FOXTROT/ALFA: ICANN Halts .org Sale, The Phone Market is Collapsing, Xiaomi Spyware Phones

Welcome to issue 112 of FOXTROT/ALFA for Friday, 1 May 2020 – i.e. Labour Day. Today was a bit of a slow news day, as has to be expected with this being a holiday across much of the world. Not that there are any marches going on, of course. They didn’t even burn parts of Hamburg to the ground this year, as is customary. But there are at least some tech news I’d like to report on.

ICANN Halts Sale of .org Registry

Wow. The biggest news today is that ICANN has actually halted the sale of the .org domain registry to a private equity group after a lot of protests over that last few months (I’d reported on this topic throughout).

ICANN has vetoed the proposed $1.1bn sale of the .org registry to an unknown private equity firm, saying this was “the right thing to do.” The DNS overseer has been under growing pressure to use its authority to refuse the planned transfer of the top-level domain from the Internet Society to Ethos Capital, most recently from the California Attorney General who said the deal “puts profits above the public interest.” ICANN ultimately bowed to the US state’s top lawyer when it concluded today it “finds the public interest is better served in withholding consent.”

It gave several factors, all of which were highlighted by Attorney General Xavier Becerra as reasons to reject it: the fact that the sale would see the registry – which has long served non-profit organizations – turn from a non-profit itself into a for-profit vehicle; that Ethos Capital was a “wholly different form of entity” to the Internet Society; that the $360m in debt that was being used to finance the deal “raises further question about how the .org registrants will be protected”; and that the measures that Ethos Capital had put in place following an outcry were “untested.”

The decision will likely spark a mixture of relief and celebration from millions of .org domain holders, including some of the world’s largest non-profit organizations, many of which were certain that their long-standing online addresses were going to be milked for profit by an organization that never fully revealed who its directors or investors were.

I had half expected this deal to quietly go through now that the world collectively is busy with other problems at the moment.

The Global Smartphone Market Collapses

Smartphone shipments for the first quarter haven’t been this low since 2014.

The coronavirus pandemic has caused the smartphone market to suffer its fastest ever first-quarter year-on-year decline, according to new data from analyst firms. Counterpoint Research and Canalys both put the overall drop in global shipments at 13 percent, though Counterpoint says the drop in China alone was 27 percent while Canalys calculates it at 18 percent.

Whichever numbers you look at, the situation is clear: it’s the first time shipments have come under 300 million since 2014, with a precipitous collapse in China preceding falling demand around the world. “By the end of the quarter, as COVID-19 started to spread to other regions, and lockdowns of varying severity were imposed, the pendulum of disruption started to swing from supply to demand,” Counterpoint’s team of analysts writes in a statement.

Samsung, Huawei, and Apple are still the top three vendors, with Apple seeing the smallest decline in shipments year on year. Both Canalys and Counterpoint rank Xiaomi fourth, cracking 10 percent of global market share for the first time.

Xiaomi Phones are “Backdoors with Phone Functionality”

Speaking of Xiaomi, their phones certainly are cheap, but you might want to reconsider buying one of them. At least if this report from Forbes is to be believed.

“It’s a backdoor with phone functionality,” quips Gabi Cirlig about his new Xiaomi phone. He’s only half-joking. Cirlig is speaking with Forbes after discovering that his Redmi Note 8 smartphone was watching much of what he was doing on the phone. That data was then being sent to remote servers hosted by another Chinese tech giant, Alibaba, which were ostensibly rented by Xiaomi.

When he looked around the Web on the device’s default Xiaomi browser, it recorded all the websites he visited, including search engine queries whether with Google or the privacy-focused DuckDuckGo, and every item viewed on a news feed feature of the Xiaomi software. That tracking appeared to be happening even if he used the supposedly private “incognito” mode. The device was also recording what folders he opened and to which screens he swiped, including the status bar and the settings page. All of the data was being packaged up and sent to remote servers in Singapore and Russia, though the Web domains they hosted were registered in Beijing.

Browsers shipped by Xiaomi on Google Play – Mi Browser Pro and the Mint Browser – were collecting the same data. Together, they have more than 15 million downloads, according to Google Play statistics. Many more millions are likely to be affected by what Cirlig described as a serious privacy issue, though Xiaomi denied there was a problem. Valued at $50 billion, Xiaomi is one of the top four smartphone makers in the world by market share, behind Apple, Samsung and Huawei. Xiaomi’s big sell is cheap devices that have many of the same qualities as higher-end smartphones. But for customers, that low cost could come with a hefty price: their privacy.

Cirlig thinks that the problems affect many more models than the one he tested. He downloaded firmware for other Xiaomi phones – including the Xiaomi MI 10, Xiaomi Redmi K20 and Xiaomi Mi MIX 3 devices. He then confirmed they had the same browser code, leading him to suspect they had the same privacy issues. And there appear to be issues with how Xiaomi is transferring the data to its servers. Though the Chinese company claimed the data was being encrypted when transferred in an attempt to protect user privacy, Cirlig found he was able to quickly see just what was being taken from his device by decoding a chunk of information that was hidden with a form of easily crackable encoding, known as base64. It took Cirlig just a few seconds to change the garbled data into readable chunks of information.

Unbelievable. I won’t quote Xiaomi’s response. If you want to read it, it’s in that article. And it’s utter bullcrap. It’s actually kind of unbelievable how brazen these people are.

iPad Sales Down, Too

Not only smartphone sales are declining amid the ‘Rona panic, by the way. Looks like it’s the same for iPads.

Under the shadow of a pandemic that forced the shutdown of Apple’s production lines in parts of China, global sales of iPads are tumbling rapidly. Preliminary data collated by number-cruncher IDC for calendar Q1 show Apple’s unit shipments into distributors and direct to its stores dropped 30.4 per cent year-on-year to 6.9 million. This, in a market that was itself down 18.1 per cent to 24.6 million.

Also Noteworthy

Some other stories I read today:

After all that doom and gloom, I feel like a happy song is in order to send you off into the weekend. So here’s to Better Days!

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.