Shared publicly  - 
 
People complaining about CyanogenMod collecting anonymous data on a social media website that also data mines your personal emails for targeted ads is about the most ironic thing ever.
281
25
Pete Bingel's profile photoValera Trubachev's profile photoPablo Gasior (blitos)'s profile photoRicky Chan's profile photo
49 comments
J Agnew
+
3
4
5
4
 
The cats face is pure awesome.
 
Apparently they missed the part where they could easily fork it if they wanted to, and that above that it's (a) entirely anonymous and (b) isn't really dangerous information to be spreading around, anyway.
 
Soon...CyanogenMod will be mining souls...and people we will demand it back...
 
I hear that CyanogenMod sends the device's model name, version number, and IP address to all the web sites that users connect to. Is that true? ;-)
 
Well played +Jean-Baptiste Quéru but that would be the new app darling Buzz Launcher. For real, you should read the amount of data that thing mines. 
 
+Koushik Dutta - Amusingly, the reason why the AOSP master uses a funky pseudo-version number (currently 4.2.2.2.2.2.2.2.2.2) instead of a codename (used to be OPENMASTER) is because it gets passed into the User-Agent string, and some web sites expect it to be number-ish and fail if it's not.
 
Yes Cyanogen was mining my statistics and spying on the private porn sites that I don't want to share with anyone. FIND YOUR OWN PORN SITES CYANOGEN!!!
 
i dont see why anyone complains basicaly all it is where you are and what version your using... device id is only so you can flash say, cm9/10/10.1 straight after eachother it wont make duplicate/un-nessisary entries in their records. 
 
Correct me if I'm wrong: all you collect is
Carrier
Model device
Country
ROM version
IMEI or MAC (one-way hash)
about imei, is what you call "device id"? And the one-way hash "technology" is just a shorter version of "my" real IMEI, but it's still a digital unequivocably fingerprint as well as it's 100% reversable..besides, can you explain us how exactly those stats can improve a ROM development so significantly to be necessarly freezed them in? Thanks +Koushik Dutta 
 
OMG! Is it be fefault now? My personal data will be added as +1 to he total count of devices running Cyanogenmod? I have to remove my brain from my head, so nobody can read it when they find out, that one more person is using CM. And I have to eat my simcard. I definitely have to!
It is quite annoying, how everybody is freaking out about privacy lately. People who do not know, what they are talking about and have 123456 passwords at the same time.
 
We pretty much gave up privacy when we embraced mobile phones anyway. Our only defense is an immense number of users :)
 
Jeez, there is nothing wrong with what CM collects, it should still be an opt out though, you just need to make more of a pleading message. FWIW this takes away choice for me and seriously makes me re-consider using CM if this is the attitude to user choice.
 
This issue is about being open up-front with your users about what you do, taking out the opt out means you wont be doing this any more, what about new users who never saw the social media threads?
 
Collect more. But be a good sport and make it public. Hmm... There should be a law that this is public data and it should be public...
Translate
 
+Matteo Firmo It's called a one-way hash because it is not reversible and is just there to make sure that one device is not counted multiple times in the stat. Other data helps identify what models/country/version our users are using. You are sending this detail to every app you download from the Play Store anyway (the Play Store provides statistics to developers). The data collected can be accessed in statistical form at http://stats.cyanogenmod.org/.
 
+Pawit Pornkitprasan thanks for the reply but the fact isn't reversable seems quite false as far as I'm reading...and my main point is: are those stats so important to force users to give them away?? If yes, can someone please explain why? In what way? The playstore example didn't work, since when I'm installing the app is the app itself that warns me about what it needs and what it wants to know from my device and I AM FREE TO CHOOSE "NO"!..the REAL funny thing is this new obsession of collecting those stats no matter what! That's what is making people suspicious, because isn't really clear how those "anonymous" and "not really significant" data can make the big improvement especially considering that since yesterday cm let them optionable...is suddenly become vital to collect them?! Just to know how many roms are being flashed and in what device /countries? Can't really see the point, sorry :/
 
Disappointing to note Mako hasn't yet made the list!
 
+Matteo Memnoc Nope, all apps on the play store collect installation stats without requiring any permission at all, it is done by Play Store as a service to the developer. And in this case, you are free to choose "no" to installation of CM as well (or fork the Settings app to disable the submission of statistics). I also wouldn't be surprised if stock ROM from OEMs also collect these stats.
 
Lol you guys are getting punished for being honest and open...better write a shady disclaimer no one understands!
 
1. Your device ID changes between /data wipes but IMEI or MAC address doesn't. So for more accuracy in statistics, they can use identical info.

2. About one-way hash: If you only have the sha1sum of a 10GB file, does that mean you can restore the whole file with a 32-byte hex number? Don't let your carrier know that or they'll charge your 3G data by byte.
 
Cats also collect your personal data. You can't disable that.
 
Yeah the CyanogenMod Team is evil and wants your data so they can sell it and then everybody knows where you live.
Are you serious? Be grateful that there is a ROM that brings the newest Android version on your device. They only want to know how many people are using their mod so that they know how successful they are. If you aren't willing to give that little data away then you shouldn't be allowed to use cyanogenmod at all.That's my opinion. 
 
this definitely needs a petition to the White House and beyond.. anyway, dear CM team, when selling my anonymous data, please make sure the buyer is not a bad person, that he likes puppies and that it actually is a "she", around 25-30 years old and single. Thanks a lot :D
 
Looks like I'm going back to Xenon HD
 
How do you know Xenon HD doesn't just collect data without your knowledge? :) 
 
I don't know. Guess not knowing makes me feel better.
 
+Hexchain Tong the hash is MD5 and it is more about a potential leak than about the data in Cyanogenmods hands… if they leak the claim that the data would be anonymously collected simply is a question of ~1,5h of hashcat :P in the worst case ;)
 
Meh...please don't take +Matteo Memnoc comment too serious. He has "battery calibration script" featured on his SmartDroidBersek Sense3.6Sense4.0AOSP OHMYGOD ROM. So awesome!
 
As long as it doesn't effect the battery life who cares. The g apps on the phone collect easy more data than this already. However where will the line be drawn? Today they just want a better count of users but tomorrow whar are you going to ask for? It's a slippery slope. 
 
About the only REAL legitimate problem with this is that hashing the IMEI could possibly be reversible by creating a lookup table.  (Hash all possible IMEIs and do a reverse lookup.)  It turns out the IMEI space isn't as large as you might think it is.

Easy solution:  When IMEI is present, concatenate it with MAC before hashing - then it's a LOT harder to generate a lookup table.  Shutting off stats over this minor flaw is throwing the baby out with the bathwater.

But it comes down to - even if such a cryptographic attack leading to a reverse-mapping is achieved, what is the actual impact?  Someone determines that IMEI xyz ran CyanogenMod at some point?  How can that have negative consequences?

(Before you raise warranty issues when answering the above - the fact is that any manufacturer who voids warranties on installation of custom firmware already has ways to do so.  Samsung now "pops triangle" on boot if an unsigned kernel is detected, and pretty much everyone else's unlock process requires your IMEI.)
 
+Steffen Arntz On older devices that only popped triangle when you flashed something unsigned in download mode, it wasn't a big deal.  Newer devices pop triangle immediately on boot if the kernel fails signature check.  I expect future Samsungs will be even more robust.
 
yeah I know :) but at least for the i9300 the triangle/excalamtion mark thing hast been broken :P
 
I don't care about the data collection myself, but I do find it ironic that users who normally advocate privacy when companies like Google or Facebook collect anonymous statistics are totally cool when CyanogenMod collects essentially the same thing. There are users out there who even complain when small indie developers collect a lot less anonymous data than CyanogenMod is from their apps to help diagnose bugs in their software, because they have "privacy concerns". It's funny to me how they don't care about this though. Way to be consistent, guys.

But again, personally I'm cool with this.
 
And the idiots won again...when this will end?
Add a comment...