collective action against Xiaomi. who's onboard?

Good Observation.

Good initiative.

send it too sudarshan news

This is true for Mi Band too. I do not know whether they can access the cam footage but one thing I know you can either use smart home devices like this, Echo, Mini etc and forget about privacy or you can just plain avoid using this stuff. You can try returning your device if you are concerned on the basis of their account requirement. Tag them on social media sites.

Avoid buying Chinese items…

Good research for product but bad one for Xiaomi. They ask account for pretty much all their products. Also Xiaomi is known for selling data so you could had avoided buying a Xiaomi product altogether. For now take pledge not to buy them in future if you’re privacy conscious.

Its is outrageous, and read the same concern in Amazon reviews.
Privacy is fully compromised be it Mi or Google or Amazon,Airtel,Jio,…… all ask for email, mobile,PAN,aadhar etc and keep watching
Create one dummy email(yopmail) and use it. Hope it works!
If you actively pursue, in the present situation they will surely remove this requirement

wondering why people buy chinese crap still…i too bought MI camera/MI4i in past n due to its shitty performance wont buy even now in 90% discount

I can help u in filing a complaint. Or take a legal recourse. DM me if u want

@brewitty if u bought from Amazon/ Flipkart
Go for replacement
Once replacement arrives
Again go for the same
This time u will get refunded

thanks for the comments and suggestions.
sorry for the delay in replying.
i, myself, prefer non chinese items over chinese, even if they are more expensive. but in this case, i couldn’t find a non chinese camera – godrej and hero included.

going to the consumer court (thanks @sandylodaya for the offer) as an individual will be a waste of time, as the amount involved is only 2800 and under current circumstances it is ill adviced. it would be better if a collective petition be sent to relevant ministries seeking a thorough investigation into xiaomi’s practices rather than focus on a personal monetary loss. as sending a petition to the ministries is a serious matter, i do not want to rush the matter.

in the meantime, i sent messages to mi.com on fb/email seeking email ids of higher authorities, but this was refused. Ironic, for a company that forces its customers to part with such details.

after going through reviews on amazon and elsewhere, i decided to test the claims myself. unbelievably, the app did not accept a yopmail.com id – thanks @caks2006407 for the tip!! i had to create another temporary email id to bypass that. i realised that the app will not connect to the cam without an active internet connection at the time of launching the app (the camera will be working). that means, clearly, it has to connect to xiaomi servers regularly. secondly, the app also requires location details to scan for wifi routers (i dont know what is the link between ones gps coordinates and the hotspot in ones residence/office). in short, xiaomi has all the details to pinpoint who is using which camera and where in the world. this is a serious breach of privacy.

what i find strange is that no one seems to have bothered about this intrusive behaviour of the app. all reviews give glowing details about the performance of the camera, while skipping the fact that the app might be enabling someone at xiaomi to watch the video feed while the camera is being reviewed!! atleast the indian websites should have spent some time comparing the apps data collection hunger and warning users to consider that aspect without being blinded by the brilliance of the camera.

i intend to make a thorough review of the gadget focussing on the privacy issues, first. to make it unbiased, i need your help with a few questions regarding the behaviour of other cameras. i have used a ccplus wireless camera before, and can vouch that it’s app does not need an account, nor an active internet connection or access to location to connect to the camera.

if you have any other wireless camera, i would appreciate if you could answer the following

1. brand and model of camera
2. name of app used to connect
3. does the app mandate creating an account at any site online before connecting to the app?
4. does the app require an active internet connection to connect to the cam? (to check this, disconnect the internet connection from the router/hotspot and relaunch the app)
5. does the app require access to gps/location?
6. does the app allow manual addition of the camera?
7, what personal details have to be given to the app to be able to connect to the camera?

any other questions that you feel need to be addressed, please add that as well.

to kick things off, in case of my camera the anwers are :
1. xiaomi, mi home security camera 360 1080p
2. mi home
3. yes, mi.com account mandatory
4. yes
5. yes
6. no
7. email/phone/facebook id

There is one more aspect. the Indian servers are mostly offline all the time, so even after all the permission n internet one can’t get the device to work unless he manually selects China (mainland) in mi home app.

If for some reason there’s a power cut or u accidently power off the device. You have to repeat the whole setup process again.
on the surface, it looks mi trying to put ecosystem like that of Samsung, but I’m not sure if this is a common practice to force ur user to be connected to the internet all the time.
anyway,I had two mi repeater n i replaced them with tp link.

Please note that if it is linked to wifi then your feed is going to the dragon. Don’t trust that they have resolved that
https://www.xda-developers.com/google-temporari...

I’m using Tplink Cloud Camera unfortunately it has the same process

Almost Every smart equipment requires account if u want to use through mobile.

The OPs concerns are genuine, and that is exactly what happens too as part of Data collection. I myself have posted privacy related stuff in DD and other places, a dimer has replied ‘So what ?’; because it’s not of concern for them and they don’t understand the implications.

If you don’t want to agree to the terms of the usage, you can return the Product, MI phones are horror stories for people who understand about Data privacy and Android. This is not a Chinese thing, it happens with all products even in India. However Xioami is one of the worst I’ve personally seen in terms of invasion.

You cannot question them on why they’re invading your privacy, it’s your choice,agree or disagree, just like people get greedy with shady cashback apps and fail to understand how much info is being shared and agree to all terms without even reviewing them.

You CAN question them on why it was not intimated to you before, do check the fine print on the box and on the site from which you’ve purchased, if it’s already given there, you can’t challenge much.

Stop using Google and FB logins, create individual logins, try not to share a lot of your personal info on shady sites or with sites which are known for data collection… Google and FB are known devils, so nothing much can be done there

thanks for the suggestions and replies. so i tried to get to the bottom of the issue. this is what i found. i created a mobile hotspot on my phone, and installed no root firewall app to check and control data transfers.

1. the camera, itself, apparently does not transfer data. i cannot be 100% certain, though. based on the access requests trapped by the firewall, there are no requests coming from the camera. maybe a better root level monitor will be able to get this. update: there is a “home monitoring” feature where the app will send notifications to the user and also store a small clip on the cloud. when this is enabled, there is a data transfer occuring whenever motion is detected. this i checked after installing network monitor mini app on the phone. i dont have the ip address contacted, but it must be amazonaws.com, most likely.
2. the app connects to the internet everytime it is launched. it tries to access a few sites including hinet (taiwan), Zhejiang Taobao Network, alibaba, facebook.com and a few other ips that dont have a domain name, but most importantly to amazonaws.com. this is the most frequent request, and also the most critical because if this request is declined, the app will not connect to the camera.
2a. even if the home monitoring feature is disabled, the request to amazonaws.com persists.
3. the camera once setup will keep recording based on the parameters configured. Even if restarted it will continue recording without any input. it will record to the memory card, you can view the recorded clips by removing the memory card and accessing it directly. if a person is keen to keep his data private, this is the only way. But you will lose features like pan tilt zoom, live view, 2 way audio communication etc which can be done via the app only. Besides removing the card is a hassle and requires the cam to be switched off.
4. the request for location access is apparently a google feature, as this is the only way the available hotspots’ ssids can be identified. the hotspot will be detected, but the name, or ssid, will not be displayed. in more responsible apps, this is a skippable step, but not for mi home. so one cannot entirely lift the shadow of suspicion.

@Sm2698 @binod_babu : as already stated, in my research i have not come across a made in india product. this incudes godrej and hero cameras. if you find a true made in india product please inform me.

@Gaurav_G : i would be interested to know which websites are accessed by the camera and the app. if possible, please try to reconfigure the camera to run through a mobile hotspot and install the no root firewall and check the logs, and inform.

@rini50 , @tristar : the camera-app dichotomy is not apparent to a customer. the box does not even mention the need for an app and the manual (could’nt find an online pdf) doesnt specify any terms and conditions (just to download and run the app). these are there in the app, you can disagree to the data collection, but then the app will quit. xiaomi knows the camera is useless without the app, but doesn’t inform the customer upfront.
the t&c is nothing extra ordinary. the usual data usage terms are seen, about sharing data with third parties etc. etc.

frankly there is a easy to win consumer court case here, but for it to be of any consequence there must be a class action suit with a few thousand customers collectively filing a case. then the monetary impact on xiaomi will be significant enough for it to take notice, and for the petitioners to feel rewarded.

the quicker option is for a mass petition to the relevant ministries. at the very least the unfair trade practice of not being transparent can be highlighted, seeking a disclosure on the box. most satisfactory would be a thorough review of the data collection policies and data transfer policies of xiaomi, which should culminate in an app redesign so that a mi.com account becomes optional, and the storage of data at amazonaws stopped unless the buyer opts for the home monitoring feature.
i shall be drafting such a petition soon, hopefully we can find atleast 50 supporters from this forum.

@Gaurav_G : https://apkpure.com/noroot-firewall/app.greyshi...

@brewitty There is no concept of class action suit in indian legal system for consumers as far as I know. There is a class action suit provision for shareholders against a publicly listed company but that is different thing.
https://blog.ipleaders.in/class-actions-suits-v...
@bikidas2060 @BubbleBoyChickenLittle @drupal

@guest_999 : there is the concept of a representative suit, where a few people can file a civil case on behalf of a lot of people. it is the closest to a class action suit available.

What @guest_999 said, however the payout will be meagre… Have all the documentation ready, take a print copy of all the evidence and file a case in the Consumer Court. With the current state of things, your case could get some positive light.

@Gaurav_G : thanks. tplink seems relatively less data hungry.

0. which model camera is it ?
1, does the box mention that an active internet connection is required (given that it is a “cloud” camera, this should be obvious even otherwise, still…)
2. can you connect the app to the camera without the internet connection?
2a. does it seek location access during setup stage?
2c. is creating a tapo account mandatory?
3. is there an option to disable storing clips online? (in xiaomi’s case, they do mention that clips are stored online when home monitoring feature is enabled, but even if this is disabled stuff is transferred).

thanks in advance

lol, all your data already got sold when you made your aadhar card, gave aadhar card for jio airtel etc sim, made transactions on paytm, zomatoe, etc, why worry about your data now? and btw indian govt itself sold your vehicle licence data to corporates so its no different than china govt, u want internet enabled devices forget about privacy, regarding the mi security camera if op had watched a few youtube setup reviews he would have known a mi account is needed

thanks @ Gaurav_G.

this is off topic, so i ought to ignore the posts, but still i must rectify some misconceptions wtih this last piece.
@getready : i choose to use apks from third party sites precisely to avoid playstore. there are other means to ensure privacy/security of the device, besides relying on google play protect.

@anuragingle122 : i am surprised that you are equating the indian government with the chinese. please educate yourself about how the chinese government controls their population first. the confidence with which you made that post, knowing well that no harm will come to you, originates from the subconsicious belief that you are under the protection of the indian laws that grant you the freedom of expression. the same post will in all likelihood get you in trouble, had you been in china, because it is mildly disparaging of the government.

so yes, i dont mind if the indian government or indian corporate or an entity that is not hostile to india has access to my data, even if i am not expressly informed. call me patriotic, that way. but i sure have an issue when a chinese company (or any entity that is hostile to india), beguiles me to buy a product without informing me beforehand that i will be sharing my data with them. i want to know why the chinese company wants to know my location and wants to transfer video and audio to some place, where they can use it against my countrymen, probably. i am paranoid that way, because i see the possibility that the cameras that are being operated in those areas where the chinese have an interest – like border areas, or industrial areas, or houses of high ranking officials – will be transferring more data than usual.

@brewitty So how are you ensuring privacy/security of the device with apks uploaded by random users to third party websites?
How are you verifying that these so called third party apks are untouched (like the apks from the original dev via play store) and not modified?
Can you enlighten us?

There is very serious concern with mi camera. I have connected my mi camera with google home app and after asking/giving command to Google to show my camera, it first shows footage of some other random people’s mi camera for few seconds (1-3sec.) and after that it shows from my camera. I did it repeatedly and each time it showed different random people’s personal footage. (Think about the privacy and security, where the hell all gone!). I even tweeted this by making live screen recording video of the issue by tagging mi India, google, govt. ministry but no one responded. Since it has my face recording as well so I finally deleted the tweet after some days.

You can’t do any hell until any issue becomes Corono like hell!