homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam

The Geek Culture Forums


Post New Topic  New Poll  Post A Reply
my profile | directory login | | search | faq | forum home
  next oldest topic   next newest topic
» The Geek Culture Forums   » News, Reviews, Views!   » Politics/Religion/Current Affairs   » Carrier IQ (Page 1)

 - UBBFriend: Email this page to someone!  
This topic comprises 2 pages: 1  2 
 
Author Topic: Carrier IQ
TheMoMan
BlabberMouth, a Blabber Odyssey
Member # 1659

Member Rated:
4
Icon 1 posted December 01, 2011 11:39      Profile for TheMoMan         Edit/Delete Post   Reply With Quote 
Search on this company and their root-kit and be afraid be very afraid.

Key stroke logging on your Android!!

--------------------
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.


Benjamin Franklin,

Posts: 5848 | From: Just South of the Huron National Forest, in the water shed of the Rifle River | Registered: Sep 2002  |  IP: Logged
Ugh, MightyClub
BlabberMouth, the Next Generation
Member # 3112

Member Rated:
5
Icon 1 posted December 01, 2011 13:56      Profile for Ugh, MightyClub     Send New Private Message       Edit/Delete Post   Reply With Quote 
You don't need to install any software to do keystroke logging on a smartphone. You just need a camera -- each letter you touch on the onscreen keyboard magnifies for an instant, making it pretty easy to deduce what someone has typed from a distance. There's an article or two about it within the last month on NYTimes.com or Engadget. I'm too lazy to go find it though.

--------------------
Ugh!

Posts: 1742 | From: Ithaca, NY | Registered: Dec 2004  |  IP: Logged
dragonman97

SuperFan!
Member # 780

Member Rated:
4
Icon 1 posted December 01, 2011 18:11      Profile for dragonman97   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
Woo-hoo!

My phone is /way/ too stupid to fall prey to this thing. [Wink] [Big Grin]

--------------------
There are three things you can be sure of in life: Death, taxes, and reading about fake illnesses online...

Posts: 9332 | From: Westchester County, New York | Registered: May 2001  |  IP: Logged
GrumpySteen

Solid Nitrozanium SuperFan
Member # 170

Icon 1 posted December 01, 2011 18:56      Profile for GrumpySteen     Send New Private Message       Edit/Delete Post   Reply With Quote 
This is one more reason why the first thing you should do after buying a new phone is to root it.

--------------------
Worst. Celibate. Ever.

Posts: 6364 | From: Tennessee | Registered: Jan 2000  |  IP: Logged
TheMoMan
BlabberMouth, a Blabber Odyssey
Member # 1659

Member Rated:
4
Icon 1 posted December 02, 2011 05:35      Profile for TheMoMan         Edit/Delete Post   Reply With Quote 
If I use the auto teller via phone, my data = acct num. password word. would be sent twice, once by me and once by CARRIER IQ.

Who's using Carrier IQ

Nope don't want that

--------------------
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.


Benjamin Franklin,

Posts: 5848 | From: Just South of the Huron National Forest, in the water shed of the Rifle River | Registered: Sep 2002  |  IP: Logged
Sxeptomaniac

Member # 3698

Member Rated:
4
Icon 1 posted December 02, 2011 16:40      Profile for Sxeptomaniac   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
I'm on Verizon running Cyanogen, so I apparently was never affected by this particular threat. Glad to see it's getting plenty of press, though.

--------------------
Let's pray that the human race never escapes from Earth to spread its iniquity elsewhere. - C. S. Lewis

Posts: 1590 | From: Fresno, CA | Registered: Mar 2005  |  IP: Logged
dragonman97

SuperFan!
Member # 780

Member Rated:
4
Icon 1 posted December 02, 2011 18:43      Profile for dragonman97   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Originally posted by TheMoMan:
If I use the auto teller via phone, my data = acct num. password word. would be sent twice, once by me and once by CARRIER IQ.

Who's using Carrier IQ

Nope don't want that

Why would you do that when you could use the Internet, which is secure?

(Really, "Moxie" aside, SSL is quite safe & secure.)

ETA/PS: I finally clicked that link, as I wasn't entirely clear what Carrier IQ is...and I'm left scratching my head why anyone would think it a good idea, or necessary at all. Methinks the C:IQ people must have bought a lot of people 'free lunch,' or really swanky dinners (&booze), because any technology company worth its salt should be able to figure all that stuff out server-side. I run a wireless (802.11) network w/a lot of end users, and I have a great management system that tells me the SNR, max/min bandwidth, and even the 'nominal' bandwidth, giving me a very good idea what my 'service' is like. Since this is a leading enterprise system and didn't cost /that much/ money, I find it incredibly hard to believe that equivalent systems don't exist for telco. (I suppose the only way I'd believe it is if the carrier equip. vendors never bothered to modernize their metrics.) Client-side monitoring is just plain stupid, and extremely easy to scare the hell out of end users. I hope more people jump ship from AT&T over this...

--------------------
There are three things you can be sure of in life: Death, taxes, and reading about fake illnesses online...

Posts: 9332 | From: Westchester County, New York | Registered: May 2001  |  IP: Logged
TheMoMan
BlabberMouth, a Blabber Odyssey
Member # 1659

Member Rated:
4
Icon 1 posted December 03, 2011 06:34      Profile for TheMoMan         Edit/Delete Post   Reply With Quote 
Yes I know that a land line can be tapped, yes I know that a scanner could pickup my cell phone signal. However "The pimple faced cellar dwellers in Russia could have invaded my ISP"


Blame the Carrier

--------------------
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.


Benjamin Franklin,

Posts: 5848 | From: Just South of the Huron National Forest, in the water shed of the Rifle River | Registered: Sep 2002  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted December 03, 2011 17:38      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post   Reply With Quote 
I'm a little puzzled by some of the reaction to this story.

I'm inclined to believe it's being used for the perfectly reasonable, and innocent, reasons they claim, and here's why...

C:IQ was installed by your telecoms carrier. If a telecoms carrier has an interest in spying on your text messages, they don't need to install spyware on your phone, you send them the full message, that's how the system works.

Ditto for you web browsing habits, and your voice calls. You already knew you were giving them that information. If you don't trust your phone carrier, get rid of your phone.

On the other hand, if they're trying to diagnose unexplained call drop-outs, access to diagnostic info from the handset involved is invaluable. Collecting info at the phone tower might give them some clue to what's gone wrong, but there's no substitute for the horses mouth, and in this case the horse is a phone.

--------------------
If you watch 'The History Of NASA' backwards, it's about a space agency that has no manned spaceflight capability, then does low-orbit flights, then lands on the Moon.

Posts: 10680 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
TheMoMan
BlabberMouth, a Blabber Odyssey
Member # 1659

Member Rated:
4
Icon 1 posted December 03, 2011 18:19      Profile for TheMoMan         Edit/Delete Post   Reply With Quote 
TFD, Carrier IQ came up with a killer idea, sold it to the telecoms, however having ET Phone Home was not too smart. If the phone only saved the last thirty days and only downloaded when directed to by a help desk tech. Then it a diagnostic tool but sending the info to their own servers smells. This may have violated Wire Tap laws.

It may be a killer App. but the follow through, was not complete. Then to threaten the person that found all this extra traffic on his company network, really smells.

This can of worms has been opened, now to see if the worms can be corralled and put back in the can.

--------------------
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.


Benjamin Franklin,

Posts: 5848 | From: Just South of the Huron National Forest, in the water shed of the Rifle River | Registered: Sep 2002  |  IP: Logged
GrumpySteen

Solid Nitrozanium SuperFan
Member # 170

Icon 1 posted December 03, 2011 18:26      Profile for GrumpySteen     Send New Private Message       Edit/Delete Post   Reply With Quote 
Software on your phone is capable of logging everything you do before it's encrypted. Are you comfortable enough to allow your cell phone company's employees unlimited access to every bit of information that is stored on or passes through your phone?

And, if their intentions are so honorable, why are they hiding the software from the user? What is it we keep being told? Oh, right... "if you're not doing anything wrong, you have nothing to hide", yes? What do they have to hide?

People don't trust the telecoms. Does the phrase "warrantless wiretapping" ring a bell?

Sprint provided GPS location data on its customers to the government eight million times in one year. They set up a website so the information could be obtained at will, no warrants, no questions, no oversight. You can look at any other cell phone company and find behavior that's just as egregious.

Is this the sort of company that you would trust to install logging software on your phone because they say they will only be using it for diagnostic purposes?

--------------------
Worst. Celibate. Ever.

Posts: 6364 | From: Tennessee | Registered: Jan 2000  |  IP: Logged
TheMoMan
BlabberMouth, a Blabber Odyssey
Member # 1659

Member Rated:
4
Icon 1 posted December 03, 2011 19:05      Profile for TheMoMan         Edit/Delete Post   Reply With Quote 
Government and Business sleep in the same bed just look at the Supreme Court Rulings.

--------------------
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.


Benjamin Franklin,

Posts: 5848 | From: Just South of the Huron National Forest, in the water shed of the Rifle River | Registered: Sep 2002  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted December 03, 2011 22:27      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Originally posted by GrumpySteen:
And, if their intentions are so honorable, why are they hiding the software from the user? What is it we keep being told? Oh, right... "if you're not doing anything wrong, you have nothing to hide", yes? What do they have to hide?

I went straight to the horses mouth the original exposé video.

C:IQ appears twice in the normal apps menu. The video is basically a transcript of what happens when you turn on standard USB trace feature of Android, so no effort has been taken to patch the USB tracer to suppress C:IQ output (which would have taken a dozen lines of code - tops).

Pretty crap effort at hiding the app, this Evil Conspiracy must be a pack of second-raters.

The video (all 17 minutes of it - I struggled to stay interested) reveals the following shocking facts...
1. C:IQ is notified when you dial a phone number.
2; C:IQ is notified of menu navigation events
3: C:IQ is notified of web browsing events.
4: C:IQ is notified when you receive a text message (from your carrier, who already know its contents)

Note: There's a difference between "is notified" and "logs the info and passes it on to the C:IQ servers". The app I'm working with at the moment has handlers for about a dozen of the hundred or so events it is notified of, the rest are quietly ignored.

There's nothing in the video that tells us *anything* about what C:IQ does with the info it receives - no sign of ET phoning home, that's all speculation from the blogosphere. In fact, it's clear in the video that the phone is in 'Airplane Mode' - so ET couldn't have phoned home if it wanted to.

Oh, and don't forget, Eckhart (the guy who made the video) is selling an app to remove C:IQ.
Millions of Android phone users paying $1 each for peace of mind, that's a lot of incentive to talk up a threat...

--------------------
If you watch 'The History Of NASA' backwards, it's about a space agency that has no manned spaceflight capability, then does low-orbit flights, then lands on the Moon.

Posts: 10680 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
TheMoMan
BlabberMouth, a Blabber Odyssey
Member # 1659

Member Rated:
4
Icon 1 posted December 04, 2011 10:38      Profile for TheMoMan         Edit/Delete Post   Reply With Quote 
Eckhart, found that in house WiFi at his business was handling more traffic than it should. At some point he put his smart phone in airplane mode, meaning that it would only use his network, not his carrier. Armed with a packet sniffer he found that a whole outhouse of info was being sent.

Right after publishing this detail (Carrier IQ) sent a threating cease and desist order! Now why would they do that?

Geek.com .

The EFF stepped in on Eckhart's behalf and from then on "the DoDo hit the fan"

Three weeks ago. Carrier IQ

--------------------
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.


Benjamin Franklin,

Posts: 5848 | From: Just South of the Huron National Forest, in the water shed of the Rifle River | Registered: Sep 2002  |  IP: Logged
GrumpySteen

Solid Nitrozanium SuperFan
Member # 170

Icon 1 posted December 04, 2011 11:27      Profile for GrumpySteen     Send New Private Message       Edit/Delete Post   Reply With Quote 
The Famous Druid wrote:
C:IQ appears twice in the normal apps menu. The video is basically a transcript of what happens when you turn on standard USB trace feature of Android, so no effort has been taken to patch the USB tracer to suppress C:IQ output (which would have taken a dozen lines of code - tops).

Pretty crap effort at hiding the app, this Evil Conspiracy must be a pack of second-raters.


And yet it doesn't appear in the running applications menu despite the fact that it is running. How is that not concealing the program's activity?

Incompetently hidden invasions of your privacy aren't any less offensive than competently hidden ones.

And if this is to help the carrier provide better service, why does the the software receive a username and and password in cleartext as the Carrier IQ software captures an HTTPS session over the guy's personal wireless connection (not cell network) at the 15:00 mark. How is the carrier going to improve the service he receives from his personal wireless router and how is having unencrypted username, password and other information captured by their software going to help with that?

The video (all 17 minutes of it - I struggled to stay interested) reveals the following shocking facts...
1. C:IQ is notified when you dial a phone number.
2; C:IQ is notified of menu navigation events
3: C:IQ is notified of web browsing events.
4: C:IQ is notified when you receive a text message (from your carrier, who already know its contents)


Perhaps you missed some things.

"We're as surprised as anybody to see all that information flowing," Andrew Coward, Carrier IQ's director of marketing, told CNNMoney in an interview. "It raises a lot of questions for the industry -- and not [only] for Carrier IQ."

Coward insisted that the Carrier IQ software was not responsible for the logging of keystrokes and other user data. He said the program does not need to log that kind of information to serve its purpose of transmitting network diagnostic data to the phone's carrier.

The director of marketing for the company that made the software acknowledges that information that has no use in network diagnostics is being logged . Maybe... just maybe... he has slightly better insight into what's necessary and what's egregious than you do.

Why is the software capturing data that can't possible help with diagnostics?

And going back to your "C:IQ appears twice in the normal apps menu." argument, we now find that there is apparently extra code piggybacked onto Carrier IQ. There is nothing to indicate that anything other than Carrier IQ is running. How is that not hidden, again?

Note: There's a difference between "is notified" and "logs the info and passes it on to the C:IQ servers". The app I'm working with at the moment has handlers for about a dozen of the hundred or so events it is notified of, the rest are quietly ignored.

The debug output of a phone in airplane mode isn't going to show you what's being sent to the Carrier IQ servers, so you can't say that anything is being ignored on the basis of this video. The software can also be updated remotely (not shown in this video, but verified elsewhere), so what it sends to Carrier IQ's servers today doesn't show what it might be sending tomorrow.

And does your app capture information from HTTPS sessions in an unencrypted form? User's location data even when that's supposed to be turned off? The text of the user's SMS messages? If not, why not? You seem to think that isn't a security issue as long as your program isn't doing anything with data, so nobody would ever complain, right?

Oh, and don't forget, Eckhart (the guy who made the video) is selling an app to remove C:IQ.
Millions of Android phone users paying $1 each for peace of mind, that's a lot of incentive to talk up a threat...


So? It's in his interest to alert people to what the program is capable of. That doesn't prevent people from investigating on their own as a result of his alert and independently verifying that it's true (which has happened). It also doesn't change the fact that the "diagnostic" software is capturing private information that has no use in diagnostics.

--------------------
Worst. Celibate. Ever.

Posts: 6364 | From: Tennessee | Registered: Jan 2000  |  IP: Logged
GrumpySteen

Solid Nitrozanium SuperFan
Member # 170

Icon 1 posted December 04, 2011 11:29      Profile for GrumpySteen     Send New Private Message       Edit/Delete Post   Reply With Quote 
Duplicate. Sorry.

--------------------
Worst. Celibate. Ever.

Posts: 6364 | From: Tennessee | Registered: Jan 2000  |  IP: Logged
TheMoMan
BlabberMouth, a Blabber Odyssey
Member # 1659

Member Rated:
4
Icon 1 posted December 04, 2011 12:53      Profile for TheMoMan         Edit/Delete Post   Reply With Quote 
Carrier IQ, what do they really provide. They claim that they give the telecoms. data that could not be gained any other way. Is this true?

Dead spots, there is a program used by Wireless Operators and Hams called Splat. You enter the tower elevation and frequency, it gives back the foot print of the RF. Before I bought the MiFi I use to get the Internet. I ran Splat against the local Sprint towers (3) I then ran Splat from our house, the results were that the tower closest to us, did not get a signal from us as well one of the other three, this resulted in me placing the unit on the opposite side of the house from the computer room. We have taken the MiFi device RF sniffing, it appears that Splat is much more truthful than Virgin-Mobile's coverage maps.

How could a handset in a Dead Zone tell the telecoms that it was not receiving. It could not unless it stored the Geo-info for later transmission.

One of the local Ham clubs has three members that are licensed tower climbers, the info that can be gathered from a tower and it's blades would trump any thing that could be detected by a handset. From a tower and it's blades it can Tri-angulat your location as close as GPS. This is done using Time delay on arrival.

Each blade up on that tower has a known load and if it is generating a different impedance the tower operators would be informed to service that blade. As to signal quality the data rate through the modem would be a better indicator.

So now we are at GS's suggestion, did Sprint get asked to provide more DATA, or did they think that someone would want more DATA. So was Carrier IQ asked to develop this App.

Sprint is appearing much like Hughes Corp. as a company willing to sell it own grandmother to make more money.

--------------------
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.


Benjamin Franklin,

Posts: 5848 | From: Just South of the Huron National Forest, in the water shed of the Rifle River | Registered: Sep 2002  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted December 04, 2011 16:34      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Originally posted by GrumpySteen:
And yet it doesn't appear in the running applications menu despite the fact that it is running. How is that not concealing the program's activity?

Kind of like how Windows doesn't show device drivers, and other background tasks in the running applications screen. It's called "not drowning the user in technical detail"

Oh, noes, my USB driver is spying on me!

quote:
The debug output of a phone in airplane mode isn't going to show you what's being sent to the Carrier IQ servers, so you can't say that anything is being ignored on the basis of this video.
Correct, but I can say that the "REPORTS YOUR EVERY KEYSTROKE BACK TO THE SERVER!!!" claims doing the rounds of the blogosphere are not based on known facts.


quote:
And if this is to help the carrier provide better service, why does the the software receive a username and and password in cleartext as the Carrier IQ software captures an HTTPS session over the guy's personal wireless connection (not cell network) at the 15:00 mark. How is the carrier going to improve the service he receives from his personal wireless router and how is having unencrypted username, password and other information captured by their software going to help with that?
As I said before, a program being notified of an event is not evidence of it being interested in it.

It all looks consistent with the usual event-loop design pattern. Hook onto the message notification service, and filter for the messages you're interested in.

The code probably looks something like this...

code:
while ( e = getEvent() )
{
DEBUG_TRACE(e)
switch (e)
{
case AN_INTERESTING_MESSAGE_TYPE: processAnInterestingMessage(e)
break;
case ANOTHER_INTERESTING_MESSAGE_TYPE: processAnotherInterestingMessage(e);
break;
default: // all the uninteresting message types
break; // do nothing
}
}

Yes, sending ALL of the messages to the debug log is sloppy, but it's the natural place for the debug trace to go, and doesn't indicate malicious intent to me, just a working slob trying to save a bit of typing.

In fact, if there was malicious intent, you'd expect to see NOTHING going to the debug log. You might call that "incompetently hidden" but to me it looks like "no attempt to hide".

--------------------
If you watch 'The History Of NASA' backwards, it's about a space agency that has no manned spaceflight capability, then does low-orbit flights, then lands on the Moon.

Posts: 10680 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted December 04, 2011 16:43      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Originally posted by TheMoMan:
We have taken the MiFi device RF sniffing...

My point exactly.

You took your device and went a-wandering. Local conditions matter, so local data (gathered from the mobile device) will tell you things you wouldn't know from the tower.

quote:
How could a handset in a Dead Zone tell the telecoms that it was not receiving. It could not unless it stored the Geo-info for later transmission.

Yup, and that's what I'm guessing it does, gather information from the time comms is lost, and pass it on when comms is re-established.

Date, time, location, signal strength and quality, that kind of thing. All stuff your telco knows about you anyway, whenever you're carrying your phone, but if it wants it when you're in a 'dead spot' - the handset has to gather it.

--------------------
If you watch 'The History Of NASA' backwards, it's about a space agency that has no manned spaceflight capability, then does low-orbit flights, then lands on the Moon.

Posts: 10680 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
GrumpySteen

Solid Nitrozanium SuperFan
Member # 170

Icon 1 posted December 04, 2011 18:16      Profile for GrumpySteen     Send New Private Message       Edit/Delete Post   Reply With Quote 
The The Famous Druid wrote:
Kind of like how Windows doesn't show device drivers, and other background tasks in the running applications screen. It's called "not drowning the user in technical detail"

You mean the running applications tab that's right next to the processes tab that does show the background processes?

Drivers and every other background task can be viewed on a Windows system as well, though you would need to download software that Microsoft makes available for free. Where's the freely downloadable application from Carrier IQ that reveals that their software is running on your phone?

Your example seems to have fallen flat.

Yes, sending ALL of the messages to the debug log is sloppy, but it's the natural place for the debug trace to go, and doesn't indicate malicious intent to me, just a working slob trying to save a bit of typing.

I think you've misunderstood what was in the video. The debug output log should show everything because it's used for debugging. The debug log shows GPS coordinates (with GPS turned off), unecrypted passwords and other information being sent to the Carrier IQ software.

Nobody is complaining about these things being in the debug log. They're complaining that the software that's supposed to be for diagnostic purposes is capturing things that are clearly not for diagnostic purposes. I ask again, how do my passwords, which I send via HTTPS, captured in unencrypted clear text help diagnose cellular network problems?

In fact, if there was malicious intent, you'd expect to see NOTHING going to the debug log. You might call that "incompetently hidden" but to me it looks like "no attempt to hide".

They hid the fact that it's running. How can you say that they weren't trying to hide anything when did hide something? It's not like hidden is a default for how applications and services on Android. "No attempt to hide" would leave it sitting there in either the running applications or running services screen for all the world to see.

And how can you say that they haven't hidden what the program is doing when they say it's for diagnostic purposes only, yet it is clearly capturing information that cannot be used for any diagnostic purpose?

You believe that there's nothing malicious, yet we can see GPS coordinates being acquired in the video when GPS was supposed to be turned off. As I pointed out earlier, Sprint provided over 8 million warrantless GPS addresses to law enforcement in one year with no explanation for why that information was needed. Can you honestly tell me that you know for certain that Sprint, one of the cell phone companies that's using Carrier IQ, didn't acquire part of the GPS coordinates through Carrier IQ, overriding the user's preferences to not have GPS enabled?

--------------------
Worst. Celibate. Ever.

Posts: 6364 | From: Tennessee | Registered: Jan 2000  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted December 04, 2011 19:36      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Originally posted by GrumpySteen:
And how can you say that they haven't hidden what the program is doing when they say it's for diagnostic purposes only, yet it is clearly capturing information that cannot be used for any diagnostic purpose?

"Being notified of an event by the OS" != "capturing and processing the event"

As my little bit of pseudocode tried to show, most event loops only process a small subset of the events they receive, the rest are quietly ignored.

quote:
Drivers and every other background task can be viewed on a Windows system as well, though you would need to download software that Microsoft makes available for free. Where's the freely downloadable application from Carrier IQ that reveals that their software is running on your phone?
The software appears TWICE in the apps menu, and the freely-available "USB Trace" app shows it is running, and it would have been really easy for them to hide from both of those if they'd wanted to.

--------------------
If you watch 'The History Of NASA' backwards, it's about a space agency that has no manned spaceflight capability, then does low-orbit flights, then lands on the Moon.

Posts: 10680 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
TheMoMan
BlabberMouth, a Blabber Odyssey
Member # 1659

Member Rated:
4
Icon 1 posted December 05, 2011 07:09      Profile for TheMoMan         Edit/Delete Post   Reply With Quote 
My concern is with this debug log.

Can it be accessed by an outsider?

Is the entire log sent to WHOM ?

Could a unscrupulous person write a new address for this log.

If you do not want to be tracked buy a pager and turn on the phone only when notified.

--------------------
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.


Benjamin Franklin,

Posts: 5848 | From: Just South of the Huron National Forest, in the water shed of the Rifle River | Registered: Sep 2002  |  IP: Logged
GrumpySteen

Solid Nitrozanium SuperFan
Member # 170

Icon 1 posted December 05, 2011 10:38      Profile for GrumpySteen     Send New Private Message       Edit/Delete Post   Reply With Quote 
The Famous Druid wrote:
"Being notified of an event by the OS" != "capturing and processing the event"

As my little bit of pseudocode tried to show, most event loops only process a small subset of the events they receive, the rest are quietly ignored.


GPS location was turned off by the user. No application should be getting GPS data. The Carrier IQ software overrode that setting and captured the GPS location data anyway.

A simple loop like the one you gave doesn't override the user's restrictions capture data that the user has denied access to. The Carrier IQ software is not passively going through available notifications. It's actively capturing data the user has denied access to.

Can you honestly say that you believe that software that's overriding a user's settings in order to capture data the user has denied access to is going to then ignore that data? If you're that gullible, I have a bridge for sale.

--------------------
Worst. Celibate. Ever.

Posts: 6364 | From: Tennessee | Registered: Jan 2000  |  IP: Logged
TheMoMan
BlabberMouth, a Blabber Odyssey
Member # 1659

Member Rated:
4
Icon 1 posted December 05, 2011 10:49      Profile for TheMoMan         Edit/Delete Post   Reply With Quote 
I hate to type this: A NO FRILLS TRACPHONE. Pay for the minutes.

We know that the feds are watching (Carnivore) so we do not discuss SHAPED CHARGES. However who besides Carrier IQ and Sprint gets to see our movements and keystrokes.

--------------------
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.


Benjamin Franklin,

Posts: 5848 | From: Just South of the Huron National Forest, in the water shed of the Rifle River | Registered: Sep 2002  |  IP: Logged
Ugh, MightyClub
BlabberMouth, the Next Generation
Member # 3112

Member Rated:
5
Icon 1 posted December 05, 2011 14:56      Profile for Ugh, MightyClub     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Originally posted by GrumpySteen:
GPS location was turned off by the user. No application should be getting GPS data. The Carrier IQ software overrode that setting and captured the GPS location data anyway.

Grumpy, I mostly agree with you, but I want to point out that if the user turned off GPS location then it shouldn't even be possible for an app to get the info. This particular aspect seems like a failing of the Android OS. When I turn off a light in my house I don't just put a shade over it -- I cut the power to it.

--------------------
Ugh!

Posts: 1742 | From: Ithaca, NY | Registered: Dec 2004  |  IP: Logged


All times are Eastern Time
This topic comprises 2 pages: 1  2 
 
Post New Topic  New Poll  Post A Reply Close Topic    Move Topic    Delete Topic next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:

Contact Us | Geek Culture Home Page

2015 Geek Culture

Powered by Infopop Corporation
UBB.classicTM 6.4.0


homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam