-

Jump to content



Sign up for a free account!

Signing up for an account is fast and free. As a member you can join in the conversation, enter contests and you won't get the popup ads that guests get. Click here to create your free account.

Photo

Developing story, seems that many carriers are tracking more than allowed on Android, Nokia and Blackberry


This topic has been archived. This means that you cannot reply to this topic.
18 replies to this topic

#1 of 19 Sam Posten

Sam Posten

    Executive Producer

  • 15,956 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted November 30 2011 - 05:47 AM

Terrifically illegal if true: http://www.theregist...one_spying_app/ www.cultofmac.com/132461/steve-jobs-was-right-android-logs-everything/?utm_campaign=twitter&utm_medium=twitter&utm_source=twitter I'm suuuuure there's a reasonable explaination for all this! :rolleyes:

I lost my signature and all I got was this Nutter t-shirt


#2 of 19 Sam Posten

Sam Posten

    Executive Producer

  • 15,956 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted November 30 2011 - 07:55 AM

Giz on why you can't opt out. http://gizmodo.com/5...erything-you-do

I lost my signature and all I got was this Nutter t-shirt


#3 of 19 Sam Posten

Sam Posten

    Executive Producer

  • 15,956 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted December 01 2011 - 01:02 AM

So I don't get accused of bias, it looks like parts of it ARE in iOS as well: http://daringfirebal.../carrier-iq-ios The makers of Carrier IQ are trying to deflect but I'm not buying it, see: http://daringfirebal...tion_carrier_iq

I lost my signature and all I got was this Nutter t-shirt


#4 of 19 Hanson

Hanson

    Producer

  • 4,407 posts
  • Join Date: Nov 01 1998
  • Real Name:Hanson

Posted December 01 2011 - 01:19 AM

Let's see if this is as hysterically scandalous as Giz is trumpeting or if it's just another tempest in a teapot.  I'm not trying to discredit Eckhart, but he's selling a premium version of his CIQ detector that will attempt to uninstall it, which in turns is affecting phone performance.  Like any security company, you can never be too alarmist when marketing your wares.


Both Nokia and Verizon have come out to aver that none of their phones have CIQ.  It appears Verizon will have to backtrack on that claim since the iPhones have it, albeit disabled by default. Or maybe they'll wiggle out of that since the program has been renamed.


Also, let's see how many of Eckhart's claims are validated before uninstalling jdbgmgr.exe all over again.





#5 of 19 Sam Posten

Sam Posten

    Executive Producer

  • 15,956 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted December 01 2011 - 07:34 AM

Apple responds: http://allthingsd.co...5/?mod=atdtweet First congressional inquiry: http://franken.senat...release&id=1868

I lost my signature and all I got was this Nutter t-shirt


#6 of 19 Sam Posten

Sam Posten

    Executive Producer

  • 15,956 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted December 01 2011 - 02:35 PM

CIQ says it's all innocent, really! http://allthingsd.co...TD_yahoo_ticker Then why are all the carriers backpedalling?

I lost my signature and all I got was this Nutter t-shirt


#7 of 19 Hanson

Hanson

    Producer

  • 4,407 posts
  • Join Date: Nov 01 1998
  • Real Name:Hanson

Posted December 02 2011 - 05:18 AM

No one is backpedaling per se -- all the carriers and manufacturers who don't use CIQ announced that they didn't to quell any mass hysteria from their customers.  Right now, it appears that Sprint is CIQ's biggest customer, and they're not saying anything.


A co-worker yesterday asked me if I had heard about how they were spying on us with our phones.  As he understood it, the phones were sending back credit card and bank account information, as if this were some cyberplot hatched by Lex Luthor.


From what I can tell, Eckhart has overstated about 99% of what's happening, from claiming that Blackberry and Nokia were affected (they weren't) and that all newer model Android phones had it (it's probably limited to Sprint and a few phones from TMo & AT&T).  I believe he came at it with the best of intentions, but there's definitely some tin foil hat stuff going on.  It was also irresponsible to use a single phone (the Evo 3D) to make widespread claims that did not hold up under scrutiny.


In the end, it doesn't seem like anything nefarious was going on.  I know I have CIQ running -- I've actually seen it running in my task monitor.  So they weren't really trying to hide it from me.  Until there's evidence to the contrary that CIQ does not transmit personal or unencrypted information, this is just another example of a cyber boogeyman.  There are three levels here -- yes, it does monitor.  And it does record.  But it doesn't record everything it monitors.  And then even less information is transmitted back.  Just because it is watching your keystrokes doesn't mean it's recording them, and if it's not recording them, it can't be transmitted.


The real take away here is that Sprint etal need to be much more explicit about letting customers opt out of crash reporting.  That and no one can whip up a tempest in a teapot like internet nerds.



#8 of 19 DaveF

DaveF

    Executive Producer

  • 13,352 posts
  • Join Date: Mar 04 2001
  • Real Name:David Fischer
  • LocationOne Loudoun, Ashburn, VA

Posted December 08 2011 - 01:46 AM

Have we gotten a good summary of the CIQ story yet? Last I heard, there was confusion over what was being reported to whom. Is it anonymized loggging? Are keystrokes and https data going to CIQ or the carriers?



#9 of 19 Hanson

Hanson

    Producer

  • 4,407 posts
  • Join Date: Nov 01 1998
  • Real Name:Hanson

Posted December 08 2011 - 06:05 AM

At the heart of the issue is the divide between what CIQ can do and what CIQ actually does. So far, the actual security experts who have reversed engineered CIQ have not found that it transmits personal information nor have they found that the information is send unencrypted.  CIQ is in the wild and anyone can take a look, but no one has found a smoking gun.  It appears to do exactly what CIQ says it does.


Look, any keyboard on Android by its nature can log your keystrokes (and I'm pretty sure that's the way it is in every OS).  But they don't and no one bats an eye about it.  But CIQ seems nefarious because there is no explicit agreement and no ability to opt out.  As a privacy issue, that's what what is getting a lot of people upset.  And CIQ's fumbled reactions to the developing story in the beginning got all the tin foil hats crinkling.



#10 of 19 DaveF

DaveF

    Executive Producer

  • 13,352 posts
  • Join Date: Mar 04 2001
  • Real Name:David Fischer
  • LocationOne Loudoun, Ashburn, VA

Posted December 08 2011 - 08:03 AM

That's the whole confusing thing. Initial reports were CIQ collected detailed, personal data and sent it to themselves and/or the carrier. But it seems that was simply wrong (?). I lost the thread after initial reports (and reporting diminishes when there's no longer a paranoid tale to tell).


The initial report was so terrifying I simply immediately turned off my iPhones data collection feature. But it looks like the whole shebang is much ado about nothing and I can re-enable that system (contribute my little bit to making things working better)



#11 of 19 Hanson

Hanson

    Producer

  • 4,407 posts
  • Join Date: Nov 01 1998
  • Real Name:Hanson

Posted December 09 2011 - 01:21 AM

It's kind of like taking your parents car without asking.  "You could have been killed!"  "But I wasn't!"  "But you could have been!"


You should have asked.



#12 of 19 Sam Posten

Sam Posten

    Executive Producer

  • 15,956 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted December 09 2011 - 02:31 AM

Google says it's a keylogger. I'll take them at their word.

I lost my signature and all I got was this Nutter t-shirt


#13 of 19 Hanson

Hanson

    Producer

  • 4,407 posts
  • Join Date: Nov 01 1998
  • Real Name:Hanson

Posted December 09 2011 - 03:27 AM

Yes, but there are other apps with keylogger functionality because that's how they work.  If you've ever installed an Android keyboard, it specifically tells you that the program can record all of your keystrokes.  The issue is, is CIQ bad because it can log keystrokes even if it doesn't log all of your keystrokes?  If it's the former, then isn't every single keyboard app some sort of danger to the public?



#14 of 19 Sam Posten

Sam Posten

    Executive Producer

  • 15,956 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted December 09 2011 - 05:29 AM

Potentially, yes. But CIQ is bad because it was operating in the dark as a keylogger without specific permission and, antithetical to the open mission, without open source oversight. It kinda defeats the whole point of open if you have a closed box in which everything you do has to be filtered through, dontchathink?

I lost my signature and all I got was this Nutter t-shirt


#15 of 19 Hanson

Hanson

    Producer

  • 4,407 posts
  • Join Date: Nov 01 1998
  • Real Name:Hanson

Posted December 09 2011 - 06:03 AM

I think we both agree that the lack of forthrightness and the inability to opt out is a violation of user privacy.  The only satisfactory resolution to this is to have an update that allows you to disable CIQ by opting out.


However, the actual danger/threat of CIQ and the specter of personal information dissemination were overblown. That's the hysteria that was hard to cut through the first 72 hours after the story broke. Once it was clear that CIQ didn't actually do those things, everyone walked away bored.



#16 of 19 Sam Posten

Sam Posten

    Executive Producer

  • 15,956 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted December 12 2011 - 08:58 AM

And here's why that's not going to happen: http://boingboing.ne...rier-iq-fo.html How ya like them apples now?

I lost my signature and all I got was this Nutter t-shirt


#17 of 19 Sam Posten

Sam Posten

    Executive Producer

  • 15,956 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted December 13 2011 - 02:10 AM

Their side of the story: http://allthingsd.co...ring/?mod=tweet "We learned a lot about transparency this week". I bet...

I lost my signature and all I got was this Nutter t-shirt


#18 of 19 Sam Posten

Sam Posten

    Executive Producer

  • 15,956 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted December 13 2011 - 02:24 PM

EFF says it more succinnctly: https://www.eff.org/...iq-architecture

I lost my signature and all I got was this Nutter t-shirt


#19 of 19 Hanson

Hanson

    Producer

  • 4,407 posts
  • Join Date: Nov 01 1998
  • Real Name:Hanson

Posted December 19 2011 - 06:19 AM

Sprint disables Carrier IQ from their handsets


There are solid rumors that Sprint will be removing Carrier IQ completely in future ROM updates.