
Drone firm DJI promises 'local data mode' to fend off US government's mooted ban - LinuxBender
https://www.theregister.com/2020/09/10/dji_local_data_mode_us_potential_ban/
======
wisemanwillhear
> A code audit carried out by FTI Consulting was said to have revealed no
> causes for concern, with DJI posting the exec summary (but not the full
> audit) on its website as a PDF. It had access to 20 million lines of source
> code, according to the summary, with analysis focusing on code concerned
> with “communication protocols and network activity with host
> infrastructure”.

DJI can pay for all the audits in the world, if they are not trustworthy they
can find a way to spy in spite of the audit. Computer and software systems are
just too complex to declare clean with audits.

This is a trust problem that DJI simply cannot change in their present state.

~~~
oh_sigh
An audit means nothing if you have the ability to send and execute custom code
to any device which uses your hardware. No one is going to audit an internet
connected Windows 98 machine and say "Yup, no malware on here", and expect
that to hold true for even a second after the statement was made.

------
philips
My take:

DJI, Apple, Huawei, Google etc are all in a similar boat where the governments
they operate under have publicly and privately pressured them to use their
profitable platforms for spying or gathering evidence. This reduces their
profitablity as consumers have less confidence the product isn't working
against them.

But in the case of DJI and Huawei and TikTok the US is more concerned about
how those chinese companies erode US business like boeing, cisco or Facebook.
And instead of saying it is primarily economic protectionism they make it a
defense issue to try and tamp demand.

In the end the best thing for consumers is if Apple, DJI, etc compete on
having privacy preservation and feel compelled to make their products
resistant to government influence.

So this new DJI feature is a good thing for consumers it seems.

~~~
libertine
While I agree with you, I think there's something that should be pointed out:
China stance on foreign companies doing business in China.

Currently China wants all the perks of the open global market, while closing
it's own. I don't understand how this is allowed.

~~~
vkou
China's market is not closed to foreign companies. This isn't 1990 anymore.

American brands are everywhere in China, from Teslas, to iPhones, to
McDonalds, to Starbucks, to the NBA, to the list goes on and on and on.
Google, Facebook, Apple each make billions of dollars from China, every year.

Calling that a closed market is... Not at all accurate. It's by no means a
fully[1] open market, but it's not a closed one.

[1] The definition of fully also varies from country to country. Is Canada a
fully open market? No. For example, there's a lot of government protectionism
surrounding media, and media infrastructure. Is the US a fully open market? No
- again, not in the case of media infrastructure. Neither is an open market
when it comes to food, or medical drugs. (For good reason, in my opinion - but
that's just that - a political opinion. Other people have different opinions
on this subject.)

~~~
m0zg
> Google, Facebook, Apple each make billions of dollars from China, every
> year.

How does _Facebook_ make "billions" in China in particular? It's completely
banned there.

~~~
shard
A company doesn't have to sell things to the local population to do business
there. There are many companies in China which wish to access the user base
that FB has. Here is an article from NYT talking about the $5B that FB made
from China during 2018:
[https://www.nytimes.com/2019/02/07/technology/facebook-
china...](https://www.nytimes.com/2019/02/07/technology/facebook-china-
internet.html)

------
dellcybpwr
Not that I need a drone.. but I've thought about one in the past.. and having
to not only use their app but have it connected to the internet has been a big
deterrent and thus far have not used one.

~~~
omgbobbyg
I have a DJI Mini drone (which is awesome), I use it with a Google Pixel that
has no internet connection (no SIM card and no WiFi) and it works fine.

~~~
alistairSH
Is that true for the larger drones? The Mini is light enough that it doesn't
need approval to fly (in the US). The larger drones require approval to fly,
which is often accomplished real-time within the control app. [I don't know if
this is the case, just guessing/wondering if it is]

~~~
grecy
I think the app figures out where you are based on GPS co-ords and lets you
fly or not. That's what my mavic mini appears to do when I fly it with no
internet connection. It will even pop up warnings like "airport flight
restriction nearby" and it does that with no internet...

~~~
omgbobbyg
Yeah it has internal GPS, works without WiFi and SIM and sets automatic height
restrictions based on where you are. I live in Brooklyn near an LGA approach
vector, surprisingly it tells me the maximum height is 150m, which still feels
pretty high considering how low jets pass over on their way to LGA.

------
zaroth
I have a DJI Mavic Mini and I was very impressed with the hardware and
software overall. My kids and I have had a lot of fun flying this little
drone! It does log every flight to the cloud, showing the telemetry logs of
exactly where the drone flew and what it sent and received along the way (not
full video, just telemetry). I find the logs extremely cool to look over after
the fact when analyzing a flight.

Their insurance program saved my butt when I lost radio contact when I flew
the drone over to a friend's back yard, and had misconfigured the "return-to-
home" altitude too low, so it promptly flew itself into a tree trying to get
back to me. $30 to get a full replacement was a huge relief.

It doesn't bother me much that they have a copy of my telemetry logs. I
wouldn't want them to have copies of the video or pictures, and as I
understand it those never leave the SD card.

It would be nice to have a "local data mode", but on the other hand, their
cloud service is also authorizing the flight envelope based on GPS
coordinates, and it's important that the device doesn't let itself be flown
into air traffic corridors and the like.

Drones are a serious responsibility, and can be misused to cause a lot of
damage, I'm totally willing to trade off some amount of tracking for the
ability to have off-the-shelf access to this tech.

~~~
evv
> I wouldn't want them to have copies of the video or pictures, and as I
> understand it those never leave the SD card.

I'm sure you know this, but in addition to the imagery being saved on the SD
card, it is also streamed to your smartphone, which runs proprietary software
and is connected to the internet.

~~~
zaroth
This is a very good point. There is absolutely the _potential_ for the video
feed or screenshots of the video feed to get onto their servers.

------
danboarder
"A junior US defence minister, Ellen Lord, in charge of procurement, added to
the aerospace magazine: “We looked at the fact that basically DJI from China
had decimated our industrial base for small UAVs, quadcopters and so forth,
through pricing that was sub-cost and so forth.”"

This is so wrong headed. DJI is the Apple of small drones and basically
created the category. I've used all competitors over the years including 3DR
and Parrot and I suggest as an analogy that they are all Nokia style 'feature
phones' compared to DJI's iphone line.

That said, there is a healthy ecosystem of larger custom drones for industry
as well as FPV drone companies that exist, again as analogy perhaps like the
Linux ecosystem exists in the presence of Apple.

------
moepstar
One wonders why such a mode isn't present from the onset - and why customers
accept the lacking of such :(

~~~
leetcrew
it should be of particular concern to drone hobbyists. perhaps things have
changed since I got bored of flying drones, but I recall it being very hard to
operate a drone completely legally. the rules I knew of were themselves a pain
to follow; the worst was the requirement to notify every helipad within five
miles or so. at the time, I could use airmap to get a list of numbers for all
the helipads in my area, but the listed numbers were often some random
person's cell. even when I went through the entire list and dutifully called
each number, I'm not 100% sure I fulfilled the legal obligation. I always
wondered if I was in violation of any state/local laws I was totally unaware
of. it seems pretty rare that any drone laws are actually enforced against
hobbyists, but the penalties are pretty stiff. having flight data copied back
to a remote server for authorities to pore over later seems like a pretty
substantial risk.

~~~
closetohome
DJI in fact advertises the fact that they'll happily broadcast your
information to law enforcement in realtime -
[https://www.dji.com/aeroscope](https://www.dji.com/aeroscope)

It's a little scary.

~~~
leetcrew
I concede they are in a tough and uncertain spot with so much drone regulation
still up in the air. still, it's always gross to see a company
enthusiastically aiding the prosecution of its own customers.

------
sneak
Even DJI stuff that poses no risk whatsoever to health or safety, like their
Osmo Pocket 4k gimbal camera, or their Osmo Action gopro-clone, require that
you “activate” them, iPhone style, which logs at the very least your OS + IP
(and thus rough location) + serial number to DJI.

It’s bullshit. These are not internet-attached devices, they shouldn’t be
spying on us. I’d love to see similar approaches to even domestically-made and
domestically-hosted manufacturers and collection APIs.

~~~
coronadisaster
> These are not internet-attached devices, they shouldn’t be spying on us.

Should all internet-connected devices spy on us?

------
cblconfederate
It's like we have a new Colonial Era, where tech from various powers wants to
loot the data of people around the world. This time it is different though,
because unlike gold, you can duplicate data for free. So, in the end if
everyone has everyone's data, is that valuable at all?

~~~
SergeAx
When they say "data is a new oil", they also mean that it should be processed
to maximize value.

~~~
cblconfederate
an non-scarce asset cannot have high value. I guess thats why there's this
"data protectionism" trend, though it will probably fail

------
kube-system
The headline here is clearly misleading some of the people in the comments.
The proposed ban is on _US federal government purchases_ of DJI drones.

> “The US Congress is considering banning the US federal government from using
> foreign-made drones as part of its 2021 National Defense Authorization Act,”

------
fuzzylearner2
This new change is actually good for consumers though. One of the things that
US government previously wanted was internet being necessary whenever you fly
a drone.

This data was also supposed to be sent to a third party picked by the
government and they would hold this data for months. I think it was on the
lines of remote id or something.

Unrelated, but recently I finished an app for making recreational drone flying
easy. Check it out [https://dronetrails.app](https://dronetrails.app) or
download the test flight app at
[https://testflight.apple.com/join/id9NkioE](https://testflight.apple.com/join/id9NkioE)

------
awinter-py
woo! dept of interior insisted on this, got a forked DJI OS, and did an
expensive consulting round to verify that it didn't phone home

looks like all it takes to negotiate privacy w/ a big tech company is a
million+ procurement process and a trade war

~~~
mleonhard
Can you share a link with more information on this forked DJI OS?

~~~
awinter-py
yeah the dept of interior released a pdf

[https://www.doi.gov/sites/doi.gov/files/uploads/oas_flight_t...](https://www.doi.gov/sites/doi.gov/files/uploads/oas_flight_test_and_technical_evaluation_report_-
_dji_uas_data_managment_assurance_evaluation_-_7-2-19_v2.0.pdf)

they call it a 'government edition', if you search that term in the PDF the
first few matches give some details

------
hashkb
The alliteration in the sub-heading is choice.

------
dreamcompiler
Why does a drone need 20 million lines of code? Windows 95 had about 15
million LOC.

~~~
vlovich123
Probably runs Linux for all the device drivers, network stack etc.

------
tomc1985
Why does it take threats of a national embargo to unlock functionality that
should be present in EVERY device from the start?

