Is Google Pixel actually good for privacy? - eviltoast

I hear many people say that the Google Pixel is good for privacy, but is it?

I’m asking this because I find it weird, of all the companies, Google having the most “privacy”.

  • jose1324@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Ok, wall of text aside. Now I’m sure you’re bsing. It’s never been 2 months or even longer. Literally every Xiaomi or Poco is that you register and then you wait 1 week and then unlock with the pc. No weird ass wait times. You don’t even have to use it. I have done this for like 8 models old and new already. The Mi unlock app doesn’t even have software for other times.

    Also the bootloader does display that it’s unlocked. But even with a ‘warning’ most people wouldn’t care and that’s what Xiaomi still wants to prevent.

    • A1kmm@lemmy.amxl.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Here’s another source about 2 month wait times sometimes, if you don’t believe me: https://www.xda-developers.com/xiaomi-2-month-wait-unlock-bootloader/. It has never personally been 2 months for me, but it has been over a week before for me, and their support team refused when I asked nicely to shorten it despite the fact my daily driver phone was broken and I couldn’t restore my LineageOS from backup - I just had to wait. That’s why I don’t buy Xiaomi stuff any more.

      The wait time is determined by their servers, which sends a cryptographically signed certificate specific to the serial number of the device that the bootloader reads. The key to sign the certificate stays on their servers, and the client just calls to the server, and either gets a response saying to wait for this much longer, or containing the certificate. Xiaomi explicitly call it ‘apply for unlocking’ (e.g. see the title of https://en.miui.com/unlock/index.html), as in, they think it is their right to decide who gets to decide what runs on my hardware I’ve bought from them, and us mere consumers must come begging to them and ‘apply’ to unlock.

      You don’t even have to use it

      The bootloader is designed not to boot anything except MIUI without the certificate from the unlocking tool. While there are open source clients (like https://github.com/francescotescari/XiaoMiToolV2) they still work by calling Xiaomi’s server to get the unlock code, so if you want to run anything except Xiaomi’s MIUI (which is a bad idea from a privacy perspective), you kind of do have to use it (at least their server). The only way around it would be if someone found a vulnerability in the bootloader or the processor itself that allows for the ‘treacherous computing’ aspect of the boot to be bypassed without the certificate - and as far as I’m aware there isn’t a reliable approach yet for that.