money in them and granting them unfettered access to my LAN...
Their phones running Android One are also fine and can be reflashed. But the rest of the items are quite shady. I have sniffed on the network traffic some devices generate and it's quite scary.
The same thing applies to other Chinese industrial equipment. For example, I know some labs put BGI sequencers inside airgapped subnetworks because of industrial espionage fears.
The whole idea of connecting everything to the internet is getting out of hand.
1. Internet and digital infrastructure has no integrity as how it is currently.
2. Anything for home, machinery, all should work when there is NO internet connection. Just like an app should work (to some extend) in airplane mode. It really comes down to the idea of data/device sovereignty.
Is this my device or not? If I need to ping some place in China to get this working. Then make it clear on your front page that it is is a lease.
(And now I'm half expecting someone to respond that IKEA also collects our data. I don't know if they do, and I'd expect them not to, but I'd really like to know if they do.)
It's not only Xiaomi issue: many Chinese top and noname smartphones stealing user data and show ads inside their UIs. Cheap hardware & users data mining - great business model.
The same with apps: https://www.vietnambreakingnews.com/2019/01/es-file-explorer...
No real roundtrip happening.
If you're into writing your own code, https://ruuvi.com/ has bluetooth low energy sensors that transmit temperature/humidity/air pressure/3d-acceleration data with an open protocol, also their firmware is open source. They have a mobile app that displays readings from sensors, but for anything else you'd need to set up your own data logging or home automation server.
edit: and -> a
Wait, why would Zigbee devices require Wi-Fi connection? That would be a red flag for me, I would have avoided products like this.
There is however no reason why the hub should have internet access though.
Obviously Xiaomi devices do not work in my network anymore.
Not that that is at all ok - it’s really not. But China is a country where there’s no concept of privacy - when companies are actually required to keep tabs on their customers and report data back to the state on a regular basis without legal oversight from an independent judiciary, the notion that the company isn’t entitled to peek in on you must be an alien idea.
It doesn't mean Xiaomi doesn't learn everything about my air quality, temperature and humidity, but it at least decreases the attack surface.
I'm not at all surprised the hub thing constantly chats with its family back in China, but a properly security-paranoid home automation aficionado wouldn't be caught dead giving some proprietary black box power and network inside their own home.
[0] https://shop.homeseer.com/products/nortek-usb-zigbee-zwave-i...
That sounds like the definition of a cell phone.
Is the answer just to find zigbee-only gear?
Out of curiosity do you want Chinese companies to use US servers? Or where would servers be ideally placed for a Chinese brand to be accepted? I genuinely am curious to know.
To each there own, but I think China will have to fundamentally change at this point for me to have any trust in any Chinese companies. Just look at Alibaba. If they are not safe from CCP influence, then it is safe to assume that all Chinese companies are just shells, or under influence of, the CCP.
Imagine if China could stop all smart homes from working if a politician said something about concentration camps.
Do you think the average american cares more about their garage door opener working or the camps?
> The intention here seems to be that aigt is the timestamp when the ID was generated. So if that timestamp deviates from current time by more than 7776000000 milliseconds (90 days) a new ID is going to be generated. However, this implementation is buggy, it will update aigt on every call rather than only when a new ID is generated. So the only scenario where a new ID will be generated is: this method wasn’t called for 90 days, meaning that the browser wasn’t started for 90 days. And that’s rather unlikely, so one has to consider this ID permanent.
If we assume that Xiaomi aren't literally trying to spy for a government and are in fact just poorly calibrated on what's legitimate to collect for product analytics purposes, this paragraph highlights why that's still incredibly dangerous despite "good intentions".
I remember the UK government investigation into Huawei concluding that not only was their security posture insufficient for critical infrastructure, but their engineering practices were likely a decade away from being at a point where they could start to claim good security practice.
This paragraph seems to suggest a similar problem at Xiaomi. This should have been caught at a security review stage during design, it should have been caught at the code review stage, it should have been caught by automated tests, it should have been caught by QA, it should have been caught once live by data tests, it should have been seen once live by analysts, it should have been fixed at so many different points. The fact it wasn't suggests that these stages either don't exist or are insufficient.
Open source and verifiable down to the firmware is the only chance we have at any real level of trust, otherwise as is always apparent in these conversations, it often falls otherwise to who you think could compromise your device and making your bed with it, like USA not China or vice versa
While I agree with your intent, the problem is that, many open source software is not verifiable.
Remember that a Kaggle competitor was openly cheating with his published code? (cf. https://www.theregister.com/2020/01/21/ai_kaggle_contest_che... ) Eventually he got caught, but it's sometimes extremely difficult to spot a well-hidden malicious code in a plain sight. We need to be much better at analyzing software.
Completely agree.
> Open source and verifiable down to the firmware is the only chance we have at any real level of trust
The hardware itself could be compromised though. There's just no way to know what's really inside these black boxes.
We'll never have real trust until we get the ability to fabricate our own processors in our own home just like we already have the ability to write our own software.
What happens when I install the FB app on a Purism enabled device?
My way to go until now has been installing as many OSS apps on my smartphone as possible, to the point that even the keyboard and the launcher on my smartphone are installed through f-droid.
That's the main reason why I prefer Android phones over Apple ones.
If the very first people (presumably the "higher ups"/more prestigious designers) in the design process miss such things, it is very hard to call them out in a societal construct that is the business construct that has become Xiaomi and the Chinese Government.
It's hard enough in some companies for QA to question software engineers and not catch backlash in the US when making games. Companies like EA, Atari and Nintendo are notorious for it. Apple used to shitcan QA who didn't treat "the talent" nice enough, and they weren't a quasi governmental entity.
You're right, of course. But man, that's a big frog in your throat to go up to your manager and say, "Sir, I'm sorry but this whole process has issues. Here's the fix, but it means a redesign of a core process." That's tough. That's double tough.
There are many ways to work around this, having teams whos incentives are tied to finding issues, maybe in a different reporting chain or office or country to those writing the software is one way.
ASFAIK, Xiaomi does not sell any critical infrastructure equipment, nor is it installed anywhere; not entirely sure why GCHQ or NCSC would be involved, especially when there is ambiguity around which/what equipment they should be conducting a code review upon?
With regard to Huawei, there was no decisive conclusion, despite a comprehensive security review. Furthermore, it has been business as usual for currently installed equipment. All future decisions will be based around the 5G infrastructure.
Is that even allowed by Chinese law?
I know Xiaomi is not the best brand to buy for privacy, but I consider their products one of the best in terms of value for money
I own a few Xiaomi devices, I simply install Blokada on each one of them and I think you would be surprised by how many non Chinese domains it blocks, Google being one of the worst offenders.
EDIT:
see this screenshot
EDIT 2: paradoxically knowing that Xiaomi is a Chinese company make buyers more aware of the privacy risks involved. It breaks that false sense of security associated with electronic devices that many people believe in.
Seems more likely this was done on purpose so if they got caught they could say "Junior engineer made a mistake. So sorry."
https://www.google.com/search?client=firefox-b-d&q=china+mss...
This is the same reason that Zoom is banned at my workplace and many other partner companies.
You've actually got two problems here. One is the commercial advertising/for-profit related data sharing problem described in the article. The second is that Xiaomi, as a company with that collected data resident in China on its servers, is obliged to provide a pipeline for a copy of their database to the MSS upon request.
So while I assume they're tracking users, I don't think the calculator having a privacy policy is as shocking as it initially sounds.
It's more that consumers around the world have been brainwashed into believing huge markups are the default and must be accepted.
That of course does not alleviate the data collection concerns about Xiaomi, but it is unfair to say that given the production apparatus to produce at scale and the ability to absorb losses initially, it is not possible to make devices this cheap.
It would be very interesting to see a random sampling of 20 'non technical' users presented with such a phone, and given instructions simply "here is your new phone, please unbox it and connect it to the wifi and do things on the internet for three hours". Record a video of their interactions with the screen.
In my experience the vast, overwhelming majority of people when presented with a software popup like "Do you accept the license agreement to use this calculator?" will simply click yes/accept/okay/proceed as quickly as possible and disregard what it actually means.
I have a theory that a very small percentage of persons would actually balk or become suspicious of seeing something like a privacy policy agreement for a photo gallery or music player.
You only need to look at the past several years of news from Hong Kong and the Uyghur/Xinjiang province situation to see the stark real world difference in human rights, political freedoms and press freedoms.
They're unproductive and flame-war prone. I downvoted your comment.
A dominant China is interested in promoting their own values of Xi thought. And they're working very hard to promulgate it. Their coercive ability is remarkable in how it's already transformed Hollywood. Their ability to do so will only increase.
If you're anywhere near any scene you might consider not liked by the current government (which surely also includes journalists and the likes), your domestic agencies are a far bigger threat than the MSS, as long as you don't choose to go to China - and even then, you're probably fine, unless you're fighting against the Chinese regime in particular.
And yes, the patriot act and the NSA are no joke. It's not like subpoenas are never head of (and the EU is, at least in parts, not much better).
Fixed that for you. Xiaomi offer an official bootlock unloader for their shitty MIUI roms which no one else on the planet does and is one of two companies out there that sells stock android phones. They are the easiest mobiles on the planet to install LineageOS on.
Imagine being on HackerNews and not at least slightly acknowledging the fact this company makes the most hacker friendly phones on Earth. It's honestly embarrassing.
Feel free to sniff the packets on any other device and realise how prevalent phonehomes are and how the eyes can access all of it on a whim if it's going to non-Chinese companies.
If you were an activist in the Western world I would only recommend a Chinese phone to protect yourself.
Cointelpro is still roaring hard today.
I dislike results of either, replacement of both is on my oversized TODO list - and was there since at least two years.
I dislike that USA government, China government and God knows who else has full (partial?) copy of whatever I ever typed on my phone but I did nothing beyond selecting Android Zero, declining "send all what I typed to Google" and declining gloud sync.
(I am already spending plenty of time on badgering local government about green spaces and bicycle infrastructure, massive amount of time on OpenStreetMap - and my time is limited)
Anyway, you're right. In practice, protecting your privacy is a massive hassle. I just do it step by step, knowing that even half-assing it is better than nothing.
Because outside US it doesn't really matter whether it's Chinese or American company that has your data.
- Australia has similar laws.
- Snowden releases showed the US don’t even ask, they just take it.
So it’s not like there is a huge amount of difference around the world.
I am not familiar with Australia privacy law, could you give me a rough idea what is look like?
Snowdon case made the US government look bad, please don't use the same reason to make the Chinese Communist Party look good or OK.
It's kind weird when something bad happens, everyone just points at the US and says they do that too! The CCP did something bad, Somehow it's OK because the US government did something bad.
If you are an US national and living in the US, you can complain and bitch about your government all you want and not worrying about your safety, hence you can talk about the Snowdon case or berate the president, and things might change. Would you dare doing that in Chinese soil even if your are not Chinese.
Even without wifi access it is vastly superior to previous choices. At similar pricing to my previous one.
I’m quite wary of the whole monitoring scene but my next air filter purchase will be a Xiaomi again.
Can’t really speak to their other products but on that front they have made a convert out of me despite my aversion to questionable data practices.
Also apparently it’s home assistant compatible. So HA it and firewall it off is the plan
https://smartairfilters.com/en/blog/xiaomi-purifier-auto-mod...
Also it is likely the Chinese are spying on me indirectly (data collection where the chinses military can access the data if they want to) but I really have nothing significant on me that the Chinese would want to be concerned with me.
Shouldn't that be a huge red flag? Any time someone offers something too good to be true, it never is.
> Also it is likely the Chinese are spying on me indirectly
Why?
> I really have nothing significant on me that the Chinese would want to be concerned with me.
It's not just about you, dammit. [0]
By accepting their offer, you validate their actions. You give them bigger reach and make it easier for them to get people that might be of interest.
[0] https://en.wikipedia.org/wiki/Nothing_to_hide_argumentSo you give them your email passwords? After all, you have nothing to hide.
Xiaomi phones have much higher audio latency than Samsung phones.[1] As a VoIP user, I would rather use an entry level Samsung phone (e.g., a $150 A02s) than a Xiaomi flagship.
But I agree that software from significantly non free nations is extra concerning.
And we can't forget many Euro citizens simply don't care.
I do think this shows the perks of open source software and being able to self-host or federated solutions.
Because it is much easier. I am already spending plenty of time on badgering local government about green spaces and bicycle infrastructure, massive amount of time on OpenStreetMap - and my time is limited.
I have no time to learn how to and run and maintain my own mail server.
They make cheap phones.
1) make a Xiaomi account with
and
2) insert a SIM card to the device (!)
Is that not insane? Other people seem to think so too: https://android.stackexchange.com/a/186052
Apparently the only alternative to this is rooting the device, which may break it.
Apparently this is a huge problem in China, where there seems to be quite literally no trust at all on online shopping. This actually does seem to be the case if you try buying devices from any NON-xiaomi-official store Aliexpress shop. They're usually $0.01-$1.00 cheaper, and are guaranteed to be packed with massive amounts of malware. None of which can be pressed "disable" or "uninstall" (greyed out).
They use fake reviews and fake buyers much like Amazon in the west, to inflate their order count and ratings to be sorted above Xiaomi official store
And no, you can't break an Android device by rooting it. Worst case you'll have to reflash the system partition through recovery.
For me this was enough of a reason to send the device back, but I started fiddling around and ended up being able to use USB debugging without an Xiaomi account. I don't remember how I managed to do this, I think I had to disable a specific MIUI optimization. No ADB had to be used for this. I think it was this https://android.stackexchange.com/a/185876
I'm also pretty sure that I did not insert a SIM card at that point, because I was still using the device-to-be-replaced on that and the following days.
I think it's just a lot of tactics which they use in order to push you to create an account, but ultimately it's not required.
That being said, I really despise their MIUI, all their modifications. Everything about it attempts to make you use their products, even if Google's apps are already installed.
For me, the Android experience which the Pixel devices give you are all I want. Even Motorola's minor enhancements are something I don't want on a new phone.
Yes I personnaly find it very schocking.
Bought a Samsung A20 for the same purpose, no need for a sim or any sort of dev account.
Plugged the usb cable and a few minutes later my nativescript app was running.
You need to insert a SIM AND use mobile data on it (ie. turn off wifi, enable mobile data). Just inserting a dummy SIM card won't work.
If Lineage starts supporting this device, I'll definitely move over from MIUI.
American company collects your data? $1,400,000,000,000 valuation.
This reminds me of how we call Russian billionaires "oligarchs" but we just call American billionaires...billionaires.
2.) People call out Google all. the. time. There's an article here weekly about dumping Google, finding alternatives, praying for antitrust regulation, etc.
3.) We don't commonly call billionaires who live in the middle east, china, and other non-western countries "oligarchs", do you know why?
Why are you so upset about Xiaomi getting called out?
I'm referring to Google with that valuation.
>We don't commonly call billionaires who live in the middle east, china, and other non-western countries "oligarchs", do you know why?
Propaganda? An oligarch is a rich person with a lot of political influence. Sounds like an average billionaire to me.
>People call out Google all. the. time. There's an article here weekly about dumping Google, finding alternatives, praying for antitrust regulation, etc
I don't think I have ever seen a mainstream publication refer to Google apps and services as spyware. Which of course is what they are.
>Why are you so upset about Xiaomi getting called out?
Only annoyed at the obviously biased language.
We should be more consistent in our terminology.
They're referring to Alphabet's (Google) market cap, not Xiaomi's.
American company will collect data to show you ads and profit.
Are they really same?
Unless you get a target on your back, in which case the American company will provide the American law enforcement agencies with whatever data they want to take action against you and your family.
Your assertion is just a variation of "if you're not doing anything wrong you shouldn't worry about spying".
7 years later and it's like Snowden never even existed.
One could say the motives are different, but to act as if American groups collect data purely for profit isn't true.
>Are they really the same?
No, but acting similarly doesn't imply identical similarity.
They really aren't the same and personally I'd rather not have my data collected, but I'd rather it be dispersed with a corporate arms race who aren't allowed to set laws than an aggregate that belongs to a party that has much more control over my life.
If anything, you face a much greater threat from the American intelligence apparatus than one in a foreign country.
And your kids data. Grades, searches, web history, pics, diaries. I can totally see new private APIs for recruiters, banks, insurances - like personal assessment scores.
Don't try to whitewash it.
But, the point I actually want to make is that this implies that people aren't concerned with Google's use of their private data, which I think is demonstrably not true, given that they've got multiple open lawsuits against them over it.
So for someone like me, living in a 14 eyes country, are you saying it is worse for my privacy that a government on the other side of the earth that my government doesn't really like might have access to some of my data is better compared to a country my government are sharing data with who also have access to pretty much everything that happens online? I know for a fact that no matter what I say or do online PRC agents will never knock down my door. US agents? That would be quite a lot easier. In less serious waters, privacy is also worse as we know from Snowden that the US not only harvest everything it can but it also share it with US businesses. Will I ever see ads based on an algorithm trained on data from both sides? No idea, but I know which one would be worse for me by a long shot.
Note: it also isn't a derogatory term, as it appears to be implied here, it just is an identifier of how wealth was accumulated.
Russian billionaires came to their wealth purely through corruption - i.e. using via their connections during the crucial years of transformation to market economy to buy huge state-owned industrial companies for 0.1-1% of their real value.
Russian Oligarchs are called that because they are about two dozen people who looted about 95% of the country's wealth and are basically a transnational crime syndicate masquerading as a govt.
I can't tell of you are deeply clueless, trolling, or spreading dezinformatziya. Either way, perhaps you should remember this quote from famous American author Mark Twain: "It is better to remain silent and let people think you are a fool, than to open your mouth and remove all doubt".
Seriously, this is what you're going with?
Russigan oligarchs are people who just straight out stole national assets from the Soviet Union/Russia, with the help of the current ruler. There's a relatively clear definition:
The problem we have is with their externalities. For oligarchs, the main line of business <<is>> the problem.
I'll leave the log results of accessed IPs as an exercise to the reader. Hint: no chinese/russian IP addresses are being accessed.
I'd guess a lot more people use Huawei devices (before they were outlawed) than explicitly using a Xiaomi browser.
And a lot of people didn't forget Snowden.
Addendum: I use a MacBook pro (32gig, I7) and a Win10 pro work device (32gig, I7) as well. Neither contacts China or russia. Both of them submit ~10x of unknown traffic than the Huawei device.
I don't want to paint the chinese dictatorship as "good", not at all. But I do want to remind that the US is - as experienced by an EU consumer - worse. Not now, but maybe in the future, at least according to collected data.
As Snowden revealed, the NSA itself is way above that playing field. They (quite unsurprisingly) use IPs in the respective country, or just false-flag IPs in "enemy" countries. And the data is not actually sent as plain packets but tacked in the form of metadata onto normal, innocent packets going elsewhere. Then servers on intermediate hops exfiltrate that data. And none of it might happen if you're not actually targeted.
That of course underlines your main point. I don't see "sends nothing to foreign IPs" as an argument though.
That said, I also think it's incredibly naive to think that a collection system wouldn't make use of a local proxy to mask the ultimate destination of the information. It's such a trivial task to do, and provides a host of benefits to obfuscate and sow doubt as to where the data is going and will be ultimately used for.
I'm not assuming that "it must be reporting back to China through a proxy!", but rather, the absence of certain national IPs in that list shouldn't be used to rule out scenarios either. An idea scenario for me would be that the device didn't call back period, or if it did, it did so to endpoints that could be authenticated and audited.
1) My Google, IG accounts both sent me security alert about successful login attempt from from Thailand, Vietnam. I 100% sure I only created the IG from this phone once and have not used that password from anywhere else. IG Username / password was taken from this phone and attempt to be login from somewhere else.
2) I can't get the phone to disconnect from wifi. I put the phone on airplane mode, disable wifi, bt, etc. Manually change the wifi password to something else. it always successfully reconnected back after a few days with old password. There are logic in the phone can try very hard to state connected online. It remembers old password and successfully connect successfully with it after a few days.
Only rename the wifi ap in my router seems to finally permanently disconnect it from the network.
Why we discuss mostly the degree of such abuse and not the core of the problem ?
Another core of the problem is dealing with communist regimes. We never learn? Communists are literally responsible for millions of deaths in the 20th century.(https://www.youtube.com/watch?v=NDTbNmUgeXk) They have a good record of disrespecting human rights. Why someone sane would expect them to respect any of his rights now?
We are in the middle of a data gold rush. Business types can't resist.
They will also stop allowing custom ROMs once they've built up enough reputation, some newer models already will never have custom ROMs.
Does Google collects our navigation data? (Yes if we are using chrome or android and logged in)
Does Google knows what videos and what kind of videos do we watch? (Do you need an answer?)
Call it's a spyware because is a chinese company? Really? Nah. Google does the same or at least worst than it.
I'm neither defending Xiami nor Google. The question is: almost every application does data collection. And if you call it as spyware, therefore every app which does data collection is a spyware.
Or Google being spyware somehow makes Xiaomi spyware less shitty?
This "whataboutism" is getting tiring. What Xiaomi does here is really bad. if google does/did the same thing it would ALSO be bad.
There is no "but they do it too!". It's bad, period.
Also Google isn't under the control of an authoritarian government who is committing genocide as we speak.
I'm no Google fan and I dislike what big tech have become but I rather let Google have my data than the CCP.
Is this our definition of spyware? I see countless articles float by on HN about super cookies, spy pixels and browser fingerprinting. Those do effectively the same things, track users against their expressed wishes, but we just don't call them spyware.
Who doesn't call trackers spyware? Everyone with a slightly-above-average sense of privacy has been calling them spyware and blocking them for years.
Why would Xiaomi tell me to download a 26MB update from their store if the one from Google Play, where I downloaded the app it's less than 15MB?
I'll be getting rid of this phone by the end of the month.
Because, unlike Google, they don't use app bundles and partial updates?
Still 90%+ use Chrome. I know noone using a Xiaomi browser.
This and chrome and most web browsers are spyware at this point.
Firefox doesn't do this.
Looking at the list of things they collect, how could it possibly be legitimate, or compared to what "western" or any other companies are doing?
- Full URL history
- Full search history: engine and terms etc
- Full download history
- Full youtube activities: search, which video, for how long
Xiaomi are great but for me this is the end of the line with their phones. Privacy comes at a premium nowadays and lots of us are willing to pay for it.
Those affected can block the following domains from resolving:
- data.mistat.intl.xiaomi.com
- sdkconfig.ad.intl.xiaomi.com
Ah. I'd recognize this spy domain anywhere since it regularly features in my pihole's top 5 blacklisted ones
The mostly chinese and russian reviews on YouTube seem to show those numbers to be at least not ouright lies, but people on the OpenWRT Forums talk about the Routers talking quite a lot back to China.
I really wish for somebody credible to do a teardown to look into these boxes.
Also that router is currently on sell on JD.COM (https://item.jd.com/100017450204.html) priced at ¥599.00, about 80€ I guess.
There are rumors says Xiao Mi has somewhat subsidized their line ups with intention to create their own ecosystem. If true, that's one of the reason why their devices can have such low price.
On the other hand, ¥599 is not exactly cheap in China. Somebody can literally survive a entire month on that amount of money. A "normal" price for a "regular" router is around ¥70~¥200.
Even if they were not built with malicious purpose, they have both excellent state-funded hackers and poor security practices in most of their consumer products.
Unfortunately, from what I've seen, I think the same can be said about software from Korea/Japan...
They may also collect fingerprints and other biometrics (voice, pictures) in a similar misleading way. There's a lot of wise tricks others have learned from Google. IMO only strict laws forbidding data collection from smartphones completely will change that.
Xiaomi devices are usually at sweet spots price/performance-wise (not really great hardware imo, but well). With custom ROMs (including my GSIs, but other custom ROMs are fine as well), buy a phone for their hardware, not for their software. (BTW my daily driver is a Pixel 5... not running Google adwares! Only high-end-ish device that fits my hand).
However, Xiaomi devices are bricks for like a month, because before being able to install your own software, you need to be approved (connecting a smartphone on a Windows computer), and it's only once you get your smartphone that you can install your own software.
Awesome project though.
If you use a computer, smartphone or IoT device then yes, it collects data, just as Facebook runs ads.
What's collected these days:
Your social circle,
every time you connect to the mobile network, when, which tower you connected to, tx/rx bytes, who you phoned, where the callee is located
Whether you're in a car, walking (sensors)
Whether your sleeping...(a recent Google blog post talked about a new "sleep tracking" API).
You generate data as a human, interested parties (governments) collect that and will store it for the rest of time. I suspect there's a database of every URL visited by any human in the last 20 years.
This is not surprising and should surprise nobody.
They've really been on a privacy invasion spree lately.
There is likely tonnes of binaries that run outside of Android, so OEM you choose matters too.
The thing about big data is you never know in advance what kind of data can turn into a gold mine for your business. So the strategy "collect as much as you can afford and get away with" is economically reasonable if not optimal. Until this changes, nothing will change. And Xiaomi is not an exception here.
Does the article's author really believe this or is put there because of outside pressure? I, for one, would not believe that for a single second.
When looking at the code snippets in the article I wonder about the variable names. This doesn't look like decompiled code. And I don't think their whole browser is open source. What am I missing here?
Simply knowing someone could be watching you and your source code reduces the chance of malicious code.
Open-source doesn't mean anything for freedom if all you can do is look, because you don't have the signing keys and such to modify what you want. It just means they get to show you exactly how they put the noose on you, that's all.
Firefox is also chock-full of "telemetry" and it's 100% open-source. That one you do get to modify, but it's still a bloody bastard to strip it all out and recompile to your liking.
Yet people in Europe they LOVE Xiaomi. I swear I’ve seen so many of my friends with those high end 500$ phones.
Even if they are tech guys it’s like they just don’t care , they want the most powerful phone with the most features at the cheapest price.
At this game Xiaomi and other Chinese brands have become very good.
That being said Google as been doing the exact same thing for 30 years. Nobody ever considered banning google from anything.
"You either die a hero, or you live long enough to see yourself become the villain"
I expect more from HN. Can we please discuss the problem in isolation and especially the interesting technical bits? Ask yourself, this kind of exploitation is bad regardless of whether any country does something similar. It's anti-user in every possible interpretation.
Sure, but you also see this problem doesn't exists in a vacuum. Noted by you bringing up concentration camp numbers in this exact comment section. Maybe you should listen to your own advice?
Note that Xiaomi is a Chinese startup hub, started by former googlers. 90% of what they sell is produced by Chinese startups.
(That being said, I would use never Xiaomi software myself. I only use their hardware with open source 3rd party apps)
Even if they just collect the data now, they might sell it 5 years down the line.
You have to consider the worst possible interpretation, even if its not true today. Companies can be sold or taken over, go bust and their assets get sold.
Companies can change too. Look at google. In 2000's I trusted google a lot more than I trust it now. You can bet google still has all my data from 2000's.
I don't see how you can expect any less of this, even in the US. American companies collect vast amount of information that are either acquired by the state later on, acquired via some deal with the state, or some network of revolving doors is further entrenching US-style state capitalism which erases the distinction. Frankly, American corporations are effectively more powerful than the government at this point, at least in certain domains (like where freedom of speech is concerned). It'll only get worse until something gives.
And given that American greed funded the wealth and power of the CCP in the first place, given the massive investments in China, I do not expect the globalist American imperial oligarchy to change course. Why would they? They like what the CCP is doing. They share more in common with the Chinese ruling class than with most Americans.
Don't use chinese brands for phones, software, etc.
People, please just use Google Chrome and stop with all these Chinese spyware!
Do you believe CCP is so capable to utilize such tools?
If the answer is yes, then you should ask yourself is there any realistic chance of overpowering such a technologically advanced "government". And how much more powerful the private sectors would be. Think about how much gap is between silicon valley and US government in technological capabilities.
This framing of pin everything as government sponsored activities make it very difficult to correct such behavior effectively. Because they were easily brushed off as intentional attack on the nation.
Why not just put it as what is?
I mean 996 in Chinese high tech industry is killing the quality of the work. That's obviously the right reasoning right?
I don’t know if there will ever be a sino-American war, but if there ever is one it’s going to be very painful for us.