What's new

Developing story, seems that many carriers are tracking more than allowed on Android, Nokia and Blac (1 Viewer)

Sam Posten

Moderator
Premium
HW Reviewer
Senior HTF Member
Joined
Oct 30, 1997
Messages
33,674
Location
Aberdeen, MD & Navesink, NJ
Real Name
Sam Posten
Terrifically illegal if true: http://www.theregister.co.uk/2011/11/30/smartphone_spying_app/ www.cultofmac.com/132461/steve-jobs-was-right-android-logs-everything/?utm_campaign=twitter&utm_medium=twitter&utm_source=twitter I'm suuuuure there's a reasonable explaination for all this! :rolleyes:
 

Sam Posten

Moderator
Premium
HW Reviewer
Senior HTF Member
Joined
Oct 30, 1997
Messages
33,674
Location
Aberdeen, MD & Navesink, NJ
Real Name
Sam Posten
So I don't get accused of bias, it looks like parts of it ARE in iOS as well: http://daringfireball.net/linked/2011/12/01/carrier-iq-ios The makers of Carrier IQ are trying to deflect but I'm not buying it, see: http://daringfireball.net/2011/12/translation_carrier_iq
 

Hanson

Senior HTF Member
Joined
Nov 1, 1998
Messages
5,272
Real Name
Hanson
Let's see if this is as hysterically scandalous as Giz is trumpeting or if it's just another tempest in a teapot. I'm not trying to discredit Eckhart, but he's selling a premium version of his CIQ detector that will attempt to uninstall it, which in turns is affecting phone performance. Like any security company, you can never be too alarmist when marketing your wares.


Both Nokia and Verizon have come out to aver that none of their phones have CIQ. It appears Verizon will have to backtrack on that claim since the iPhones have it, albeit disabled by default. Or maybe they'll wiggle out of that since the program has been renamed.


Also, let's see how many of Eckhart's claims are validated before uninstalling jdbgmgr.exe all over again.
 

Sam Posten

Moderator
Premium
HW Reviewer
Senior HTF Member
Joined
Oct 30, 1997
Messages
33,674
Location
Aberdeen, MD & Navesink, NJ
Real Name
Sam Posten
Apple responds: http://allthingsd.com/20111201/apple-we-stopped-supporting-carrieriq-with-ios-5/?mod=atdtweet First congressional inquiry: http://franken.senate.gov/?p=press_release&id=1868
 

Sam Posten

Moderator
Premium
HW Reviewer
Senior HTF Member
Joined
Oct 30, 1997
Messages
33,674
Location
Aberdeen, MD & Navesink, NJ
Real Name
Sam Posten
CIQ says it's all innocent, really! http://allthingsd.com/20111201/carrier-iq-speaks-our-software-monitors-service-messages-ignores-other-data/?reflink=ATD_yahoo_ticker Then why are all the carriers backpedalling?
 

Hanson

Senior HTF Member
Joined
Nov 1, 1998
Messages
5,272
Real Name
Hanson
No one is backpedaling per se -- all the carriers and manufacturers who don't use CIQ announced that they didn't to quell any mass hysteria from their customers. Right now, it appears that Sprint is CIQ's biggest customer, and they're not saying anything.


A co-worker yesterday asked me if I had heard about how they were spying on us with our phones. As he understood it, the phones were sending back credit card and bank account information, as if this were some cyberplot hatched by Lex Luthor.


From what I can tell, Eckhart has overstated about 99% of what's happening, from claiming that Blackberry and Nokia were affected (they weren't) and that all newer model Android phones had it (it's probably limited to Sprint and a few phones from TMo & AT&T). I believe he came at it with the best of intentions, but there's definitely some tin foil hat stuff going on. It was also irresponsible to use a single phone (the Evo 3D) to make widespread claims that did not hold up under scrutiny.


In the end, it doesn't seem like anything nefarious was going on. I know I have CIQ running -- I've actually seen it running in my task monitor. So they weren't really trying to hide it from me. Until there's evidence to the contrary that CIQ does not transmit personal or unencrypted information, this is just another example of a cyber boogeyman. There are three levels here -- yes, it does monitor. And it does record. But it doesn't record everything it monitors. And then even less information is transmitted back. Just because it is watching your keystrokes doesn't mean it's recording them, and if it's not recording them, it can't be transmitted.


The real take away here is that Sprint etal need to be much more explicit about letting customers opt out of crash reporting. That and no one can whip up a tempest in a teapot like internet nerds.
 

DaveF

Moderator
Senior HTF Member
Joined
Mar 4, 2001
Messages
28,687
Location
Catfisch Cinema
Real Name
Dave
Have we gotten a good summary of the CIQ story yet? Last I heard, there was confusion over what was being reported to whom. Is it anonymized loggging? Are keystrokes and https data going to CIQ or the carriers?
 

Hanson

Senior HTF Member
Joined
Nov 1, 1998
Messages
5,272
Real Name
Hanson
At the heart of the issue is the divide between what CIQ can do and what CIQ actually does. So far, the actual security experts who have reversed engineered CIQ have not found that it transmits personal information nor have they found that the information is send unencrypted. CIQ is in the wild and anyone can take a look, but no one has found a smoking gun. It appears to do exactly what CIQ says it does.


Look, any keyboard on Android by its nature can log your keystrokes (and I'm pretty sure that's the way it is in every OS). But they don't and no one bats an eye about it. But CIQ seems nefarious because there is no explicit agreement and no ability to opt out. As a privacy issue, that's what what is getting a lot of people upset. And CIQ's fumbled reactions to the developing story in the beginning got all the tin foil hats crinkling.
 

DaveF

Moderator
Senior HTF Member
Joined
Mar 4, 2001
Messages
28,687
Location
Catfisch Cinema
Real Name
Dave
That's the whole confusing thing. Initial reports were CIQ collected detailed, personal data and sent it to themselves and/or the carrier. But it seems that was simply wrong (?). I lost the thread after initial reports (and reporting diminishes when there's no longer a paranoid tale to tell).


The initial report was so terrifying I simply immediately turned off my iPhones data collection feature. But it looks like the whole shebang is much ado about nothing and I can re-enable that system (contribute my little bit to making things working better)
 

Hanson

Senior HTF Member
Joined
Nov 1, 1998
Messages
5,272
Real Name
Hanson
It's kind of like taking your parents car without asking. "You could have been killed!" "But I wasn't!" "But you could have been!"


You should have asked.
 

Hanson

Senior HTF Member
Joined
Nov 1, 1998
Messages
5,272
Real Name
Hanson
Yes, but there are other apps with keylogger functionality because that's how they work. If you've ever installed an Android keyboard, it specifically tells you that the program can record all of your keystrokes. The issue is, is CIQ bad because it can log keystrokes even if it doesn't log all of your keystrokes? If it's the former, then isn't every single keyboard app some sort of danger to the public?
 

Sam Posten

Moderator
Premium
HW Reviewer
Senior HTF Member
Joined
Oct 30, 1997
Messages
33,674
Location
Aberdeen, MD & Navesink, NJ
Real Name
Sam Posten
Potentially, yes. But CIQ is bad because it was operating in the dark as a keylogger without specific permission and, antithetical to the open mission, without open source oversight. It kinda defeats the whole point of open if you have a closed box in which everything you do has to be filtered through, dontchathink?
 

Hanson

Senior HTF Member
Joined
Nov 1, 1998
Messages
5,272
Real Name
Hanson
I think we both agree that the lack of forthrightness and the inability to opt out is a violation of user privacy. The only satisfactory resolution to this is to have an update that allows you to disable CIQ by opting out.


However, the actual danger/threat of CIQ and the specter of personal information dissemination were overblown. That's the hysteria that was hard to cut through the first 72 hours after the story broke. Once it was clear that CIQ didn't actually do those things, everyone walked away bored.
 

Sam Posten

Moderator
Premium
HW Reviewer
Senior HTF Member
Joined
Oct 30, 1997
Messages
33,674
Location
Aberdeen, MD & Navesink, NJ
Real Name
Sam Posten
And here's why that's not going to happen: http://boingboing.net/2011/12/12/fbi-says-it-uses-carrier-iq-fo.html How ya like them apples now?
 

Sam Posten

Moderator
Premium
HW Reviewer
Senior HTF Member
Joined
Oct 30, 1997
Messages
33,674
Location
Aberdeen, MD & Navesink, NJ
Real Name
Sam Posten
Their side of the story: http://allthingsd.com/20111213/carrier-iq-gets-transparent-about-its-mobile-monitoring/?mod=tweet "We learned a lot about transparency this week". I bet...
 

Users who are viewing this thread

Top