Month: November 2011

Surprise — Carrier IQ is Carrier-Mandated

Nilay Patel:

[T]he Google Nexus One, Nexus S, Galaxy Nexus, and the original Xoom tablet do not contain Carrier IQ software. Each of those devices was launched in direct partnership with Google as the flagship for a new version of Android, so it seems that the addition of Carrier IQ comes from OEMs and carriers after Google open-sources Android’s code. Carriers requiring manufacturers to include Carrier IQ would also explain why references to the software have been found in iOS

Carrier IQ is on iOS, Kind Of

Turns out Carrier IQ is also on iOS devices as far back as iOS 3. However, it’s only running when you explicitly allow it. It’s what powers the Diagnostics & Usage setting, which is toggled during setup and can be turned off at any time. Furthermore, it only logs technical call information and location only if Location Services are enabled. It does not log key presses, URL history, SMS content or any of that other scary stuff happening on other devices.

Grant Paul also points out that it appears to be carrier-specific, with entries for AT&T, Verizon, Sprint and KDDI.

Carrier IQ Press Release (PDF)

It turns out that this stuff about Carrier IQ has been known for a couple of weeks now. This is their press release from November 16.

While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools.

It is worth noting that I cannot find any information on exactly what is being transmitted to Carrier IQ or to the device manufacturer. However, it is clear that this statement is simply wrong, based on the video released on Monday, which shows that keystrokes, button presses and location data are all being recorded.

We can, however, get an idea of what Carrier IQ receives based on this Hacker News post and the included screenshots. I’ve mirrored one example in case the company decides to remove it from their site. They’ve also published a document on some “features” of their software (PDF link). It is clear that what is being tracked and submitted is well beyond any reasonable user expectations.

By the way, Apple had a small scandal earlier this year over iOS’s tendency to store cell tower location information. The story broke on April 20, 2011, Apple issued a plain-language response a week later and an update to fix the bug one week after that. In two weeks, Apple admitted there was a problem and fixed it.

It’s been two weeks, and all Carrier IQ has to show for it is a sloppy press release that dodges questions instead of answering them.

Comments Off

Amongst many other reasons, this is the primary one as to why comments are typically terrible, as put by Matt Gemmell:

Comments encourage unconsidered responses. You’ve just read an article, you feel strongly about it, and you have a text field just waiting there. When disagreeing, people tend to be at their very worst when writing comments. They use language and tones which they’d never use in email, much less in person. If your blog allows comments, you’re inviting people into your house – but sadly, some of them don’t conduct themselves appropriately.

When I had comments, most were knee-jerk responses. Occasionally I received something of value, but there’s no reason that should be on my website. It isn’t my opinion, and I don’t necessarily support or agree with it. As Marco said, having your own blog is easy and can be free, with services like Tumblr. Short responses are best through Twitter. That way, it’s clear whose opinion it is.

Nest Teardown

Nest proves that something as mundane as a thermostat can be beautiful. If it’s a well-designed product, people are more likely to use it. Since it’s so simple and can be controlled remotely, owners are more likely to save energy.

Spyware Right Out of the Box

Dan Goodin writing for The Register (emphasis mine):

Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration. Using a packet sniffer while his device was in airplane mode, he demonstrated how each numeric tap and every received text message is logged by the software.

“But Nick,” you begin, “isn’t it hypocritical for you to be pointing this out after being more passive about Apple’s location tracking issue earlier this year? Are you some sort of paid shill?”

I would counter by pointing out that Apple was tracking locations, but this software (installed on a number of stock Android, BlackBerry and Symbian devices) is tracking what you do and where you do it. Tracking locations is invasive of privacy, but what Carrier IQ does is outrageous.

Update

“runjake” at Hacker News has posted a great analysis of what is covered, but also what is not covered by the Register article.

Switchcam

As a fan of live music, I adore this site. It reconstructs concerts from YouTube footage. It’s pretty slow right now due to heavy traffic, but give it a try as soon as you can.

HP Printers Can Be Remotely Controlled and Set on Fire

Jon Brodkin:

Security researchers at Columbia University have accused HP of selling printers with a flaw that could let hackers gain remote control over the devices. Once compromised, the access can be used to steal personal information, attack networks, and even set printers on fire by feeding them a continuous stream of instructions designed to heat them up.

Well that’s just absurd.

It’s Been Said Before, and I’ll Say It Again

Jamie Zawinski:

Michael Arrington posted this article, “Startups Are Hard. So Work More, Cry Less, and Quit All The Whining” which quotes extensively from my 1994 diary.

He’s trying to make the point that the only path to success in the software industry is to work insane hours, sleep under your desk, and give up your one and only youth, and if you don’t do that, you’re a pussy. He’s using my words to try and back up that thesis.

I hate this, because it’s not true, and it’s disingenuous.

Michael Arrington is a dick.

“A Billion Dollar Deal”

Earlier this year, Reuters reported that Sharp and Apple might have struck a billion dollar deal for the former to supply displays to the latter.

A few days ago, the Wall Street Journal reported that these displays are destined for the iPad 3 and might already be in current iPhones.

Today, the Tokyo Times reported that Sharp is also supplying the displays for use in Apple’s long-rumoured television. This doesn’t seem like a reliable report, but if it’s true, that is one enormous business deal.

Windows Phone 7 Isn’t Lacking in Apps Because It Has Websites

Of the 22 apps Geof Harries lists for an iOS vs. Windows Phone 7 app availability comparison, five of the WP7 versions are websites that he pins to his start screen. This is what evidence he’s using to support the thesis that “Windows Phone has plenty of apps, many of the same as on other platforms, if you only search the marketplace.”

I like Windows Phone 7 a lot, but its relative lack of applications is a problem. A number of the most popular iOS applications do not have comparable options for WP7, or those options aren’t as readily-updated as their iOS or Android counterparts. Foursquare and Gowalla haven’t been updated for months on WP7, but are frequently updated on iOS and Android. There isn’t a Starbucks app available, nor one for Air Canada. A community like that of Instagram is nowhere to be found. There isn’t even an official Dropbox client.

To be fair, this is primarily the developers’ fault. But it’s clear that developers aren’t invested in the platform as heavily as they are in its competitors.

Jailbreakers Want to Get Ahead of Apple in Finding Exploits

Chronic Dev explains that Apple uses their iTunes-based crash reporting system in order to find these jailbreak exploits before they are released into the wild.

Replace the word “jailbreak” in the above sentence with “security”. Both parties want to find the same security vulnerabilities that can be used to run unsigned code. Apple wants to fix these problems; the Chronic Dev team wants to exploit them.

In order to avoid losing exploits in the future, the Chronic Dev team has announced a bold move: they want to sidestep Apple, install software onto your computer, and re-route crash reports to the jailbreak development team.

It’s up to you to decide if this is something you regard as noble and useful, or as potentially dangerous.

The Choice of Privacy

Now, however, the EC is planning to ban such activity unless users themselves specifically agree to it. The EU’s data protection working group is currently investigating how Facebook tracks users, stores data and uses that information to serve targeted ads. The ban may take effect as soon as next year.

It’s worth noting that people typically don’t tick boxes to make a decision. Most will leave the box in its default state, and if the EU decision takes effect, Facebook stands to lose their entire business model in those countries because most people won’t tick that box.

Copycats

Spot-on analysis by Matt Gemmell of the oft-unoriginal world of tech product design:

You’ve essentially guaranteed that every buying decision comes bundled with a kernel of regret, maybe because they didn’t have enough money, or needed a floppy disk drive, or were tied into a phone carrier contract for another year and couldn’t get the handset they’d prefer. Your product can never be ideal for its target market, because you’ve deliberately defined it in terms of someone else’s.

The lesson of the technology industry in the past five years is that really successful products dare to NOT copy. They’re pure, in that they’re actually designed from first principles – they’re based on the problem and the constraints, without being viewed through the lens of someone’s existing attempt.