
Researchers accuse Xiaomi browsers of collecting data, even in Incognito mode - DyslexicAtheist
https://www.xda-developers.com/xiaomi-mi-web-browser-pro-mint-collecting-browsing-data-incognito-mode/
======
tastroder
front page discussion
[https://news.ycombinator.com/item?id=23035266](https://news.ycombinator.com/item?id=23035266)

------
rshnotsecure
Nearly all consumer-grade home security cameras sold today on Amazon are just
rebranded Xiaomi.

This is part of a major initiative out of Beijing called the "Xiaomi
Ecological Toolchain".

Wyze, Yi, Kami, and IMOU are all part of this group. The products, at least
the physical cameras, are quite well made. The software though has security
and data collection issues much like what is mentioned in this article.

However the main issue is this appears to be a somewhat significant anti-trust
violation. It will depend though ultimately on how much coordination is going
on between the companies.

~~~
JoeAltmaier
Must be some variation in packaging/connectors/cabling. My buddy has bought a
dozen different cameras, and the best of them need overhauling with better
seals, completely reworked cable holes, and in some cases, gratuitous holes in
the case plugged! He mounts them outdoors and they fail in days if he doesn't
do something. Hasn't found an outdoor camera that performs as advertised, not
one.

------
MaxBarraclough
> The data that Xiaomi was sending was admittedly “encrypted”, but it was
> encoded in base64, which can easily be decoded.

Base64 isn't encryption. It's encoding. Not the same thing. In truth then, the
data was _not_ encrypted, it was sent in the clear (or at least with no
additional encryption layered over the web protocol), having been compressed
with gzip and then encoded using base 64.

Not sure it matters though. Doesn't seem clear whether it was sent over HTTPS,
which would count as encryption, but doesn't much ameliorate the privacy
concerns. That Xiaomi appears to be straight-up lying about it is all the more
damning.

