
Indian Air Force Issues Security Warning; Xiaomi Clears the Air - chdir
http://www.ibtimes.co.in/indian-air-force-issues-serious-alert-xiaomi-plans-move-data-centers-china-612152
======
zghst
So is the consensus here that we care about privacy and treat every threat
seriously or when it comes to anything involving China or our favorite company
we make excuses and ignore any alarm bells?

Privacy should be a serious concern for everyone and this should be taken
seriously.

~~~
antocv
Exactly.

The purpose of many many apps and even manufacturers, _cough_ Apple, and
Googles "services" is to collect as much data as possible, including privacy
violations.

This is fine, because the companies and the data is stored and can be accessed
US government agencies.

~~~
mineshaftgap
Google makes virtually all its money from your data, Apple virtually none. Why
is this so hard to understand?

~~~
nitrogen
It doesn't have to be profitable to be problematic.

------
Tepix
Smartphones shouldn't silently send private data into the cloud without asking
the user first. I for one would rather back up the data to my own server or
locally instead.

~~~
fidotron
I agree. Now, would you pay for that option? How would it be developed? This
is the critical problem.

You could implement Android's storage app framework API around git running on
each of your devices, and peering to your own servers (and other devices).
This would give you at least a Dropbox style system that works, but the
rewards for the (not that large, but non-trivial) investment needed to do it
are non-existent.

------
negamax
I have a galaxy s4 it also backsup messages and address book etc in the cloud.
Pretty sure apple does the same. What am I missing here?

~~~
wfjackson
The US and Korea don't have territorial claims or border disputes or fought a
war with India. Also, many Chinese firms are known for hacking and spying to
get trade secrets. Chinese firms will have a big leg up against Indian ones if
they know the price they're bidding for overseas contracts, for example.

Example of ZTE blatantly violating an NDA it signed.
[http://thepatentinvestor.com/federal-judge-says-vringo-
has-c...](http://thepatentinvestor.com/federal-judge-says-vringo-has-chance-
for-enormous-punitive-damages-against-zte-corp/)

The way that Xiomi blatantly copies Apple, including the "one more thing", I
wouldn't expect them to have any qualms turning any and all info to their
govt. for any small benefit.

[http://www.cultofmac.com/291859/xiaomi-
ios-7-ripoff/](http://www.cultofmac.com/291859/xiaomi-ios-7-ripoff/)

------
chdir
Taiwan investigating Xiaomi too :
[http://www.nytimes.com/2014/09/25/technology/taiwan-
investig...](http://www.nytimes.com/2014/09/25/technology/taiwan-investigates-
xiaomi-of-china-over-cybersecurity-concerns.html?_r=0).

Xiaomi is moving its servers out of China to address such concerns :
[http://www.financialexpress.com/news/xiaomi-shifts-user-
data...](http://www.financialexpress.com/news/xiaomi-shifts-user-data-out-of-
china-on-privacy-concerns/1301603)

------
sreejithr
I don't see how the picture is different for Android and iPhones. With Dropbox
having former NSA Condoleezza Rice and Google's shaky privacy policies, I see
a similar theme.

I think the point here is that India and China have a neutral relationship at
best and India doesn't want military leaks. India and the US are on relatively
friendly terms.

All things considered, I wouldn't blame anyone on being paranoid over sharing
info with Beijing. Totalitarian government, iron curtain and serious lack of
freedom of expression all work against its favor.

Ya. I wouldn't trust Beijing with any of my beeswax. Same way I distrust
Pyongyang.

------
hack37
I must have missed the security warning when Apple phones communicated back
home when syncing contacts in iCloud.

~~~
eric_h
iCloud is decidedly opt-in. I believe the point of TFA was that it was done by
default (and for new phones is now opt-in).

------
ChuckMcM
I guess the paper doesn't appreciate the irony of all their ad trackers on
that page trying to send data about who read the article to 'mysterious IP
addresses in India' :-)

The non-story is everyone with an internet property, or an internet
interaction device, is trying to collect data about you because selling that
is more valuable than the money you are willing to pay for the phone.

A useful story would be "new phone maker FooAmi is successfully selling phones
for $200 more than their competitors because they explicitly prevent others
from using them as tracking devices." That would be where consumers actually
paid money for a phone or device that didn't make up its cost in data sales.

The thing I struggle with is that it seems most people just don't care, and I
have convinced myself that it isn't because they don't understand what is
being said, they just don't care. And that makes me profoundly sad when I
think about it too much.

~~~
msy
That exists, it's called an iPhone. I may sound like I'm being facetious but
its privacy defaults and possible settings around cookies & local website
data, removing plugins and making app permissions requests explicit,
transparent & not permitting apps that ask for totally unnecessary ones are
leagues in front of the competition.

This isn't to say they're perfect but if you care about your privacy and
you're in the 99.9999% that isn't being explicitly targeted by a TLA it's your
best choice.

~~~
ChuckMcM
And yet the NSA specifically called out the iPhone as a 'gift' to intelligence
agencies in the their documents.

Yes, Apple has made some changes which mitigate some of that, just as
Microsoft made a lot of changes when they were called out as the security joke
of the computer world. Neither example though speak to my point.

My point, and my experience in trying to get more secure systems out there, is
that regular consumers, those between the boundaries of the upper and lower
first standard deviation, the folks who go out and buy most of the phones or
computers or internet of things type devices like fitness bracelets do not pay
more for a device with equivalent features but better security. And the people
two standard deviations out who would pay extra, can't or won't pay extra
enough to cover for those who don't.

There is another experiment running right now, its called the Blackphone[1],
I'm watching it to see how they do. If history repeats itself they will got
out of business in 1.5 to 2 years. I liked the editorial though which was "Why
should I have to buy this phone to get these features?" its at the heart of my
opinion on the marginal market value of 'security' in an electronic device.

[1] [https://store.blackphone.ch/](https://store.blackphone.ch/)

------
contingencies
This is essentially the mobile application security question discussed
yesterday @
[https://news.ycombinator.com/item?id=8504136](https://news.ycombinator.com/item?id=8504136)
and has nothing to do with China.

------
JoshTriplett
Warning: the linked site auto-plays audio and video.

------
lnanek2
This is really a step backwards for most users. Before users had everything
automatically backed up by the cloud. Now they would have to have a more
complex on boarding process where they will probably skip some advanced
technical option they have no clue about. I don't use Xiaomi devices, but
cloud support on other platforms has been great for me. I never make manual
backups and yet it is irrelevant to me if I lose a laptop, have it stolen,
swap phones, whatever because everything just automatically comes back thanks
to the cloud. Except for some banking authentication I only keep in my head, I
have no privacy concerns anyway, so all these nutsos holding back cloud from
the masses are actually a big detractor to the platform for me.

~~~
adityab
> Except for some banking authentication I only keep in my head, I have no
> privacy concerns anyway, so all these nutsos holding back cloud from the
> masses are actually a big detractor to the platform for me.

There are people who care about privacy. They are not 'nutsos'.

