By “We’re on a fishing boat out at sea and we’re catching fish that are too small and they go back in. And they go back in for two reasons: One, the holes in the net don’t catch small fish, i.e. the filtering, and/or the fish is the wrong type and it gets thrown out of the boat, hopefully while it’s still alive.”
The above is not some sort of zen meditation exercise. It is the explanation offered by Carrier IQ VP of marketing Andrew Coward used to describe the way the analytics software works. Coward skillfully admits that Carrier IQ does log things such as key strokes and location data while downplaying the extent to which this information is leveraged. It’s a shame that he chose a fishing metaphor, as the concept doesn’t stray too far from the sort of phishing associated with malware known for stealing personal data…but I digress.
Coward goes on to explain how information that is not useful to the work that Carrier IQ is doing, such as regular every day text messages, is thrown out quickly. Carrier IQ does collect info on the number of successfully delivered texts from any one number (to monitor network reliability, assumedly), but that the contents of text messages are “never stored and never transmitted.” Likewise, key strokes are monitored for character combinations such as codes entered while speaking to tech support. These “earmarked” codes help with Carrier IQ’s diagnostics.
There is much more from Coward’s interview with The Register, a must-read for anyone who has been following the events of the past couple weeks. We’ll leave it up to the reader to decide if Carrier IQ’s defense checks out or if they are simply covering their tail.
[The Register via Engadget]
Dear CarrierIQ,
In reading of your defense it comes to mind that I don’t know much about you and your company. Please send me every employees records along with social security information, mothers maiden names, full addresses, every phone call and text message they have ever sent and the password to every single website that they visit. I am only using the information to validate if you are a company that can be trusted with all of my information. Don’t worry I won’t do anything bad with the information. You can validate my credibility by just accessing the records you alread have on me.
Thanks – Keith
Amen
hmmm ill take a copy of the CEO please… and this andrew COWARD guy, really like his last name, its fitting
Can’t forget their credit card information.
Ok you can probably go tell this story to five year old if you want him to believe you. Why would you collect text messages and other information if at the end of the day you throw it out? This is all a lie. I’m glad you bastards got caught.
ok verizon…waiting to see your witty commercial. you could probably capture quite a few att/sprint defects from this.
See, what we do is, we collect the fish’s location, swimming habits, fish(key)strokes, favorite [feeding] sites, pictures of the fish, all the known school-mates, and virtually everything else ever on the fish….and then we go fishing; we catch as many fish as we want.
Second comment…what sort of VP of marketing makes a fishing reference where the customer is the fish. Fish get hooked, gutted, cleaned, and eaten by the fisherman….AND IS HE SAYING WE SMELL?!
They should have made this an app people could voluntarily installed. Maybe I made a mistake leaving tmobile.
These waters need a fishing license which gives you PERMISSION to take fish out of the water.
Dumbest fuckin defense ever for something this serious.
Are you really expecting a better response from a Coward?
i see what you did there
We can blame CIQ as much as we want, but they wouldn’t be in business if the carriers didn’t use them. When you have a car accident, you don’t blame Ford for it.
Personally I would say it’s more like purchasing a Colt AR15, intended to put a bullet where you want it within 400 yards. When I shoot it, I don’t expect it to hit targets in the shooting lanes next to me, while also hitting the target I’m shooting at. I expect it to hit the target I’m shooting at exclusively.
While the carriers are absolutely to blame, I think a large part of the problem is that CarrierIQ is collecting far more information than the carriers are requesting (if the carriers are to be believed). Honestly this comes off as lazy, since instead of writing the software to collect the information requested by the carrier, CarrierIQ simply collects everything, and uses some sort of configuration to decide what gets sent to the carriers.
Carrier IQ needs to stop using a net, and start using a single hook with bait specifically tailored to the data it’s requested to gather.
Im not trippin. I flashed Apex 9.3 a LONG time ago and the carrier iq malware is NOT on my phone. Check if its on yours by using lookouts new app to detect carrieriq on your device. Search it on market.
Carrier IQ: look. We saw your data, but there is no privacy issues. Promise
Customer: ???
The fishing metaphor was put forth by the interviewer. The quote here was just the guy’s answer. Kind of a misleading post by Mr. Krause. Odd that most of you didn’t bother to read the article and find that out for yourselves. You might have also found that this is all much ado about nothing. No matter. When the internet is up in arms, reason flies out the window.
Yeah, data being collected and sent to some company I don’t know exists, without my consent by a keylogger among other tools… definitely “much ado about nothing”.
If you have no problem with a company having your credit card number, bank account number, every password to every account you view on your phone, and basically everything else you do on your phone – you need to take a good look at the world my friend. Whether they admit to using this data or not, people should not be trusted with this amount of information.
You need to read the article, my friend. Nobody has your credit or banking info. Nobody has your passwords. This is what I mean by reason going out the window. Read the article. If you read it, read it again. Slowly. The answers are there.
Key strokes are logged. These might be cc numbers, etc.
I have not only read this article, but I have read many others. ALL key presses are being logged, and potentially sent somewhere. And as I said above… “Whether they admit to using this data or not, people should not be trusted with this amount of information.”
As for me, it doesn’t matter what they are doing. I have a Droid 2, which is on Verizon, who has said (and proved to be telling the truth) that they do not use CarrierIQ. Even if they did though, I have CM7 installed, so I in no way have this software on my phone. BUT, it’s still an issue that I am following, because something needs to be done about it for everyone else.
so what your telling me is that i have to accept and agree to known permissions just to install a facebook app on my phone so it can use data and mess with my contacts to make my experience better, BUT for carrier IQ, i don’t get ANY warning about ANYTHING they have permission for and it’s all intended to be hidden from the user so they never know?!?!?!
this is total BS
Why would a company need a net for information on a smartphone? Is it really that hard to, say, put a command in that only reads keystrokes WHEN YOUR ACTUALLY talking to customer support? I mean it might just be me, but I don’t think Sprint changes their phone number much. And there is no option to opt out of their data collecting, I’m sorry, but I thought when I bought something it actually became mine… I call shenanigans!!!
As far as i know this isnt on tmobile, at least not on the G2…..but as ive said in other forums, if someone is intent on getting your info, or bank accounts or whatever, there are much more efficient ways of doing it. Your laptop or desktop on your home network is more vulnerable and has more info on it then your lowly cell phone…believe me , no one is interested in your emails or texts, youre not that special.
If they never store or transmit the contents of our text messages, why is their software reading the contents of the messages? I want to see what comes out of these investigations.