For those that care.
Being in information security this is a serious violation of privacy AND security - https - no longer secure - built in spyware.
<span style="font-weight: bold">
An Android developer recently discovered a clandestine application called Carrier IQ built into most smartphones that doesn't just track your location; it secretly records your keystrokes, and there's nothing you can do about it. Is it time to put on a tinfoil hat? That depends on how you feel about privacy.
[Related: Facebook and Google Join Forces to Oppose Privacy Bill]
The reason for this invasive Android app seems reasonable enough at face value. Even though it's on most Android, BlackBerry and Nokia devices, most users would never know that Carrier IQ is running in the background, and that's sort of the point. Described on the company's website as software to gain "unprecedented insight into their customers' mobile experience," Carrier IQ is ostensibly supposed to help mobile carriers and device manufacturers gather data in order to improve their products.
Tons of applications do this, and you're probably used to those boxes that pops up on your screen and ask if you want to help the company by sending your data back to them. If you're concerned about your privacy, you just tap no and go about your merry computing way. As security-conscious Android developer Trevor Eckhart realized, however, Carrier IQ does not give you this option, and unless you were code-savvy and looking for it, you'd never know it was there. And based on how aggressive the company has been in trying to keep Eckhart quiet about his discovery, it seems like Carrier IQ doesn't want you to know it's there either.
[Related: Did Eric Schmidt Step Down Because He 'Screwed Up' on Social Media?]
Eckhart first raised a red flag about Carrier IQ about two weeks ago when he started investigating reports that a software update on the HTC EVO 3D included "user behavior logging" code. The code had worried some geek bloggers when it showed up a couple months ago, but HTC and Sprint insisted that it wasn't much different than normal error-logging software and certainly didn't gather granular data like "contents of messages, photos, videos, etc." Eckhart wrote an exhaustive blog post about his startling findings -- CarrierIQ collected lots data, including keystrokes, and there way for the user to opt out "without advanced knowledge" -- and CarrierIQ flipped out. The company sent Eckhart a cease-and-desist letter demanding that he keep his mouth shut and threatening legal action. But after the Electronic Frontier Foundation (EFF) took a look at the case and determined that Eckhart was working within his First Amendment rights, it backed off but still denied that they recorded keystrokes.
[Related: Google's Ice Cream Sandwich Will Make Android All Better]
This week, Eckhart fired back with a 17-minute long video showing in painstaking detail how much data CarrierIQ collects, effectively undercutting the company's denial. It was even logging contents of text messages! Wired posted the video on Tuesday night and cemented its status "as one of nine reasons to wear a tinfoil hat." The magazine explains how CarrierIQ even undercuts other companies' security measures:
The video shows the software logging Eckhart’s online search of “hello world.” That’s despite Eckhart using the HTTPS version of Google which is supposed to hide searches from those who would want to spy by intercepting the traffic between a user and Google. … It’s not even clear what privacy policy covers this. Is it Carrier IQ’s, your carrier’s or your phone manufacturer’s? And, perhaps, most important, is sending your communications to Carrier IQ a violation of the federal government’s ban on wiretapping?
Oh, we're definitely in tinfoil hat territory now. CarrierIQ and the carriers have yet to respond to the latest claims -- we're doing our best to chase them down -- but if past smartphone tracking scandals are any precedent, they could end up answering to Congress.
Related: The First Signs of Mutiny in the Android Brigade
Like many things in life, there are a couple of different ways to think about smartphone tracking. One way approaches privacy from a forward-thinking, technology-trusting and, heck, even progressive perspective. GPS-equipped smartphones are incredibly powerful tools that enables mankind to do all kinds of amazing things, thanks to the perpetual stream of data from the Internet. However, that stream runs both ways, and sometimes, the folks that build and maintain the network sometimes need to monitor your data in order to improve the technology. Who wouldn't want better service?
[Related: The Great Facebook Privacy Disconnect ]
This brings us to the second approach. Tracking is creepy. In an Orwellian kind of way, it makes people nervous -- especially Americans -- that the government or the corporations or the system is closing in on them and stealing their freedom. Of course, not everybody feels so strongly about privacy, but as long as you can opt out, it's fine. Last week, Sen. Charles Schumer spoke out about a program at some malls in Virginia and Southern California that were anonymously tracking shoppers' movements by tracking their cell phone signals, and the only way to opt was by not going to the mall. Schumer did not approve. "Personal cell phones are just that -- personal," the New York senator said in a statement. "If retailers want to tap into your phone to see what your shopping patterns are, they can ask you for your permission to do so."
The CarrierIQ software is not dissimilar to the shopper tracking program. In fact, it's arguably worse since it follows you everywhere. In the age of social media, everybody is becoming increasingly aware of and often angry about the amount of private data companies are scooping up with or without their consent. This week, the Federal Trade Commission and Facebook came to an agreement that the social network must make all of their new programs opt-in so as not to break the law by violating users' privacy. Even Mark Zuckerberg admitted in a sincere-sounding blog post that his company had "made a bunch of mistakes" on the privacy front in the past. He went on to detail how "offering people control over the information they share online" was a top priority. This is Mark "Privacy is Over" Zuckerberg we're talking about here. With Facebook reportedly building its own mobile phone platform, wouldn't it be super ironic if people started defecting from the Android army and switching to the Facebook phone in the name of privacy?
Your move, Google.
</span>
Being in information security this is a serious violation of privacy AND security - https - no longer secure - built in spyware.
<span style="font-weight: bold">
An Android developer recently discovered a clandestine application called Carrier IQ built into most smartphones that doesn't just track your location; it secretly records your keystrokes, and there's nothing you can do about it. Is it time to put on a tinfoil hat? That depends on how you feel about privacy.
[Related: Facebook and Google Join Forces to Oppose Privacy Bill]
The reason for this invasive Android app seems reasonable enough at face value. Even though it's on most Android, BlackBerry and Nokia devices, most users would never know that Carrier IQ is running in the background, and that's sort of the point. Described on the company's website as software to gain "unprecedented insight into their customers' mobile experience," Carrier IQ is ostensibly supposed to help mobile carriers and device manufacturers gather data in order to improve their products.
Tons of applications do this, and you're probably used to those boxes that pops up on your screen and ask if you want to help the company by sending your data back to them. If you're concerned about your privacy, you just tap no and go about your merry computing way. As security-conscious Android developer Trevor Eckhart realized, however, Carrier IQ does not give you this option, and unless you were code-savvy and looking for it, you'd never know it was there. And based on how aggressive the company has been in trying to keep Eckhart quiet about his discovery, it seems like Carrier IQ doesn't want you to know it's there either.
[Related: Did Eric Schmidt Step Down Because He 'Screwed Up' on Social Media?]
Eckhart first raised a red flag about Carrier IQ about two weeks ago when he started investigating reports that a software update on the HTC EVO 3D included "user behavior logging" code. The code had worried some geek bloggers when it showed up a couple months ago, but HTC and Sprint insisted that it wasn't much different than normal error-logging software and certainly didn't gather granular data like "contents of messages, photos, videos, etc." Eckhart wrote an exhaustive blog post about his startling findings -- CarrierIQ collected lots data, including keystrokes, and there way for the user to opt out "without advanced knowledge" -- and CarrierIQ flipped out. The company sent Eckhart a cease-and-desist letter demanding that he keep his mouth shut and threatening legal action. But after the Electronic Frontier Foundation (EFF) took a look at the case and determined that Eckhart was working within his First Amendment rights, it backed off but still denied that they recorded keystrokes.
[Related: Google's Ice Cream Sandwich Will Make Android All Better]
This week, Eckhart fired back with a 17-minute long video showing in painstaking detail how much data CarrierIQ collects, effectively undercutting the company's denial. It was even logging contents of text messages! Wired posted the video on Tuesday night and cemented its status "as one of nine reasons to wear a tinfoil hat." The magazine explains how CarrierIQ even undercuts other companies' security measures:
The video shows the software logging Eckhart’s online search of “hello world.” That’s despite Eckhart using the HTTPS version of Google which is supposed to hide searches from those who would want to spy by intercepting the traffic between a user and Google. … It’s not even clear what privacy policy covers this. Is it Carrier IQ’s, your carrier’s or your phone manufacturer’s? And, perhaps, most important, is sending your communications to Carrier IQ a violation of the federal government’s ban on wiretapping?
Oh, we're definitely in tinfoil hat territory now. CarrierIQ and the carriers have yet to respond to the latest claims -- we're doing our best to chase them down -- but if past smartphone tracking scandals are any precedent, they could end up answering to Congress.
Related: The First Signs of Mutiny in the Android Brigade
Like many things in life, there are a couple of different ways to think about smartphone tracking. One way approaches privacy from a forward-thinking, technology-trusting and, heck, even progressive perspective. GPS-equipped smartphones are incredibly powerful tools that enables mankind to do all kinds of amazing things, thanks to the perpetual stream of data from the Internet. However, that stream runs both ways, and sometimes, the folks that build and maintain the network sometimes need to monitor your data in order to improve the technology. Who wouldn't want better service?
[Related: The Great Facebook Privacy Disconnect ]
This brings us to the second approach. Tracking is creepy. In an Orwellian kind of way, it makes people nervous -- especially Americans -- that the government or the corporations or the system is closing in on them and stealing their freedom. Of course, not everybody feels so strongly about privacy, but as long as you can opt out, it's fine. Last week, Sen. Charles Schumer spoke out about a program at some malls in Virginia and Southern California that were anonymously tracking shoppers' movements by tracking their cell phone signals, and the only way to opt was by not going to the mall. Schumer did not approve. "Personal cell phones are just that -- personal," the New York senator said in a statement. "If retailers want to tap into your phone to see what your shopping patterns are, they can ask you for your permission to do so."
The CarrierIQ software is not dissimilar to the shopper tracking program. In fact, it's arguably worse since it follows you everywhere. In the age of social media, everybody is becoming increasingly aware of and often angry about the amount of private data companies are scooping up with or without their consent. This week, the Federal Trade Commission and Facebook came to an agreement that the social network must make all of their new programs opt-in so as not to break the law by violating users' privacy. Even Mark Zuckerberg admitted in a sincere-sounding blog post that his company had "made a bunch of mistakes" on the privacy front in the past. He went on to detail how "offering people control over the information they share online" was a top priority. This is Mark "Privacy is Over" Zuckerberg we're talking about here. With Facebook reportedly building its own mobile phone platform, wouldn't it be super ironic if people started defecting from the Android army and switching to the Facebook phone in the name of privacy?
Your move, Google.
</span>