Comment by chme
16 days ago
Most hardware has no reason to require direct internet access or an account with the manufacturer to work. If some device requires internet access, then it cannot be trusted to not transmit personal data, therefore it should be possible to replace the software on that device, so that something that is trusted by the consumer can be installed.
While DJI here might create good hardware, their internet and account requirement makes it uncontrollable by the consumer, so I do understand that some consumers or, the possible more security aware US, will not trust it. But for the same reason China and other countries might not trust Apple or similar.
Trust is something that needs to be earned and which has to go both ways, if a company doesn't trust their users, and prevents people using their bought products however they like, then why should their users trust the company and let their uncontrollable software record their private lives and possible report back to them?
While I agree with you, I doubt banning Chinese tech will remedy this problem. My experience is that American brands are much, much more aggressive about making you connect to the internet, install our apps, create an account, subscribe to our newsletter etc.
Look at the difference between iRobot and Chinese robot vacuums on Amazon - the difference is night and day.
Depends on what you consider the "problem". As Congress sees it, the problem is two-fold... You have no control over your data. The company that does have control over your data is beholden to a foreign country not currently considered "a close ally".
True.
I was just talking about my experience with DJI. Where you buy a product, can use it for a bit, and then it stops working, because you haven't connected it to the internet or created an account.
It is often the 'market leaders' that are so afraid to loose customers and their market position to implement customer hostile processes into their products.
And yet the US government isn't worried about a US company leaking photos of sensitive information to the US government.
The same cannot be said of the Chinese government who may be happy to get extensive drone footage of everyday US infrastructure which can be used in a future war.
Meanwhile, China won't even let Google provide a valid map of the country... https://en.wikipedia.org/wiki/Google_Maps#Google_Maps_in_Chi...
But tell us all more about how we should be more concerned about a US company requiring an internet login.
This is always an interesting read for the rest of us neither in the US nor China.
On one hand I understand we'll need to move to more insular and protective policies and basically ban foreign technology in so many places, on the other hand I don't want a gov like Ethiopia to have the choice between having no technology or being spied to the bone by all of its tech providers. The EU would be the only place with a one in a million chance to pull it off, there sure must be another way ?
The US government is right to be worried about China. Individuals, especially but not exclusively those of us who aren't US citizens, might well have more to fear from the US.
> American brands are much, much more aggressive about making you connect to the internet, install our apps, create an account
This whataboutism ignores one very important point.
When you connect a device to an American company they might do things that we consider privacy violations, while still staying generally within the bounds of the law. We like to joke about data going to the NSA or something, but in the extremely limited cases where it does protections exist with oversight.
Contrast this to Chinese companies where by law every company is part-owned by the government itself. The Ministry of State Security literally has employees who show up to these companies every day like normal workers, but their job is to find and exploit intelligence on foreign individuals and businesses.
I agree with most of your point but.
>data going to the NSA or something, but in the extremely limited cases where it does protections exist with oversight.
They didn't build the Utah Data Center because of their extremely limited amount of data.
We all like to joke about our data going to the NSA because our data has been repeatedly been caught going to the NSA.
5 replies →
The idea of running any internet-connected software with a push-update mechanism, built and controlled by a company in a country without a strong independent rule of law, should terrify far more people than it apparently does.
This is one of those 'It's not a problem until it is a problem, and then it's a big fucking problem' scenarios.
5 replies →
> This whataboutism ignores one very important point.
Reverse whataboutism is still whataboutism.
For example this predicate
> while still staying generally within the bounds of the law.
Completely ignores the fact that US companies have been found lying and deceiving to circumvent the barriers posed by the law.
But not only US companies, remember the diesel gate?
This other predicate
> (In China) by law every company is part-owned by the government itself
It's completely false, while this one
> The Ministry of State Security literally has employees who show up to these companies every day like normal workers
It's pure intellectual dishonesty . Every sufficiently advanced intelligence agency has spies. With the USA agencies being the largest employers for spies on the entire Planet.
> While I agree with you, I doubt banning Chinese tech will remedy this problem.
I don't mean this as a political issue, but in your comment I see one of the reasons Trump appeals to people. He promotes a mindset of "stop handwringing and just fix the damn problem."
Here we know the following:
1) DJI devices have an always-on connection
2) Chinese government is unfriendly to US and exerts strong control over Chinese companies
3) China regularly blocks US companies for whatever reason they decide.
So yeah, we can say "but banning DJI won't solve the general problem of bad companies; we shouldn't just focus on China; is a ban really fair? etc etc. Or, we can just say "screw it -- China treats US companies like shit and we're not gonna just hand over all our drone info"
I'm not sure how that would actually "fix the damn problem"? My point is that American tech companies are just as data-hungry as DJI, probably more, and Chinese tech products are more likely to let users control their devices off-line than American brands. You're right though that creating a boogeyman and attacking it while ignoring the much larger and more complicated problems is great politics (and always has been)
1 reply →
> direct internet access or an account with the manufacturer to work
Unfortunately this is required by regulators in many countries. In Thailand you can't fly a drone without a license. You need to obtain the license before activating the drone and provide your information and the license number at time of activation (which is tied to drone serial number).
It sucks but it's the law here.
shitty laws in thailand are no excuse for human rights infringements in the other 99% of the world
Requiring an account to use a DJI drone is a human rights violation?
1 reply →
I would like to see a requirement that any drone sold in (or imported to) the US (or EU) has to be flashable - without having to desolder components, or any other such nonsense. Press some buttons and load new software.
An accompanying requirement would be to document interfaces to hardware subsystems (chip spec sheets would suffice).
With drones, the potential for mischief is too great to let malware be smuggled in.
Is this a politically and technically realistic goal ? Or am I talkin' thru my hat ?
Impossible, especially for drones, because it would allow people to trivially flash firmware to drones which can bypass restrictions like no-fly zones and reporting requirements which allow the FAA or other LE to answer questions like "who was flying a drone playing chicken with a low-flying Cessna"
Err, while it takes a little more technical know-how and some electronics experience, this already exists and is still extremely easy to do..
https://betaflight.com/
or
https://github.com/iNavFlight/inav
or
https://ardupilot.org/
among others
1 reply →
I figured geofencing might be a dealbreaker.
Back before the war it was possible to obtain hacked DJI ROMs from the Russians that disabled all of these connections and restrictions including no-fly zones.
i agree, but we shouldn't require all firmware to be open-source and user-replaceable on only chinese devices; we should require it for everything, perhaps with narrow exceptions for things like pos terminals and certain kinds of industrial equipment