Carrier IQ - A reason to support Cryogen and FOS?

[audiovoodoo]

I posted this as a new thread over in the mobile computing section a few minutes back. Whilst not strictly a Linux (or even Android issue) I thought the folks down here might be interested to read it if they've not already been following the story, I also think it's important that this story gets as much coverage as possible. Original post below:

=========================================

I'm interested to hear what people think about the recent developments with the Carrier IQ scandal. Some of you might have seen the EFF got involved to protect the researcher that broke the original story

https://www.eff.org/search/site/carrier%20iq

He's now released a video which Wired did a piece about

http://www.wired.com/threatlevel/2011/11/secret-software-logging-video

In the video you can clearly see that the IQ software is logging keystrokes and strings of text even for HTTPS connections. If it's working at the device level then this is a huge security risk, fancy your carrier knowing your VPN credentials even when you've connected over your office Wi-Fi connection? I sure as hell don't!

As I live outside the US and fall under EU legislation on data protection and privacy this software would be illigal in the UK, although as we all saw with Phorm some companies choose to be rather selective in their interpritation on that. I'm wondering what the UK version of this must be logging, the company has an office in London and also Malaysia so it might well be we see reports from both Asia and the UK shortly.

The guys over at Slashdot are having a good chat about it and there are links to a couple of options on how to block it, but in short you need root to do anything about it, more than most users can manage.

http://yro.slashdot.org/story/11/11/30/0423256/android-dev-demonstrates-carrieriq-phone-logging-software-on-video

So, what do you all think? Inocent performance enhancing package or further proof of the death of privacy?

 

[amdfangirl]

http://duckduckgo.com/about.html

This is what I replaced google with.

This concerns me as well. I fear I may be forced to migrate to FOSS software for everything... It seems that every man and his dog are collecting data illegally.

 

[audiovoodoo]

At least with Google and the like I knowingly enter into use of their services, they have a published privacy policy and I can choose to use other alternatives. With Carrier IQ it would (if I had a handset in the states on certain carriers) be installed without my knowledge or consent. The fact that it logs keystrokes by defenition means that those companies using affected handsets can not be SOX compliant, mobile card payments? PCI says no way. I'll be interested to see the government take on this, but then they're probably still trying to work out how the tubes work and which RIAAA lobyist is buying them lunch and a hooker today.

I can review the Android source, even the ROM source for a given handset but even then I would have had no knowledge this software was running without performing serious non trivial investigation.

The bigger privacy picture is interesting. I've been wondering for some time how best to migrate from my use of Gmail and Yahoo mail while maintaining the same levels of accessability. Web mail was a blessing when I went travelling, a few simple measures removed most of the risk of keyloggers and had I needed to use my pre-paid cards via the web I had portable firefox, several text files splitting passwords for cut and paste etc.. yes, I do own a tinfoil hat!

In my time I've known some 'interesting' people, folks whose activities fall on the wrong side of the law. One of them was quite brazen in his attitude, his take was the more you try to hide the more they look at you so being fairly open about some of his meetings and transactions kept him below the radar of the local police. On a personal level I kind of go with this, there are people with far more interesting search and download histories than myself. If Google know I searched for a certain type of Pron does it really matter when they know 70% of people in the same user profile also did?

Perhaps the bigger question with privacy is if society is really ready for total disclosure.

 

[bmouring]

This is a slight derivation of your brazen friend's approach: I don't really care that Google logs since I run a Tor exit node and use a user-agent switcher to not stand out (not too many people using 64-bit nightly FF on Linux), I just hide in the deluge.

This type of story, however, outlines one of the main concerns I have about what phone I'll get once my N900 bites it, perhaps I'll go back to a dumb phone.

I agree with AV, many, many people seem to be ready for openess or don't seem to care about it (like the miserable privacy sieve that is facebook), but when the rubber meets the road, I would imagine most people will do an abrupt about-face (a bit of wishful thinking on my part, perhaps).

 

[audiovoodoo]

What's very telling to me is that I also posted this information in the mobile computing section of Toms yesterday. My logic was that people here are interested in personal freedom and those in the mobile section in phones and the like. It's telling that to date my thread in mobile has had 30 views but not a single reply. I guess for some people the need for a status symbol and GPS outweigh any need for privacy. Speaking with my nephiew who turned 18 just a few weeks back it seems that the notion of privacy is alien; his generation have been raised in a world of full disclosure, conditioned to a world that I personally find repugnant.

I'm torn. In some ways my quest for privacy has resulted in isolation. I have friends oversees who live busy lives, whilst they will reply to e-mail they prefer to keep in touch with people back home via Facebook. Under preasure from friends I joined earlier this year, lasted two weeks then had my account deleted, although I know you can never truly escape. Just this last week I've had a huge falling out with an Ex of mine. We went for a drink with a friend of mine and she asked him to friend her and post on her wall to make her current boyfriend worry a bit (she has 15 'friends' while he has over 400). She couldn't see why I told her to stop behaving like a teenager, despite being her being a Dr with a very high IQ. Personally I just hate people playing games rather than talking about an issue with the people concerned. Clearly in her case she couldn't handle full disclosure, her boyfriend talking to other women on Facebook - but then she's sat talking to me in person???

I guess I'm becoming and old man. I remember the BBC Micro launching 30 years ago today. I didn't own a mobile for the first 25 years of my life, had to read maps and stick to the time I aranged to meet people when going out. There are may people I've known and lost touch with over the years, people have told me I'm antisocial for not being part of the social network. I really can see why so many people just cave in and submit.

 

[audiovoodoo]

I'm glad to see Apple isn't leaving it's users out of all the fun:

http://www.thinq.co.uk/2011/12/1/carrier-iq-rootkit-found-iphone/

 

[amdfangirl]

Speaking with my nephiew who turned 18 just a few weeks back it seems that the notion of privacy is alien; his generation have been raised in a world of full disclosure, conditioned to a world that I personally find repugnant.

And there's always the non-conforming weirdos of each generation which don't fit into the sterotypes. Like me.

I'm torn. In some ways my quest for privacy has resulted in isolation. I have friends oversees who live busy lives, whilst they will reply to e-mail they prefer to keep in touch with people back home via Facebook. Under preasure from friends I joined earlier this year, lasted two weeks then had my account deleted, although I know you can never truly escape. Just this last week I've had a huge falling out with an Ex of mine. We went for a drink with a friend of mine and she asked him to friend her and post on her wall to make her current boyfriend worry a bit (she has 15 'friends' while he has over 400). She couldn't see why I told her to stop behaving like a teenager, despite being her being a Dr with a very high IQ. Personally I just hate people playing games rather than talking about an issue with the people concerned. Clearly in her case she couldn't handle full disclosure, her boyfriend talking to other women on Facebook - but then she's sat talking to me in person???

http://www.abc.net.au/health/thepulse/stories/2011/11/03/3353184.htm

I see that as a sign of desperation.

I guess I'm becoming and old man. I remember the BBC Micro launching 30 years ago today. I didn't own a mobile for the first 25 years of my life, had to read maps and stick to the time I aranged to meet people when going out. There are may people I've known and lost touch with over the years, people have told me I'm antisocial for not being part of the social network. I really can see why so many people just cave in and submit.

TBH, you're not missing much. Personally I enjoy being disconnected all the time. I'm one of the few people in the developed world who refuses to get a mobile phone, use a GPS, get a tablet and use Twitter/Facebook. I'm disconnected and I don't care what others think. There are days I go without the internet too...

Always refreshing. Going to hike for 5 hikes in the Snowy Mountains... I hope none of you mess up the place, because I won't have any internet connection.

 

[audiovoodoo]

** Sends message to all the old faces from the 'other' "Mom's away for the weekend and I'm having a party" **

No, no need for you to worry about this place

Got to go, the strippers are at the door...

 

[bmouring]

Wanting to be disconnected and unplugged isn't so weird, there are days when I would just take off on my motorcycle, no particular place in mind just wanted to enjoy some scenery and enjoy winding country roads. Man, I miss my motorcycle now...

 

[audiovoodoo]

My uncle used to ride Motorbike Trials for the GB team, ran a motrocycle shop most of his like and even discovered a sports rider who now rides for a leading team in Superbikes. I was told by my mother from an early age that if I ever purchased a motorbike I could kiss goodbye to any claim to the family inheritance. The near death experiences of my brother and cousain finished her off on that one.

So nowadays I ride a fixed geared bike in light clothes through rushour streets of a very busy UK city using battery powered lights and just a front brake... I've hit 30mph despite a low 68" gear (yes, that's over 110rpm!) and somehow that's still considered safer by my mother than a 400cc bike with discs, leathers and a decent crash helmet.

Mum - I'll give you one guess what my inheritance is going to be blown on

 

[amdfangirl]

They closed off the hiking area because a girl got lost and it hailed like there was no tommorrow.

 

[audiovoodoo]

We had to cancel the party anyway. Wingding has now been MIA for a few months and most of the rest of them have done a digital disapearing act

As for the Hike, sounds like bad news. We've had some hidious wind and hail in the UK the last few days and it's kept me off the bike this week.

 

[palladin9479]

This may be a bit of a necro, but I totally understand the need for reasonably secured privacy. For this reason I refuse to get a facebook or other social networking account. And I force all my coworkers / friends to remove pictures of me or ensure there are no references to me or my name anywhere on their pages. People have more to worry about then just identity theft.

Take a long read of This

Now imagine what you can do to someone with access to those resources and information they put on their facebook page. Destroy is a very small word to use for what you can do to anthers life.