As someone who has a DJI Mini what are the options for a consumer drone made by a US company?
Everything on https://www.diu.mil/blue-uas-cleared-list is either widely different, 15x as expensive, not purchasable by civilians at all, or all of the above. Parret appears to have stopped selling their consumer model entirely. Skydio 2+ seems like the closest thing but it also no longer appears to be for sale either. All their links to the starter kit are dead and only options is to contact sales for enterprise deals.
Skydio exited the consumer market. Their drones had good autonomy and flight characteristics. However, they struggled with wireless link quality due to the use of consumer WiFi, and had much older, inferior camera sensors compared to even contemporary DJI drones. They were also ridiculously loud and inefficient. Their enterprise drones are comically expensive and loaded with nickel-and-dime cloud features.
Parrot drones struggle with the same issues as Skydio (Skydio actually used a Parrot remote controller for their consumer drones), plus their autonomy isn't nearly as good as even Skydio's, the overall drone behavior is "clunky" (slow boot times, slow connection times, non-responsive flight controls), and even basic flight is more challenging.
The main issues plaguing US consumer drones are imaging sensors and wireless link. LTE and other well-suited long range wireless technologies capable of handling speed differential between the station and access point are locked in a vault of patents. Imaging sensors are legendarily impossible to acquire in low to moderate quantities and image sensor parameters are carefully locked behind a billion levels of NDA (thus why even the Raspberry Pi camera is full of DRM).
I assume one of the goals of this is to change that by making it feasible for US companies to compete at least on the domestic market.
Ukraine has shown that having domestic at-scale consumer drone production is a critical military capability. I bet part of the motivation behind this is protectionism to make sure this capability can be built up. Otherwise any war against China starts with China being able to make many thousands of recon aircraft / precision guided projectiles per day, likely with mostly or entirely domestic supply chains, without even going to a war economy, while the US cannot manufacture the same class of weapon at any comparable scale.
>China being able to make many thousands of recon aircraft / precision guided projectiles per day
The US might be able to stop an invasion of Taiwan with just naval and air assets. My guess is that battery-powered drones don't have enough range to be a significant threat against naval assets (even for recon) and don't have enough speed to be relevant against air assets that are not themselves battery-powered drones.
I was on a project that was subject to the cleared UAS list you linked, and I cannot recommend either Parrot (incredibly long boot times, underpowered motors meant it was slow and had poor station keeping in high winds) or Skydio (bad heat management/low thermal cutoffs to the point that during the California high desert summer our unit wouldn't even start due to reporting that it was overheated) at all. So maybe its not too bad that they're no longer for sale.
Any guides or pointers on how to do this myself? Looking into pixhawk seems like most of the options are still pretty obscure.
I own a 3D printer and am not afraid of a soldering iron :)
That's just an excuse, after 10 years failing to compete. Western drone companies have received billions in investments to make competing drones, but repeatedly fail, for some reason.
Western company can't compete, but that's on them. Banning DJI won't change anything, Western companies have to get their act together.
The allegations are so subjective that they sound like some middle schooler complaining to their mom.
“DJI drones are collecting vast amounts of sensitive data – everything from high-resolution images of critical U.S. infrastructure to facial recognition technology and remote sensors that can measure an individual’s body temperature and heart rate.”
DJI's response
Technically, DJI suggests using drones for body temperature checks is unfeasible.
Allowing a company that repeatedly violates basic app store rules and exports data to a country with adversarial interests unrestricted access to our infrastructure via drones is highly problematic.
This problematic situation extends in many ways to critical sectors of our economy, including agriculture, energy, defense, etc.
The data collected by these drones is extensive and sensitive. Crop data alone is crucial, and if this information cannot be controlled, it should not be exported.
This stance is not anti-China, but no country should permit unrestricted access to its airspace for surveillance.
Data is the new oil as well, especially with AI. These drone derived datasets are becoming critical path information.
How else can you control the information besides a ban? I LOVE DJI and have several of these drones. But I don’t know how I feel about this because of the problematic data issues. It’s complex and the situation is very difficult.
Its funny because app store rules aren't laws. If we were really concerned about privacy, we'd have our own strong GDPR that mandated privacy and control measures and controls. Banning things doesn't work because the base foundational protections aren't there.
Unconvincing tbh. Research papers have shown that heartrate can be tracked from cameras with well under 4k resolution. Doing it with DJI's excellent camera tech should be quite easy.
As far as US infrastructure, google street view and bing maps seem to be a bigger information disclosure threat but I guess they do blur out faces.
Google street view isn't going to be driving around sensitive government facilites or electrical infrastructure though - and you really can't guarantee no curious citizens will try to fly their dji drone over said facilities. So all DJI needs to do is put in an if(location == government_facility) and sit back and wait for the camera feed from some idiot american.
In 2016, Tesla released the Model 3. When Chinese consumers wanted the most advanced electric vehicles, the Chinese government communicated with Tesla in 2017 about building a factory in Shanghai to produce China-made Teslas. Currently, Tesla is the highest-selling pure electric vehicle brand in China ( Model Y sales in China in December last year were 60,055 volumes
) The intense competition in the electric vehicle market has fostered the development of high-quality Chinese EV brands such as NIO, Li Auto, XPeng, BYD, Zeekr, Xiaomi, Aion... ...
In contrast, in the free and democratic America market, the response to competition in the drone market has been to ban DJI, and the response to competition in the short video market has been to ban tiktok.
Let’s see in ten years which market environment will foster advanced productivity.
A more accurate following of the Chinese model would be for the US to insist that DJI builds its drones for the US market in the US, insist on a partnership with a US company who would then siphon off the knowhow and IP to start building competing products.
The key is to stop rent seeking. Musk pilots the most competitive companies on earth, so of course he isn't scared of China or anyone else, because a truly powerful company takes many dimensions of superiority, not just a few patents.
It's a classic move from corporate America, foreign cars banned if less than 25 years old, high taxes on motorcycles for decades to protect Harley etc...
1.) DJI offers many drones related to infrastructure mapping and maintenance, as well as agricultural tasks. From a national security perspective, it is a non-trivial threat vector for a Chinese company to not only have intimate knowledge of US infrastructure by being their drone supplier, but also by becoming a dependency of US infrastructure. In the event of a war, all of the drones could be grounded or used for nefarious purposes.
2.) When it comes to protectionism, I'm generally against it, but I have different thoughts when it comes to China. They have banned Uber, Google, YouTube, Facebook, Amazon, etc, and just make their own versions of it. Then they have absolutely no respect for international laws when it comes to IP. They don't compete economically according to the same rules as everyone else, and don't deserve to be treated the same way.
3.) I have 2 DJI drones. The fact that there is no mention of compensation in this legislature is absurd. Fortunately, I don't rely on these for my business, but imagine if you were a filmmaker, tree trimmer, real estate agent, etc, who had bought many drones for your business. Not only are you grounding the tools that they've already come to depend on, but there isn't an existing viable alternative on the market for many of these tasks.
> In the event of a war, all of the drones could be grounded or used for nefarious purposes.
That's only an issue if the drone somehow depends on an external Internet-based server, instead of just a plain radio link between the drone and its controller. The law should target that unnecessary dependency, if it exists, instead of banning even standalone drones.
Kudos to you for being able to make the first 2 points fairly despite being personally affected by this. Rare that you'd see that. Most people would start with the 3rd point and try to minimise anything that contradicts.
> imagine if you were a filmmaker, tree trimmer, real estate agent, etc, who had bought many drones for your business.
Unfortunately I suspect this group is already quite small due to the existing heavy-handed regulation of drones for anything other than recreational use. Or they're at least "under the table."
You need a drone pilot's license to legally fly a drone for anything other than recreational use. This has already decimated a lot of the most direct and interesting use cases for us.
Probably yes. The industry can fight with quality or price against Chinese bad products and non Chinese good products, but products that are both Chinese and top notch quality are going to dominate the market because of comparatively lower costs.
Now, that law can indeed have some basis, in theory, but tailoring it to a single brand won't achieve much as the Chinese industry can rebrand products at a cost and in times that are a fraction of a fraction of what it takes to any western democratic country to adjust the law against another brand.
On the other hand, they can't make a generic law against say suspicious code running on consumer devices that could be used to exfiltrate personal data, as it would potentially hit every connected device out there, including western branded ones.
My impression is that they (the law makers) are almost facing the wall where they should admit that closed proprietary devices are generally unsafe and bad, but can't because it would hurt the same industry that contributed to their campaigns, so they direct all weapons against the external enemy. "We're good, they're bad", and end of the story.
If you want to know why the US would have interest in limiting the growth of DJI look no further then Ukraine and the impact drones have on the war. The US wants to encourage domestic drone manufacturing by eliminating the largest Chinese manufacturer as an option.
They have Skydio for that. There is no profit in consumer-oriented drones. The money is in lower volume professional & semi-professional use drones. You cannot compete with China even if we annexed Mexico for cheap labor in order to manufacture high volume low profit drones.
Drones are national security issues for two reasons -- one is that they could be used for surveillance domestically (similar problem with tik tok) and secondarily drones are now core warfare technology and the US has offshored so much of it's manufacturing capacity (not just for drones, but for all electronics) that the US is at real risk of losing any conflict with china because our supply chains will be absolutely wrecked if China cuts us off, so the US is trying to encourage more domestic production. I think China cutting off exports to the US would be way more devastating to the US economy than the US cutting Russia off from the world banking system was to Russia.
One of the largest drone manufacturers globally and backed by the Chinese government [0] and several Red Families [1]
> why is it being banned
It is very closely connected with Chinese government stakeholders, with worries around privacy and data retention [2].
There is also some lobbying by Skydio and Andruil [3][4].
They are also breaking sanctions against Russia with Russian forces using their drones [5][6] (though the Ukrainians are using them as well), as well as sanctions around Xinjiang [7].
> why should the general public care about this
They are a popular low cost drone option. It might also spark a rise in domestic drone vendors - especially in the industrial and defense space [8].
---------
Also, can we please have another source. DroneDJ is a DJI specific blog and as such is biased in favor of DJI.
I was looking to replace my GoPro with the DJI Action, but their app was not on the Play-store.
It can only be side-loaded on Android, because their app breaks a number of policies on privacy and data gathering.
I believe I saw a site that decompiled their app and found a number of worrisome things.
> It can only be side-loaded on Android, because their app breaks a number of policies on privacy and data gathering.
I don't think this is the reason, I think it's more that they're just too lazy to jump through the approval and maintenance hoops that come with an app store, especially because their home market (China) doesn't even use the Play Store.
The iOS version of their app is Apple-approved and present in the App Store.
I do research in this space.
Their consumer apps are loaded to the gills with product-manager telemetry (tap/action tracing, etc., think Firebase/Flurry/whatever), and until recently they had a "sync flight logs" feature that would do what it said: give your detailed flight logs to DJI. It was opt-in, but it was easy to do by accident and many years ago there were bugs in the opt-in toggle.
They just removed this feature from US apps this week (too little too late, and too attached to reality and not attached enough to political pandering).
DJI also have a terrible track record with data security, with their entire AWS account getting ripped in 2017.
I don't think they're explicitly a CCP data-collection front, but sufficient product telemetry is indistinguishable from surveillance malware (this applies to US-based companies and US intelligence, too, of course).
However, their apps run on their own controllers are generally alright, and their enterprise apps run on their enterprise controllers in Local Data Mode are legitimately clean, barring a few versions with small bugs.
I fly DJI drones all the time using DJI RCs with network credentials forgotten, and I wouldn't hesitate to use one of these for consumer use. For the truly paranoid, use a burner email and a VPN to activate the drone.
I also wouldn't worry about using DJI Enterprise drones with the pro controllers in Local Data Mode for even moderately sensitive applications (infrastructure, law enforcement, etc.).
Of course I wouldn't use one for US military applications, insofar as it would be foolish to use any non-allied electronic device in this way.
ps - note that the analysis in the sibling comments are of older apps, DJI Go 4 and Pilot 1, not the newer flagship apps DJI Fly and DJI Pilot 2. The general theme (tons of dirty analytics platforms) remains the same, but the newer apps use more American platforms (Firebase, AWS-hosted proprietary stuff) rather than Chinese, and the "disable telemetry" and "disable data sync" options generally have fewer bugs now.
> I don't think this is the reason, I think it's more that they're just too lazy to jump through the approval and maintenance hoops that come with an app store
If that was the case, then why jump through all the hoops of extensive code obfuscation for the Android app? [0]
> DJI also have a terrible track record with data security, with their entire AWS account getting ripped in 2017.
Leaving the door propped open for everyone is also plausible deniability for doing bad things.
Juniper also had a “small bug” in their implementation of the NSA-mandated Dual Elliptic Curve Deterministic Random Bit Generator algorithm that just so happened to leak the exact number of state bits onto the wire required to hack any VPN connection.
I don’t know if you’re an optimist or just a kind soul, but the rest of us are jaded for good reasons.
A drone company has ZERO business collecting flight log information, in the same way my car manufacturer has no business knowing where I drive.
That their “finger slipped” and they “accidentally” made opting out harder should tell you something.
I feel like you're underestimating the average large state actor's ability to employ subtlety when they really care about a long-term foreign intelligence operation.
For example, it doesn't have to be the case that DJI has ever been told to collect data for the CCP. That would be a big OPSEC violation — as soon as anyone in the foreign media learned of it, DJI would be as dead as Huawei or Tiktok.
Instead, it could just as well be that the CCP have left DJI themselves untouched, but have instead manipulated market conditions around them: arranging it so that DJI "just seems to never be able to" hire any security experts; and so that DJI (and everyone else) hire product managers from a pool trained on CCP-sponsored university programs and industry media sources, that have those product managers parroting "useful" beliefs like "more analytics is always better."
>I don't think they're explicitly a CCP data-collection front
In China you cannot not be explicitly a CCP data-collection front.
China doesn't bring evidence to a judge in order to get a subpoena for data. They just go to DJI an get it. DJI has zero legal recourse if the CCP wants access to all DJI's stored data. Doesn't matter where that data is stored. Same thing for tiktok and why legislators are killing that too. You're a Chinese company? You ultimately work for the state. No discussion.
China is not the US. People need to stop fitting the way things work in the US to the way things work in China.
Edit: For the whataboutists: Yes, everyone is aware that american three letter agencies have backdoor access to every computer, broken RSA and AES, and control the USA's puppet government. Thanks.
I haven't used a DJI drone since I got my Spark, so this is a few years out of date, but when I set that up the procedure was incredibly locked down and invasive. You had to install the app, which had to have full access to everything, and which had to have an active internet connection to update the drone firmware. So at the least, it was extorting your physical location, details of any wifi network, access to phone photos, and iirc a bunch of other stuff (like I said it was a few years). The whole way through the app took a very authoritative tone ("do X, do Y, you must do Z") as well. I used a dedicated second hand phone with no SIM card (after initial setup) but it was still uncomfortable and there's no way in hell I'd have allowed the app on my main phone. No idea what it's like now but I'd be amazed if it's more free or respectful of privacy.
I don't think they're a CCP front, and their actual core product engineering is amazing, but my understanding is that like any sufficiently large organisation in China (or any country, I guess) they must comply with government instructions.
What I heard (third hand knowledge) is that the DJI Android software stack can't handle AABs and for some reason it's easier for them to just get people to sideload instead of fixing their toolchain.
Long ago I bought a DJI mavic. I generally don't use apps for any stuff.
I couldn't fly it with the joystick controller that came with it. It said "see app" or something on the controller. It was really annoying but I sent it back.
A cursory web search said it was sending all kinds of location/flight information/etc back to dji continuously.
I thought there would be outrage, but not much.
I think it is sort of annoying that they are going after DJI specifically.
I think congress should be going after device/app privacy itself for all devices/apps in a more fundamental way.
Do we know the official reasons they can't be on Play? All I can find are people speculating, but it would be really nice to know exactly what Google rejected them for.
I don't think "being in the Play store" means something is trustable, it just means you trust Google Play Services and Google with all of your data, and by extension, the US government.
Being located in the US, I am arguably far more concerned about the US government tracking me than the Chinese government. The US government has jurisdiction over me, the Chinese government does not.
> I believe I saw a site that decompiled their app and found a number of worrisome things.
Every Android in America is sold with a rootkit called Google Play Services and it can do absolutely anything on your phone. There is no limit to what Google Play Services can do on your phone unattended or clandestinely.
In this thread, people not understanding that we've literally watched in the past year as consumer drones with IEDs attached to them have made the $10 million M1 Abrams tanks obsolete and what that means for war and its downstream implications for manufacturing bases.
Although it should be noted that it's not DJI drones doing that damage. They seem to be used for spotting, while more DIY-style FPV drones are the ones blowing up tanks.
Of course, those parts likely also come from sources in China. However, the software is more along the lines of FOSS like ArduPilot or PX4.
All of these politicians who have these completely transactional relationships, I just find utterly gross. I mean, do they have any actual friends? For example, Trump completely disparaged Ted Cruz's wife and father in 2016, Cruz called Trump a "pathological liar" back then, only to do a total 180 and turn into another boot licker.
And if you need a backgrounder on Stefanik, she got elected before Trump, decided she preferred staying in DC to her hometown, sold out her previously-stated principles almost immediately when she saw a chance to gain power, and is now doing as much damage to civil liberties as Nixon and McCarthy ever managed:
She doesn't care about whether the bill does something valid or even whether it survives legal challenges, as long she can use it to score political points. It's a real shame. Congresspeople are supposed to be servants beholden to the public good, not power-hungry sycophants who can't be bothered with the details of governance.
I've never seen her. I've never heard from her locally. You can't fucking find Elise. It's all events in the past. There's never been a townhall up in this portion of her region.
Readit News
Skydio exited the consumer market. Their drones had good autonomy and flight characteristics. However, they struggled with wireless link quality due to the use of consumer WiFi, and had much older, inferior camera sensors compared to even contemporary DJI drones. They were also ridiculously loud and inefficient. Their enterprise drones are comically expensive and loaded with nickel-and-dime cloud features.
Parrot drones struggle with the same issues as Skydio (Skydio actually used a Parrot remote controller for their consumer drones), plus their autonomy isn't nearly as good as even Skydio's, the overall drone behavior is "clunky" (slow boot times, slow connection times, non-responsive flight controls), and even basic flight is more challenging.
The main issues plaguing US consumer drones are imaging sensors and wireless link. LTE and other well-suited long range wireless technologies capable of handling speed differential between the station and access point are locked in a vault of patents. Imaging sensors are legendarily impossible to acquire in low to moderate quantities and image sensor parameters are carefully locked behind a billion levels of NDA (thus why even the Raspberry Pi camera is full of DRM).
Ukraine has shown that having domestic at-scale consumer drone production is a critical military capability. I bet part of the motivation behind this is protectionism to make sure this capability can be built up. Otherwise any war against China starts with China being able to make many thousands of recon aircraft / precision guided projectiles per day, likely with mostly or entirely domestic supply chains, without even going to a war economy, while the US cannot manufacture the same class of weapon at any comparable scale.
The US might be able to stop an invasion of Taiwan with just naval and air assets. My guess is that battery-powered drones don't have enough range to be a significant threat against naval assets (even for recon) and don't have enough speed to be relevant against air assets that are not themselves battery-powered drones.
Some Autel drone are made in the USA, but not all.
Edit: added the Lite and fixed formatting
You mean are assembled in USA. Most soft and hardware is still made in China.
Western company can't compete, but that's on them. Banning DJI won't change anything, Western companies have to get their act together.
Why? Because they aren't good enough, and if they have no competition they'll have to actually do something?
https://dronedj.com/2024/03/02/dji-response-drone-ban-us/
The allegations are so subjective that they sound like some middle schooler complaining to their mom.
“DJI drones are collecting vast amounts of sensitive data – everything from high-resolution images of critical U.S. infrastructure to facial recognition technology and remote sensors that can measure an individual’s body temperature and heart rate.”
DJI's response Technically, DJI suggests using drones for body temperature checks is unfeasible.
https://www.thedronegirl.com/2020/05/06/dji-coronavirus-dron...
US politicians have totally lost their minds to even propose something like this.
This problematic situation extends in many ways to critical sectors of our economy, including agriculture, energy, defense, etc.
The data collected by these drones is extensive and sensitive. Crop data alone is crucial, and if this information cannot be controlled, it should not be exported.
This stance is not anti-China, but no country should permit unrestricted access to its airspace for surveillance.
Data is the new oil as well, especially with AI. These drone derived datasets are becoming critical path information.
How else can you control the information besides a ban? I LOVE DJI and have several of these drones. But I don’t know how I feel about this because of the problematic data issues. It’s complex and the situation is very difficult.
As far as US infrastructure, google street view and bing maps seem to be a bigger information disclosure threat but I guess they do blur out faces.
https://www.dji.com/zenmuse-xt
Dead Comment
Dead Comment
Dead Comment
1.) DJI offers many drones related to infrastructure mapping and maintenance, as well as agricultural tasks. From a national security perspective, it is a non-trivial threat vector for a Chinese company to not only have intimate knowledge of US infrastructure by being their drone supplier, but also by becoming a dependency of US infrastructure. In the event of a war, all of the drones could be grounded or used for nefarious purposes.
2.) When it comes to protectionism, I'm generally against it, but I have different thoughts when it comes to China. They have banned Uber, Google, YouTube, Facebook, Amazon, etc, and just make their own versions of it. Then they have absolutely no respect for international laws when it comes to IP. They don't compete economically according to the same rules as everyone else, and don't deserve to be treated the same way.
3.) I have 2 DJI drones. The fact that there is no mention of compensation in this legislature is absurd. Fortunately, I don't rely on these for my business, but imagine if you were a filmmaker, tree trimmer, real estate agent, etc, who had bought many drones for your business. Not only are you grounding the tools that they've already come to depend on, but there isn't an existing viable alternative on the market for many of these tasks.
That's only an issue if the drone somehow depends on an external Internet-based server, instead of just a plain radio link between the drone and its controller. The law should target that unnecessary dependency, if it exists, instead of banning even standalone drones.
Unfortunately I suspect this group is already quite small due to the existing heavy-handed regulation of drones for anything other than recreational use. Or they're at least "under the table."
You need a drone pilot's license to legally fly a drone for anything other than recreational use. This has already decimated a lot of the most direct and interesting use cases for us.
(In all seriousness, nothing I've read about "DJI" even explains the basics of the issue.)
https://www.dji.com/camera-drones
How is banning DJI drones in the US going to affect how they're being used in the war in Ukraine?
Or do you mean that banning them in the US will somehow stop them from being used against the US in the future?
Deleted Comment
One of the largest drone manufacturers globally and backed by the Chinese government [0] and several Red Families [1]
> why is it being banned
It is very closely connected with Chinese government stakeholders, with worries around privacy and data retention [2].
There is also some lobbying by Skydio and Andruil [3][4].
They are also breaking sanctions against Russia with Russian forces using their drones [5][6] (though the Ukrainians are using them as well), as well as sanctions around Xinjiang [7].
> why should the general public care about this
They are a popular low cost drone option. It might also spark a rise in domestic drone vendors - especially in the industrial and defense space [8].
---------
Also, can we please have another source. DroneDJ is a DJI specific blog and as such is biased in favor of DJI.
Here's some reporting from AP - https://apnews.com/buyline-shopping/article/dji-drone-ban-in...
And the bill itself - https://www.congress.gov/bill/118th-congress/house-bill/2864
--------
[0] - https://ipvm.com/reports/dji-prc
[1] - https://tracxn.com/d/companies/dji/__-YU3B-qveVWiE0QN_8HPp2m...
[2] - https://info.publicintelligence.net/ICE-DJI-China.pdf
[3] - https://www.auvsi.org/policy-proposals
[4] - https://www.auvsi.org/member-organizations-list/all
[5] - https://www.nytimes.com/2023/03/21/business/russia-china-dro...
[6] - https://djirussia.ru/
[7] - https://ipvm.com/discussions/dji-xinjiang-human-rights-abuse...
[8] - https://www.ycombinator.com/rfs
I was looking to replace my GoPro with the DJI Action, but their app was not on the Play-store. It can only be side-loaded on Android, because their app breaks a number of policies on privacy and data gathering.
I believe I saw a site that decompiled their app and found a number of worrisome things.
I don't think this is the reason, I think it's more that they're just too lazy to jump through the approval and maintenance hoops that come with an app store, especially because their home market (China) doesn't even use the Play Store.
The iOS version of their app is Apple-approved and present in the App Store.
I do research in this space.
Their consumer apps are loaded to the gills with product-manager telemetry (tap/action tracing, etc., think Firebase/Flurry/whatever), and until recently they had a "sync flight logs" feature that would do what it said: give your detailed flight logs to DJI. It was opt-in, but it was easy to do by accident and many years ago there were bugs in the opt-in toggle.
They just removed this feature from US apps this week (too little too late, and too attached to reality and not attached enough to political pandering).
DJI also have a terrible track record with data security, with their entire AWS account getting ripped in 2017.
I don't think they're explicitly a CCP data-collection front, but sufficient product telemetry is indistinguishable from surveillance malware (this applies to US-based companies and US intelligence, too, of course).
However, their apps run on their own controllers are generally alright, and their enterprise apps run on their enterprise controllers in Local Data Mode are legitimately clean, barring a few versions with small bugs.
I fly DJI drones all the time using DJI RCs with network credentials forgotten, and I wouldn't hesitate to use one of these for consumer use. For the truly paranoid, use a burner email and a VPN to activate the drone.
I also wouldn't worry about using DJI Enterprise drones with the pro controllers in Local Data Mode for even moderately sensitive applications (infrastructure, law enforcement, etc.).
Of course I wouldn't use one for US military applications, insofar as it would be foolish to use any non-allied electronic device in this way.
ps - note that the analysis in the sibling comments are of older apps, DJI Go 4 and Pilot 1, not the newer flagship apps DJI Fly and DJI Pilot 2. The general theme (tons of dirty analytics platforms) remains the same, but the newer apps use more American platforms (Firebase, AWS-hosted proprietary stuff) rather than Chinese, and the "disable telemetry" and "disable data sync" options generally have fewer bugs now.
If that was the case, then why jump through all the hoops of extensive code obfuscation for the Android app? [0]
> DJI also have a terrible track record with data security, with their entire AWS account getting ripped in 2017.
Leaving the door propped open for everyone is also plausible deniability for doing bad things.
[0] https://news.ycombinator.com/item?id=39438842
> clean, barring a few versions with small bugs.
Juniper also had a “small bug” in their implementation of the NSA-mandated Dual Elliptic Curve Deterministic Random Bit Generator algorithm that just so happened to leak the exact number of state bits onto the wire required to hack any VPN connection.
I don’t know if you’re an optimist or just a kind soul, but the rest of us are jaded for good reasons.
A drone company has ZERO business collecting flight log information, in the same way my car manufacturer has no business knowing where I drive.
That their “finger slipped” and they “accidentally” made opting out harder should tell you something.
For example, it doesn't have to be the case that DJI has ever been told to collect data for the CCP. That would be a big OPSEC violation — as soon as anyone in the foreign media learned of it, DJI would be as dead as Huawei or Tiktok.
Instead, it could just as well be that the CCP have left DJI themselves untouched, but have instead manipulated market conditions around them: arranging it so that DJI "just seems to never be able to" hire any security experts; and so that DJI (and everyone else) hire product managers from a pool trained on CCP-sponsored university programs and industry media sources, that have those product managers parroting "useful" beliefs like "more analytics is always better."
In China you cannot not be explicitly a CCP data-collection front.
China doesn't bring evidence to a judge in order to get a subpoena for data. They just go to DJI an get it. DJI has zero legal recourse if the CCP wants access to all DJI's stored data. Doesn't matter where that data is stored. Same thing for tiktok and why legislators are killing that too. You're a Chinese company? You ultimately work for the state. No discussion.
China is not the US. People need to stop fitting the way things work in the US to the way things work in China.
Edit: For the whataboutists: Yes, everyone is aware that american three letter agencies have backdoor access to every computer, broken RSA and AES, and control the USA's puppet government. Thanks.
I don't think they're a CCP front, and their actual core product engineering is amazing, but my understanding is that like any sufficiently large organisation in China (or any country, I guess) they must comply with government instructions.
Isn't this mandatory given the restrictions required of them to disallow flying in banned areas?
I couldn't fly it with the joystick controller that came with it. It said "see app" or something on the controller. It was really annoying but I sent it back. A cursory web search said it was sending all kinds of location/flight information/etc back to dji continuously.
I thought there would be outrage, but not much.
I think it is sort of annoying that they are going after DJI specifically.
I think congress should be going after device/app privacy itself for all devices/apps in a more fundamental way.
https://blog.grimm-co.com/2020/07/dji-privacy-analysis-valid...
https://www.synacktiv.com/en/publications/dji-pilot-android-...
https://www.nytimes.com/2020/07/23/us/politics/dji-drones-se...
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
Discussed at length here: https://news.ycombinator.com/item?id=39438842
Edit: Thank you sibling comment posted at same time: https://news.ycombinator.com/item?id=40709374
Being located in the US, I am arguably far more concerned about the US government tracking me than the Chinese government. The US government has jurisdiction over me, the Chinese government does not.
I read this BS so often that it feels manufactured.
Every Android in America is sold with a rootkit called Google Play Services and it can do absolutely anything on your phone. There is no limit to what Google Play Services can do on your phone unattended or clandestinely.
Attacking successful Chinese companies with pretenses.
Deleted Comment
Of course, those parts likely also come from sources in China. However, the software is more along the lines of FOSS like ArduPilot or PX4.
https://www.npr.org/2024/04/26/1247403968/ukraine-pulls-abra...
https://www.telegraph.co.uk/world-news/2024/04/26/ukraine-wi...
https://apnews.com/article/ukraine-russia-war-abrams-tanks-1...
https://www.congress.gov/bill/118th-congress/house-bill/2864
That bill was tacked onto a big "must pass" defense authorization and may not have survived on its own.
Here's an article with some speculation on why Stefanik introduced this bill: https://dronexl.co/2024/06/06/drone-industry-outrage-stefani...
She's Dick Cheney to MTG/Boeberts Dubya Bush.
All of these politicians who have these completely transactional relationships, I just find utterly gross. I mean, do they have any actual friends? For example, Trump completely disparaged Ted Cruz's wife and father in 2016, Cruz called Trump a "pathological liar" back then, only to do a total 180 and turn into another boot licker.
https://theracket.news/p/stop-going-stefanik-committee-fools
She doesn't care about whether the bill does something valid or even whether it survives legal challenges, as long she can use it to score political points. It's a real shame. Congresspeople are supposed to be servants beholden to the public good, not power-hungry sycophants who can't be bothered with the details of governance.
I've never seen her. I've never heard from her locally. You can't fucking find Elise. It's all events in the past. There's never been a townhall up in this portion of her region.
Bonus: Her husband is a lobbyist for a leading gun industry trade group. https://www.timesunion.com/news/article/Stefanik-s-husband-K...
Deleted Comment
Dead Comment