[rashomon]

I'm not a conspiracy nut but there is something to say about how attractive Xiaomi's offerings are. For everything from phones, TVs, and other electronics; you would be crazy not to purchase it.

In there lies a hidden threat. Possible from a tiger nation state.

[pjc50]

They don't even really advertise in the West much yet?

The surveillance threat is one that applies to any cloud-linked device, sadly. As a non-Chinese living outside of China I almost mind surveillance by China less; what are they going to do with it, after all? (Unless you count the Mariott guy they got fired?)

[Klathmon]

I don't think it's a "hidden threat" as much as it is a company racing to the bottom first.

Xiaomi has consistently shown that they don't care about security (or at least consistently enough that they have lost my trust).

[O_H_E]

I want to believe this, but I have never seen something about Xiaomi/security. Can you please give some pointers/links/events that happened before

[Klathmon]

I don't have any links on hand, but I know of a handful of situations that I remember:

* Xiaomi android phones had some kind of analytics APK built in around 2016 that would send a shitload of data over HTTP to their servers, and even would allow downloading emergency updates over HTTP. Their "fix" was to enable HTTPS, but leave the ability to force downloads and continue to run the analytics programs on the phones.

* Their robot vacuum used a password of "robotrock" to encrypt and sign updates.

* Their "yeelight" smart-bulbs were recording audio and sending them back to their servers over HTTP.

* Their "air purifier" also sends analytics and does updates via HTTP without any signatures.

IIRC many of these were fixed at some point, but I know at least once they said (paraphrasing) "we aren't going to fix it because the device isn't capable of HTTPS", but I don't remember which device it was. And it's enough for me to understand that they don't seem to take data privacy and security very seriously at all.

[janekm]

Xiaomi want to become an ecosystem/lifestyle provider, kind of a blend of Apple and IKEA. The margin on each individual product aren’t high (especially the electronic ones), but it leads to selling higher margin products down the line. I’m living in China and I now find myself buying Xiaomi towels and USB cables and pens and AA batteries and beer... since I know they will have an acceptable quality at a non-excessive price. Margin on all those is likely to be much higher than on that $30 IP camera.

[tomswartz07]

Or, it's more likely that they only pay workers a few dollars a day to crank this stuff out.