1. Guest,
    If you need help getting to know Xenforo, please see our guide here. If you have feedback or questions, please post those here.
    Dismiss Notice

Developing story, seems that many carriers are tracking more than allowed on Android, Nokia and Blac

Discussion in 'Mobile Phones / Entertainment' started by Sam Posten, Nov 30, 2011.

  1. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,951
    Likes Received:
    1,574
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    Terrifically illegal if true: http://www.theregister.co.uk/2011/11/30/smartphone_spying_app/ www.cultofmac.com/132461/steve-jobs-was-right-android-logs-everything/?utm_campaign=twitter&utm_medium=twitter&utm_source=twitter I'm suuuuure there's a reasonable explaination for all this! :rolleyes:
     
  2. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,951
    Likes Received:
    1,574
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    Giz on why you can't opt out. http://gizmodo.com/5863849/your-android-phone-is-secretly-recording-everything-you-do
     
  3. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,951
    Likes Received:
    1,574
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    So I don't get accused of bias, it looks like parts of it ARE in iOS as well: http://daringfireball.net/linked/2011/12/01/carrier-iq-ios The makers of Carrier IQ are trying to deflect but I'm not buying it, see: http://daringfireball.net/2011/12/translation_carrier_iq
     
  4. Hanson

    Hanson Well-Known Member

    Joined:
    Nov 1, 1998
    Messages:
    4,617
    Likes Received:
    116
    Real Name:
    Hanson
    Let's see if this is as hysterically scandalous as Giz is trumpeting or if it's just another tempest in a teapot. I'm not trying to discredit Eckhart, but he's selling a premium version of his CIQ detector that will attempt to uninstall it, which in turns is affecting phone performance. Like any security company, you can never be too alarmist when marketing your wares.


    Both Nokia and Verizon have come out to aver that none of their phones have CIQ. It appears Verizon will have to backtrack on that claim since the iPhones have it, albeit disabled by default. Or maybe they'll wiggle out of that since the program has been renamed.


    Also, let's see how many of Eckhart's claims are validated before uninstalling jdbgmgr.exe all over again.
     
  5. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,951
    Likes Received:
    1,574
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    Apple responds: http://allthingsd.com/20111201/apple-we-stopped-supporting-carrieriq-with-ios-5/?mod=atdtweet First congressional inquiry: http://franken.senate.gov/?p=press_release&id=1868
     
  6. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,951
    Likes Received:
    1,574
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    CIQ says it's all innocent, really! http://allthingsd.com/20111201/carrier-iq-speaks-our-software-monitors-service-messages-ignores-other-data/?reflink=ATD_yahoo_ticker Then why are all the carriers backpedalling?
     
  7. Hanson

    Hanson Well-Known Member

    Joined:
    Nov 1, 1998
    Messages:
    4,617
    Likes Received:
    116
    Real Name:
    Hanson
    No one is backpedaling per se -- all the carriers and manufacturers who don't use CIQ announced that they didn't to quell any mass hysteria from their customers. Right now, it appears that Sprint is CIQ's biggest customer, and they're not saying anything.


    A co-worker yesterday asked me if I had heard about how they were spying on us with our phones. As he understood it, the phones were sending back credit card and bank account information, as if this were some cyberplot hatched by Lex Luthor.


    From what I can tell, Eckhart has overstated about 99% of what's happening, from claiming that Blackberry and Nokia were affected (they weren't) and that all newer model Android phones had it (it's probably limited to Sprint and a few phones from TMo & AT&T). I believe he came at it with the best of intentions, but there's definitely some tin foil hat stuff going on. It was also irresponsible to use a single phone (the Evo 3D) to make widespread claims that did not hold up under scrutiny.


    In the end, it doesn't seem like anything nefarious was going on. I know I have CIQ running -- I've actually seen it running in my task monitor. So they weren't really trying to hide it from me. Until there's evidence to the contrary that CIQ does not transmit personal or unencrypted information, this is just another example of a cyber boogeyman. There are three levels here -- yes, it does monitor. And it does record. But it doesn't record everything it monitors. And then even less information is transmitted back. Just because it is watching your keystrokes doesn't mean it's recording them, and if it's not recording them, it can't be transmitted.


    The real take away here is that Sprint etal need to be much more explicit about letting customers opt out of crash reporting. That and no one can whip up a tempest in a teapot like internet nerds.
     
  8. DaveF

    DaveF Moderator
    Moderator

    Joined:
    Mar 4, 2001
    Messages:
    16,609
    Likes Received:
    1,154
    Location:
    One Loudoun, Ashburn, VA
    Real Name:
    David Fischer
    Have we gotten a good summary of the CIQ story yet? Last I heard, there was confusion over what was being reported to whom. Is it anonymized loggging? Are keystrokes and https data going to CIQ or the carriers?
     
  9. Hanson

    Hanson Well-Known Member

    Joined:
    Nov 1, 1998
    Messages:
    4,617
    Likes Received:
    116
    Real Name:
    Hanson
    At the heart of the issue is the divide between what CIQ can do and what CIQ actually does. So far, the actual security experts who have reversed engineered CIQ have not found that it transmits personal information nor have they found that the information is send unencrypted. CIQ is in the wild and anyone can take a look, but no one has found a smoking gun. It appears to do exactly what CIQ says it does.


    Look, any keyboard on Android by its nature can log your keystrokes (and I'm pretty sure that's the way it is in every OS). But they don't and no one bats an eye about it. But CIQ seems nefarious because there is no explicit agreement and no ability to opt out. As a privacy issue, that's what what is getting a lot of people upset. And CIQ's fumbled reactions to the developing story in the beginning got all the tin foil hats crinkling.
     
  10. DaveF

    DaveF Moderator
    Moderator

    Joined:
    Mar 4, 2001
    Messages:
    16,609
    Likes Received:
    1,154
    Location:
    One Loudoun, Ashburn, VA
    Real Name:
    David Fischer
    That's the whole confusing thing. Initial reports were CIQ collected detailed, personal data and sent it to themselves and/or the carrier. But it seems that was simply wrong (?). I lost the thread after initial reports (and reporting diminishes when there's no longer a paranoid tale to tell).


    The initial report was so terrifying I simply immediately turned off my iPhones data collection feature. But it looks like the whole shebang is much ado about nothing and I can re-enable that system (contribute my little bit to making things working better)
     
  11. Hanson

    Hanson Well-Known Member

    Joined:
    Nov 1, 1998
    Messages:
    4,617
    Likes Received:
    116
    Real Name:
    Hanson
    It's kind of like taking your parents car without asking. "You could have been killed!" "But I wasn't!" "But you could have been!"


    You should have asked.
     
  12. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,951
    Likes Received:
    1,574
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    Google says it's a keylogger. I'll take them at their word.
     
  13. Hanson

    Hanson Well-Known Member

    Joined:
    Nov 1, 1998
    Messages:
    4,617
    Likes Received:
    116
    Real Name:
    Hanson
    Yes, but there are other apps with keylogger functionality because that's how they work. If you've ever installed an Android keyboard, it specifically tells you that the program can record all of your keystrokes. The issue is, is CIQ bad because it can log keystrokes even if it doesn't log all of your keystrokes? If it's the former, then isn't every single keyboard app some sort of danger to the public?
     
  14. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,951
    Likes Received:
    1,574
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    Potentially, yes. But CIQ is bad because it was operating in the dark as a keylogger without specific permission and, antithetical to the open mission, without open source oversight. It kinda defeats the whole point of open if you have a closed box in which everything you do has to be filtered through, dontchathink?
     
  15. Hanson

    Hanson Well-Known Member

    Joined:
    Nov 1, 1998
    Messages:
    4,617
    Likes Received:
    116
    Real Name:
    Hanson
    I think we both agree that the lack of forthrightness and the inability to opt out is a violation of user privacy. The only satisfactory resolution to this is to have an update that allows you to disable CIQ by opting out.


    However, the actual danger/threat of CIQ and the specter of personal information dissemination were overblown. That's the hysteria that was hard to cut through the first 72 hours after the story broke. Once it was clear that CIQ didn't actually do those things, everyone walked away bored.
     
  16. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,951
    Likes Received:
    1,574
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    And here's why that's not going to happen: http://boingboing.net/2011/12/12/fbi-says-it-uses-carrier-iq-fo.html How ya like them apples now?
     
  17. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,951
    Likes Received:
    1,574
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    Their side of the story: http://allthingsd.com/20111213/carrier-iq-gets-transparent-about-its-mobile-monitoring/?mod=tweet "We learned a lot about transparency this week". I bet...
     
  18. Sam Posten

    Sam Posten Moderator
    Moderator

    Joined:
    Oct 30, 1997
    Messages:
    19,951
    Likes Received:
    1,574
    Location:
    Aberdeen, MD & Navesink, NJ
    Real Name:
    Sam Posten
    EFF says it more succinnctly: https://www.eff.org/deeplinks/2011/12/carrier-iq-architecture
     
  19. Hanson

    Hanson Well-Known Member

    Joined:
    Nov 1, 1998
    Messages:
    4,617
    Likes Received:
    116
    Real Name:
    Hanson

Share This Page