So.. some time back, DJI did what many companies do; they offered a 'bug bounty' for security issues related to their product/website/so on.

As it happens, one fellow stumbled across a series of issues that gave him access to a mind blowing amount of personal data from DJI's clients, including un-redacted passports etc, many of which were Chinese military btw.

He went on to report his findings and DJI, after a very, very strange amount of legal wrangling and double speak, offered him $30,000 for his efforts. Thing is, the terms they offered it under were Fucking Bonkers. The security researcher took them to a lawyer and the lawyer said point blank he was looking at some very bad faith docs. So the security researcher basically threw up his hands and said fuck this, dumped all his research and his story into a pdf and posted it here:

http://www.digitalmunition.com/WhyIWalkedFrom3k.pdf

Fast forward to today, and we find out why DJI might have been so terribly weird and cagey and predatory about that researcher's discoveries:

https://info.publicintelligence.net/ICE-DJI-China.pdf

DJI has been fairly outspoken in their renouncing of this storm of shit but lest we forget, the US Army went ham on DJI in August over these exact shenans and DJI in response deployed a 'local data only' setting which suppressed its relentless phoning home over the internet, so its not like there isnt a history of concerning flim flammery with them.