Not using one of these in my life without a privacy-focused ROM. fingers crossed they get it ported, because the hardware truly looks insane. Xiaomi has a lot of products like this: cheap, very low profit margin by production costs, but very ad-filled and data-collecting by default.
I own a $30 mi band 5, with Gadgetbridge, an open source fitness tracker app. Absolutely worth the price if you can bypass the malware built into it.
Instructions are usually pretty clear (eg. XDA posts for ROM releases or LineageOS wiki pages are usually quite clear, the latter being more than the former IMO). It might be harder, but usually laypeople can get by (eg. aren't particularly knowledgeable but perhaps aren't afraid of using the command line either, even if it's just copypasting). At least that's the impression I get from people posting on XDA.
Either way, I can usually flash ROMs without issue (I don't know a lot about Android but I do understand how my computer works, I guess), but when I do it I usually get incredibly nervous and panicky out of fear that I'll brick my phone or I forgot to back up something important.
Well, the fitness band didn't have its firmware flashed. that's not where the tracking is anyway. It's a different app being used to collect the data.
Recent models of many Xiaomi bands require an authorization code that must be taken from an existing account that has linked with the watch. If someone's skilled enough to run a python script they can get the code and install Gadgetbridge.
There are two backdoor potential you know. The software, which on my Huawei I prevent with a whitelist firewall which works so insanely well that it doubled my battery life, and the radio chip.
Sadly, whatever you do, on all phones manufactured in China or designed in the US, you risk a hardware backdoor you can never inspect.
What do you know of the radio chipset, taking electricity to connect to the remote antenna: it can probably ping, get signal from the mic and gps, or the camera etc.
If you re going to be paranoid, because you attack children or sell drugs, why the hell do you buy phones in the first place !?
IMO, the risk of a hardware backdoor is always there and perhaps less damaging if the country is across the world, depending on the threat model and damage model.
realistically you're right, and I probably would deeply consider my options before thinking about it. But we can go down the list of lower and lower firmware that we cant verify (hell, I just reread Reflections on Trusting Trust this morning). Every device has Chinese-made chips. I suppose it's more risky than an American company but to me it seems like rearranging chairs on a sinking ship, which is why I never keep anything sensitive on my phone.
> If you re going to be paranoid, because you attack children or sell drugs, why the hell do you buy phones in the first place !?
While the rest of your comment is accurate, this is disingenuous. There are plenty of valid reasons to have concerns over this besides those drilled by the powers that be.
Besides, it's still reasonable to want to reduce your potential attack surface. Sure, federal agencies may root you if they really want but that doesn't mean it's pointless to avoid OS-level preinstalled backdoors from the manufacturer.
> If you re going to be paranoid, because you attack children or sell drugs, why the hell do you buy phones in the first place !?
If you are going to joke, kindly mark it, so we do not misunderstand you, and so you do not cause internal damages to those who are not trained to always keep neurovegetative and limbic on guard while reading - you know, that occasional moment in which you trust what you read and the physiological reactions start, before the prefrontal goes "wait a moment, that may be not serious".
People have
-- a privacy to defend as a principle («privacy to defend», what times!),
-- absurdity to keep at bay (interrobangs have a cost - the paragraph above is relevant),
-- security to ensure (information which ends up in weakly protected repositories is basically public),
-- safety to strengthen (sociopolitical systems can make people pay for any minor trait)
/If/ it was meant to be a joke. It can easily have not been one: it can easily have been unaware and/or insensitive of the expressed four points and more - many people are (see the diffusion of the "nothing to hide" stance). The content you called "absurd" is pretty literal.
The unawareness of the importance of privacy even as a cautionary stance is spread even in the learned, some convinced that we live in a riskless fair world of free thought and expression without consequence - there are people of prominent intellectual profile vocal against online pseudonyms, for example. There are political representatives proponents of the end of online anonymity.
So, no, when somebody makes those statements about child abuse and drug trafficking, they may not be joking.
Build yourself intellectually in a similar way, and you will reason in a similar way, and consequently express yourself in a similar way. Do not restrict your work to technical matters, which not only would be like training one leg and leaving the rest of the body to atrophy: good intellectual keys come from everywhere, and especially from good creative literature. The earlier the better for the plasticity.
For the rest: do not abuse the assumption of good faith. There are other places than HN to abuse informal attitude.
Edit: for both cases, replies to secondaryacct and yourself: you do have the rule about assumption of good faith in the guidelines present, don't you?
In that case: it was not swallowing but digesting, and it was not one dictionary but very many, in many languages. But it is not the dictionaries to change the linguistic use: the literature and the intellectual keys acquired from all areas form the capacity for complexity, shape that complexity and its expression (so, for example, more mathematics than philology). The "dictionaries" (the research about language) come later in the process of verification of what you absorbed initially less consciously.
Now, this thread was about computing devices, branching towards security, privacy and its importance - not linguistics -, and your comments may be interpreted as intellectual curiosity as per the rules, but can more easily be interpreted as a mockery - as already mentioned. I am open to questions, but I think it proper for that to happen in a different context.
Apart from fighting political dissidents, tracking is used for targeted ads, i.e., to force you to buy staff you don't need. Many people are not fine with psycological manipulation.
author here: Xiaomi make Google and Facebook look restrained, it's true.
That said, I basically declared data bankruptcy a while ago, and I'm literally one of the people who should know better (Open Rights Group founding member, etc).
This phone is relatively new, and the open-source Android replacements are typically multiple models behind. So basically someone who can has to step up.
I have a Note 9 and I have given up on getting any apps to stay running in the background. I hate when computing devices don't let you use the thing as you like.
Miui Optimizations is strict on bg tasks. You can disable optimizations in dev options [1] which returns you closer to stock android. But now heavy or poorly made apps like adguard (who were kicked off the app market and now have no oversight) are extremely difficult to shutdown background processes for and battery life suffers.
I bought a moto g30 for this very reason. Stock android. I could disable each and every crap that came in the stock android which isn't possible in any custom ROM.
try to disable "youtube" or "googly play music" or "google assistant" or those pesky xiaomi/realme/samsung bloatware.
the custom roms do not support disabling most "system apps" which are possible in stock android as is on my phone
i have previously used adb shell to remove apps from realme phones but a lot refused to get disabled. the stock in moto g30 OTOH lets me disable play store not to talk about other apps.
> Left is night mode on the Redmi, right is the loved one’s Pixel 4a
This is it. This is crazy. Google has pwnd the night shooting market ever since there is a Pixel. No one comes even close, at least nothing even remotely close in price. This is why I am staying on my Pixel 2. For me at least there's no point in upgrade.
While you can get it to kinda "work", it's never really very stable and results just aren't as good because the ML algorithms are trained on the exact sensor/optics used by the Pixels.
Yes I was surprised when the Pixel launched it was so good in night mode. But I thought it is just software and everyone else would surely catch up within 2 years and the feature would becomes standard.
But nearly 4 years later nothing even come close. At least not the camera app by default.
It's incredible how all phones are coming along these days. It seems to be easier for other companies to get into phone manufacturing, I just hope more of them get into FOSS.
Seconded (& I recommended them to the author of the piece, who didn't listen. :-D )
I have an Umidigi F2, with a 38MP camera, 6GB RAM, 128GB flash, big retina screen -- I neither know nor care the rez -- and a huge battery. It lasted 3 days of intensive use when new, it has a headphone socket and both dual SIM + µSD card slots, and it was an astonishing €125 new.
And a totally vanilla Android 10 install that even says it's a Pixel in a couple of places.
I'd rather have a ~£150 phone I can replace every 2 years than a ~£300 phone that has to last ~4 years, but others' mileage varies, of course. Including David's.
This is my 3rd cheapo Chinese phone and I've been very happy with all of them.
The 2nd was a PPTV King 7, AFAIK never sold outside of China, so even when set to English the ROM was partly in Chinese. This one I reflashed with CyanogenMod and it worked well. My camera no longer focused but that was about it. For its time it was _stunning_ and it's still in use by a friend of mine about 5Y after I bought it second-hand.
this phone was on my list, but I got the LG V60 instead, which is now available on eBay new for a big discount. the phone's a beast and it's got 3.5mm, external memory, and a huge battery.
I thought spamming your own content was frowned upon but I guess with all so called rules on this site everything is arbitrary and Dang can do what he wants.
58 comments
[ 2.5 ms ] story [ 197 ms ] threadI own a $30 mi band 5, with Gadgetbridge, an open source fitness tracker app. Absolutely worth the price if you can bypass the malware built into it.
how much work is it to flash it to your own software? can a layperson follow some instructions and get it done without deeply knowing anything?
Either way, I can usually flash ROMs without issue (I don't know a lot about Android but I do understand how my computer works, I guess), but when I do it I usually get incredibly nervous and panicky out of fear that I'll brick my phone or I forgot to back up something important.
Recent models of many Xiaomi bands require an authorization code that must be taken from an existing account that has linked with the watch. If someone's skilled enough to run a python script they can get the code and install Gadgetbridge.
Sadly, whatever you do, on all phones manufactured in China or designed in the US, you risk a hardware backdoor you can never inspect.
What do you know of the radio chipset, taking electricity to connect to the remote antenna: it can probably ping, get signal from the mic and gps, or the camera etc.
If you re going to be paranoid, because you attack children or sell drugs, why the hell do you buy phones in the first place !?
realistically you're right, and I probably would deeply consider my options before thinking about it. But we can go down the list of lower and lower firmware that we cant verify (hell, I just reread Reflections on Trusting Trust this morning). Every device has Chinese-made chips. I suppose it's more risky than an American company but to me it seems like rearranging chairs on a sinking ship, which is why I never keep anything sensitive on my phone.
While the rest of your comment is accurate, this is disingenuous. There are plenty of valid reasons to have concerns over this besides those drilled by the powers that be.
Besides, it's still reasonable to want to reduce your potential attack surface. Sure, federal agencies may root you if they really want but that doesn't mean it's pointless to avoid OS-level preinstalled backdoors from the manufacturer.
If you are going to joke, kindly mark it, so we do not misunderstand you, and so you do not cause internal damages to those who are not trained to always keep neurovegetative and limbic on guard while reading - you know, that occasional moment in which you trust what you read and the physiological reactions start, before the prefrontal goes "wait a moment, that may be not serious".
People have
-- a privacy to defend as a principle («privacy to defend», what times!),
-- absurdity to keep at bay (interrobangs have a cost - the paragraph above is relevant),
-- security to ensure (information which ends up in weakly protected repositories is basically public),
-- safety to strengthen (sociopolitical systems can make people pay for any minor trait)
and more?
The unawareness of the importance of privacy even as a cautionary stance is spread even in the learned, some convinced that we live in a riskless fair world of free thought and expression without consequence - there are people of prominent intellectual profile vocal against online pseudonyms, for example. There are political representatives proponents of the end of online anonymity.
So, no, when somebody makes those statements about child abuse and drug trafficking, they may not be joking.
For the rest: do not abuse the assumption of good faith. There are other places than HN to abuse informal attitude.
Edit: for both cases, replies to secondaryacct and yourself: you do have the rule about assumption of good faith in the guidelines present, don't you?
Now, this thread was about computing devices, branching towards security, privacy and its importance - not linguistics -, and your comments may be interpreted as intellectual curiosity as per the rules, but can more easily be interpreted as a mockery - as already mentioned. I am open to questions, but I think it proper for that to happen in a different context.
Because innocent people can be persecuted too. Just ask many of the ethnic groups across the globe, or other abuse victims.
Privacy protects innocent people from criminals, more than it protects criminals from the good guys.
Being tracked by US or Chinese government how is it different to me? Honest question by the way, not trolling.
That said, I basically declared data bankruptcy a while ago, and I'm literally one of the people who should know better (Open Rights Group founding member, etc).
This phone is relatively new, and the open-source Android replacements are typically multiple models behind. So basically someone who can has to step up.
[1] https://android.stackexchange.com/questions/191228/what-is-m...
Generally speaking, all vendors are absolutely trash at not killing apps. And making apps restore through process death is, to the the least, a bitch.
How would you disable something in a stock ROM that you can't in a custom ROM? Or by "custom ROM" do you mean vendor-customized stock?
I've made it a habit to do the following when updating:
1. Download the update but don't run it immediately.
2. Disable internet connections (WiFi and SIM).
3. Apply the update.
4. Enable NoRootFirewall after restart.
5. Connect a USB and run adb shell.
6. Execute uninstall commands for all the apps I previously uninstalled (I kept a list).
7. Enable internet.
8. Keep an eye on NoRootFirewall for new weird apps and add them to the kill list.
I hate owning a "smart" phone but I need it... so all I can do is suffer.
This is it. This is crazy. Google has pwnd the night shooting market ever since there is a Pixel. No one comes even close, at least nothing even remotely close in price. This is why I am staying on my Pixel 2. For me at least there's no point in upgrade.
I'm using it on my Poco F1 and the night sight works really well.
I've never used a Pixel but the results I get from GCam on my F1 are amazing. Miles ahead of the stock camera app.
But nearly 4 years later nothing even come close. At least not the camera app by default.
It's incredible how all phones are coming along these days. It seems to be easier for other companies to get into phone manufacturing, I just hope more of them get into FOSS.
I have an Umidigi F2, with a 38MP camera, 6GB RAM, 128GB flash, big retina screen -- I neither know nor care the rez -- and a huge battery. It lasted 3 days of intensive use when new, it has a headphone socket and both dual SIM + µSD card slots, and it was an astonishing €125 new.
And a totally vanilla Android 10 install that even says it's a Pixel in a couple of places.
I'd rather have a ~£150 phone I can replace every 2 years than a ~£300 phone that has to last ~4 years, but others' mileage varies, of course. Including David's.
This is my 3rd cheapo Chinese phone and I've been very happy with all of them.
The 2nd was a PPTV King 7, AFAIK never sold outside of China, so even when set to English the ROM was partly in Chinese. This one I reflashed with CyanogenMod and it worked well. My camera no longer focused but that was about it. For its time it was _stunning_ and it's still in use by a friend of mine about 5Y after I bought it second-hand.
I hardly give a crap about any other "feature" these days. I barely use any app except Phone, Web browser and messenger.
iOS meets the requirement automatically and without hassle, but I'm curious about Librem.
Qualcomm SM7150 Snapdragon 732G (8 nm)