Articles about Privacy

I offer a hat tip to Gizmodo, which has put together a list of smartphones that have Carrier IQ. The company disclosed the information as part of a US Senate inquiry. Sprint subscribers are the most likely to have the spyware installed -- 26 million, or nearly half of them. Verizon: None. The information is also available in a statement from Sen. Al Franken (D-Minn.), just not as quickly scannable.

But not all phones where Carrier IQ is installed have it active. Android developer Trevor Eckhart uncovered Carrier IQ last month, offering detailed explanation how the rootkit-like software works. I followed his instructions to see if the software was active on my Samsung Galaxy S II Skyrocket, and it appeared not to be. Days later I installed Carrier IQ detectors from BitDefender and LookOut Labs, which found the software but didn't indicate its status. Apparently, Skyrocket is one of the phones where Carrier IQ is installed but not active. Same is true of HTC Vivid, AT&T's other LTE phone.

Continue reading →

Carrier IQ is once again making headlines, this time over reports that it is giving information to law enforcement. Complicating matters more, the FBI denied a Freedom of Information Act (FOIA) request last week asking about its own use of Carrier IQ technology, saying the release of such documents "could reasonably be expected to interfere with law enforcement proceedings".

The FBI's admission in the letter that documents do exist raises concerns that Carrier IQ is using its technologies more than just for customer experience purposes, but actual spying as it is being accused of by many pundits. The company is moving quickly to quell this latest round of criticism.

Continue reading →

All kinds of unsolicited mail pours into my inbox, and I ignore about half the stuff that probably matters -- that's if the Junk Mail filter doesn't grab it first. I'm particularly leery of messages promoting an infographic made by some organization that might have vested interest in the topic. But this one, from BusinessInsuranceQuotes, depicts such an emotionally-heated topic, I figured: "Oh, what the hell, just post the damn thing".

Feast your eyes on this little ditty about SOPA -- the Stop Online Piracy Act -- that I repeatedly mistype as "privacy", subconscious response meaning to invade it, perhaps. The infographic really lacks the drama SOPA would create if enacted as law. Little things like empowering the government to take down your site or seize your domain based on the presumption of guilt. That's the painless part. You go to jail if convicted. Perhaps Federal prisons aren't as overcrowded as California jails.

Continue reading →

Android users have a multitude of options in order to detect whether Carrier IQ exists on their smartphones, with at least a dozen applications available through the Android Market. While most of the apps will not stop Carrier IQ from running, they will at least give those concerned with the company's actions some solace in knowing for sure whether they're being tracked or not.

Carrier IQ's discovery -- that stealthily monitors cellular users' smartphone activity -- set off a firestorm of controversy over the past several weeks. Some see it as a serious threat to users' security and privacy, while others have likened the reaction to mass hysteria generated by the media.

Continue reading →

If you have any private photos on Facebook that you really don't want out there, consider this story your fair warning to delete them. A flaw in the social networking site's reporting mechanism allows users to peer into content that is otherwise marked "private". Now would be a good time to remove that pic of drunken you mooning the boss.

The flaw was first widely reported on the forums of bodybuilding.com, a popular fitness site. The post -- since removed -- details the exploit. Proceed through the menus after reporting an image as inappropriate. When the dialog asks if you want to report any other images in the album, click "yes". All images, whether public or private, will be displayed.

Continue reading →

The US blogosphere has become increasingly alarmed by the new Anti-Piracy Act – Stop Online Piracy Act or SOPA. Discussions of the topic are, to put it mildly, quite frank, with comments like: "These idiots are coming for your internet."

What is SOPA? It is support for and development of something that is currently very relevant – the protection of intellectual property. Ladies and gentlemen, this really is important! "Thou shalt not steal," as the Bible says! An author – or more often than not, a team – spends sleepless nights writing a book, composing music, shooting a film, creating software or testing software packages. Doesn’t that deserve a financial reward? Yes or no? Think before you answer – someone could well ask the same question about your profession… So?

Continue reading →

Security research company and prominent antivirus software vendor Kaspersky Lab has announced its intent to withdraw from the Business Software Alliance (BSA) because of the Alliance's support for the Stop Online Piracy Act (SOPA, also known as H.R. 3261).

The Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA) are the software industry's two biggest trade groups. Since both groups have strong anti-piracy stances, neither directly opposed the Stop Online Piracy Act. Both expressed interest in working with Congress to design the law.

Continue reading →

We have some division here at BetaNews regarding Carrier IQ and reporting about its tracking software. On one side there's the "me-too" defense -- that software stealthy hidden on smartphones sending information back to Carrier IQ or cellular carriers is no worse than what other companies do. That it's irresponsible to report keylogging behavior based on researcher Trevor Eckhart's blog post and YouTube video. That early reporting was "sloppy" and Eckhart is suddenly "quiet". Dog poop.

Over the last couple days, Carrier IQ finally responded to the maelstrom of controversy. But the response falls short. Carrier IQ fails to address the most troubling aspect about Eckhart's demonstration: Capturing data from keystrokes, nor does it answer why so much information is collected. Carrier IQ's defense is something like: "We don't look at the naked person. Not us". It's the "if a tree falls in the forest" defense. "We didn't listen, so it didn't happen". If there's anything "sloppy" about the news reporting, it's that not enough journalists dig deep enough. There's nothing unfair here.

Continue reading →

The furor over Carrier IQ tracking software only intensified on Thursday, as different affected parties attempted to limit public relations or potential legal damage. Apple and Verizon both essentially disavowed Carrier IQ, while Sprint acknowledged using the software/service but narrowed the scope. Meanwhile, the Carrier IQ website couldn't handle sudden traffic surges. BetaNews used a Google cached version to obtain the official statement, but later reached the site.

Android developer Trevor Eckhart instigated the Carrier IQ scandal in a blog post and YouTube video based on his investigation of a persistent process running on HTC Android phones. He uncovered Carrier IQ, which he calls a rootkit because of its stealth behavior and the amount of information/services tapped. "The application is hidden in nearly every part of our phones, including the kernel", he writes. "Carrier IQ also subverts standard operating system functionality".

Continue reading →

Okay, the stupidity lies with cellular carriers who let the tracking software onto their phones. Their actions will irreparably tarnish the industry's image and quite likely lead to unwanted government intervention. I'm assuming, of course, that Carrier IQ really is as bad as Android developer Trevor Eckhart claims. My God, what if it's worse?

Carrier IQ is tracking software that behaves every bit like a keylogger -- installed at a low-level like a rootkit would be. It logs all activities. That's right. Everything, even when the phone is disconnected from the network, or when using WiFi, and it continues its privacy-violating ways even after a cellular subscriber's contract has expired. Simply put: It's an abomination. It's a violation of privacy in the worst way, because cell phones are the most personal tech devices and used to maintain the most intimate relationships.

Continue reading →

It's time for your yearly physical. Walking into the doctor's office is like any other visit: the same corny elevator music, the same outdated magazines, and that stack of paperwork the receptionist always hands you to fill out. But there's something new in that paperwork. Your doctor is asking you to sign a new agreement. What it asks for surprises you.

Your doctor wants you to turn over the rights of what you may say about him or her online. Sound ridiculous? It's not and is the newest method medical professionals use to protect their reputations. One company is spearheading this effort, and has become the target of criticism for its practices.

Continue reading →

The World Wide Web Consortium (W3C) on Wednesday published its first two drafts for online privacy and tracking standards: the Tracking Preference Expression, which is a definition of the HTTP request header field "DNT" for expressing tracking on the Web; and Tracking Compliance and Scope, which defines the terminology of tracking preferences and scope in the DNT expression, and lays out ways that websites can comply with it.

These standards will let users set more universal preferences about whether or not their browsing data can be collected for tracking and advertising purposes. The W3C says this will help to re-establish trust between users and service providers in the marketplace.

Continue reading →

On September 27, Nik Cubrilovic posted a follow-up to his terrific analysis (which we posted two days ago) looking at how Facebook uses cookies to track users even when they have signed out of the service. That post's popularity got Facebook to respond to his questions about cookie tracking, something that it hadn't done despite more than a year of requests. We asked and he granted permission to repost this follow-up, but we're a day late because of the time difference between Australia and the United States. This version differs in two subtle ways from the original: Slight editing for house style and different headline.

I wrote a post two days ago about privacy issues with the Facebook logout procedure which could lead to your subsequent web requests to third-party sites that integrate Facebook widgets being identifiable and linked back to your real account. Over the course of the past 48 hours since that post was published we have researched the issue further and have been in constant contact with Facebook on working out solutions and clarifying behavior on the site.

Continue reading →

On September 25, Nik Cubrilovic posted a terrific analysis looking at how Facebook uses cookies to track users even when they have signed out of the service. His findings about Facebook cookie tracking raises yet more red flags about subscriber privacy. We asked and he granted permission to repost the analysis, which differs in two subtle ways from the original: Slight editing for house style and incorporation of two updates into the main text. We also changed the headline.

Dave Winer wrote a timely piece yesterday morning about how Facebook is scaring him since the new API allows applications to post status items to your Facebook timeline without a user's intervention. It is an extension of Facebook Instant and they call it frictionless sharing. The privacy concern here is that because you no longer have to explicitly opt-in to share an item, you may accidentally share a page or an event that you did not intend others to see.

Continue reading →