Shared publicly  - 
 
Thinking Out Loud About Carrier IQ

Many of you early adopters in Google+ have been in the tech industry for a long time and I'm wondering if you, like me, think that the rest of the world is grossly misinterpreting what Carrier IQ does and why carriers and manufacturers use it in the first place.

The analogy I'm thinking about is computers and computer repair. The more your computer knows about what was going on when X application crashed, the more internal diagnostics and IT can help you.

The more Carrier IQ tells carriers about what makes their networks work well and not so well, doesn’t that mean the better those networks and--by extension--carrier handsets can become?

I'd love to hear from those in the IT field about whether or not they think Carrier IQ is evil and if consumers should be trying to turn it off on all their phones. Is this akin to killing Dr. Watson on Windows?
5
1
Alex Scoble's profile photoMike Elgan's profile photoAdam Haider's profile photoDan Singleton's profile photo
19 comments
 
I would think that it the secret nature of the tool that makes people concerned and of course many tools can be used for both good an bad purposes. People are just getting leery of vendors when they "Trust me .. I'll only use it to do good things"
 
Afaik Carrier IQ itself is NOT EVIL, but has the potential to be.
Until now it depended on Carriers and Device Makers how evil their implementation of CarrierIQ resulted....
 
Last thing I read was that CIQ in its original form did not intercept those (as there is no connection to the UI if I remember it right), so I assume this must be one of several diffenrent kinds of implementation of CIQ that really intercepts the Text Input.... but before taking it from me try looking it up on the XDA-developers site, where the original disclosure was made...
 
The truth lies somewhere between completely harmless and beta testing before being sold to all world governments to spy on the governed. But don't expect anyone (beyond you :) ) to spend any time near there. The media have conditioned us otherwise.
 
This sounds a lot like the early uproar over Gmail and its contextual ads--at least, in terms of what exactly is Carrier IQ reading or not reading about your personal life. But I guess it's more worrisome in this case, because here's this device that you're carrying all the time and is tracking all of your day-to-day interactions in addition to e-mail text.

Sure, probably no one is reading it or will ever read it. I take Carrier IQ's explanations at face value, since they make sense. But even so, it's a security risk to have it all sitting in one place where it can be hacked, and a corrupt company employee could always compromise that data.
 
If it was just a successful connection / unsuccessful connection program that just sat on your SD and only called out when there was an issue, there would be no problem. But, it stores far too much information, and calls it in to a database when no issue occurred. Also, the fact that there is no overt menu option to turn it in or off makes it a real issue.
 
A Cyanogen based Rom will free you from CIQ... and I guess several other alternative Roms will too...
 
+William Bostwick has it exactly correct -- they do not need the actual content of anything. They're trying to improve networks. How many people have actually done network administration (like me) have ever needed to know the actual data to diagnose network issues?
 
had carrier iq responded in a reasonable fashion to trevor's assertions from the get go, and possibly took time to explain to the rest of the world exactly how it operated, it probably wouldn't be in the mess it's in now. but they chose to play hardass and try to intimate the 25 year old into silence. that immediately cast them as evil, and their subsequent actions (and explanations) haven't helped.

the sw shouldn't run in secret, it shouldn't be impossible to disable. even if it doesn't collect tons of personal info, it has the potential to do so, and the company's behavior isn't making anyone feel better about that. so no, I don't think the CIQ debacle is totally overblown. it's leagues beyond what something like Dr. Watson might do.

see also: http://www.itworld.com/it-managementstrategy/229563/will-carrier-iq-s-software-make-your-phone-vulnerable-hackers

cheers

dt
 
Carrier IQ needs to know that I tried connecting to google via an HTTPS connection. It does not need to know what my secure search was about (nevermind saving it in plain text). CIQ needs to know that I sent/received a text message. It even needs to know the phone numbers, it does not need to know the content of said text message.

Most importantly, I need to: a) know that CIQ is running, b) know what data CIQ is collecting, and c) have the power to disable it.
 
Yes, this issue is being sensationalized. But the underlying threat to privacy is real and needs to be dealt with. And whoever made the bonehead decision at Carrier IQ to serve a C&D notice has just learned what "Streisand Effect" means.
 
The way I see it, the problem is on two fronts. First one, the fact that this software was running on our phones without us knowing about it, or being able to opt out. The second, is, even if CIQ itself only has good intentions for the data it collects, is whether this data can be accessed by a malicious 3rd party app or a hacker who does not have such good intentions.
 
Many lifes ago I worked in a workshop in a small computer company. The information being collected by Carrier IQ is akin to me at the time, receiving someone's computer for repair, going through all their personal fies and pictures, reading their email and viewing their browsing history, and claiming I'm doing it so I know better how to repair their computer.

Your comment is ridiculous and one I wouldn't expect to hear from ANYONE let alone someone in the tech industry, there's no justification for the levels of information it is collecting.
 
+Spoken Word apparently doesn't understand much about security and how such malware could be exploited to grab everything you do on yoru cellphone. Type in your bank URL, username and password? Yeah, it can grab that.

It doesn't matter how it's been used. It matters what the malware can do, how insecure it is and how consumers had and have no choice about whether it's installed on their phones or not.

The Carrier IQ malware breaks just about every security best practice there is and all of the companies involved in using it should be severely punished.
 
No. Dr. Watson asked permission, revealed itself to the user and put the user in control. Carrier IQ runs without user knowledge or permission.

And even if you accept the logging of all this, how can anyone accept the logging (and access by Carrier IQ and its customers) to un-encrypted HTTPS activity?
 
+Lance Ulanoff I tent to look at things more broadly. Since "Sept.11" we've noticed a trend that people are increasingly distrusting companies and are more concerned now than ever over privacy and personal freedoms. So it seems anything will trigger sceptics to question what they see and raise alarm bells.

The distrust over Carrier IQ is not news to anyone who knows that such monitoring tools have been in use for many years used by ISPs, TV service providers (which is why I don't connect my LAN cable in my box), in-car technology, digital gas/electric metres, ATMs etc. in order to gather usage data for either debugging or ensuring how the service can be improved.

In 80% of cases this is a great thing because these tools cut costs which help increase innovation, however 20% of the time the data being mined is traded and sold to firms which in most cases do not contain personal identifiers but generic data. It's hard to say with Carrier IQ because think about how much data the average smartphone has when you put together all the cache data from the apps, it's a goldmine of information.

Though, similar to how your personal data is traded when you sign up for a credit card or vote, your data is also traded when you sign up for services such as insurance or loans, offers, fill out forms (esp. from state institutions such as health-care).

The notion that it's only "hackers" that could use this data is vy. wrong because there is an entire industry which has been going on for years which revolves around owning your data. The idea is that once you use their service you're consenting to their contract and so your data becomes theirs.
Add a comment...