this post was submitted on 13 Sep 2023
106 points (94.9% liked)

Privacy

31974 readers
325 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I hear many people say that the Google Pixel is good for privacy, but is it?

I'm asking this because I find it weird, of all the companies, Google having the most “privacy”.

you are viewing a single comment's thread
view the rest of the comments
[–] jose1324 1 points 1 year ago (1 children)

Ok, wall of text aside. Now I'm sure you're bsing. It's never been 2 months or even longer. Literally every Xiaomi or Poco is that you register and then you wait 1 week and then unlock with the pc. No weird ass wait times. You don't even have to use it. I have done this for like 8 models old and new already. The Mi unlock app doesn't even have software for other times.

Also the bootloader does display that it's unlocked. But even with a 'warning' most people wouldn't care and that's what Xiaomi still wants to prevent.

[–] [email protected] 1 points 1 year ago

Here's another source about 2 month wait times sometimes, if you don't believe me: https://www.xda-developers.com/xiaomi-2-month-wait-unlock-bootloader/. It has never personally been 2 months for me, but it has been over a week before for me, and their support team refused when I asked nicely to shorten it despite the fact my daily driver phone was broken and I couldn't restore my LineageOS from backup - I just had to wait. That's why I don't buy Xiaomi stuff any more.

The wait time is determined by their servers, which sends a cryptographically signed certificate specific to the serial number of the device that the bootloader reads. The key to sign the certificate stays on their servers, and the client just calls to the server, and either gets a response saying to wait for this much longer, or containing the certificate. Xiaomi explicitly call it 'apply for unlocking' (e.g. see the title of https://en.miui.com/unlock/index.html), as in, they think it is their right to decide who gets to decide what runs on my hardware I've bought from them, and us mere consumers must come begging to them and 'apply' to unlock.

You don’t even have to use it

The bootloader is designed not to boot anything except MIUI without the certificate from the unlocking tool. While there are open source clients (like https://github.com/francescotescari/XiaoMiToolV2) they still work by calling Xiaomi's server to get the unlock code, so if you want to run anything except Xiaomi's MIUI (which is a bad idea from a privacy perspective), you kind of do have to use it (at least their server). The only way around it would be if someone found a vulnerability in the bootloader or the processor itself that allows for the 'treacherous computing' aspect of the boot to be bypassed without the certificate - and as far as I'm aware there isn't a reliable approach yet for that.