SnarfVader: In before, "Yeah but the iPhone... "

...probably does that too. It's just that it's buried under the azaleas in the back corner of the walled garden, so you'd need to be an Apple dev to know about (or find) it.

// Android user
// are there strict rules on what hoops the government must jump through to get this data?
// a private company doing this scares me, but far less than the Feds having a revolving door to that info
// the company is probably using it for QC; the government...not so much

They can just say it was unintentional, or does that only work for Apple when it's found their product does the exact same thing?

I sent out in an e-mail that I would be spending Thanksgiving at my brother's place on Steiner St.

I immediately started getting unsolicited promos fron Steiner Sports Memorabilia.


/just sayin'

Dr Dreidel: SnarfVader: In before, "Yeah but the iPhone... "

...probably does that too. It's just that it's buried under the azaleas in the back corner of the walled garden, so you'd need to be an Apple dev to know about (or find) it.

// Android user
// are there strict rules on what hoops the government must jump through to get this data?
// a private company doing this scares me, but far less than the Feds having a revolving door to that info
// the company is probably using it for QC; the government...not so much

There's actually a video somewhere of a person using a tool to show all the info logged by iPhone.
/ iPhone user but not zomg passionate about such

Thanks Cyanogenmod! I don't have to worry about this!
/no rootkit for me.

~ Puts on Flavor-flav viking helmet ~


WWWwwwaaaaaaaaoooooooooowwwwww.


~ Takes off helmet, goes back to work. ~

ah, there it is: http://radar.oreilly.com/2011/04/apple-location-tracking.html

That's why my phone is old school and dumb as a stump.

Android is watching you masturbate.

And now for some good news FTFA:

"Android Community is attempting to contact the four major carriers in the U.S. to who is using Carrier IQ and on which phones. So far only Verizon Wireless has responded, saying emphatically that they do not use Carrier IQ's software in any way."

Double checked on my Motorola Bionic, Samsung Charge, and my D1 and D2G, and all four are clean. It looks to be that the software is dependent on the carrier, and so far, AT&T, Spring, T-Mobile and others haven't yet answered.

Sarcasm and jokes are fun and to be expected at Fark, but seriously though... This is some scary sh*t.

Aside from going back to shiatty old school phones, what's the best option for those of us with "smart" phones, who want to minimize the info we share with the company/government?

Or is this just the price we have to pay if we want to enjoy the benefits of a phone with all the bed and whistles?

/has a strange feeling that people born anytime after 2008 or so should probably not expect to have any expectation of privacy outside of the bathroom.
//at least not until "smart toilets" become the next big thing.

H31N0US: That's why my phone is old school and dumb as a stump.

Seems like a pretty stupid main reason.
I mean, reliability, battery life, robustness and other related features are really good reasons to have a "normal" / non-smartphone phone, but a tracking issue that can be swept away with any old custom rom is a pretty silly cornerstone of reasoning.

El Morro: Aside from going back to shiatty old school phones, what's the best option for those of us with "smart" phones, who want to minimize the info we share with the company/government?

Uh, just disable it if your carrier provides a way to do so, or use any custom rom that does.

A general guideline to follow is that any information going over a somewhat public network (phone networks, the internet, etc.) should never be regarded as truly private.

scottydoesntknow: SnarfVader: In before, "Yeah but the iPhone... "

"Siri, are you tracking my phone calls?"
"Am I tracking your phone calls? Tracking, you know, I enjoy cell phones. I love to be around them. But no, I'm not tracking your phone calls."

You magnificent bastard.

Eckhart wonders why aren't mobile-phone customers informed of this rootkit and given a way to opt out?

Duh. Because then people would opt out and that's not what our corporate overlords want.

perhaps, most important, is sending your communications to Carrier IQ a violation of the federal government's ban on wiretapping?

No, citizen. It's OK because it's a corporation doing it. Wiretapping is when you video tape a cop beating the crap out of a peaceful demonstrator.

El Morro: Aside from going back to shiatty old school phones, what's the best option for those of us with "smart" phones, who want to minimize the info we share with the company/government?

Root it. Go with a carrier that doesn't use this software. Or, even better, just avoid use of email, texts, cell phones, landlines, and just hand deliver hardcopies to everyone who needs one. Don't mail things cause you know that shiat is traced. Make sure the hardcopies are all originals hand written on papyrus, cause copiers and printers embed a tiny code in each thing they print and copy identifying them. Also, when you hand deliver the hardcopies, don't leave your house. Ensure all your clients and coworkers live within throwing distance.

Root it.

and send a batsignal right into Ft. Meade saying "watch me"

/fashioning a fashionable tin-foil fedora

angstycoder: ah, there it is: http://radar.oreilly.com/2011/04/apple-location-tracking.html

There was another story I saw today which should be pretty concerning.

Kind of skeptical. I would need to see some actual logs on the device of past information.

To me it seems like he is enabling debugging of the app that communicates directly with the hardware/device. So it seem plausible that all you are seeing is the real time actions of the devices core functions via debug mode (though it is very verbose).

There is no indication that the data is

A) Actually being stored.
B) Being sent anywhere.

Both of which are equally scarey. Cool find though. I think more research needs to be done before we get our pitchforks and torches.

Geeves00: Kind of skeptical. I would need to see some actual logs on the device of past information.

To me it seems like he is enabling debugging of the app that communicates directly with the hardware/device. So it seem plausible that all you are seeing is the real time actions of the devices core functions via debug mode (though it is very verbose).

There is no indication that the data is

A) Actually being stored.
B) Being sent anywhere.

Both of which are equally scarey. Cool find though. I think more research needs to be done before we get our pitchforks and torches.

Irrelevant.

The issues are:
(1) That a vector is there for an untrusted third party to record and report all keystrokes
(2) It was put there at the insistence of the carriers
(3) That there is no way for a user to turn it off without voiding their warranty, i.e. rooting.

Additionally, this has serious implications for the trustworthiness of Android-based platforms as we attempt to move towards using NFC for financial transactions. Who in their right mind would trust Android (or *any* smartphone, really) as a debit card after this?

HOW TO TELL IF YOU HAVE IT (Android, obviously):

Go to Settings -> Applications, Manage Applications, at the top the ALL tab, and browser for IQRD. If you don't find it, search for any app with IQ in the name that you didn't install.

And even more obvious, Eckhart wonders why aren't mobile-phone customers informed of this rootkit and given a way to opt out?



Because Fark You! That's why.

Dr Dreidel: SnarfVader: In before, "Yeah but the iPhone... "

...probably does that too. It's just that it's buried under the azaleas in the back corner of the walled garden, so you'd need to be an Apple dev to know about (or find) it.

// Android user
// are there strict rules on what hoops the government must jump through to get this data?
// a private company doing this scares me, but far less than the Feds having a revolving door to that info
// the company is probably using it for QC; the government...not so much

The government can probably hack that shiat. No permission required.

scottydoesntknow: SnarfVader: In before, "Yeah but the iPhone... "

"Siri, are you tracking my phone calls?"
"Am I tracking your phone calls? Tracking, you know, I enjoy cell phones. I love to be around them. But no, I'm not tracking your phone calls."

*golfclap*

illegal.tender: (1) That a vector is there for an untrusted third party to record and report all keystrokes
(2) It was put there at the insistence of the carriers
(3) That there is no way for a user to turn it off without voiding their warranty, i.e. rooting.

I'm not discounting those points at all. I completely agree. My stance was just with the video itself.

I think the security of it definitely needs to be looked into. I find it more alarming that it's all dumped in plain text. Sure it make debugging very easy, but also opens it for exploits (your #1 point). If someone were to be able to get an app out there that would enable the debugging without you knowing, log everything, then forward it......yea that could wreak havoc.

H31N0US: That's why my phone is old school and dumb as a stump.

Mine is even old-schoolier. I do Morse code on HF while driving. Yeah, they might DF me, but that requires specialized equipment, and they have to know what freq I'm on, and be within range. And since you can't get a location if I'm just listening, well, I can monitor all day long and you still won't know where I am. Plus, I used to be in the business of intercepting Morse transmissions (that's what a dittybopper does), so I know how to evade monitoring if I think it necessary.

/I'm the idiot you hear on 10 meters madly calling "CQ CQ CQ DE [callsign] [callsign] [callsign]/M K", usually around 28.040 MHz.
//When 6 meters is open, I'm usually around 50.090 MHz.

Sheesh, they make constant surveillance sound like a bad thing.

Geeves00: Both of which are equally scarey. Cool find though. I think more research needs to be done before we get our pitchforks and torches.

It's a proof of concept that the app had the access rights and thus the potential ability to do such actions.

CarrierIQ already stated that it was possible but that they aren't doing it, so this isn't particularly surprising.

but it's a private company, so it's OK, freemarketamirite?

Windows phones don't look bad after all, do they?

From TFA: the Mountain View, California-based software maker threatened him with legal action and huge money damages.

This is like McD's suing you for telling them one of their employees blew a snot rocket in your McDouble.

I have an iPhone with a Garmin GPS. The way I look at it: If someone's interested in the fact that I go to the daycare and then to work everyday, they've got a much sadder life than mine. And that's saying a lot ...

Dr Dreidel: SnarfVader: In before, "Yeah but the iPhone... "

...probably does that too. It's just that it's buried under the azaleas in the back corner of the walled garden, so you'd need to be an Apple dev to know about (or find) it.

// Android user
// are there strict rules on what hoops the government must jump through to get this data?
// a private company doing this scares me, but far less than the Feds having a revolving door to that info
// the company is probably using it for QC; the government...not so much

Wondering if you have heard of this small piece of legislation they secretly passed called the Patriot Act.....

If you are a Verizon customer you can go to this page on their website, click the link at the bottom of the page, log in, and opt out of all info sharing systems- personal and business. _{(new window)}

Verizon has not confirmed on their website, so far, if they do or do not install Carrier IQ software on their phones nor have they officially confirmed if they are even a CarrierIQ customer. Various blogs allege that Verizon is a customer and others flatly state that Verizon is not _{(new window)}. I have a rooted Droid-X and nothing at all related to CarrierIQ shows up on my phone. Additionally, the Droid-X does not have CarrierIQ software according to XDA and a couple of other android tech/ROM sites. I didn't look into any other android phones Verizon offers.

There is a lot more 'inside' info on this situation at the XDA website _{(new window)}. They've been involved in this since pretty much the very beginning.

Also ups your data usage and potentially your charges as a result. Not part of the deal.

Meatzilla: If you are a Verizon customer you can go to this page on their website, click the link at the bottom of the page, log in, and opt out of all info sharing systems- personal and business. (new window)

Thanks for sharing this. I just went to Verizon and discovered that my security settings were set to "share everything with everybody".

/fixed

StoneColdAtheist: Thanks for sharing this. I just went to Verizon and discovered that my security settings were set to "share everything with everybody".

/fixed

Could you change your settings back for a minute? I was looking at some stuff... kthx

BugFarmer: StoneColdAtheist: Thanks for sharing this. I just went to Verizon and discovered that my security settings were set to "share everything with everybody".

/fixed

Could you change your settings back for a minute? I was looking at some stuff... kthx

That is NOT my weiner!

Let's just switch this round for the "if you have nothing to hide you have nothing to fear" crowd

Ask these companies to go public on what information they collect, how they store it, who they give/sell it to and how long they keep it.

After all, they are going to tell you because "if THEY have nothing to hide, then THEY should have nothing to fear"

Not getting a response? then I guess they do have something to hide, and something to fear!