

Mobile ‘Rootkit’ Maker Tries to Silence Critical Android Dev - mafro
http://www.wired.com/threatlevel/2011/11/rootkit-brouhaha/

======
lawnchair_larry
"What’s more, the company is demanding that Eckhart inform Carrier IQ of the
names of all persons to which Eckhart has forwarded the training material. The
company also wants Eckhart to send “written retractions” to everybody who has
viewed his research in hard copy or on the web."

Insane.

~~~
ChuckMcM
It is the way with lawyers. They yell at everyone, and anyone who doesn't sit
down they roll back and figure out what to do next. The eff link was pretty
good on this.

[https://www.eff.org/deeplinks/2011/11/carrieriq-censor-
resea...](https://www.eff.org/deeplinks/2011/11/carrieriq-censor-research-
baseless-legal-threat)

So its 'sane' in the sense that their livelyhood is being threatened and they
are fighting back, however their business model is reprehensible so the
question becomes whether or not a phone/carrier can use this press to
differentiate by advertising "no carrier iq surveillance"

Of course the underlying issue is differentiation and value. Specifically,
wireless carriers despise the idea of being data pipe suppliers. I first ran
into this at my startup FreeGate when we were selling an appliance that let an
ISP hook up a small business to the Internet and provide a better service
experience (you could do service via the appliance and the customer didn't
have to know anything about the Internet). Anyway, it was a great idea until
ISPs realize that just selling cheap internet wasn't going to be sustainable
for their business model, they had to sell web site hosting and email and
other 'value add' services. Of course our box did all that and the ISP's
offering was superfluous. Whoops, there goes one of your channels.

Carrier IQ's business is to collect and codify 'business intelligence' which
the carrier can then resell at a markup to third parties. Things like 'this
guy just came out of a dealership down the street before he walked into yours'
level of details. That is very valuable to people who want to close a sale,
its also pretty damn intrusive.

This is one of those places where Stallman's rants on 'free' software get a
boost in legitimacy from the real world. Knowing exactly who is controlling
the computers you own is serious 21st century business.

------
plink
"Andrew Coward, Carrier IQ’s marketing manager, said in a telephone interview
Tuesday that the company, not Eckhart, should be in “control” of the manuals."

When they jokingly told Andrew that "PR" stood for "Pernicious Reputation"
they didn't think he'd take them seriously.

------
frankydp
Wouldn't a simple opt-out be the best PR response to this kind of press.

Is this information classified as Customer Proprietary Network Information
(CPNI) if so it is required to be optional for the customer, and would be
handled by the provider not CIQ.

------
getsat
Has it been confirmed whether or not the iPhone uses this? Since Jobs never
let the carriers touch the base OS, I'm assuming it does not.

~~~
tatsuke95
I doubt the iPhone uses _this_ , but don't kid yourself, it has the ability to
monitor everything you do on that phone.

From a practical standpoint, manufacturers and service providers want that
ability. But it's how they intend to use the information that counts. Nobody
has proven to me so far that it's entirely benign.

~~~
falling
That cannot be proven. You need to trust somebody, at some point.

~~~
true_religion
No, you can go pretty far with a default of not trusting an organization until
its action prove it worthy of trust.

~~~
falling
You asked for proof that the data is correctly and securely used. That is what
cannot be proved, regardless of your trust in the company or lack thereof.

------
ypcx
I'm all against spying on people, but I cannot help but notice the
sensationalist slant of the article. After all, I believe the main problem is
not the botched reaction of the "rootkit" company, but the mobile operators
who put it to use on their own paying customers. Anyway, the simlock-
free/unsubsidized Google's Galaxy Nexus just got another bit sexier for me.

------
runjake
More importantly, this destroys my trust in OEMs, such as HTC. That, in
response to inquiries about the inclusion of CarrierIQ rootkit, HTC's PR rep
only said "Uhm err uhhh, ask your carrier".

Why should I need to ask the carrier? You signed the APK (CarrierIQ
application) bundles with your certificate, HTC.

This is shameful.

------
atmz
Ok, devil's advocate here - Carrier IQ are bad, and are making themselves look
worse, and the carriers are complicit in all of this, but... Sharing the
manuals is still copyright violation, and Eckhart can have the same effect,
while being legally protected, by writing about them and using (clearly) fair
use quotes from the manuals.

~~~
CodeMage
From the article:

 _The EFF says Eckhart’s posting of the files is protected by fair use under
the Copyright Act for criticism, commentary, news reporting and research_
[...]

------
jimbobimbo
Kudos to Eckhart- he's doing the right thing. I hope some class action will
grow out of it.

------
101001010111
I'm perplexed how anyone could believe iOS is somehow different simply because
Apple doesn't need to purchase a "rootkit" from a third party like CarrierIQ.

Apple, a hardware company, is well-suited to write their own "rootkit" in-
house. They no doubt have their own techniques for getting the same
information that CarrierIQ gathers.

To think Apple is not interested in the same information about their customers
just seems incredibly naive or like some kind of cognitive dissonance.

If anything I would imagine Apple has set the bar for how much "intelligence"
can be collected on its customers and the carriers are basically playing catch
up.

I could be wrong. But that's how I see it.

~~~
cubicle67
There's a very active iOS jailbreak community who should be able to
confirm/deny this. They'd know by now how often iOS phones phone home, and
what data they send

~~~
cbs
_They'd know by now_

There is also a very active Android community, and they're just finding out so
I wouldn't be so sure. From a structural perspective, it would also make more
sense if any of their own statistical software lived in the iOS itself, while
the nature of android (specifically the google/mfg divide) that would drive
this information collecting into an app to in that ecosystem.

