I posted this as a new thread over in the mobile computing section a few minutes back. Whilst not strictly a Linux (or even Android issue) I thought the folks down here might be interested to read it if they've not already been following the story, I also think it's important that this story gets as much coverage as possible. Original post below:
=========================================
I'm interested to hear what people think about the recent developments with the Carrier IQ scandal. Some of you might have seen the EFF got involved to protect the researcher that broke the original story
https://www.eff.org/search/site/carrier%20iq
He's now released a video which Wired did a piece about
http://www.wired.com/threatlevel/2011/11/secret-software-logging-video
In the video you can clearly see that the IQ software is logging keystrokes and strings of text even for HTTPS connections. If it's working at the device level then this is a huge security risk, fancy your carrier knowing your VPN credentials even when you've connected over your office Wi-Fi connection? I sure as hell don't!
As I live outside the US and fall under EU legislation on data protection and privacy this software would be illigal in the UK, although as we all saw with Phorm some companies choose to be rather selective in their interpritation on that. I'm wondering what the UK version of this must be logging, the company has an office in London and also Malaysia so it might well be we see reports from both Asia and the UK shortly.
The guys over at Slashdot are having a good chat about it and there are links to a couple of options on how to block it, but in short you need root to do anything about it, more than most users can manage.
http://yro.slashdot.org/story/11/11/30/0423256/android-dev-demonstrates-carrieriq-phone-logging-software-on-video
So, what do you all think? Inocent performance enhancing package or further proof of the death of privacy?
=========================================
I'm interested to hear what people think about the recent developments with the Carrier IQ scandal. Some of you might have seen the EFF got involved to protect the researcher that broke the original story
https://www.eff.org/search/site/carrier%20iq
He's now released a video which Wired did a piece about
http://www.wired.com/threatlevel/2011/11/secret-software-logging-video
In the video you can clearly see that the IQ software is logging keystrokes and strings of text even for HTTPS connections. If it's working at the device level then this is a huge security risk, fancy your carrier knowing your VPN credentials even when you've connected over your office Wi-Fi connection? I sure as hell don't!
As I live outside the US and fall under EU legislation on data protection and privacy this software would be illigal in the UK, although as we all saw with Phorm some companies choose to be rather selective in their interpritation on that. I'm wondering what the UK version of this must be logging, the company has an office in London and also Malaysia so it might well be we see reports from both Asia and the UK shortly.
The guys over at Slashdot are having a good chat about it and there are links to a couple of options on how to block it, but in short you need root to do anything about it, more than most users can manage.
http://yro.slashdot.org/story/11/11/30/0423256/android-dev-demonstrates-carrieriq-phone-logging-software-on-video
So, what do you all think? Inocent performance enhancing package or further proof of the death of privacy?