Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] Researchers accuse Xiaomi browsers of collecting data, even in Incognito mode (xda-developers.com)
59 points by DyslexicAtheist 36 days ago | hide | past | web | favorite | 4 comments

Nearly all consumer-grade home security cameras sold today on Amazon are just rebranded Xiaomi.

This is part of a major initiative out of Beijing called the "Xiaomi Ecological Toolchain".

Wyze, Yi, Kami, and IMOU are all part of this group. The products, at least the physical cameras, are quite well made. The software though has security and data collection issues much like what is mentioned in this article.

However the main issue is this appears to be a somewhat significant anti-trust violation. It will depend though ultimately on how much coordination is going on between the companies.

Must be some variation in packaging/connectors/cabling. My buddy has bought a dozen different cameras, and the best of them need overhauling with better seals, completely reworked cable holes, and in some cases, gratuitous holes in the case plugged! He mounts them outdoors and they fail in days if he doesn't do something. Hasn't found an outdoor camera that performs as advertised, not one.

> The data that Xiaomi was sending was admittedly “encrypted”, but it was encoded in base64, which can easily be decoded.

Base64 isn't encryption. It's encoding. Not the same thing. In truth then, the data was not encrypted, it was sent in the clear (or at least with no additional encryption layered over the web protocol), having been compressed with gzip and then encoded using base 64.

Not sure it matters though. Doesn't seem clear whether it was sent over HTTPS, which would count as encryption, but doesn't much ameliorate the privacy concerns. That Xiaomi appears to be straight-up lying about it is all the more damning.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact