So is the consensus here that we care about privacy and treat every threat seriously or when it comes to anything involving China or our favorite company we make excuses and ignore any alarm bells?
Privacy should be a serious concern for everyone and this should be taken seriously.
Where's the double standard? Apple have been getting into trouble as well in the last few days, with their privacy-stealing new features in OSX Yosemite. This idea that there is a duplicity with regards to Chinese companies versus Western ones is, itself, duplicitous. Any company that violates privacy gets itself in hot water - that is the nature of the security business in the modern age.
The purpose of many many apps and even manufacturers, cough Apple, and Googles "services" is to collect as much data as possible, including privacy violations.
This is fine, because the companies and the data is stored and can be accessed US government agencies.
Smartphones shouldn't silently send private data into the cloud without asking the user first.
I for one would rather back up the data to my own server or locally instead.
I agree. Now, would you pay for that option? How would it be developed? This is the critical problem.
You could implement Android's storage app framework API around git running on each of your devices, and peering to your own servers (and other devices). This would give you at least a Dropbox style system that works, but the rewards for the (not that large, but non-trivial) investment needed to do it are non-existent.
Unlike American or Korean companies, Chinese ones are understandably viewed with extra suspicion because India does not exactly have very friendly relations with China (although this seems to be changing).
Also, a couple of months ago, Xiaomi phones uploaded adsressbook information to their servers without user permission. After the backlash, they issued software updates to ask for consent.
On a general note, one wonders how many instances of arbitrary data uploading they - by which I mean pretty much every 'cloud' integration provider - get away with.
Gather any data, upload it to an IP otherwise publicly known for benign purposes, over an encrypted connection with a closed-source sync daemon, and cover your ass with some vague and easily glossed-over clause in the privacy policy that no one reads. I hope otherwise but I am almost certain something like this exists in every commerical mobile OS today. :-/
Backing up to the cloud means your data is open to interception by the government that service technically and jurisdictionally stores data in.
I assume the consideration here is that the Chinese government (via Xiomai's cloud) is to be feared more than the US (via Google's Android backup) - which of course is a topic worthy of debate itself
I think the issue here is Apple and Samsung disclosed publicly that data for xyz is sent back but Xiaomi never did so that's why they view it as spying. I believe Apple had a similar issue when they were discovered to be recording your geo locations but never telling the public about it.
The US and Korea don't have territorial claims or border disputes or fought a war with India. Also, many Chinese firms are known for hacking and spying to get trade secrets. Chinese firms will have a big leg up against Indian ones if they know the price they're bidding for overseas contracts, for example.
The way that Xiomi blatantly copies Apple, including the "one more thing", I wouldn't expect them to have any qualms turning any and all info to their govt. for any small benefit.
Instead of a country where the leader subjugates its citizens through force and fear, the U.S. is a world leader that subjugates other countries through force and fear. That fear doesn't have to be military, by the way - the world should fear the power the U.S. has to bring down the world economy through market powers.
It's not quite analogous, but it's not far. Although let's be fair - while we can argue about the effectiveness and morality of drone-bombing everyone and their mother in the Middle East, it isn't for no reason.
I don't see how the picture is different for Android and iPhones. With Dropbox having former NSA Condoleezza Rice and Google's shaky privacy policies, I see a similar theme.
I think the point here is that India and China have a neutral relationship at best and India doesn't want military leaks. India and the US are on relatively friendly terms.
All things considered, I wouldn't blame anyone on being paranoid over sharing info with Beijing. Totalitarian government, iron curtain and serious lack of freedom of expression all work against its favor.
Ya. I wouldn't trust Beijing with any of my beeswax. Same way I distrust Pyongyang.
I guess the paper doesn't appreciate the irony of all their ad trackers on that page trying to send data about who read the article to 'mysterious IP addresses in India' :-)
The non-story is everyone with an internet property, or an internet interaction device, is trying to collect data about you because selling that is more valuable than the money you are willing to pay for the phone.
A useful story would be "new phone maker FooAmi is successfully selling phones for $200 more than their competitors because they explicitly prevent others from using them as tracking devices." That would be where consumers actually paid money for a phone or device that didn't make up its cost in data sales.
The thing I struggle with is that it seems most people just don't care, and I have convinced myself that it isn't because they don't understand what is being said, they just don't care. And that makes me profoundly sad when I think about it too much.
That exists, it's called an iPhone. I may sound like I'm being facetious but its privacy defaults and possible settings around cookies & local website data, removing plugins and making app permissions requests explicit, transparent & not permitting apps that ask for totally unnecessary ones are leagues in front of the competition.
This isn't to say they're perfect but if you care about your privacy and you're in the 99.9999% that isn't being explicitly targeted by a TLA it's your best choice.
And yet the NSA specifically called out the iPhone as a 'gift' to intelligence agencies in the their documents.
Yes, Apple has made some changes which mitigate some of that, just as Microsoft made a lot of changes when they were called out as the security joke of the computer world. Neither example though speak to my point.
My point, and my experience in trying to get more secure systems out there, is that regular consumers, those between the boundaries of the upper and lower first standard deviation, the folks who go out and buy most of the phones or computers or internet of things type devices like fitness bracelets do not pay more for a device with equivalent features but better security. And the people two standard deviations out who would pay extra, can't or won't pay extra enough to cover for those who don't.
There is another experiment running right now, its called the Blackphone[1], I'm watching it to see how they do. If history repeats itself they will got out of business in 1.5 to 2 years. I liked the editorial though which was "Why should I have to buy this phone to get these features?" its at the heart of my opinion on the marginal market value of 'security' in an electronic device.
This is really a step backwards for most users. Before users had everything automatically backed up by the cloud. Now they would have to have a more complex on boarding process where they will probably skip some advanced technical option they have no clue about. I don't use Xiaomi devices, but cloud support on other platforms has been great for me. I never make manual backups and yet it is irrelevant to me if I lose a laptop, have it stolen, swap phones, whatever because everything just automatically comes back thanks to the cloud. Except for some banking authentication I only keep in my head, I have no privacy concerns anyway, so all these nutsos holding back cloud from the masses are actually a big detractor to the platform for me.
> Except for some banking authentication I only keep in my head, I have no privacy concerns anyway, so all these nutsos holding back cloud from the masses are actually a big detractor to the platform for me.
There are people who care about privacy. They are not 'nutsos'.
All that one needs to do is ask for permission, at least while setting the phone up. Google does that once you connect your Android phone with your Google account. As simple as that - a one time permission.
Privacy should be a serious concern for everyone and this should be taken seriously.