Managing an online community is expensive. You need to licence (or build) forum software, need to provide technical support to your users, perform moderation of content, perform security updates. I get the desire to just outsource to somewhere that appears to provide the forum for discussion, especially if it seems to be for free. If they can't demonstrate that it produces value for the host, dropping it will likely be the path that most take.
There is no evidence that it is not transmitted either.
In a free and democratic society, when someone accuses another of wrongdoing it's customary to require the accuser to prove their claims, not require the accused to disprove them.
CarrierIQ decided to launch an ill thought out lawsuit to stop people from even looking at their product, to use a creepy idea if you have nothing to hide why complain so loudly. If their intentions were all sunshine and ponies for everyone, they could have made a press release and invited the researcher to see for himself how it all worked so he could ally any fears consumers could have had. Instead they made a lame attempt to shut him up, backpedaled once they law was explained to them, and now we can see large amounts of data being recorded.
Sigh, where to begin with this?
1. No lawsuit was filed. A demand letter was sent by Carrier IQ. A reply declining the demand was sent by EFF. Another letter from Carrier IQ was sent, apologizing and retracting their demands.
2. Complaining loudly—no matter how rude, obnoxious or misguided—is not evidence of wrongdoing.
3. In the video, all we see is the debug output of a program running on a phone. Until there is evidence that this software is storing and/or transmitting this data, it seems reasonable to ask tough questions about the design of this software, though not not to conclude that massive breaches of personal privacy are taking place.
I found a statement from Verizon about not using them to be telling. They do not use CarrierIQ or CarrierIQ data. Why would they make a statement worded as such? We have no connection to CarrierIQ would have covered the topic, but to point out we don't use the software or their data seems to suggest you could have access to either. Of course they went quiet when asked if they had a program similar to CarrierIQ on their phones.
You ask the question, implying we should conclude that either Verizon knows Carrier IQ is malware, or they ship malware of their own. The simpler explanation seems to be that they just don't want to have anything to do with this controversy.
If they are not using the "extra" data they are collecting then they just write crappy software, and this would explain why removing CarrierIQ makes phones faster. But that needs to be investigated, and I am sure there will have been accidents with some data storage systems that happened out of the blue before they could be examined.
Considering that there is clear evidence that Carrier IQ is outputting such event details to the debug log, I think we can safely conclude that this software is "crappy", possibly because of performance as you point out, but mostly because such information could lead to breaches of security.
There is no evidence in Eckhart's video that this information is being transmitted to Carrier IQ, period. What he was displaying were debug log output from the phone.
Writing these captured events to the debug log is not a good idea, and is potentially a vector of attack, but is not evidence that Carrier IQ is storing and/or transmitting this data.
Techdirt has not posted any stories submitted by pbryan.
Cost
(untitled comment) (as Paul C. Bryan)
Re: Re: No evidence of transmission (as Paul C. Bryan)
In a free and democratic society, when someone accuses another of wrongdoing it's customary to require the accuser to prove their claims, not require the accused to disprove them.
CarrierIQ decided to launch an ill thought out lawsuit to stop people from even looking at their product, to use a creepy idea if you have nothing to hide why complain so loudly. If their intentions were all sunshine and ponies for everyone, they could have made a press release and invited the researcher to see for himself how it all worked so he could ally any fears consumers could have had. Instead they made a lame attempt to shut him up, backpedaled once they law was explained to them, and now we can see large amounts of data being recorded.
Sigh, where to begin with this?
1. No lawsuit was filed. A demand letter was sent by Carrier IQ. A reply declining the demand was sent by EFF. Another letter from Carrier IQ was sent, apologizing and retracting their demands.
2. Complaining loudly—no matter how rude, obnoxious or misguided—is not evidence of wrongdoing.
3. In the video, all we see is the debug output of a program running on a phone. Until there is evidence that this software is storing and/or transmitting this data, it seems reasonable to ask tough questions about the design of this software, though not not to conclude that massive breaches of personal privacy are taking place.
I found a statement from Verizon about not using them to be telling. They do not use CarrierIQ or CarrierIQ data. Why would they make a statement worded as such? We have no connection to CarrierIQ would have covered the topic, but to point out we don't use the software or their data seems to suggest you could have access to either. Of course they went quiet when asked if they had a program similar to CarrierIQ on their phones.
You ask the question, implying we should conclude that either Verizon knows Carrier IQ is malware, or they ship malware of their own. The simpler explanation seems to be that they just don't want to have anything to do with this controversy.
If they are not using the "extra" data they are collecting then they just write crappy software, and this would explain why removing CarrierIQ makes phones faster. But that needs to be investigated, and I am sure there will have been accidents with some data storage systems that happened out of the blue before they could be examined.
Considering that there is clear evidence that Carrier IQ is outputting such event details to the debug log, I think we can safely conclude that this software is "crappy", possibly because of performance as you point out, but mostly because such information could lead to breaches of security.
No evidence of transmission (as Paul C. Bryan)
Writing these captured events to the debug log is not a good idea, and is potentially a vector of attack, but is not evidence that Carrier IQ is storing and/or transmitting this data.
Techdirt has not posted any stories submitted by pbryan.
Submit a story now.
Tools & Services
TwitterFacebook
RSS
Podcast
Research & Reports
Company
About UsAdvertising Policies
Privacy
Contact
Help & FeedbackMedia Kit
Sponsor/Advertise
Submit a Story
More
Copia InstituteInsider Shop
Support Techdirt