Are Xiaomi browsers spyware? Yes, they are (2020)(palant.info) |
Are Xiaomi browsers spyware? Yes, they are (2020)(palant.info) |
Don't use chinese brands for phones, software, etc.
Do you believe CCP is so capable to utilize such tools?
If the answer is yes, then you should ask yourself is there any realistic chance of overpowering such a technologically advanced "government". And how much more powerful the private sectors would be. Think about how much gap is between silicon valley and US government in technological capabilities.
This framing of pin everything as government sponsored activities make it very difficult to correct such behavior effectively. Because they were easily brushed off as intentional attack on the nation.
Why not just put it as what is?
I mean 996 in Chinese high tech industry is killing the quality of the work. That's obviously the right reasoning right?
I don’t know if there will ever be a sino-American war, but if there ever is one it’s going to be very painful for us.
The thing about big data is you never know in advance what kind of data can turn into a gold mine for your business. So the strategy "collect as much as you can afford and get away with" is economically reasonable if not optimal. Until this changes, nothing will change. And Xiaomi is not an exception here.
Does the article's author really believe this or is put there because of outside pressure? I, for one, would not believe that for a single second.
When looking at the code snippets in the article I wonder about the variable names. This doesn't look like decompiled code. And I don't think their whole browser is open source. What am I missing here?
Simply knowing someone could be watching you and your source code reduces the chance of malicious code.
Open-source doesn't mean anything for freedom if all you can do is look, because you don't have the signing keys and such to modify what you want. It just means they get to show you exactly how they put the noose on you, that's all.
Firefox is also chock-full of "telemetry" and it's 100% open-source. That one you do get to modify, but it's still a bloody bastard to strip it all out and recompile to your liking.
That feature is optional, and depends on proprietary, closed-source TPM firmware. You just proved my point– it has to be 100% open-source to respect your freedom.
> Open-source doesn't mean anything for freedom if all you can do is look, because you don't have the signing keys and such to modify what you want. It just means they get to show you exactly how they put the noose on you, that's all.
I agree. That's why I prefer the term freedom-respecting software. Under the free software definition, that is no longer FLOSS, because users do not have the right to modify the software.
> and guess what all the locked-down Android phones run...?
Alas, Linux is not under GPLv3, which ensures that users have an equal right to modify their software.
> Firefox is also chock-full of "telemetry" and it's 100% open-source. That one you do get to modify, but it's still a bloody bastard to strip it all out and recompile to your liking.
Get a prebuilt build of LibreWolf: https://librewolf-community.gitlab.io/
That it's fully open-source checks Mozilla's power to do abusive things. Telemetry can be disabled in Firefox settings.
I've used both of your examples to advance my point further. 100.0% open-source = freedom-respecting and non-abusive.
Yet people in Europe they LOVE Xiaomi. I swear I’ve seen so many of my friends with those high end 500$ phones.
Even if they are tech guys it’s like they just don’t care , they want the most powerful phone with the most features at the cheapest price.
At this game Xiaomi and other Chinese brands have become very good.
That being said Google as been doing the exact same thing for 30 years. Nobody ever considered banning google from anything.
"You either die a hero, or you live long enough to see yourself become the villain"
I expect more from HN. Can we please discuss the problem in isolation and especially the interesting technical bits? Ask yourself, this kind of exploitation is bad regardless of whether any country does something similar. It's anti-user in every possible interpretation.
Sure, but you also see this problem doesn't exists in a vacuum. Noted by you bringing up concentration camp numbers in this exact comment section. Maybe you should listen to your own advice?
I am highlighting the absurdity of evaluating US ad-tech to 2 million people in concentration camps.
Note that Xiaomi is a Chinese startup hub, started by former googlers. 90% of what they sell is produced by Chinese startups.
(That being said, I would use never Xiaomi software myself. I only use their hardware with open source 3rd party apps)
Even if they just collect the data now, they might sell it 5 years down the line.
You have to consider the worst possible interpretation, even if its not true today. Companies can be sold or taken over, go bust and their assets get sold.
Companies can change too. Look at google. In 2000's I trusted google a lot more than I trust it now. You can bet google still has all my data from 2000's.
I don't see how you can expect any less of this, even in the US. American companies collect vast amount of information that are either acquired by the state later on, acquired via some deal with the state, or some network of revolving doors is further entrenching US-style state capitalism which erases the distinction. Frankly, American corporations are effectively more powerful than the government at this point, at least in certain domains (like where freedom of speech is concerned). It'll only get worse until something gives.
And given that American greed funded the wealth and power of the CCP in the first place, given the massive investments in China, I do not expect the globalist American imperial oligarchy to change course. Why would they? They like what the CCP is doing. They share more in common with the Chinese ruling class than with most Americans.
Well, on cursory examination, the Aqara/Xiaomi hub was talking to a bunch of Chinese servers constantly. I didn't dive too deep into what all they were actually for. When I blocked the device from phoning home with my router, all the connected devices stopped working! None of the buttons or sensors would work, the RGB light on the hub couldn't even be changed. As soon as it lost the ability to ping its servers in China, the thing actually started strobe light flashing blue. Re-enable the outside network access on it, starts working again. This was totally antithetical to why I use HomeKit in the first place, so I removed the hub and paired all the Aqara accessories with a generic open source Zigbee hub (ConBee II) and added it to HomeKit with HomeBridge.
In the future I plan to give brands more scrutiny before investing time/money in them and granting them unfettered access to my LAN...
Their phones running Android One are also fine and can be reflashed. But the rest of the items are quite shady. I have sniffed on the network traffic some devices generate and it's quite scary.
The same thing applies to other Chinese industrial equipment. For example, I know some labs put BGI sequencers inside airgapped subnetworks because of industrial espionage fears.
The whole idea of connecting everything to the internet is getting out of hand.
1. Internet and digital infrastructure has no integrity as how it is currently.
2. Anything for home, machinery, all should work when there is NO internet connection. Just like an app should work (to some extend) in airplane mode. It really comes down to the idea of data/device sovereignty.
Is this my device or not? If I need to ping some place in China to get this working. Then make it clear on your front page that it is is a lease.
(And now I'm half expecting someone to respond that IKEA also collects our data. I don't know if they do, and I'd expect them not to, but I'd really like to know if they do.)
It's not only Xiaomi issue: many Chinese top and noname smartphones stealing user data and show ads inside their UIs. Cheap hardware & users data mining - great business model.
The same with apps: https://www.vietnambreakingnews.com/2019/01/es-file-explorer...
No real roundtrip happening.
If you're into writing your own code, https://ruuvi.com/ has bluetooth low energy sensors that transmit temperature/humidity/air pressure/3d-acceleration data with an open protocol, also their firmware is open source. They have a mobile app that displays readings from sensors, but for anything else you'd need to set up your own data logging or home automation server.
edit: and -> a
Wait, why would Zigbee devices require Wi-Fi connection? That would be a red flag for me, I would have avoided products like this.
There is however no reason why the hub should have internet access though.
Obviously Xiaomi devices do not work in my network anymore.
Not that that is at all ok - it’s really not. But China is a country where there’s no concept of privacy - when companies are actually required to keep tabs on their customers and report data back to the state on a regular basis without legal oversight from an independent judiciary, the notion that the company isn’t entitled to peek in on you must be an alien idea.
It doesn't mean Xiaomi doesn't learn everything about my air quality, temperature and humidity, but it at least decreases the attack surface.
I'm not at all surprised the hub thing constantly chats with its family back in China, but a properly security-paranoid home automation aficionado wouldn't be caught dead giving some proprietary black box power and network inside their own home.
[0] https://shop.homeseer.com/products/nortek-usb-zigbee-zwave-i...
That sounds like the definition of a cell phone.
Is the answer just to find zigbee-only gear?
Out of curiosity do you want Chinese companies to use US servers? Or where would servers be ideally placed for a Chinese brand to be accepted? I genuinely am curious to know.
To each there own, but I think China will have to fundamentally change at this point for me to have any trust in any Chinese companies. Just look at Alibaba. If they are not safe from CCP influence, then it is safe to assume that all Chinese companies are just shells, or under influence of, the CCP.
Imagine if China could stop all smart homes from working if a politician said something about concentration camps.
Do you think the average american cares more about their garage door opener working or the camps?
> The intention here seems to be that aigt is the timestamp when the ID was generated. So if that timestamp deviates from current time by more than 7776000000 milliseconds (90 days) a new ID is going to be generated. However, this implementation is buggy, it will update aigt on every call rather than only when a new ID is generated. So the only scenario where a new ID will be generated is: this method wasn’t called for 90 days, meaning that the browser wasn’t started for 90 days. And that’s rather unlikely, so one has to consider this ID permanent.
If we assume that Xiaomi aren't literally trying to spy for a government and are in fact just poorly calibrated on what's legitimate to collect for product analytics purposes, this paragraph highlights why that's still incredibly dangerous despite "good intentions".
I remember the UK government investigation into Huawei concluding that not only was their security posture insufficient for critical infrastructure, but their engineering practices were likely a decade away from being at a point where they could start to claim good security practice.
This paragraph seems to suggest a similar problem at Xiaomi. This should have been caught at a security review stage during design, it should have been caught at the code review stage, it should have been caught by automated tests, it should have been caught by QA, it should have been caught once live by data tests, it should have been seen once live by analysts, it should have been fixed at so many different points. The fact it wasn't suggests that these stages either don't exist or are insufficient.
https://www.google.com/search?client=firefox-b-d&q=china+mss...
This is the same reason that Zoom is banned at my workplace and many other partner companies.
You've actually got two problems here. One is the commercial advertising/for-profit related data sharing problem described in the article. The second is that Xiaomi, as a company with that collected data resident in China on its servers, is obliged to provide a pipeline for a copy of their database to the MSS upon request.
1) make a Xiaomi account with
and
2) insert a SIM card to the device (!)
Is that not insane? Other people seem to think so too: https://android.stackexchange.com/a/186052
Apparently the only alternative to this is rooting the device, which may break it.
American company collects your data? $1,400,000,000,000 valuation.
This reminds me of how we call Russian billionaires "oligarchs" but we just call American billionaires...billionaires.
I'll leave the log results of accessed IPs as an exercise to the reader. Hint: no chinese/russian IP addresses are being accessed.
I'd guess a lot more people use Huawei devices (before they were outlawed) than explicitly using a Xiaomi browser.
And a lot of people didn't forget Snowden.
Addendum: I use a MacBook pro (32gig, I7) and a Win10 pro work device (32gig, I7) as well. Neither contacts China or russia. Both of them submit ~10x of unknown traffic than the Huawei device.
I don't want to paint the chinese dictatorship as "good", not at all. But I do want to remind that the US is - as experienced by an EU consumer - worse. Not now, but maybe in the future, at least according to collected data.
1) My Google, IG accounts both sent me security alert about successful login attempt from from Thailand, Vietnam. I 100% sure I only created the IG from this phone once and have not used that password from anywhere else. IG Username / password was taken from this phone and attempt to be login from somewhere else.
2) I can't get the phone to disconnect from wifi. I put the phone on airplane mode, disable wifi, bt, etc. Manually change the wifi password to something else. it always successfully reconnected back after a few days with old password. There are logic in the phone can try very hard to state connected online. It remembers old password and successfully connect successfully with it after a few days.
Only rename the wifi ap in my router seems to finally permanently disconnect it from the network.
3) I have let the phone back online and created Google account that is 100% unique to this phone. Love know how long would it take for the login attempt for that G account from Thailand/Vietnam start to show up.Why we discuss mostly the degree of such abuse and not the core of the problem ?
Another core of the problem is dealing with communist regimes. We never learn? Communists are literally responsible for millions of deaths in the 20th century.(https://www.youtube.com/watch?v=NDTbNmUgeXk) They have a good record of disrespecting human rights. Why someone sane would expect them to respect any of his rights now?
We are in the middle of a data gold rush. Business types can't resist.
They will also stop allowing custom ROMs once they've built up enough reputation, some newer models already will never have custom ROMs.
Does Google collects our navigation data? (Yes if we are using chrome or android and logged in)
Does Google knows what videos and what kind of videos do we watch? (Do you need an answer?)
Call it's a spyware because is a chinese company? Really? Nah. Google does the same or at least worst than it.
I'm neither defending Xiami nor Google. The question is: almost every application does data collection. And if you call it as spyware, therefore every app which does data collection is a spyware.
Is this our definition of spyware? I see countless articles float by on HN about super cookies, spy pixels and browser fingerprinting. Those do effectively the same things, track users against their expressed wishes, but we just don't call them spyware.
Why would Xiaomi tell me to download a 26MB update from their store if the one from Google Play, where I downloaded the app it's less than 15MB?
I'll be getting rid of this phone by the end of the month.
Because, unlike Google, they don't use app bundles and partial updates?
Still 90%+ use Chrome. I know noone using a Xiaomi browser.
This and chrome and most web browsers are spyware at this point.
Firefox doesn't do this.
And when you finally manage to do some therapeutic dissonance from the above default behaviour.
Whenever you use the inbuilt DoH on Firefox, FF shares this stats with Cloudflare too.
Looking at the list of things they collect, how could it possibly be legitimate, or compared to what "western" or any other companies are doing?
- Full URL history
- Full search history: engine and terms etc
- Full download history
- Full youtube activities: search, which video, for how long
This is full blown home phoning trojan horse.Xiaomi are great but for me this is the end of the line with their phones. Privacy comes at a premium nowadays and lots of us are willing to pay for it.
Those affected can block the following domains from resolving:
- data.mistat.intl.xiaomi.com
- sdkconfig.ad.intl.xiaomi.com
Ah. I'd recognize this spy domain anywhere since it regularly features in my pihole's top 5 blacklisted ones
The mostly chinese and russian reviews on YouTube seem to show those numbers to be at least not ouright lies, but people on the OpenWRT Forums talk about the Routers talking quite a lot back to China.
I really wish for somebody credible to do a teardown to look into these boxes.
Also that router is currently on sell on JD.COM (https://item.jd.com/100017450204.html) priced at ¥599.00, about 80€ I guess.
There are rumors says Xiao Mi has somewhat subsidized their line ups with intention to create their own ecosystem. If true, that's one of the reason why their devices can have such low price.
On the other hand, ¥599 is not exactly cheap in China. Somebody can literally survive a entire month on that amount of money. A "normal" price for a "regular" router is around ¥70~¥200.
Even if they were not built with malicious purpose, they have both excellent state-funded hackers and poor security practices in most of their consumer products.
Unfortunately, from what I've seen, I think the same can be said about software from Korea/Japan...
They may also collect fingerprints and other biometrics (voice, pictures) in a similar misleading way. There's a lot of wise tricks others have learned from Google. IMO only strict laws forbidding data collection from smartphones completely will change that.
Xiaomi devices are usually at sweet spots price/performance-wise (not really great hardware imo, but well). With custom ROMs (including my GSIs, but other custom ROMs are fine as well), buy a phone for their hardware, not for their software. (BTW my daily driver is a Pixel 5... not running Google adwares! Only high-end-ish device that fits my hand).
However, Xiaomi devices are bricks for like a month, because before being able to install your own software, you need to be approved (connecting a smartphone on a Windows computer), and it's only once you get your smartphone that you can install your own software.
Awesome project though.
I've never made any GSI without storage encryption, and My GSI have always been running SELinux enforcing. Some kinds of GSIs have those kind of issues, but it's only those that are binary ports from OEM ROMs, like port from Xiaomi or OnePlus ROMs, but proper source-based GSIs shouldn't have those issues.
If you use a computer, smartphone or IoT device then yes, it collects data, just as Facebook runs ads.
What's collected these days:
Your social circle,
every time you connect to the mobile network, when, which tower you connected to, tx/rx bytes, who you phoned, where the callee is located
Whether you're in a car, walking (sensors)
Whether your sleeping...(a recent Google blog post talked about a new "sleep tracking" API).
You generate data as a human, interested parties (governments) collect that and will store it for the rest of time. I suspect there's a database of every URL visited by any human in the last 20 years.
This is not surprising and should surprise nobody.
They've really been on a privacy invasion spree lately.
In any case I hope you gave it a 1-star review.
There is likely tonnes of binaries that run outside of Android, so OEM you choose matters too.
Open source and verifiable down to the firmware is the only chance we have at any real level of trust, otherwise as is always apparent in these conversations, it often falls otherwise to who you think could compromise your device and making your bed with it, like USA not China or vice versa
While I agree with your intent, the problem is that, many open source software is not verifiable.
Remember that a Kaggle competitor was openly cheating with his published code? (cf. https://www.theregister.com/2020/01/21/ai_kaggle_contest_che... ) Eventually he got caught, but it's sometimes extremely difficult to spot a well-hidden malicious code in a plain sight. We need to be much better at analyzing software.
Completely agree.
> Open source and verifiable down to the firmware is the only chance we have at any real level of trust
The hardware itself could be compromised though. There's just no way to know what's really inside these black boxes.
We'll never have real trust until we get the ability to fabricate our own processors in our own home just like we already have the ability to write our own software.
What happens when I install the FB app on a Purism enabled device?
My way to go until now has been installing as many OSS apps on my smartphone as possible, to the point that even the keyboard and the launcher on my smartphone are installed through f-droid.
That's the main reason why I prefer Android phones over Apple ones.
If the very first people (presumably the "higher ups"/more prestigious designers) in the design process miss such things, it is very hard to call them out in a societal construct that is the business construct that has become Xiaomi and the Chinese Government.
It's hard enough in some companies for QA to question software engineers and not catch backlash in the US when making games. Companies like EA, Atari and Nintendo are notorious for it. Apple used to shitcan QA who didn't treat "the talent" nice enough, and they weren't a quasi governmental entity.
You're right, of course. But man, that's a big frog in your throat to go up to your manager and say, "Sir, I'm sorry but this whole process has issues. Here's the fix, but it means a redesign of a core process." That's tough. That's double tough.
There are many ways to work around this, having teams whos incentives are tied to finding issues, maybe in a different reporting chain or office or country to those writing the software is one way.
ASFAIK, Xiaomi does not sell any critical infrastructure equipment, nor is it installed anywhere; not entirely sure why GCHQ or NCSC would be involved, especially when there is ambiguity around which/what equipment they should be conducting a code review upon?
With regard to Huawei, there was no decisive conclusion, despite a comprehensive security review. Furthermore, it has been business as usual for currently installed equipment. All future decisions will be based around the 5G infrastructure.
Is that even allowed by Chinese law?
I know Xiaomi is not the best brand to buy for privacy, but I consider their products one of the best in terms of value for money
I own a few Xiaomi devices, I simply install Blokada on each one of them and I think you would be surprised by how many non Chinese domains it blocks, Google being one of the worst offenders.
EDIT:
see this screenshot
EDIT 2: paradoxically knowing that Xiaomi is a Chinese company make buyers more aware of the privacy risks involved. It breaks that false sense of security associated with electronic devices that many people believe in.
Seems more likely this was done on purpose so if they got caught they could say "Junior engineer made a mistake. So sorry."
So while I assume they're tracking users, I don't think the calculator having a privacy policy is as shocking as it initially sounds.
It's more that consumers around the world have been brainwashed into believing huge markups are the default and must be accepted.
That of course does not alleviate the data collection concerns about Xiaomi, but it is unfair to say that given the production apparatus to produce at scale and the ability to absorb losses initially, it is not possible to make devices this cheap.
It would be very interesting to see a random sampling of 20 'non technical' users presented with such a phone, and given instructions simply "here is your new phone, please unbox it and connect it to the wifi and do things on the internet for three hours". Record a video of their interactions with the screen.
In my experience the vast, overwhelming majority of people when presented with a software popup like "Do you accept the license agreement to use this calculator?" will simply click yes/accept/okay/proceed as quickly as possible and disregard what it actually means.
I have a theory that a very small percentage of persons would actually balk or become suspicious of seeing something like a privacy policy agreement for a photo gallery or music player.
You only need to look at the past several years of news from Hong Kong and the Uyghur/Xinjiang province situation to see the stark real world difference in human rights, political freedoms and press freedoms.
They're unproductive and flame-war prone. I downvoted your comment.
A dominant China is interested in promoting their own values of Xi thought. And they're working very hard to promulgate it. Their coercive ability is remarkable in how it's already transformed Hollywood. Their ability to do so will only increase.
If you're anywhere near any scene you might consider not liked by the current government (which surely also includes journalists and the likes), your domestic agencies are a far bigger threat than the MSS, as long as you don't choose to go to China - and even then, you're probably fine, unless you're fighting against the Chinese regime in particular.
And yes, the patriot act and the NSA are no joke. It's not like subpoenas are never head of (and the EU is, at least in parts, not much better).
Fixed that for you. Xiaomi offer an official bootlock unloader for their shitty MIUI roms which no one else on the planet does and is one of two companies out there that sells stock android phones. They are the easiest mobiles on the planet to install LineageOS on.
Imagine being on HackerNews and not at least slightly acknowledging the fact this company makes the most hacker friendly phones on Earth. It's honestly embarrassing.
Feel free to sniff the packets on any other device and realise how prevalent phonehomes are and how the eyes can access all of it on a whim if it's going to non-Chinese companies.
If you were an activist in the Western world I would only recommend a Chinese phone to protect yourself.
Cointelpro is still roaring hard today.
I dislike results of either, replacement of both is on my oversized TODO list - and was there since at least two years.
I dislike that USA government, China government and God knows who else has full (partial?) copy of whatever I ever typed on my phone but I did nothing beyond selecting Android Zero, declining "send all what I typed to Google" and declining gloud sync.
(I am already spending plenty of time on badgering local government about green spaces and bicycle infrastructure, massive amount of time on OpenStreetMap - and my time is limited)
Anyway, you're right. In practice, protecting your privacy is a massive hassle. I just do it step by step, knowing that even half-assing it is better than nothing.
Because outside US it doesn't really matter whether it's Chinese or American company that has your data.
- Australia has similar laws.
- Snowden releases showed the US don’t even ask, they just take it.
So it’s not like there is a huge amount of difference around the world.
I am not familiar with Australia privacy law, could you give me a rough idea what is look like?
Snowdon case made the US government look bad, please don't use the same reason to make the Chinese Communist Party look good or OK.
It's kind weird when something bad happens, everyone just points at the US and says they do that too! The CCP did something bad, Somehow it's OK because the US government did something bad.
If you are an US national and living in the US, you can complain and bitch about your government all you want and not worrying about your safety, hence you can talk about the Snowdon case or berate the president, and things might change. Would you dare doing that in Chinese soil even if your are not Chinese.
Even without wifi access it is vastly superior to previous choices. At similar pricing to my previous one.
I’m quite wary of the whole monitoring scene but my next air filter purchase will be a Xiaomi again.
Can’t really speak to their other products but on that front they have made a convert out of me despite my aversion to questionable data practices.
Also apparently it’s home assistant compatible. So HA it and firewall it off is the plan
https://smartairfilters.com/en/blog/xiaomi-purifier-auto-mod...
Also it is likely the Chinese are spying on me indirectly (data collection where the chinses military can access the data if they want to) but I really have nothing significant on me that the Chinese would want to be concerned with me.
Shouldn't that be a huge red flag? Any time someone offers something too good to be true, it never is.
> Also it is likely the Chinese are spying on me indirectly
Why?
> I really have nothing significant on me that the Chinese would want to be concerned with me.
It's not just about you, dammit. [0]
By accepting their offer, you validate their actions. You give them bigger reach and make it easier for them to get people that might be of interest.
[0] https://en.wikipedia.org/wiki/Nothing_to_hide_argumentSo you give them your email passwords? After all, you have nothing to hide.
Xiaomi phones have much higher audio latency than Samsung phones.[1] As a VoIP user, I would rather use an entry level Samsung phone (e.g., a $150 A02s) than a Xiaomi flagship.
But I agree that software from significantly non free nations is extra concerning.
And we can't forget many Euro citizens simply don't care.
I do think this shows the perks of open source software and being able to self-host or federated solutions.
Because it is much easier. I am already spending plenty of time on badgering local government about green spaces and bicycle infrastructure, massive amount of time on OpenStreetMap - and my time is limited.
I have no time to learn how to and run and maintain my own mail server.
They make cheap phones.
Apparently this is a huge problem in China, where there seems to be quite literally no trust at all on online shopping. This actually does seem to be the case if you try buying devices from any NON-xiaomi-official store Aliexpress shop. They're usually $0.01-$1.00 cheaper, and are guaranteed to be packed with massive amounts of malware. None of which can be pressed "disable" or "uninstall" (greyed out).
They use fake reviews and fake buyers much like Amazon in the west, to inflate their order count and ratings to be sorted above Xiaomi official store
And no, you can't break an Android device by rooting it. Worst case you'll have to reflash the system partition through recovery.
For me this was enough of a reason to send the device back, but I started fiddling around and ended up being able to use USB debugging without an Xiaomi account. I don't remember how I managed to do this, I think I had to disable a specific MIUI optimization. No ADB had to be used for this. I think it was this https://android.stackexchange.com/a/185876
I'm also pretty sure that I did not insert a SIM card at that point, because I was still using the device-to-be-replaced on that and the following days.
I think it's just a lot of tactics which they use in order to push you to create an account, but ultimately it's not required.
That being said, I really despise their MIUI, all their modifications. Everything about it attempts to make you use their products, even if Google's apps are already installed.
For me, the Android experience which the Pixel devices give you are all I want. Even Motorola's minor enhancements are something I don't want on a new phone.
Yes I personnaly find it very schocking.
Bought a Samsung A20 for the same purpose, no need for a sim or any sort of dev account.
Plugged the usb cable and a few minutes later my nativescript app was running.
You need to insert a SIM AND use mobile data on it (ie. turn off wifi, enable mobile data). Just inserting a dummy SIM card won't work.
If Lineage starts supporting this device, I'll definitely move over from MIUI.
2.) People call out Google all. the. time. There's an article here weekly about dumping Google, finding alternatives, praying for antitrust regulation, etc.
3.) We don't commonly call billionaires who live in the middle east, china, and other non-western countries "oligarchs", do you know why?
Why are you so upset about Xiaomi getting called out?
I'm referring to Google with that valuation.
>We don't commonly call billionaires who live in the middle east, china, and other non-western countries "oligarchs", do you know why?
Propaganda? An oligarch is a rich person with a lot of political influence. Sounds like an average billionaire to me.
>People call out Google all. the. time. There's an article here weekly about dumping Google, finding alternatives, praying for antitrust regulation, etc
I don't think I have ever seen a mainstream publication refer to Google apps and services as spyware. Which of course is what they are.
>Why are you so upset about Xiaomi getting called out?
Only annoyed at the obviously biased language.
We should be more consistent in our terminology.
They're referring to Alphabet's (Google) market cap, not Xiaomi's.
American company will collect data to show you ads and profit.
Are they really same?
Unless you get a target on your back, in which case the American company will provide the American law enforcement agencies with whatever data they want to take action against you and your family.
Your assertion is just a variation of "if you're not doing anything wrong you shouldn't worry about spying".
7 years later and it's like Snowden never even existed.
One could say the motives are different, but to act as if American groups collect data purely for profit isn't true.
>Are they really the same?
No, but acting similarly doesn't imply identical similarity.
They really aren't the same and personally I'd rather not have my data collected, but I'd rather it be dispersed with a corporate arms race who aren't allowed to set laws than an aggregate that belongs to a party that has much more control over my life.
If anything, you face a much greater threat from the American intelligence apparatus than one in a foreign country.
And your kids data. Grades, searches, web history, pics, diaries. I can totally see new private APIs for recruiters, banks, insurances - like personal assessment scores.
Don't try to whitewash it.
But, the point I actually want to make is that this implies that people aren't concerned with Google's use of their private data, which I think is demonstrably not true, given that they've got multiple open lawsuits against them over it.
So for someone like me, living in a 14 eyes country, are you saying it is worse for my privacy that a government on the other side of the earth that my government doesn't really like might have access to some of my data is better compared to a country my government are sharing data with who also have access to pretty much everything that happens online? I know for a fact that no matter what I say or do online PRC agents will never knock down my door. US agents? That would be quite a lot easier. In less serious waters, privacy is also worse as we know from Snowden that the US not only harvest everything it can but it also share it with US businesses. Will I ever see ads based on an algorithm trained on data from both sides? No idea, but I know which one would be worse for me by a long shot.
Note: it also isn't a derogatory term, as it appears to be implied here, it just is an identifier of how wealth was accumulated.
Russian billionaires came to their wealth purely through corruption - i.e. using via their connections during the crucial years of transformation to market economy to buy huge state-owned industrial companies for 0.1-1% of their real value.
Russian Oligarchs are called that because they are about two dozen people who looted about 95% of the country's wealth and are basically a transnational crime syndicate masquerading as a govt.
I can't tell of you are deeply clueless, trolling, or spreading dezinformatziya. Either way, perhaps you should remember this quote from famous American author Mark Twain: "It is better to remain silent and let people think you are a fool, than to open your mouth and remove all doubt".
Seriously, this is what you're going with?
Russigan oligarchs are people who just straight out stole national assets from the Soviet Union/Russia, with the help of the current ruler. There's a relatively clear definition:
The problem we have is with their externalities. For oligarchs, the main line of business <<is>> the problem.
As Snowden revealed, the NSA itself is way above that playing field. They (quite unsurprisingly) use IPs in the respective country, or just false-flag IPs in "enemy" countries. And the data is not actually sent as plain packets but tacked in the form of metadata onto normal, innocent packets going elsewhere. Then servers on intermediate hops exfiltrate that data. And none of it might happen if you're not actually targeted.
That of course underlines your main point. I don't see "sends nothing to foreign IPs" as an argument though.
That said, I also think it's incredibly naive to think that a collection system wouldn't make use of a local proxy to mask the ultimate destination of the information. It's such a trivial task to do, and provides a host of benefits to obfuscate and sow doubt as to where the data is going and will be ultimately used for.
I'm not assuming that "it must be reporting back to China through a proxy!", but rather, the absence of certain national IPs in that list shouldn't be used to rule out scenarios either. An idea scenario for me would be that the device didn't call back period, or if it did, it did so to endpoints that could be authenticated and audited.
I despise the chinese government - may it concern Uighurs or the treatment of Tibetans. Still I have a hard time believing none of my data collected by google is used by the US administration, which, as we know, is not always lead by a trustful person. Still, if I had to choose whom to embargo, I'd definitely choose china/russia.
Since it's so easy to cheat traffic, there are two options: only china/russia needs to cover traffic, or ...?
Or Google being spyware somehow makes Xiaomi spyware less shitty?
> Or Google being spyware somehow makes Xiaomi spyware less shitty?
Absolutely not, but both of them doing it defangs certain types of criticism.
False equivalence. If people in here actually broke down the differences, they would have to admit that their "Grr, Google just as bad!" hyperbole is more than just a tad disingenuous.
This "whataboutism" is getting tiring. What Xiaomi does here is really bad. if google does/did the same thing it would ALSO be bad.
There is no "but they do it too!". It's bad, period.
Also Google isn't under the control of an authoritarian government who is committing genocide as we speak.
I'm no Google fan and I dislike what big tech have become but I rather let Google have my data than the CCP.
In early 2020 XDA thread [1] I was suggested to use phh-securise to reenable SELinux, which suggests that it was not enabled by default at least back then. Never got to try phh-securise, since the encryption part of the response was not definitive.
[1] https://forum.xda-developers.com/t/guide-nitrogen-10-10-phh-...
https://github.com/phhusson/treble_experimentations/releases...
> While I agree with your intent, the problem is that, many open source software is not verifiable.
To me, this sentence reads as "That a nice idea, but untenable in practice." rather than "Open source is necessary, but shouldn't be considered sufficient." which strikes me as counter-productive to the objective of easily verifiable software.
Open source software is more verifiable than closed source though.
I think maybe some replies have interpreted my comment as naively assuming that open source firmware would would mean complete trust. I just think it is a good step on the journey.
[0] https://puri.sm/posts/purisms-ceo-todd-weaver-testifies-at-s...
You'd have to be a complete idiot to believe that the CCP isn't happily digging through all the data they send back.
But, here we are. In the real world =/
It's difficult to look past such biases if they're deeply ingrained but I think this can definitely be productive to do so. If you can empathise better with conscious xiaomi users, and understand why people use non-optimal software, such understanding can have a lot of benefits.
EDIT: you have to understand that the cold war is over and you can't replace USSR with modern China, my country has good relationships with both the US and China so it doesn't really matters who's spying on you, they are "good friends" anyway...
I know, I know, you're thinking that doesn't either, but you can control it remotely through an app or website, and automate certain actions. You might want your air cleaner to start running when you leave your office, for example so that your air is dust-free when you get home.
I've actually used a Xiaomi light remote-controlled over the internet to simulate being home while on another continent so that anyone casing the place for a burglary might be dissuaded. I disabled its internet connectivity when I was done with that.
Not very likely on a broader scale, though.
You are saying that if you can find a single example of X happening in domain A and a single example of X happening in domain B, then "apparently" A and B must be "no different" with respect to X. People are murdered in Japan. People are murdered in Brazil. Thus Japan is no different than Brazil with respect to murders.
Please please tell me that you are just being inflammatory and that this "find one example" criteria isn't how you go about making assessments of things.
Could China possibly have infiltrated as much of global communications networks as the NSA & Five Eyes have for the past decade and a half? Not likely! If we didn't have such successful digital espionage programs, would we instead rely on our corporations to spy on our behalf? Very likely, seeing as we've already done that too.
Or maybe the US government knows it can't legally collect certain information on its own citizens, but can rely on China to collect it, and then purchase it from the Chinese government.
Then there's the overall argument against: I don't want any government collecting data about me, period. It's none of their damn business, regardless of the chances of me having to interact with them in any capacity.
The pessimist in me assumes that's because it's a good cover for the intelligence agencies data sharing agreements between the US, China, India, Russian, North Korea, et al.
iptables -I INPUT -m geoip --src-cc CH -j DROP
iptables -I OUTPUT -m geoip --src-cc CH -j DROP
No guide needed.Aren't most processing chips/hardware made in China for all major western tech companies anyway? I get the RU/China server suspiciousness but as far as I can tell, US unicorns are up to the same tricks and openly/brazenly pillaging data without any threat or fear.
Otherwise most consumer products (devices or software) phone home for one reason or another, whether it's telemetry and data collection, basic functionality that's implemented exclusively via cloud, or more advanced cloud features. It's down to deciding whether you trust western legal system and increased transparency to deal with the nefarious aspect of data collection, rather than the Russian, Chinese, etc. legal systems and transparency.
Almost every device or software with network connectivity I played with phoned home: the Philips Hue gateway (Netherlands), Tado (Germany), Apple Homepod (US), Amazon Alexa/Fire* stuff (US), Synology (Taiwan), Unifi Controller (US), LG/Samsung smart TVs (South Korea), Google Chromecast (US), random assortment of network connected cameras (China, Taiwan), and a big etc. here. Some do a better job than others and just connect for basic stuff as far as I can tell, some enabled telemetry without asking and after the backlash ask again after every update, some have no option to disable this connectivity, etc.
One thing that trips most people looking at this for the first time is when they start off with blocking internet connectivity for the least trustworthy devices (Chinese brands) and immediately see a zillion attempts being blocked, even if the device keeps working. They conclude the devices are trying to exfiltrate that much data. They're most likely constantly reattempting until they get a response. Some of my network cameras would try every second but after a successful connection the flood stopped and they barely sent anything.
I chose to "complicate" my life a bit and buy hardware that I can flash with some open source firmware cutting out the cloud features completely, or connecting via "home made" solutions everywhere I can then using my home VPN to control them if needed. Whether China or the US have that data is of little real consequence to me right now but it's a matter of principle and I'd rather not shift my principles based on geography.
At this point, this is table stakes for big tech and it's completely anti-democratic. China may have a very good domestic dragnet but clearly it's playing catch up compared to the foreign intelligence assets the USG (and five eyes) has.
Remember that one of the leaks was that the NSA tapped unencrypted Google backhaul in transit without Google's knowledge.
There's a difference between panopticon fearmongering and citing specific information we should be wary of. The former leads to apathy. The latter leads to action.
The resellers get paid a few dollars for the malware install. I think the most common is people reselling to ship out to other countries, and not sold in China itself.
The aliexpress shops get shut down, negative feedback, but they just open another. Note that aliexpress actually shuts these down in the first place and is "reputable" end of things. Never ever buy devices from gearbest, wish, etc. - ever .
ps: Sadly, the Pinephone is permanently out of stock, otherwise I wouldn't even consider anything else.
I'm genuinely curious what people fear will happen to them and their data if it went to a Chinese server. What are the consequences? What is the difference between Amazon running A/B tests to get as much money from you as quickly as possible VS TikTok trying to improve their suggestion algo to improve their engagement for increased ad revenue?
> just asking the question is enough to get flak
You are definitely right about that!
The Xiaomi phone is better and more attractive in any other way, except privacy.
Generally, if you interrupt the user's flow of thought (if that's a thing) with something unrelated, they'll do the easiest thing possible to rid themselves of that annoyance, like a modal alert you threw at them, to get back on track doing whatever they intended to do. That's what all those consent popups are about. And that's why dark patterns work more often than not.
I roughly categorize UI/UX patterns into those that respect the user and those that don't. Showing a modal and making them decide something right now and right there is very disrespectful and off-putting. iOS of all things does this for system updates, low battery, and some urgent as hell alerts about your Apple ID. What you should be doing instead is use something non-blocking that can be ignored, like a notification, an icon badge, or a clickable bar at the top of the screen. Anyway, I digress.
And then, if you need a calculator, but the one that came with your phone quits unless accept the terms of use, what are you gonna do, as a non-technical person? Go to Google Play and look for a better one? Probably not.
I think most users even accept this as general setup things. When I, as a developer, want my device set up as quickly as possible, I mostly just proceed with everything.
To some of us there is not much difference.
Come on. Do better.
I, for one, would prefer, if I have a choice, it to be just my Gov and not a foreign Gov that I consider to be hostile..
This seems intuitive at first sight but doesn't make sense to me: is it your Gov or a foreign Gov that can more likely bother your life?
The short version is that unless you live inside the PRC data harvested on you is highly unlikely to matter no matter what you do. Inside the US or US allies? Be careful.
For the last decades, the US has been actively trying to undermine -- mostly covertly, sometimes more openly -- leftist parties and organizations in Latin America (more often than not completely unrelated to China), so...
You have quite literally also just described the US.
"China and Communism are a threat which we should seek to undermine". It works both ways.
[1]: https://www.politico.eu/article/xi-jinping-turned-me-into-a-...
The GP responded to each line in the original comment with a number. So, their point about Google (point #2) was seemingly unrelated to their point about Xiaomi's market cap (point #1) as they addressed different parts of the original comment.
The GP mentioned Google perhaps not because of the market cap mentioned in point #1, but rather as a response to the original comment's mention of American companies.
This is further evidenced by their use of point #3 to refer to the term oligarch, which was the third topic raised in the original comment.
You can see how not clear this is based on other replies to the comment as well.
Get a pixel or a oneplus.
Mind, it's strictly a development phone. It sits on my desk plugged in, unless I debug those Android apps. No sim card in either. My personal phone is an iPhone XS.
And although Lenovo is now China-owned, the Moto line is still pure Android and no bloat.
Did a lot of research and the the last gen G Power is the best spec'd budget phone around this price point that is not a Samsung and sold in typical NA big box stores.
Also, these fingerprinting bits in their code-base doesn't inspire confidence either [2][3].
I'd not consider Blokada a serious security app at this point, though it does have the potential to be one.
disclosure: I co-develop a similar foss app.
[0] https://github.com/blokadaorg/blokada/blob/65992cdc/android5...
[1] https://github.com/blokadaorg/blokada/blob/8702350602b/andro...
[2] one identifier too many for a user-agent: https://github.com/blokadaorg/blokada/blob/8702350602b/andro...
[3] unique identifier per installation: https://github.com/blokadaorg/blokada/blob/04efb84e06e1/andr...
what's the name of the app you co-developed?
But according to the logs on my router Blokada is working.
p.s. blokada actually also blocks ads on the formula 1 official app that are served through websockets
For email I basically gave up (for now) as it will likely leak on other side anyway.
But I aggressively avoid cloud sync, and my files on cloud are either public or locally encrypted before uploading. Well, at least it protects against non-targeted attacks.
> I have massive respect for OSM maintainers. People don't appreciate how much work goes into the map data.
:)
Just in case that you have an Android phone - I recommend StreetComplete, it allows limited editing with zero OSM-specific knowledge. Registering for OSM account is the most difficult part.
It works by asking about already mapped elements, while you are in front of them. See https://github.com/streetcomplete/StreetComplete#screenshots
I am glad that you like SC :)
This isn't excusing the behaviour, it's pointing out that "privacy" is not a justification for not using Chinese goods, because American goods have evidence of exactly the same compromise.
I assume it's the Australian Assistance and Access Bill that's being referred to here. It has nothing to do with privacy. It's prime job (which isn't hidden - it's spelt out in the explanatory notes) is to circumvent encryption by accessing the data at the end points, where it isn't encrypted. It must be unencrypted at the end points because humans can't read or listen to encrypted data. https://searchsecurity.techtarget.com/definition/Australian-...
The bill gives several government agencies the legal right to coerce any software company to "assist" them by writing a bug that is invisible to the OS. The "access" part gives them right to coerce a software company to distribute software to any device they target (there is legal oversight on who they can target).
To fill this out with a concrete example, they could compel Google to provide a version of the Android Google Keyboard that records all key strokes and the name of the application it is are sending them to. They can then force Google to install that keyboard via their auto update mechanism. Notice that using an open source program like Signal that securely and correctly encrypts everything, and comes from a trusted source is not a useful defence against this.
Both of these powers are accompanied by an automatic gag mechanism, meaning if Google revealed they were asked to do either of these things someone would go to jail. The provisions in the act for reporting when and where these powers are used, so the voters could have some say are to put it mildly weak.
Although Australia is very clearly a country that operates around "the rule of law", in the end the only difference that has made is we know they are doing it, whereas China could deny they are doing it. In reality, I don't think China tries to deny the Great Firewall of China, or the invasive probes they force citizens to install to support their social credits system.
So yeah in my view OP is quite correct. If there are differences they revolve around how widely these things are deployed, not over whether they exist. I presume my home country, Australia, deploys them a lot less, but they go to a great deal of trouble to ensure there is no way to be sure.
Really, that is what you got from my comment.
In the case of CCP it can even be who you are, as in Tibetan, Uighur and so on.. Or, a national of a different country that China wants to spy on, or a relative of someone that China thinks has a differing opinion from CCP and so on..
It's not even on the same planet, let along in the same ballpark..
They're both evil, just that US is less so.
This can work where everything is in the open except a private firmware signing key.
It's very different than if I modified the firmware on my hard drive or UEFI on a PC. I might fuck up my stuff but it doesn't affect you. I can fiddle with my hard drive firmware all day but I'm not going to block a 911 call you're trying to make.
Also a company giving out modem firmware is an exception and not a rule. It re-classes the device as a hobbyist/experimental device and if they go traipsing around with it they could potentially face fines (unlikely but possible).
Again it's not about lobbying it's about a limited spectrum and people being stupid/assholes not realizing or caring their pocket radio affects others. You live in a world where shitheads try to make their cars louder on purpose and you can pick up dozens of WAPs because everyone sets the power to the highest number the interface allows.
Cell phones only work because the millions of devices run within strict limits and behave reasonably. There's not a lot of difference between a properly operating radio and a radio jammer. Purism isn't going to find a baseband vendor that's going to risk their licenses by allowing for open source firmware.
As far as I know, there is no licensing whatsoever for baseband makers?
Where did you get that it is?
I think the phone vendors that do that are in the vast minority.
I think what the GP is stating is that Ikea's model is based on selling home goods, so the incentives align to sell you home goods not collect data for the Dutch government. Apple could steal all your most private data as well, but their business is luxury electronics so it's not in their best interest. Could this change? asolutely, but are you more concerned with what could be, or what currently is?
People are on average far more predictable than companies. A company is like a person with a very unstable personality. And the predictable component of a company's behavior is usually selfish and evil, whereas the predictable component of a person's behavior is usually good.
It's owned by a dutch foundation which serves to "promote and support innovation in the field of architectural and interior design" (via [0]). Oh and something about kids in developing countries.
[0]: https://en.wikipedia.org/wiki/Stichting_INGKA_Foundation
Also, read the criticisms section of that link. Only after publication of the criticism in the Economist did the family who owns IKEA take action. Now imagine what happens if the family has less control in the future. Also, supporting innovation and supporting developing countries does not mean "don't track users", etc.
I could see IKEA using their "good behavior" as a marketing expenditure or selling point. Much like Apple does. This would align well with their general brand perception vis-a-vis sustainability and whatnot.
My mom isn't going to care, she's going to get something because she thinks it looks cool and the brand is eco-friendly or some shit.
There is a demand for bulletproof cars and blackout curtains, but judging by what I see in my neighborhood, I wouldn't invest heavily in a company that makes those things. But the latest fashions, made sustainably, in POC & women owned business, OMG SO AWESOMEMMEMEME
I trust that if I buy a can of coke, it will contain coke because coke want to keep selling me coke. They don't need to be good people, they just have to care about making money in the future. The fact that I think they care about that is why I can trust that the can of coke in fact contains coke with high probability.
Perhaps but if the company could sell you more coke by having your personal data, it would be silly to assume they would not explore that route.
The question is what happens at the purchase time, and afterwards. To bring back the coke you love, there’s Coca-Cola vending machine that will accept payment from a cell phone, linking with the vending machine through NFC.
What happens to you info when you download the app, what do they do with your purchase history ? Do your data stay in the ‘coke’ silo or move to all the other sister brands and partner marketing firms to infinity and beyond ? Do they scan the other apps on your phone to better profile you ? Do they lobby where you live to get rid of blocking rules when they track you buy less because of them ?
That’s the questions that would come with ‘buying a coke’
You don't even know what coke is, since that formula is kept secret (well, Coca Cola's at least). Also, in some countries, you'll get high-fructose corn syrup instead of cane sugar, which is believed to increase the risk of fatty liver disease, obesity etc. (caveat: Some believe the evidence is not conclusive enough for certainty.)
And why don't they just "sell you coke" everywhere? Because it makes them more money. And the raison d'etre of a commercial company/corporation is pecuniary gain. Profiting. Making money. Management is obligated to act so as to maximize profit (under legal obligations etc. etc.)
This brings us to your first point:
> it's a pretty paranoid take on the market economy.
No, it's literally what commercial companies' charters and fundamental structure requires. No conspiracy theory or paranoia.
In context of spying - if the company has determined their profits would improve by them spying on you, and that they can get away with it - then it's pretty likely they will indeed spy on you.
If your argument for the market economy working in a way that shouldn't inspire paranoia is based on trust and distinguished consumer choice, you've not been paying attention to world news or you're arguing in bad faith.
Don't get me wrong, Firefox is clearly the best of the options available. I use it all the time. But I'm also very aware that there is a bigger bias against Facebook (don't actually care since I don't go near it and block its javascript and cookies) than against Google. Of course, it's not obvious that this is Firefox's fault, Google is extremely good at finding probably-shouldn't-be-legal workarounds to just about any attempt to retain privacy.
You'd think making clear you want to retain your privacy should be enough, legally, but I guess there are no consequences.
https://www.zdnet.com/article/sources-mozilla-extends-its-go...
For us that don't live in the US or China, it is just a matter of choosing between two evils. And in being pragmatics, the 90% of the population outside of China and the US does not give a damn if the US or China are spying in their mundane conversations.
You recall incorrectly. By extension of the First Amendment, US companies are protected from being forced to introduce functionality so as to collect or decrypt information (or for any other purpose). Carrying out original work for the government is considered to be speech, and as a result cannot be compelled. If the data is already collected and available in a decrypted form to the company a court order can compel the data to be turned over as evidence, as is the case with any data (or any thing) held by anyone (with narrow exceptions related to the 5th amendment).
This was a topic of national attention several years ago when the FBI tried (and failed) to compel Apple to create and sign a custom software update to unlock an iPhone.
https://en.m.wikipedia.org/wiki/FBI–Apple_encryption_dispute
Given the choice, I'd choose Cisco every day of the week. It's not perfect but then again there's no such thing as perfect security.
With an E2E messenger, you can be sure that most likely your communications are not being intercepted. With a Chinese company, your communications are never secure.
Not only are Chinese software products not secure, but they'll lie to you about their security. Zoom claimed to have E2E encryption on calls which turned out to be an egregious fabrication (on top of them exporting calls to Chinese servers).
The level of surveillance in Xinjiang vastly exceed that of anywhere else in the world except for military installations.
US (or any) surveillance, especially over data, requires no such ownership or control.
Our laws are so damn barbaric in relation to security that it's scary.
It's gotten to the point where I nearly gave up on security. Who's compromised?
I definitely missed out on a job because I was Australian. (Confirmed later over drinks with one of the devs who I am friends with).
I'm an aussie dev, and I hadn't even considered my eligibility to foreign companies may be compromised.
https://nakedsecurity.sophos.com/2019/02/12/privacy-browser-...
Honestly, when Brave makes the kind of claims that they do, an oversight like this is inexcusable. Privacy should mean privacy, even if that means losing functionality on a select few sites.
does that include the free tiers that many US companies are offering?
For example: Google, Facebook, Twitter, YouTube
Surveillance Capitalism is bad and we should be fighting it.
(a). China is bad (yes, known)
(b). The US is not quite as bad (debatable but for the sake of argument lets agree that this is true)
(c). The US is benign
My comment was only refuting the 3rd supposition. I'm not sure if you actually believe this is true. Though terms such as "country with a functioning democracy" make me think you might...
https://theintercept.com/2014/07/25/nsas-new-partner-spying-...
US Intelligence has too long a history of its own largely consequence-free abuses too. Someone else having a surveillance state doesn't make the one at home any better.
The country is an imperfect union. Although the country attempts at every turn to work towards "A more perfect Union"; clearly we have similar issues that other countries do.
In a comparative analysis, OP was merely saying the US is head and shoulders above a country that suppresses freedom of speech, eliminates political dissent and the people who promote freedom and sends them away to actual concentration camps under the guise of "re-education".
'Companies are out to make money' is not the debate trump card you seem to think it is. In fact the same view is embedded in my previous comment. The question is, given it's true what's the range of phenomena that result, what works well, what badly etc?
No, I think you missed the point. It's based on greedy organisations being predictable. Amazon will send stuff we order so that we buy more stuff from them. Electricity grid with zero regulation will fail to invest in preventative measures against extreme events. Trust or distrust arises from the particular game theoretic situation we're talking about. Simply thinking every corporation will screw us at every moment is the paranoia.
https://support.google.com/transparencyreport/answer/9713961
If you are outside of China then surely there is nothing to really be scared of? What could the Chinese government do with your data that could cause harm?
I get it's the principle but ultimately we are all scared of sharing our data with China and I am not sure why?
Exactly! It seems that the propaganda machine is still rolling heavy.
Look what happened to Alexei Navalny.
Look what happened to Sergei and Yulia Skripal in UK?
Again, I am not saying the other governments are saints, but I feel you have much more options in democratic countries.
The UK is Russia's poison playground so in this instance it would seem that realistically no one is safe, even if you reside in a democratic country. But then again these were people with major clout or enemies of the state.
A far better assumption than: "well others do it too, therefore nothing about it can be more nefarious."
I do not want anyone getting their hands on my data, but in order of regions collected data this is my 'preference': EU >>> US > RU >> CN
Also, there's these nuggets:
https://www.fastcompany.com/40481463/facebook-wants-to-hire-...
https://www.rt.com/usa/399256-mattis-amazon-bezos-trump/
Thinking America's largest monopolies and America's government and foreign policy are at odds over more than superficial things is probably not an accurate view of the world. America uses our corporations to advance nebulously defined "national security interests" and corporations use the government to get rich(er).
> collects telemetry
https://brave.com/privacy-preserving-product-analytics-p3a/
* P3A doesn’t collect any personal information.
* You can turn P3A off at any time in the “Privacy and Security” section of the browser preferences.
* All the P3A code will be open source (...) you can check that your browser is only sharing the specific things we promise.
> Honestly, when Brave makes the kind of claims that they do, an oversight like this is inexcusable.The claim was never about absolute privacy but rather as strong as default as possible while keeping the web functional. And in that department they are delivering more than any alternative - more than even Firefox out of the box. Not to mention that TFA itself states that the implementation was far from ideal.
Anyway, the biggest question I have for those that are so quick to criticize Brave is "what else do we have with a business model that can disrupt Surveillance Capitalism?". Apple could if they wanted, but where is Safari for Windows/Linux? Any of the others? Doubtful. Even Mozilla's dependency on ad revenue from Google makes them less credible. So why shit on Brave when there is absolutely zero potential alternatives?
Consider that your country is likely either already a five eyes member, or a "five eyes plus" member with a historical record going back 45+ years of intelligence/law enforcement data sharing between the various NATO governments' intelligence agencies.
And take a risk calculation, based on what you're doing in your life, if all your metadata and traffic was in the hands of the NSA, what's the most likely end result that might affect you adversely?
Are you actually at risk of being persecuted for anything you're doing socially, religiously, politically? For instance, if you're a German, is all of your data being in the hands of the BND going to result in anything bad happening to you?
I really don't think that's unreasonable, the fall of the berlin wall was within living memory. I hope that the NSA isn't going to do anything too, but the idea that they can't or won't is clearly not true. Staying under the radar might feel pragmatic, but I think a lot of people realize that's entirely inadequate with constantly shifting political environments.
The simple fact that this explanation can exist and is somewhat commonly agreed by tech-savvy people is... disturbing in some way.
I mean, underlying are freedom, rights, security, surveillance, But also geopolitics, economics, philosophy maybe.
Just behind some daily tech.
The paradox of tolerance and an open society is that if you allow actual fascism to flourish (and Le Pen is absolutely a fascist, in my opinion), you risk ending up with something much worse in the long run.
Remember when this was the other way around? How did we come to this in ~two decades?
I have no idea whether it's equally bad at Google/Android or Apple. I have the feeling it's not.
I don't think China really dominates in software world-wide. Xiaomi seems more like an exception to me. Hardware is a different story.
... it is the same as China. Or is that the joke?
This is why a baseband processor is a fully separate component from a device's application processor(s). Since the AP doesn't talk directly to the radio it doesn't need to be certified and can be updated without recertification. The BP can also get certification and any manufacturer using that BP doesn't need to re-certify it. The interfaces are also such that the AP can't (or shouldn't be able to) tell the BP firmware to boost the output power above legal limits or something.
Radios that have "open" soft modems don't typically have fully software controlled radio front ends. The radio front end will have its statutory limits baked in electrically or have very limited software control. The modulation on the back end isn't as important as the front end. Broken modulation just means you can't talk to anyone, an overdriven transmitter is effectively a radio jammer or can give someone an RF burn.
Can you point where it is stated?
The Russian oligarchs are a group of people that grabbed large amounts of wealth by reaping the downfall of the Soviet Union. They are a very specific, well connected group of people outside of normal Russian billionaires. The reason specifically that they are oligarchs instead of just normal billionaires is that they are very plugged into the government and sway its operation. And I know there's some cynics out there that will be like "well that's just billionaires in general" but I encourage you to learn about the leverage this group of people have on normal government operations.
With regards to the observation that no one refers to Google as spyware, I don't think I see this either. But I do see tons of mainstream articles raising the point that Google spies on users. The problem is that (it feels like, at least) only us tech-inclined seem to care:
https://www.forbes.com/sites/jenniferhicks/2020/10/27/heres-...
>The report found that 80% of Americans think at least one tech giant is listening in on their conversations: Facebook at 68%; TikTok at 53%; and Google at 45%. But only 18% said they had deleted Facebook because of privacy concerns.
I fully agree Google is just an advertising company dressed up, and also further propose that its open source contributions and tech projects are its robing. I think there's still room to criticize other companies however, especially since privacy issues from companies like Xiaomi don't often get featured on HN.
I'm not suggesting the former is without fault, and fault by one does not absolve another. But you're right in that these are two very, very different things.
[0] https://en.wikipedia.org/wiki/PRISM_(surveillance_program)
They win elections on shutting down his headquarter plans. They want to break up his company, raise his taxes on unrealized capital gains, they want to force him to divest his personal investments like WaPo.
Same goes for other billionaires. You think there's a lot of love for Ken Griffin? Or the Google founders? Or Jamie Dimon? Of course not.
Billionaires are a common bogeyman for the populists that have ruled the capitol for the last 10 years or so.
[1] https://www.huffingtonpost.ca/entry/amazon-city-benefits-sec...
In public, sure. Behind the scenes, they're taking meetings with his lobbyists, and somehow the tax raise never happens despite politicians talking about ad nauseam.
Part of modern politics is running a kabuki theatre of performative populism on the campaign trail. Not much happens once they are in office, because you need quick wins ahead of the next election.
You seem pretty active on HN so I'm a bit skeptical that you honestly believe this. But I'll respond in good faith anyways. Here's the first result from Google (didn't even use DDG)
- (Washington Post) Goodbye, Chrome: Google’s Web browser has become spy software[0]
But since you're active I'm sure you know about The Social Dilemma, Snowden, etc. I've seen episodes on 60 Minutes, CNN, Fox, and pretty much everywhere that calls criticism to companies like Google and Facebook. Does China get called out more often? Yeah. Why? Because we're in a cold war with them. But still in many of these pieces I've seen them make slights at American tech companies. Things like saying that what they do is bad, but what China does is worse.
[0] https://www.washingtonpost.com/technology/2019/06/21/google-...
also note that the Asian billionaires are learning for people like bezos/gates. In public they may be hate figures - but everyone orders from Amazon. Tax breaks for large companies.
(i.e) use thinktank to pass legislation to make everything they do legal.
So the instant someone is elected they start calling Random Joe for funding their next campaign? Of course not. Politicians talk to people who help fund them, that or they are out. Having a politician's ear is power that Random Joe doesn't have. Using Bezos is disingenious. How about Musk or Bill Gates or one of the many rich oligarch families who have the same name as former presidents? Don't pretend money has less power in US politics than in Russian politics. If anything it is worse.
To be clear, evidence that some telecoms have, or that some major tech companies have is insufficient.
Extrapolating some into all is unreasonable. Do you have more proof it's the latter?
If you're actually interested read the regulations and look up some FCC IDs for devices.
Actions matter more than words. At this time, it's not even clear if Biden will go to the mat for a nationwide $15/hr minimum. That would do far more to incentivize Amazon to improve working conditions, as its $15/hr starting rates would no longer be competitive.
"oh no, won't somebody please think of the unfortunate oppressed fascists!..
Except anyone that you want to oppress will retroactively be labelled "fascist", or "far-right" by whatever loose system serves that purpose.The latest version of "terrorist", "activist" or "heretic".
and Le Pen is absolutely a fascist, in my opinion
But whose opinion is canon in matters of censorship? Le Pen is also a valid political candidate with fair support in her electorate.Consider this - If a "fascist" is democratically elected, what wins: anti-fascism (presumably from the perspective of an opposing 3rd party, as Le Pen doesn't describe herself as a fascist); or democracy?
so you say "if you allow actual fascism to flourish.. something much worse in the long run" - who gets to decide what is "allowed", and what isn't?
Seems to me the basis for such stability would have nothing to do with subjective judgements of what constitutes "fascism" - and more to do with principles of democracy - i.e. a fascist entity can be democratically elected - it just can't be given powers that would allow it to override democracy, or escape legal oversight. Perhaps the key word is "extralegal"?
The problem is that too many political entities (not just far-right) seek extralegal, overreaching powers; believing it OK so long as "they can be trusted"; but if the king of today is a good king, his heir might still be bad. And the good government that allows for overreach enables the bad government that does the same.
This actually happened in recent history. Just because Hitler (and yes I must unfortunately rely on such a reference, and no, Le Pen is not Hitler, but it provides a good example of far-right vs democracy) was elected doesn't mean the entire world should roll over.
The election of the Nazis didn't justify the sweeping power transfer that resulted, including control of the press, a private party militia (Brownshirts) etc etc etc
I'm criticising efforts to interfere with who is allowed to be elected, versus limiting what powers can be obtained through election.