Developing story, seems that many carriers are tracking more than allowed on Android, Nokia and...

Let's see if this is as hysterically scandalous as Giz is trumpeting or if it's just another tempest in a teapot.  I'm not trying to discredit Eckhart, but he's selling a premium version of his CIQ detector that will attempt to uninstall it, which in turns is affecting phone performance.  Like any security company, you can never be too alarmist when marketing your wares.

Both Nokia and Verizon have come out to aver that none of their phones have CIQ.  It appears Verizon will have to backtrack on that claim since the iPhones have it, albeit disabled by default. Or maybe they'll wiggle out of that since the program has been renamed.

Also, let's see how many of Eckhart's claims are validated before uninstalling jdbgmgr.exe all over again.

No one is backpedaling per se -- all the carriers and manufacturers who don't use CIQ announced that they didn't to quell any mass hysteria from their customers.  Right now, it appears that Sprint is CIQ's biggest customer, and they're not saying anything.

A co-worker yesterday asked me if I had heard about how they were spying on us with our phones.  As he understood it, the phones were sending back credit card and bank account information, as if this were some cyberplot hatched by Lex Luthor.

From what I can tell, Eckhart has overstated about 99% of what's happening, from claiming that Blackberry and Nokia were affected (they weren't) and that all newer model Android phones had it (it's probably limited to Sprint and a few phones from TMo & AT&T).  I believe he came at it with the best of intentions, but there's definitely some tin foil hat stuff going on.  It was also irresponsible to use a single phone (the Evo 3D) to make widespread claims that did not hold up under scrutiny.

In the end, it doesn't seem like anything nefarious was going on.  I know I have CIQ running -- I've actually seen it running in my task monitor.  So they weren't really trying to hide it from me.  Until there's evidence to the contrary that CIQ does not transmit personal or unencrypted information, this is just another example of a cyber boogeyman.  There are three levels here -- yes, it does monitor.  And it does record.  But it doesn't record everything it monitors.  And then even less information is transmitted back.  Just because it is watching your keystrokes doesn't mean it's recording them, and if it's not recording them, it can't be transmitted.

The real take away here is that Sprint etal need to be much more explicit about letting customers opt out of crash reporting.  That and no one can whip up a tempest in a teapot like internet nerds.

Have we gotten a good summary of the CIQ story yet? Last I heard, there was confusion over what was being reported to whom. Is it anonymized loggging? Are keystrokes and https data going to CIQ or the carriers?

At the heart of the issue is the divide between what CIQ can do and what CIQ actually does. So far, the actual security experts who have reversed engineered CIQ have not found that it transmits personal information nor have they found that the information is send unencrypted.  CIQ is in the wild and anyone can take a look, but no one has found a smoking gun.  It appears to do exactly what CIQ says it does.

Look, any keyboard on Android by its nature can log your keystrokes (and I'm pretty sure that's the way it is in every OS).  But they don't and no one bats an eye about it.  But CIQ seems nefarious because there is no explicit agreement and no ability to opt out.  As a privacy issue, that's what what is getting a lot of people upset.  And CIQ's fumbled reactions to the developing story in the beginning got all the tin foil hats crinkling.

That's the whole confusing thing. Initial reports were CIQ collected detailed, personal data and sent it to themselves and/or the carrier. But it seems that was simply wrong (?). I lost the thread after initial reports (and reporting diminishes when there's no longer a paranoid tale to tell).

The initial report was so terrifying I simply immediately turned off my iPhones data collection feature. But it looks like the whole shebang is much ado about nothing and I can re-enable that system (contribute my little bit to making things working better)

It's kind of like taking your parents car without asking.  "You could have been killed!"  "But I wasn't!"  "But you could have been!"

You should have asked.

Yes, but there are other apps with keylogger functionality because that's how they work.  If you've ever installed an Android keyboard, it specifically tells you that the program can record all of your keystrokes.  The issue is, is CIQ bad because it can log keystrokes even if it doesn't log all of your keystrokes?  If it's the former, then isn't every single keyboard app some sort of danger to the public?

I think we both agree that the lack of forthrightness and the inability to opt out is a violation of user privacy.  The only satisfactory resolution to this is to have an update that allows you to disable CIQ by opting out.

However, the actual danger/threat of CIQ and the specter of personal information dissemination were overblown. That's the hysteria that was hard to cut through the first 72 hours after the story broke. Once it was clear that CIQ didn't actually do those things, everyone walked away bored.

Sprint disables Carrier IQ from their handsets

There are solid rumors that Sprint will be removing Carrier IQ completely in future ROM updates.