OPSEC and electronics

Discussion in 'Tin Foil Hat Lounge' started by beast, Dec 1, 2011.


  1. beast

    beast backwoodsman

    An Android developer recently discovered a clandestine application called Carrier IQ built into most smartphones that doesn't just track your location; it secretly records your keystrokes, and there's nothing you can do about it. Is it time to put on a tinfoil hat? That depends on how you feel about privacy.

    The reason for this invasive Android app seems reasonable enough at face value. Even though it's on most Android, BlackBerry and Nokia devices, most users would never know that Carrier IQ is running in the background, and that's sort of the point. Described on the company's website as software to gain "unprecedented insight into their customers' mobile experience," Carrier IQ is ostensibly supposed to help mobile carriers and device manufacturers gather data in order to improve their products.

    Tons of applications do this, and you're probably used to those boxes that pops up on your screen and ask if you want to help the company by sending your data back to them. If you're concerned about your privacy, you just tap no and go about your merry computing way. As security-conscious Android developer Trevor Eckhart realized, however, Carrier IQ does not give you this option, and unless you were code-savvy and looking for it, you'd never know it was there. And based on how aggressive the company has been in trying to keep Eckhart quiet about his discovery, it seems like Carrier IQ doesn't want you to know it's there either.

    Eckhart first raised a red flag about Carrier IQ about two weeks ago when he started investigating reports that a software update on the HTC EVO 3D included "user behavior logging" code. The code had worried some geek bloggers when it showed up a couple months ago, but HTC and Sprint insisted that it wasn't much different than normal error-logging software and certainly didn't gather granular data like "contents of messages, photos, videos, etc." Eckhart wrote an exhaustive blog post about his startling findings -- CarrierIQ collected lots data, including keystrokes, and there way for the user to opt out "without advanced knowledge" -- and CarrierIQ flipped out. The company sent Eckhart a cease-and-desist letter demanding that he keep his mouth shut and threatening legal action. But after the Electronic Frontier Foundation (EFF) took a look at the case and determined that Eckhart was working within his First Amendment rights, it backed off but still denied that they recorded keystrokes.

    This week, Eckhart fired back with a 17-minute long video showing in painstaking detail how much data CarrierIQ collects, effectively undercutting the company's denial. It was even logging contents of text messages! Wired posted the video on Tuesday night and cemented its status "as one of nine reasons to wear a tinfoil hat." The magazine explains how CarrierIQ even undercuts other companies' security measures:
    The video shows the software logging Eckhart’s online search of “hello world.” That’s despite Eckhart using the HTTPS version of Google which is supposed to hide searches from those who would want to spy by intercepting the traffic between a user and Google. … It’s not even clear what privacy policy covers this. Is it Carrier IQ’s, your carrier’s or your phone manufacturer’s? And, perhaps, most important, is sending your communications to Carrier IQ a violation of the federal government’s ban on wiretapping?
    Oh, we're definitely in tinfoil hat territory now. CarrierIQ and the carriers have yet to respond to the latest claims -- we're doing our best to chase them down -- but if past smartphone tracking scandals are any precedent, they could end up answering to Congress.
    Related: The First Signs of Mutiny in the Android Brigade

    Like many things in life, there are a couple of different ways to think about smartphone tracking. One way approaches privacy from a forward-thinking, technology-trusting and, heck, even progressive perspective. GPS-equipped smartphones are incredibly powerful tools that enables mankind to do all kinds of amazing things, thanks to the perpetual stream of data from the Internet. However, that stream runs both ways, and sometimes, the folks that build and maintain the network sometimes need to monitor your data in order to improve the technology. Who wouldn't want better service?

    This brings us to the second approach. Tracking is creepy. In an Orwellian kind of way, it makes people nervous -- especially Americans -- that the government or the corporations or the system is closing in on them and stealing their freedom. Of course, not everybody feels so strongly about privacy, but as long as you can opt out, it's fine. Last week, Sen. Charles Schumer spoke out about a program at some malls in Virginia and Southern California that were anonymously tracking shoppers' movements by tracking their cell phone signals, and the only way to opt was by not going to the mall. Schumer did not approve. "Personal cell phones are just that -- personal," the New York senator said in a statement. "If retailers want to tap into your phone to see what your shopping patterns are, they can ask you for your permission to do so." The CarrierIQ software is not dissimilar to the shopper tracking program. In fact, it's arguably worse since it follows you everywhere. In the age of social media, everybody is becoming increasingly aware of and often angry about the amount of private data companies are scooping up with or without their consent. This week, the Federal Trade Commission and Facebook came to an agreement that the social network must make all of their new programs opt-in so as not to break the law by violating users' privacy. Even Mark Zuckerberg admitted in a sincere-sounding blog post that his company had "made a bunch of mistakes" on the privacy front in the past. He went on to detail how "offering people control over the information they share online" was a top priority. This is Mark "Privacy is Over" Zuckerberg we're talking about here. With Facebook reportedly building its own mobile phone platform, wouldn't it be super ironic if people started defecting from the Android army and switching to the Facebook phone in the name of privacy?
    Your move, Google.
     
    Last edited by a moderator: Jan 26, 2015
  2. STANGF150

    STANGF150 Knowledge Seeker

    Heh any wonder my cellphone is Old & Dumb, Not new, trendy, & SMART!!! :)
     
  3. Redneck Rebel

    Redneck Rebel Monkey++

    Here's a statement posted on Carrier IQ's website.

    http://www.carrieriq.com/Media_Alert_User_Experience_Matters_11_16_11.pdf
     
  4. Falcon15

    Falcon15 Falco Peregrinus

  5. Redneck Rebel

    Redneck Rebel Monkey++


    LMAO, I thought so to. Figured it was so blatantly obvious it went without saying. I'll take the word of a coding geek over that of an obscure company and it's vague ramblings any day. This kind of thing is exactly why I find open source (even if that barely applies to Android) so appealing.
     
  6. ghrit

    ghrit Bad company Administrator Founding Member

    And I get questioned and derided by well meaning folks (maybe they want to reach me at a time of their choosing?) for my steadfast refusal to get a cell phone of any kind, much less one of these things that do everything but pick my nose for me. This isn't the only outfit that wants to know where I am and what I'm doing; I'll bet I've blocked over 200 cookies in the last 3 days that (even) they admit are to track what sites I visit.

    What am I missing with no FB account? Don't know, don't care a whole lot either, in spite of a lot of real friends trying to get me hooked up so they can find out what I'm (not) doing.

    Found out the other day what I'm missing with a linkedin account. Answer, nothing.

    "OnStar"? Not a chance. If I get a car equipped with it, the wires will be cut first chance I get under the dash.

    I'll take my chances with 50s technology and using what's left in my MT head to keep out of trouble. Risky behavior? Sure, but so is life in general.
     
    chelloveck and Seawolf1090 like this.
  7. DKR

    DKR Raconteur of the first stripe

    "privacy" is an illusion

    Anyone that thinks they have real privacy has never lived in a small town...and now the world is a small town.
     
  8. dragonfly

    dragonfly Monkey+++

    The more people that use the higher technology, the better for those that monitor us....The "thought" police?
    Today, Everything that is sent by any and all electronic means is recorded, sorted, catalogued, and stored....
    Why is the question....
    Because "they" can, is the only answer.
    Paranoia? Perhaps, I prefer to think of it as a bunch of gossips, on steroids!
     
  9. Redneck Rebel

    Redneck Rebel Monkey++

    Like we needed confirmation....

    The FBI Is Using Carrier IQ Information

    FBI Response Here: http://www.muckrock.com/news/archiv...rrier-iq-files-used-law-enforcement-purposes/
    http://www.muckrock.com/news/archiv...rrier-iq-files-used-law-enforcement-purposes/

    On the upside I did successfully root my phone last night and this morning eliminated CarrierIQ.
     
  10. Redneck Rebel

    Redneck Rebel Monkey++

    Well heck, removing CarrierIQ wasn't enough. Going to have to flash in a custom ROM and eliminate the LogMeIn.com software that gives the service provider backdoor remote control over my phone. If this doesn't plug the bigger security holes a switch back to an iDEN phone might be in order.
     
  11. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    If you switch back to an iDen Phone, get one that has DirecTalk built in.... these are way cool for Off-Network SECURE Comms. They are well tested and understood by many of the Monkeys here in our Tree.... ..... YMMV....
     
  12. Redneck Rebel

    Redneck Rebel Monkey++

    I've got three already. Unfortunately none of them has directalk capability as they are boost mobile versions.
    But have no fear, a set of DirecTalk capable units is planned anyways as I would like them at the least for secure intercom use in and around the house.
     
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7