October 24, 2014 by ...
Xiaomi is that gamey Chinese upstart that could. Just look at these pretty pictures to see just how quickly Xiaomi has grown, oh Joy!
Lurking below all this ‘kumbayaa singing’ fanfare lies a dirty secret…
No I am not talking bout how the name ‘Xiao Mi’ refers to the term for guns and millet during the Japanese invasion and has tremendous nationalistic undertones. Nor am I addressing the fact that aside from this, Xiaomi peddles communist military themed mascots.
Xiaomi the data kleptomaniac
Although these things may have some wondering if Huawei is truly the Chinese company to look out for, that is not the point, of this post at least. What I’d like to discuss now is how Xiaomi has been pilfering user data without user consent. This has gone on for months now and things are so bad that seven different countries have expressed concern about it. This came to a head when three such countries are deciding on blocking Xiamoi kit due to security converns.
In order to combat this bad mews, Lei Jun has hired a famous Chinese spin doctor to handle the web and scour it of anti-Xiaomi posts and ‘misinformation’. Aside from this, he has said he would no longer save foreign user data on Chinese servers. Hmmm, and this is supposed to be reasuring? How is that?
Is server location the real problem?
The logical flaw in Xiaomi’s argument is that server location is the thing to focus on. Pardon me, but it is not. The real concern is how Xiaomi has continued to covertly extract and recover sensitive user data without owner permission. Sending that information to Beijing is merely a detail. The problem is Lei Jun’s cavalier attitude about user privacy rights and how to deal with them.
His initial response to data theft claims was that they were inaccurate, he denied it. Subsequent to this he admitted that just a teensy bit of user info was borrowed. But this was not the norm. He finally said,’Yeah we take your data, but we have to. It makes it easier for us to send messages.’ Now he is saying the opposite. A few days ago Lei claimed he will store user data in different countries to minimize data latency. This contradicts his earlier claim.
Simply put, Lei Jun has a track record of failing to address Xiaomi security concerns in a forthright manner. He does not seem to take such things seriously and refuses to change Xiaomi practices. This leads one to wonder how he defines data security and privacy.
CC’ing Beijing from Indian servers the future?
Based on what he has shown us so far, Xiaomi wants your data. If this is true, then sending Indian user information to Indian servers, for example, solves nothing. Unless I’m mistaken its just as easy to CC Beijing from servers in India as it is to send that data directly from the phone. Sure it adds a step, but the communist net nannies are patient.
The fundamental question is why Xiaomi repeatedly copied and sent international user data to government servers and then continued to do so even after his cover was blown. If he still is of a mind to let Beijing peek at that data, it is no more difficult now then it was before. Until we know the ‘whys’ of it all, we will never know how much trust to put in Xiaomi gear.