re: White House says no more foreign grid gear
Why isn't all this kit including US made stuff air gapped at least once from the internet?
This is a clear case of ... well something that has bolted a long time ago.
Congratulations, everyone. We made it through April. Here's a handy mop-up of bits and bytes of security news beyond what we covered in The Reg. Xiaomi phones at the center of tracking brouhaha A Forbes report last week outlined how some Xiaomi Android phones track their owners' web browsing and online activities. It was …
Yes, and it would be a loss to national security if we, the US three letter abbreviations, were no longer able to backdoor our own infrastructure. For the course of national security, of course.
(I'm so sorry, but it is very hard not to be a cynic when the US is talking "national security")
I don't really get all the brouhaha around this Xiaomi revelation. It's not any different from what Google Chrome does, harvesting all data including from incognito sessions. Android data slurping measured and monitored
I suppose scandals like these are good to reiterate to the wider public that when it comes to privacy, browsers are one of the most sensitive pieces of software. Choose wisely.
For one, I don't think Google have ever said "no they're wrong, we don't collect that". Their response seems to be more "Yeah we do, it's in the terms, piss off" than "fake nooos".
Also, Google actually tell you that Chrome will collect stuff, and they don't send full urls back
Xiaomi's issue here is derived from so much more than what their browser was doing. Their entire response to it has been utter shit - read their blog post (linked to in TFA), it's waffle that completely avoids the thing at issue, when it's not outright contradicting itself. It's that response which has blown it up into a brouha - had they said "yes, shit, we'll fix this" then there wouldn't have been nearly the same shitstorm.
Instead they went with "the people who found this are wrong"
...is sitting there thinking it's fine to add telemetry to private browsing mode*, and doing it? C'mon who are you?
* NVM the more arguable stuff. I think we can all defintely agree that private browsing signals that the user doesn't want any telemetry sending anywhere right?
"It was claimed the handsets collect things like browsing history, search queries, and news feed activity, and send the data off to servers in China, even when using the bundled Xiaomi browser's private incognito mode"
I recently discovered the "tcpdump" binary in the /system/xbin directory of a TCL/Alcatel device my friend had purchased from Cricket Wireless.
If you're gonna capture data, do it right!
(Amateurs)