Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
Support XiaomiEnlightened
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
leave america and youre done
A) Nobody uses Mi Browser.
B) Many American and European companies do this too. Stop using Google, Facebook, Instagram, even Reddit if you are so worried about your privacy. The best solution to all these privacy concerns is to just use a VPN. Sponsored by NordVPN, use code…
That totally depends what your personal concerns are. They log data, which sites you visit, which music you play and maybe more. Does it bother you that this will be sent to a Chinese server? Keep in mind that the government may enforce to hand this data over. Also keep in mind that the USA government has similar enforcements for data on US servers.
For me this is a concern. Because I live in the Eropean Union I should be protected by the GDPR. By this law personal data is not allowed to be hosted on non EU located servers without explicit consent and with all kinds of safe guards. If this practice is proven in the EU and comes to court Xiaomi can be banned to sell phones in the EU and can get some hefty fines.
I bought my Xiaomi phone in the EU and it has a EU rom, so I hope the logging and storing data is disabled, and if not this means that they are breaking the law. In that case I hope this will be investigated and the information will be widely spread so it will come to court.
Now I am curious if the Mi A series has this issue too
You know the Amazon webservers? Same thing with Alibaba, they just provide (scalable) virtual servers to host your online applications. So no, it is not about advertising.
I have tested it with wireshark and I haven’t seen any connection except mi cloud and analytics and ad services. I removed the last two. Mi cloud is being used. Other than mi cloud I don’t have any other connection.
Just use bromite its basicly a better chrome with ad blocker and you can even change the dns
Hey I just came here to say: Bromite.
Remember: Bromite.
It’s a browser for Android.
No need to thank me.
I am using brave for my browsing. Google chrome just for syncing all bookmarks. And some websites have trouble with brave, so i open it in Chrome. I have blokada installed too, so chrome doesn’t show ads.
Every time I get a link in, say for instance, Amazon app, it opens in that shit browser and I cant make it choose a different one.
I use opera, it has a built-in adblock ^^
Is it real or just anti-China company scare?
Disappointing that Xiaomi has chosen to deny everything even with direct evidence served right to their face.
>When Forbes provided Xiaomi with a video made by Cirlig showing how his Google search for “porn” and a visit to the site PornHub were sent to remote servers, even when in incognito mode, the company spokesperson continued to deny that the information was being recorded.
This is not the same as analytics, stealing browsing urls is a very bad thing. Xiaomi has gotten into trouble before and the latest incident just serves to dent its image further.
Well thats up to you but i’d rather not run their code on my phone or use their services, i prefer open source alternatives
Also when you type free Hongkong into the mi browser your phone selfdestructs.
There’s always a possibility I assume but understand that the majority of these claims are coming from the use of the Xiaomi browser and also understand that when starting any of the pre-installed “default” apps that there is a privacy policy and disclaimer.
I always felt that if I need to read a disclaimer before I even feel safe using an app then I don’t want to use it. No offense, I love Xiaomi and consider myself to be a true Mi Fan but I also understand there are better more viable alternatives such as the Chrome browser to a lot of their default apps.
Either way, understand that EVERYTHING on phones these days tracks your usage, especially on Android phones but just because this company is based out of China it now makes tracking evil.
All I can say is do your best to take precautions, use a VPN if possible and yes I totally recommend using the EU ROM if not merely for the fact that it is more stable, has less bloat, no ads (that I’ve experienced) and is totally (for me) the ideal ROM to use.
Ah I see. So what do you think we should take from this?
Try to inform her. Or make her use something else like firefox or chrome is decent enough even though it has ads. It is secure. Her phone doesn’t have chrome by default? Tell her that using account logins on Xiaomi browser is not safe and can be snooped by someone with decent skills.
I only use xiaomi browser for porn and hentai. So Chinese FBI knows who they’re fucking with. For everything else, nothing beats chrome.
The only smart comment I have seen in a while.
Like seriously anyone using the youtube app instead of Firefox with ublock or some other adblocker is wasting so much of their life watching ads.
It’s a bit tricky. Go to the app settings and select the Xiaomi browser. There you can reset all “default launching” behavior.
In india mi browser is showing semi porn ads and it comes as a notification too.
Edge Chromium + ublock origin’s beating it quite handily, sadly. With FF, I always hit my 8GB limit on my work laptop. 🙁
Yeah I will, definitely ^^
Using Custom Rom on RN7
It seems to be more than just the browser though
There’s a surprising amount of nativity in this thread. If you brush of Chinese spyware with “but I have nothing to hide” and “but what about Google?”, you really need to dig a little deeper my friend…
Its real.
who the fuck buys xiaomi period!
I just removed it using the tool.
All the more reason to use the Xiaomi.eu ROM.
Or for even more customizability use the Mi globe ROM which is the EU ROM but it allows you to build your own ROM by debloating it. https://mi-globe.com/miui-firmware-rom-builder/
I wonder how many people react to these kinds of posts without reading the actual article, 80%, 90%, 99%???
I believe that it is almost impossible to to achieve 100% privacy (and 100% security) in IT but whoever cares should at least try his best to reach the maximum level
I’m for example using MicroG with LineageOS instead of Gapps and MIUI
I can’t just take the word of a provider or company when they state that they don’t spy or collect personal data, most of the communication to cloud servers are encrypted and it doesnt necessarily mean spying but i’d rather not trust big coporations and specially not the f*cking chinese
Long story short the data is going to Alibaba servers. So basically this data is going for ad targeting purposes? Totally miswritten article if you ask me.
Get out. Bummer. Block that. I googled it.’Hidden settings for miui’ in the play store. Disables that browser.
Why would anyone use xiaomi browser?
>Both Cirlig and Tierney said Xiaomi’s behavior was more invasive than other browsers like Google Chrome or Apple Safari. “It’s a lot worse than any of the mainstream browsers I have seen,” Tierney said. “Many of them take analytics, but it’s about usage and crashing. Taking browser behavior, including URLs, without explicit consent and in private browsing mode, is about as bad as it gets.”
Also a vpn can only hide your IP against websites. If it is an app like the browser itself is a spyware on your phone, it can access a lot more data than just your IP itself.
Best approach if you are really concern about privacy is use AOSP without GAPPS.
>Though the Chinese company claimed the data was being encrypted when transferred in an attempt to protect user privacy, Cirlig found he was able to quickly see just what was being taken from his device by decoding a chunk of information that was hidden with a form of easily-crackable encoding, known as base64. It took Cirlig just a few seconds to change the garbled data into readable chunks of information.
For the non-tech people, base64 isn’t encryption, it’s an encoding system. It wasn’t so much as easily-crackable, as it’s not protecting anything to begin with, it’s just a different method of displaying/transferring data.
If you’re after privacy check out Brave
For me I think
Buying smartphones nowadays is like you are choosing whether you want to be spied on by the Chinese or by the Americans, lol
I deleted that browser once I got the phone, Samsung and Apple do the same, to be honest it’s quite easy for companies to snoop on users. Heck Google knows everything about me, now at days your info is everywhere if you know where to look.
The ads are the inconvenience in my eyes, just make a homepage link to youtube and it’s just as convenient as the app, plus you can switch it to desktop mode and open other apps and the audio will keep playing in the background with controls in your drop down.
True, but tbh it is way more convenient (of course ads are the price for that but still)
Analytics and mi cloud sents data to some servers. Every phone does that. Otherwise custom roms should be used. Atleast here in India no unwanted data is moving out and i have removed almost all mi apps which i don’t use including msa and analytics.
Exactly this.
Google, FB and Big-Data-Enterprises are doing it all the time! And no one cares..
Just that they and the Ad‐Industry put you in User-Groups, so that they can claim not to make ppl personally identifiable, as they have to because of privacy and data protection laws. Xiaomi just did an error and will correct it, hopefully.
As if the other big players didn’t have their scandals in the past, especially Facebook.. ‐ Thanks for giving us Trump! 🤮
Look up what your weather widget is collecting from u.. https://reports.exodus-privacy.eu.org/en/
I read the last sentence with Linus’s voice
I take this with a grain of salt. First Huawei was an evil privacy infiltrator now Xiaomi.
Big auto smeared a lot of car companies that tried to enter the market for decades.
Sugar smeared fat.
Paper smeared cannabis.
Oh, like US or EU goverments never really do same thing ? Oopsiee.
In this era, its your choice, your data will always go to one or another side, either US, EU, RU or CN. If you really want to keep your data alone, stop using that smartphone of yours altogether, and back to writing letter. Since even feature phone text message were collected by your carrier.
Aren’t Xiaomi phones on EU replaced Xiaomi Apps with the Google equivalent? So the Mi Browser wasn’t replaced too?
But but, China!!!
Not at all, it’s very easy to do.
https://old.reddit.com/r/Xiaomi/wiki/debloat
I’m gonna have to root if I want to remove it aren’t I
Who the fuck uses Xiaomi browser? First thing i debloated
Hahaha big brain
There’s was another news that mi browser has 2 critical vulnerability [Mi browser](https://www.google.com/amp/s/gadgets.ndtv.com/mobiles/news/xiaomi-mi-mint-browser-cve-2019-10875-critical-url-spoofing-security-vulnerability-reports-2018659%3famp=1&akamai-rum=off)
> And there appear to be issues with how Xiaomi is transferring the data to its servers. Though the Chinese company claimed the data was being encrypted when transferred in an attempt to protect user privacy, Cirlig found he was able to quickly see just what was being taken from his device by decoding a chunk of information that was hidden with a form of easily-crackable encoding, known as base64. It took Cirlig just a few seconds to change the garbled data into readable chunks of information.
(1)
> Xiaomi’s spokesperson also denied that browsing data was being recorded under incognito mode. Both Cirlig and Tierney, however, found in their independent tests that their web habits were sent off to remote servers regardless of what mode the browser was set to, providing both photos and videos as proof.
(2)
> Both Cirlig and Tierney said Xiaomi’s behavior was more invasive than other browsers like Google Chrome or Apple Safari. “It’s a lot worse than any of the mainstream browsers I have seen,” Tierney said. “**Many of them take analytics, but it’s about usage and crashing. Taking browser behaviour, including URLs, without explicit consent and in private browsing mode, is about as bad as it gets.**”
(3)
edit: formatting
I am considering using EU ROM, thank you for the news, now I decided to use lineages, at least I live in China, so I care
> almost all electronic connected to internet do this
Doesn’t mean that it’s OK or that there aren’t different degrees.
Xiaomi makes great hardware to amazing prices. But I would never use their software.
I mean. Alibaba has a cloud service. Exactly like Google and GCP. It’s not abnormal that it’s sending data here and there to their cloud servers… Same thing is happening on any android phone where you can see connections to google servers frequently. It just happens that Google is also a cloud provider, while Xiaomi is not really, they are using Alibaba cloud in the back.
I assume this doesn’t apply the Android One Mi A series….
I really don’t care
YouTube Vanced!
So do I but I asked my gf I she wanted me to debload hers and she told me no. Non thech enthusiast do whit what they have, not worrying for such considerations ;/
It’s not only the browser, MIUI ROM system components are always connected to chinese servers like Alibaba. I analyzed the Internet traffic of many MIUI ROMs. It’s not only Xiaomi, this is what chinese Android ROMs have in common: calling home China.
Whoever put this comment up is a complete liar, and this is a hoax.
Yeah, do people think Chrome isn’t recording everything you do?
Nope, loads of Xiaomi bloatware on purchase in the EU
Chome, Opera, Firefox, Dolphin. Lot of alternatives.
almost all electronic connected to internet do this
edit:If you really think theres any difference betwern chinese data collection and west data collection you can straight go posing as a clown meme.
I used it. On accident
Not the same for the EU. GDPR
As a professor of mine said, there is no such thing as anonymity on the internet.
Pretty sure I’ve done that but it ignored or reset itself. I’m over smashing devices for shit like this, but I’ve done it.
Thanks though
Alpha as fuck my dude!
There is debloating tool in this subreddit side bar. Download it and remove all unnecessary apps. If you got update recently, then you have to remove using adb. Just google “how to remove system apps using adb” you will get xda link for the tutorial.
Even if you debloat MIUI ROMs until nothing else is left except system components (which you can remove also but will f*ck up your system) there will still be connections to chinese servers on Kernel level
This what I have experienced with MIUI ROMs
Reddit’s Privacy Policy is one of the most shady ones
This might be a dumb question, but is it possible that any of these variations of MIUI has some of these trackers left on the ROM?
Remove? I only had disable. I’ll look again I must’ve missed it.
you can get ublock origin support on firefox now, that alone makes firefox worth it…
The fact it tried so hard to get me to use it made me avoid it like the plague.
SearX+Firefox with add-ons.
No they do not. They do not send browsing URLs, imei, phone serial to their servers. Feel free to provide some evidence that they do.
As per the article, it’s NOT ONLY THE BROWSER. **It includes the screens he/she swiped, including the status bar and the settings page, folders and whatnot.**