Xiaomi’s response to claims on serious privacy issues.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m surprised
Let me preface this before you retaliate with furious anger. I hate the CCP and Winnie the Pooh as much as anyone else given I’m Filipino and Duterte is in cahoots with that lot and they refuse to respect our sovereignty. You’re literally preaching to the choir on that front.
Having said that, I don’t think you’re separating and objectively looking at the issue and are emotionally charged into standing into a “Chinese bad, West good” stance.
Tell me, what “accountability” happened with [Cambridge Analytica](https://www.theguardian.com/technology/2019/mar/17/the-cambridge-analytica-scandal-changed-the-world-but-it-didnt-change-facebook)?
Tell me, [what exactly is different with Google doing the same with Chrome](https://lifehacker.com/what-data-of-mine-does-chrome-send-to-google-5763452)?
Tell me what accountability is there for Google [lobbying](https://www.theguardian.com/technology/2017/jul/30/google-silicon-valley-corporate-lobbying-washington-dc-politics)?
If you think Western companies are more accountable than Eastern or rather Chinese ones, you’ve been convinced of straight up propaganda. Sadly given your emotionally charged CCP rant, I probably won’t change your mind. Your set with making the equivalency that both Huawei and Xiaomi are the CCP. In your response, you’re not really concerned over privacy. You’re concerned that it’s China fucking you and not the parties that are “trustworthy”. Frankly, none of them are. All one can do is do your best to minimize the damage. Nothing more.
As far as I can understand, yes. Luckily skin default browsers are trash anyway
Maybe Xiaomi worldwide popularity has become a problem for some bigger brands, and they could try to malign it’s image “?”
I wouldn’t trust any Google stuff.
Biggest warning for me was when I started getting calendar alerts for stuff I didn’t put there, Google sniffed them from my emails (football matches etc. I bought tickets to).
I never gave them any permission to read my emails nor put stuff to my calendar. I keep everything separate always (old timer, so I don’t like that everything is connected and prefer my programs to be separate functions).
If they can do that, what else can they read?
Base64 is an encoding, not an encryption. BTW most passwords you enter online are send to their server in plain text or base64, because it is https. The data will probably be encrypted at their server for storage (with for example AES-256), so that if the server gets hacked the data is still encrypted.
Literally all it takes is to pay a publisher on a big newspaper to write about anything and make it look so bad, in this case “Thomas Brewster, the Cybersecurity guy in Forbes”
and that’s what happened, every single newspaper raced to scare the people more in order to get clicks no matter if the news is honest or targeted
Who wants to bet that they also save all the passwords typed on their keyboards?
I am totally independent. This issue was found, it eas reported.
I think most snapdragon Xiaomi devices are developer-friendly? The reason I buy Xiaomi is because they have good third-party support
Except for the fact that EULAs are not legally binding. If a company violates your rights they are responsible for it, even if they mention it before using their services.
Uc browser is the devil but on my old phone it was weirdly the only browser that would properly render videos
No you don’t, unless you brick your device (in that case it is an user error and warranty shouldn’t cover that).
I am maybe not setting up my phone. Haven’t installed Uber yet but today i need a cab.
I’m a long time Firefox user on the desktop, but only recently switched on Android and I have to say the sync feature is amazing, the fact that history is shared makes my life a lot easier.
No, if you install Mint Browser or Mi Browser Pro, it happens as well.
It’s for them to now show they aren’t gathering data.
That link you’ve given is not really relevant IMO, it’s just determining how easy it is to hack the unit. That’s a separate issue to Xiaomi downloading things they shouldn’t be and using that data in a way that is not acceptable. However, from that article:
>The researchers also learned something disappointing about Mi Robot, however. The device collects and uploads to Xiaomi cloud a lot of data — several megabytes per day. Along with reasonable things such as device operation telemetry, this data includes the **names and passwords of the Wi-Fi networks the device connects to**, and the maps of rooms it makes with its built-in lidar sensor. Even more disturbing, this data stays in the system forever, even after a factory reset. So if someone buys a used Xiaomi vacuum cleaner on eBay and roots it, they can easily obtain all of that information.
I agree with your wariness of everything. I take the same stand. All governments and corporations must by necessity be continually held to account by the societies in which they operate. That’s an ongoing, daily task, but is possible within free society. It’s part of the very fabric that makes a society “free”. If we apply that standard to communist China, it doesn’t exist beyond what it wants the world to see. If you are living in the Philippines, you are well aware of the weaknesses and dangers of unfettered governance (I’ve been there a few times too by the way, and hope to return someday soon).
Re. the legal issue and the actual laws this all involves, I’m not a lawyer in my country let alone the US and Europe. However, my point was that Apple, Google, Facebook, Microsoft and others are currently being sued for this exact type of data collection according to those laws – and have been sued successfully in the past. By extension that shows the laws are designed to protect against it. If that was ever in doubt, what happened with Huawei shows it clearly.
The [CCC](https://www.kaspersky.com/blog/xiaomi-mi-robot-hacked/20632/) is a hyperlink to where they first hacked into the original firmware, and it was significantly more secure than most IoT devices. They show what data is was gathering.
Saying that size of the data somehow makes it suspicious is isn’t the best train of through, while data size correlates to amount of data, what that data matters and point cloud data gets large. The only thing that should be under suspicion is the content of the data. In this case, that is the access points that it was gathering as well, but legal.
Recent and ongoing action against google doesn’t indicate the laws that Xiaomi broke. You used “Apple is held accountable by US privacy laws” as some type of comparison, and I’d like to hear these laws that are hold Apple back but xiaomi is surpassing *in this instance*.
My comment meant to say that I’m not arguing against china being bad, I don’t make conclusions without extremely conclusive evidence and most sources always have bias. While I don’t make conclusions, I still take into account any accusations of wrongdoings. I pretty much consider most companies across the world having some sort of influence with/by their respective governments. Samsung, American communication companies that deal with international traffic, etc etc. I don’t care about the opinions of any of these companies/governments.
I believe some news articles are purposely exploiting the bias that exists against chinese companies. While there are a lot of cases where this is a valid concern, I’ve worked at military contractors and we had always discussed counterfeit ICs, there have been some articles such as the forbes xiaomi article and the supermicro chip article where it would be easy to include technical evidence, but it is often purposely left out under the guise of ‘our customer base wouldn’t understand these technical terms.’
okay fair enough, i miss read it. sorry.
english is obviously not my native language.
Of course I do not, but as in every application that requires to sign one I just assume they can see everything I do, especially if it is a “free” application. That’s also how Google and Facebook make their money, you are the product, unfortunately there isn’t much you can do to opt out of the data selling apart from going offline forever
Just don’t use these shitty apps. There are open source more private friendly alternatives
> Re. the legal issue and the actual laws this all involves,
The only reason the other user asked you to cite the specific laws is because they wanted to derail the thread, nothing else.
Why not? 🤔
Just like Huawei.
Or, you know, you could just take a look at the video recorded by this security researcher and see this data collection happening with your own eyes.
What xiaomi did was way more egregious than what Google and Facebook did. If you havent i would suggest to read the technical paper.
The fundamental idea is to make it so long that no-one will read it… People will die of boredom before reaching the end…
You are given this information so that you can decide wether or not you’d like to use the service.
In my opinion, this is a very transparent way of dealing with things.
I would understand your concerns if it would automatically accept these policies without asking for your consent like some websites do.
Again, bullshit. Apple is held accountable by US privacy laws. China has no such restriction. To the contrary, the Chinese Government has a clear record of enforcing espionage-like behaviour from its tech companies.
I knew Xiaomi would eventually be a problem, but their products were good and at a good price. I also suspected that a day would come when they were shown to be dodgy, and I would dump them. That day has arrived.
Base64 is not encrypted, in the original article they are able to extrapolate and the decipher the data being sent to the server. The “private key” in this case is the user id that is supposedly anonymous
He is right, that is still on you. You should. After taking your brother to the hospital, read the policy. If you don’t agree with it, stop using the product. Simple as that. The product is free. The developers are paid with your data. You are the product.
I have been told by “young tech enthusiast” to use the stock browser or UC browser rather than chrome/edge because its convenient and has more features. That’s how I came to know who really uses stock browser.
It does according to the research done by the reporting security expert. And the voice recording app is a stock app. Did you read the findings?
Yeah seems like that’s the only way. I think the European union is the only authority concerned with privacy or so it seems. Hoping they bring some legislation for this.
the problem in this cases is not that they do this, the problem is, that they lies about it.
they claim they don’t sending stats about the incognito mode, but they do.
and if they say no about this, after they patched it, it’s still a lie. you can’t say to the customer no, if you did it.
and the only thing they show, is a screenshot of source code.
but this mi browser is closed source
[source code](https://blog.mi.com/en/wp-content/uploads/2020/05/2-1.png)
and they say they don’t use this information, but the videos shows a difference.
at the end:
the problem is not to do it with all privacy agreements, the problem is to LIE about it.
Yeah once my Xiaomi dies I’m done with chinese phones. We need to change our buying behaviour or they’ll never improve. It’s a shame since the core product is quite impressive, but irresponsible management stops them from succeeding in western markets.
Yes, Even Google and track our activities.
You need understand that the allegations of stealing data by Xiaomi hasn’t been proved yet..
If they do such tracking they must be punished but on the basis of just a single report you can’t keep talking amiss.
>I think the European union is the only authority concerned with privacy or so it seems.
those are just diversions. they can’t do shit regarding this subject. you will NEVER be able to use Microsoft, Google, Apple, Facebook services for free without giving them something back (how you use your devices or browsing patterns is what they’re looking after, don’t worry, they could not care less about your collection of whatsapp nudes and porn clips).
With this issues, do we really need to install custom rom for it?
You don’t? Didn’t know that but I don’t want to take the risks that go with modding as long as it is my primary device
No. But it might be worth reading Xiaomi’s now? Anyone got a few hours to kill?
Fun fact, you actually don’t. Hit disagree/exit and see what happens.
I’m not fighting for anything, I just don’t like misinformation
AFAIK you don’t lose warranty on xiaomi devices with modding
Where exactly does it say that? The forbes article and the original article were about packets of data sent from the stock browser. If you believe they’re recording audio then I need proof.
Not only that but you will lose warranty so if that’s important to you a rom isnt an option
Do you have a link to the paper?
This is not aggregated data. They are sending row level events of the pages you visit including a persistent identifier for your browser installation.
For your kind information they’re on the 4th position in global shipment and moving upwards. 👍
Can’t tell what happened honestly. But it was once live since it got responded to, but was site wide filtered before and after :/
> The xiaomi robot vacuum has been hacked, and the data sent isn’t strange at all.
[10GB+ of information](https://www.reddit.com/r/Xiaomi/comments/9tgyrg/any_reason_why_my_xiaomi_robot_vacuum_uploads/) from a vacuum cleaner is not strange at all? Where does it say it was hacked?
Google are under legal challenge and censure for exactly this type of data collection. There are many links online to recent and ongoing actions against them, too many to link here (and many behind pay walls) but [a simple Google search](https://www.google.com/search?q=google+facing+legal+ramifications+for+data+collection&oq=google+facing+legal+ramifications+for+data+collection&aqs=chrome..69i57.19018j0j1&sourceid=chrome&ie=UTF-8) will list them for you. No-one’s saying Xiaomi are the only ones to be doing this. But isn’t that beside the point?
Re. a “circlejerk of china bad”, if you’re implying that China *isn’t* a malicious actor in this and most other things, we have a serious difference of opinion – although at this point it’s not so much opinion as verifiable history. However, and while it’s related to this issue, it’s an indirect aspect of it. Strange that you would sideways defend them, though.
NB: I have to say this because of the current climate of PC stupidity – saying the Chinese Government is a malicious actor and being against Chinese people generally are two completely separate things. The Chinese people are the ones who are the first to suffer at the hands of their own government, that should be obvious. I have many Chinese friends, both in and out of China, having visited the country many times. Any attempts to play a race card in these discussions would be transparently disingenuous.
This is not directed to you in any way, I’m just short circuiting the inevitable. This is Reddit after all.
Fun fact, you actually don’t. Hit disagree/exit and see what happens.
“Additionally, we ensure the whole process is anonymous and encrypted.”
sure, its “encrypted” with base64, no one can sniff the request of his high security encryption. no one can decrypt it. /s
What does that mean? Is it nefarious?
I don’t have anything against Miui browser or Miui or Xiaomi. Heck even i use a Xiaomi phone.
I just want to mean that these type of things shouldn’t be allowed unless user grants an explicit permission to do so.
I might be wrong but I’ve seen apps asking if my data can be shared or collected for analytics.
You aren’t quick to pick up on sarcasm or jokes, I see
Regulation of the internet is tricky, copyright laws are a perfect example of how too much regulation can go wrong. However I do agree that the european union stepped in the right direction, for example you can already request what data most companie have collected about you and also request their deletion
I’m surprised… Sending from my Xiaomi Mi 9T
May I suggest you apply your wisdom to yourself first.
Ignorance is not a virtue. Surprise.
EDIT: I read your post history. Freaking lol. Off you go my angry little social justice keyboard warrior.
Yes i did, and again nothing new. If you request your Google data you can see that they know the places you frequent and your whole itinerary, the apps you open and how long you stay on them, the have logs even for phone unlocking. Facebook on the other hand knows what links you click, the people you talk to and again general usage. The only claim that can be sort of concerning is the security they use for such data transfers that doesn’t seem well encrypted
I… uh… don’t know what to say to you. You’re either a paid shill, or incredibly silly.
UPDATE: Nevermind, I read your post history.
I think he wanted to say that the encryption is just for the name sake and it’s easy to break so that the Chinese government or any powerful company can just go through it without any resistance or backlash. That is why he put /s tag.
Yes
Not really defending them I’m just saying that it’s weird that people get upset just now when it was something already known and that other apps do (look at my other comments)
I’m a privacy policy agreement writer and this hits me in the feels.
Screw allyall that don’t appreciate my work.
Then this should teach you a lesson
You know what’s even more curious about the above comment?
There’s no modlog for them getting “spam filtered”
This means the comment was live at one time, but now as mod I can’t see any action. So the user got admin actioned, then deleted their own comment 👀
Damned ! They got pics of my wife’s ass 😱😱😱😱🤷🏾♂️🤷🏾♂️
It’s not like it did so without warning the users, upon opening preinstalled apps you have to agree to their privacy policy
Just flash another rom. Miui sucks anyway
And yet poor Xiaomi is being targeted.
Does Facebook record your audio while the app is closed?
But my data is already gone right? My device identifier, the apps I use, and what not.
I understand that the privacy policy is there exactly to let users know what they’re losing but it should not be a way to support this type of behavior.
“• Log information: information related to your use of certain features, apps, and websites. For example, cookies and other anonymous identifier technologies, IP addresses, network request information, temporary message history, standard system logs, crash information, log information generated by using the services (such as registration time, access time, activity time, etc.).”
Edit: “Mobile analytics: Within some of our mobile applications we use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where crashes occur within the application. We do not link the information we store within the analytics software to any personal information you submit within the mobile application.” This let them see everything you do on their applications
Oh right. Just need a book a quick cab to the hospital for taking my younger brother to the er, let me download Uber. Oh right i need to spend 10-15 minutes to read their privacy policy first. My brother can wait. No problem at all.
indeed no one can, only the user has the private key to decrypt it
Use Brave Browser.
I admire your continued defense of this company, hope you’re getting something for it, but you’re seriously misinformed. Either that or I’m being too kind on you.
Here’s further proof of Xiaomi’s utter disregard for the privacy of its customers: https://twitter.com/cybergibbons/status/1256586333105065985
At that point it’s just paranoia, they are required by the gpdr to make the data they collect about you accessible and there is no audio stored. As for Google it is known that they collect such data and you can see everything that they have, which is basically anything you do on your phone, or outside your phone if you have gps enabled, if you installed Google apps/have an android with Google services.
Did you not read the article/information that began all this? Xiaomi phones are recording URLs and browser histories along with information that makes it trivial to match that data to particular users (including search strings). The data is also encrypted in a way that makes it trivial to decrypt. There are laws in the West making that illegal for a reason – many reasons actually.
While you’re at the reading, Google Xiaomi robot vacuum cleaners are phoning home with gigabytes of strange data to their Chinese servers. Enjoy the red pill.
The premise of your question is ignorant. It has nothing to do with the problem. If you don’t understand the problem with collecting people’s data – or are bizarrely defending it – then we are having the wrong conversation.
BTW, classic strawman. I read your post history – you’re just incredibly silly (probably trolling for sport, which I get).
That’s so vague. Tracking what? The websites I visit in incognito mode?
Ah yes, the empty justification of the dishonest or ignorant. Stealing people’s private data is criminal in the West for a reason. It has nothing to do with anything except privacy and protection against the manipulation and control of malicious actors.
Why are you shilling so hard for Xiaomi? It’s really strange. They are clearly at fault here.
DAE ChInA bad!?!?
Go f yourself.
So what they’re saying is that they admit to collecting users’ data but the data is safe (we cannot tell)……………….
Same Huawei which wants to change the internet to make it easier to track and shut people down? This is like arguing with bots.
And holy crap, they deleted your post and link.
https://twitter.com/cybergibbons/status/1255969992123863041
Officially it does not, it isn’t included in the downloadable logs and I’d say it does not. However Google does so through Google assistant, if you’re talking to it the audio is saved on the server, I found random conversations between me and my friends when the “okay google’ would fire off randomly.
It’s right at the top of Calendar settings: Events from Gmail
Dude chill down, he’s allowed to, that doesn’t mean that he is going to
Man, I should have read that comment years ago. If only I knew the sweet release of death was so readily available.
It’s not that big of a deal, unless you’re like a criminal or something…
I installed the app from the Play Store, and I’ve had our legal check what was agreed to.
We didn’t agree to this.
I’m looking at the keyboards now, but they are awkward compared to the browsers.
No, other apps do not do this.
And does Xiaomi do that? The article was about data collecting in the stock browser app.
Every phone company does the same. Even apple which is hailed as the privacy king does something similar.
What are the relevant US privacy laws and how to they apply to browsers in a way that xiaomi acted and how does google not do the same?
I feel like everyone is getting outraged without any idea of what to be mad about. Websites have been using various heuristics to track users for decades. A UUID makes things easier, but what data is being sent back that is violating the privacy laws that google doesn’t keep track of either?
Have you ever read the whole privacy policy document of anything ever? I and I’m sure 99% of the population of the world just click on agree.
Well, obviously Huawei isn’t an option, for the very same reason. This is not an isolated instance of this kind of privacy abuse from a Chinese tech company. It’s systematic at this point.
>All the choices above does the same thing one way or another. Given that is the case, you’re going back to step 1.
Sorry, that’s a false equivalence. There is a fundamental difference between a US/Western company held accountable to rigorous privacy laws – and successfully sued and censored via those laws in the past – and a Chinese company held accountable to no-one except the CCP. *The CCP*. A communist government. I’m still waiting for people to wake up to what that means.
For the record I’ve been to China many times, and have lots of Chinese friends, both on the mainland and out of it. Anyone – and I mean anyone – who has been to China for any length of time and has tried to do business there understands how all this works.
Again, cite the law, and what they’ve done differently than google. I’ve read several articles. Base64 isn’t encryption, encryption requires a key and base64 is not that. The forbes article doesn’t even discuss what was encoded in base64 and didn’t mention what was actually encrypted, and it could be an easily misleading sentence depending on how aware you are of the terminology and whats going on. The forbes article also discusses that it saves your web history. This article clears it up that it does it two ways, one with aggregate data, common in the industry, and the other when you have datasync enabled… which to no surprise, happens with chrome as well.
The xiaomi robot vacuum has been hacked, and the data sent isn’t strange at all. Is it a bit much? Sure. Without a surprise though, any cloud-controlled robot that offers mapping features that are available anywhere in the world generally has sent that data to the manufacturers servers. The xiaomi vacuum was featured at the [CCC](https://www.kaspersky.com/blog/xiaomi-mi-robot-hacked/20632/), and they discussed this. Did it grab more information than needed, such as access points vs location? Yeah, but google has been doing that for over a decade now as well. The beloved company iRobot stores the mapping information online as well.
I know there is a circlejerk of china bad, and I won’t argue against it, but at the same time there have been a lot of misleading articles. The whole forbes supermicro chip thing lacked all evidence, and I say that as a person that’s designed microchips and had the discussion about the supposed chip.
Again though, cite a US law that was broken. If privacy laws were taken serious, we’d have repercussions from the countless data breaches.
Is the private info collected only from the stock miui browsers?
Stop using Google they also track our activities and collect informations. 👍
I suggest using Firefox. It may take time to get used to using another browser, but if you just replace the chrome icon with Firefox you will get used to it in a few days
Well other brands do the same, people only get upset when they find out and this is one of the very few articles that warns about privacy but does so only attacking xiaomi which is a bit dishonest in my opinion
Bullshit. Their robot vacuum cleaners also phone home with gigabytes of information. The company is Chinese. You do the math.
(I have both a Xiaomi phone and the vacuum, and I won’t be buying anything else from Xiaomi.)
You mean a huge Chinese tech company is lying to the West about privacy issues?
What I was trying to say is that you are comparing two very different situations
Sadly not possible or realistic for quite a few devices
Apple devices are being used in China (and the rest of the world too)
I mean here’s the thing, do I think Xiaomi is guilty of harvesting data? From the looks of it, yes absolutely.
Now there are a few questions we can take from this. First is, what can we do about it?
Let’s start with the extreme which is boycott Xiaomi.
What does this accomplish exactly? Pressure Xiaomi to change their ways?
Maybe.
Remove a choice off your table as to what company/product you can choose?
Yes
Now given that you’re going boycott Xiaomi, what choices are left on the table?
– Google, Apple, Huawei, Lenovo/Asus, Vivo, Oppo
All the choices above does the same thing one way or another. Given that is the case, you’re going back to step 1.
Unless you’re going to go with the [Fairphone](https://shop.fairphone.com/en/?ref=header) running Ubuntu touch, you aren’t exactly going to be completely private.
Now let’s say we won’t go too extreme and ask how “private” do you really want to be?
You can absolutely still use a Xiaomi device and remain relatively private by getting rid of MIUI from the get go thereby eliminating the browser data collection and app data collection aside from the bare minimum Google interaction you need to have to be at least be usable for everyday use then use a VPN you actually trust to even further increase your privacy.
TL;DR I think this isn’t as such a big deal as people are making. It’s bad optics and looking bad for Xiaomi but the over exaggerated outrage is honestly overblown.
Is it an emergency? 911 (or country equivalent), if you use Uber or anything else, you’re a moron.
Not an emergency? You have time to read what you agree to, or you can agree now and then read the details later waiting in the hospital lobby and decide how to get home, or you can *gasp!* find an alternative – like a traditional cab service, asking a friend or neighbor, or, get this, you can even drive him to the hospital *yourself*!
It’s brilliant, they just started allowing people to drive themselves recently I hear. It’s a revolution! What will they think of next – generating energy from the wind? Flying to the moon? Ha! That’ll never happen.
Who even uses the stock browser?
In what life threatening situation are you in when setting up your phone?
And?
(P.S. I don’t use Apple either)
What xiaomi did was way more egregious than what Google and Facebook did. If you havent i would suggest to read the technical paper.
Ah yes, poor Xiaomi is being targeted by the Big Mobile.
‘US privacy laws’ LMAOOO
>Log information: information related to your use of certain features, apps, and websites. For example, cookies and other anonymous identifier technologies, IP addresses, network request information, temporary message history, standard system logs, crash information, log information generated by using the services (such as registration time, access time, activity time, etc.).” Edit: “Mobile analytics: Within some of our mobile applications we use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where crashes occur within the application. We do not link the information we store within the analytics software to any personal information you submit within the mobile application
Great work!
None of this says the specific URLs I visit.
Sorry for your loss.
Also, it’s specifically linked to me.
Keep on fighting the good fight tho.
Yes, Chrome does not send the URLs you visit to Google in Incognto mode.
(F*ck, they got us)
After the gdpr verdict i doubt there’s any website doing that. Correct me if I’m wrong.