Slashdot Mirror
Motorola Is Listening
New submitter pbritt writes "Ben Lincoln was hooking up to Microsoft ActiveSync at work when he 'made an interesting discovery about the Android phone (a Motorola Droid X2) which [he] was using at the time: it was silently sending a considerable amount of sensitive information to Motorola, and to compound the problem, a great deal of it was over an unencrypted HTTP channel.' He found that photos, passwords, and even data about his home screen config were being sent regularly to Motorola's servers. He has screenshots showing much of the data transmission."
The NSA would like to thank Motorola for their cooperation.
"National Security is the chief cause of national insecurity." - Celine's First Law
"A company that listens to its users"
It's all for "improved customer experience." If they know to whom you're talking, or what pictures you're taking, or what documents you're reading or writing, or where you are at any given moment, they can better tailor their services to fit your needs. I'm surprised this isn't patently obvious. /snark
It seems every device, every internet service, basically every communication node that we use has been turned into something that is beyond George Orwell's worst nightmare. As long as there is continued complacency on the part of people using this technology, the invasion of privacy will continue to grow. This of course assumes that it could get much worse. The only options at this point are to stop or drastically reduce using these networks while we attempt to build our own.
Technically, the Government isn't listening to your phone calls. Google is, then they share with the NSA. Sharing is caring.
Where does the signature go?
If true, Moto are stealing bandwidth or data allowance. Doing so as an individual will get you jail time, so will the CEO of Google be behind bars?
This is just Google collecting all of the worlds data, just like they said they were doing to do.
Motorola's future press release will contain something along the line of "It was mistake!?"
...ancient black-and-white Nokia right now.
These are not the droids you are looking for... Look at the Chinese! Look at the evil Chinese! They're spying on us!
But open source prevents this from happening because the source is constantly being looked at! This is clearly FUD being spread by a Microsoft shill. Ignore this fucker and the lies he spreads about FOSS and Google's Android.
I know, that sounds like the lead-in to a joke - but not this time.
In the US, anyway, Congress established quite some time ago that companies had more rights to our personal information than most of us would want them to have. So it's not surprising when we find out the NSA (or whoever) has carte blanche to our information - and also that Congress doesn't grok why we get upset about it.
Europeans ostensibly have much stronger protections in this regard; but it seems to me there's a lot of "wink, wink, nudge nudge" going on over there, and those "protections" are mainly in place so their officials can posture indignantly whenever news like this comes out. In practice I don't think there's much of a difference on either side of the Atlantic.
So what's the big deal about yet another large entity slurping our personal information? Whether they're public or private - according to the folks elected to represent us, we shouldn't be upset about it...
#DeleteChrome
not to use Moto. With a Moto phone I got no bars in my home. With an LG I now get 5 bars.
It's a server side social service from motorola,see http://en.wikipedia.org/wiki/Motoblur
I'm sure they feel they can write anything they want in an EULA, but I can't see how this is legal.
This is actively taking your data for their own purposes, and should be something with criminal penalties.
And Google recently added terms to the permission for the Android keyboard update which wants more access to your personal information -- forcing me to conclude that any device you buy these days is actively working against you, and is best kept in airplane mode as much as possible.
You don't own and control it -- the assholes in marketing do.
Lost at C:>. Found at C.
What do you expect from Syncing software? That is what it does. It transfers data from one device to another for back up and storage. Duh!!!!
You can RELOAD the device's OS with custom ROMs that don't do this crap. If it was discovered Apple does this (and who's to say they don't) what choice have you? And Windows phone? Don't even start.
Part of the reality of "security" is taking responsibility for your own. Security is not a product you can buy. It's not something that other people can do for you (because that's tyranny). It's a personal responsibility and it takes knowledge and understanding to do. Tough luck to all those people who have neither the inclination nor the ability to learn.
This is why you run stock android, or one you built yourself not some blur BS.
Does this affect users who are running a custom ROM (Eclipse, Cyanogen)?
He bought the phone in 2011, before Google completed their purchase of Motorola Mobility, likely before Google even made the offer. Google had nothing to do with putting the spying code into this particular phone.
"An article you wrote for your personal website has appeared on the main page of both Slashdot and Hacker News, and you were not the submitter in either case."
I haven't logged onto this account in ages, but if anyone has any questions, I'd be happy to try to answer them.
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
Did he criticize the NSA? Maybe he's targetted.
Doesn't this remind you of Carrier IQ, the software required to be installed on every US phone by the telcos? The same telcos in bed with the NSA? It was spotted recording keystrokes etc into a file. Later on we learned they can send a profile down to the phone which tells the phone to log all kinds of stuff and it is 'for your benefit'?
http://slashdot.org/story/11/11/30/0423256/android-dev-demonstrates-carrieriq-phone-logging-software-on-video
Microsoft reads your Skype chat messages and accesses any links (*cough* PRISM), to check for malware... for your benefit.
http://yro.slashdot.org/story/13/05/14/1516247/microsoft-reads-your-skype-chat-messages
See why the NSA can't cover this up? Because it's right there on the Internet waiting to be remembered, and re-examined in the light of the NSA surveillance-of-everyone-in-the-USA scandal.
I'd recommend a talk by Jacob Appelbaum, it puts this in perspective:
http://www.youtube.com/watch?v=H0I7wi3ZLG8
By any chance is anybody else beginning to, against their own better judgement, stop caring about this type of thing because there seems to be nothing we can do about it?
There is no justifiable excuse for this or prism etc.. etc.. but we are clearly powerless to do anything and I think my mind needs a defence mechanism.
News at 11.
So maybe Apple or Motorola or someone do have a copy of the infamous Rob Ford Smoking Crack video in their archives.
I do not fail; I succeed at finding out what does not work.
Things like this are plainly illegal in the EU and in the US should be as well. There IS a way to battle those fucktards. Justice.
If this is true that Motorola is spying on everything you do, stealing your goddamn IMAP and facebook passwords then sue their asses and press criminal "wiretapping" charges.
On November 12, 2011, Trevor Eckhart published a report indicating that Carrier IQ software was capable of recording user keystrokes.
Droid X2 was a Verizon phone so it shouldn't have Carrier IQ on it.
If it was discovered Apple does this (and who's to say they don't)
We know they don't because there are many hundreds of millions of people using Apple devices now, and lots of developers using network proxy monitoring tools in development that see all network traffic from the devices to boot.
Basically if Apple were doing this we would have known long ago, and there would be no shortage of people to shout about it continuously on Slashdot and elsewhere.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Doing the exact same kind of thing not too long ago if I'm not mistaken and they claimed it was for "Web acceleration" or some BS. I did some quick googling but couldn't find the article. Does anyone remember what I'm talking about?
What is this crap, and why do they always get it wrong?
Yes, I do want to seamlessly sync my mail, sms and contacts across my devices.
Except none of the solutions proposed really do that well...
(Or maybe I'm not typical, having multiple PCs and mobile devices, including iOS and Android?)
Photos too? Hell, why not. Picasa from Google used to be OK...
But now, after the "success" of FB, it seems that you can't have simple sync solution anymore; everybody is pushing unwanted, privacy-leaking, "social" features down our throats.
Just please fucking stop!
Is this data stream using metered bandwidth from the cell provider? If not, then the cell provider is working with them. If it is does, then they are consuming your data, i.e. your money. Would you have gone over limit and incurred a fee had they not been doing this? Could be a potential for class action to recover fees and lost bandwidth that they are taking from you.
https://whispersystems.org/
Moxie Marlinspike sends his regards.
Good people go to bed earlier.
I myself came across random screenshots of my behaviors and homescreens, passwords, etc as well stored away in my sd card. I did some research and (at least part of) the problem is a shell script called Bug2Go. It supposedly takes a screenshot when something goes wrong and sends it along with a background bug report to Motorola.
The good news is that you can remove at least this particular spying script by rooting your phone, going to a root explorer app, and deleting Bug2Go.sh out of your system/bin directory. :) Hopefully that's the brunt of the spying software, but I wouldn't be surprised if there were backup ways of spying on our phones...
The Burp Suite used by the investigator is a Java tool with a non-FOSS license. Blah.
I deny that I have not avoided attaining the opposite of that which I do not want.
CarrierIQ was scumbag marketing bullshit, and wasn't "required" to be on anything. Since that's your jumping-off point, it's pretty much safe to disregard anything else you've got to say.
Censorship of this subject isn't a winning strategy
No, but modding down idiotic falsehoods works pretty well. (And the poor schmucks who feed you. I suppose I deserve it.)
I'm wondering if I get charged for this?
[ ] It was the NSA.
[ ] The NSA forced us
[ ] We need this information to make our products suck less
[ ] We have no idea why this is happening, it must be a bug
[ ] Hey, you're not suposed to notice
It's a good thing that everyone's on unlimited data plans in the U.S.
so I need a FOIA to restore my backup now?
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
If I was a criminal I'd be investing in HPT. Homing Pigeon Technology. Which the NSA will have to counter with trained hawk no doubt.
Where is Tupppe666 to tell us Google is our friend and that we should be happy with this!
Thank you for your complaint - please remain seated and an NSA agent will be by soon to "assist" you....
Moto
My traffic logs at home show that the Nexus Tablet is by far the most prolific chatter box on the network, some of the traffic was headed to China for some reason, one of the apps pinging home.
*shrug* it's all pretty sketchy now a days.
"If any question why we died, Tell them because our fathers lied."
So when the NSA or Motorolla make illegal copies of our information is that piracy? After all we are the copyright holders and we have not authorised the copy
http://luckyredfish.com
Airwatch and others will enable you to do this. It's common to use this feature at most large corporations.
A rose by any other name would have the same social connections.
No, Google sells your eyeballs. Well, rents them.
Not unless it can put adverts on them. It sells advertising space like newspapers.
I watched a Bill Maher video yesterday in which a conservative politician who clearly believed that cleanliness (and short hair) is next to godliness claimed to believe in "adaptation" but not a certain fish story when confronted by a historically unelectable Canadian politician about whether he believed in antibiotic resistance (in which the evolution of the resistance trait was greatly accelerated by careless overuse).
I actually cut the guy some slack. There's no reason why he can't logically believe in the special theory of evolution (local adaptation) without necessarily believing in the general theory of evolution (the ascent of complexity from primordial origins). To believe in one without the other requires a larger than average mental judgement in between. Unfortunately, he lamely fell back on invoking the missing link. Bzzzzt. Thanks for playing.
Clearly he hasn't checked in with the Out of Africa theory lately, which was speculative until we began to read DNA in the early 1980s with all the proficiency of a clever three year old. Right now we're at about year two of a ten year post-graduate program in speed reading for lifeforms with facet eyes. Things have changed. If there were any region of the globe over the past 10,000 years (or 100,000 years) where the genetic lineage of any species of quadruped (Noah being the patron saint of charismatic megafauna) is constricted to a single breeding pair, we'll surely find it soon on the rising flood of sequence data. Dude groomed for rapture should be worrying about the missing crink, not the missing link.
I can't say I have a higher opinion of "blame the government". It's like blaming calcium for arthritis, on the grounds that sans calcium, arthritis as we know it would no longer exist. The problem here is that calcium is just the implementation. The specification is to have a load bearing structure nimble enough to evade and pursue (aka biosecurity). A large branch of the solution space descends from elbows and kneecaps.
One of the major functions of a large population is agreeing on the threat enough to achieve cohesion in the threat response. This is mirrored in the organism by how the fight/flight response is balanced on a knife edge, and how the hormones that prime this metabolic state also tamps down immune response. Guess what, libertarians, that's a centralized response.
You can discard the implementation (government as we know it), but you can't discard the specification. Unfortunately, contrary to the most vociferous howls, the problems are actually rooted in the specification, not the implementation.
Just like replacing an aging software system, while it's absolutely certain that the worst points of friction in the existing system will go away, new points of friction are extremely likely to take their place, unless you stumble upon the "silver bullet" solution paradigm (social media won't let you down). I tend to be fairly reluctant to stick up my hand when a surgeon promises to cure my arthritic knee by lopping off my leg and grafting on a tentacle to replace it. I worry that might bring with it new problems every bit as annoying as the previous problem.
The present state of the NSA and the legislation around it is pretty much an unbroken story since the end of the first world war. (The Germans did not invent Enigma on a fall afternoon in 1939.) I vaguely recall reading in the The Puzzle Palace (or something similar from the same era) that before the U.S. government passes a law preventing secret agencies from spying on American citizens there was already a secret law on the books exempted a certain no such agency from being beholden to any such future law.
Democracy it turns out is a lot like the human immune system. It shuts down on a dime in the presence of an acute threat, as defined by the pulsed secretion of some small gland. Once you get to the place where the small gland sees a lion in every box of Cracker Jack, democracy is reduced to vestigial status, until
They might be listening also.
If some douche at Motorola is checking out pics of my GF's ass I will really feel like shooting him in the fucking face.
I'm seriously sick of this shit.
pr0n - keeping monitor glass spotless since 1981.
Whatever phone you choose, you go to XDA devs website, droidforums, and the like and read to make sure that all the features you want work on the phone you chose. Many ROMs will not be 100% functional except on the device the developer used. I have the Moto Droid 4 with the locked bootloader and no ROM that I can find will operate every piece of hardware properly. One of the ROMs can't make the GPS work, another can't get the camera to work, some are buggy as hell. Just read those forums and make sure it is soemthing you can live without. Personally, I don't want a device that doesn't function at least as well as built. For this reason I have my Droid rooted but it still runs that crappy Motoblur and guess what? The camera works, the GPS works, and I stripped most of the bloatware so the UI isn't laggy. I was trying to uprade ROMs this past January so maybe by now they have finally work the bugs out. Cyanogenmod of any version wasn't fully compatible. I HOPE someone on here can prove me wrong cause I'd love a stripped ROM.
..what the Apple fuckers transmit when the phone is in GSM/UMTS mode ?? Sure as hell they detect that and transmit MORE data then. So, where is your GSM base station and the message inspection tool for that ?
ALL corporations are in collusion with NY money and NY money badly wants
A) control for NY money
B) war
Think of people disabling the GSM/UMTS/LTE modem and connecting to other people's WLAN. Think of a system how sharing would not be abused (e.g. by limiting tx/rx rate). Think of offering only a TOR SOCKS proxy over your WLAN, so that you can't be held liable. Think of an external Cantenna attached to your tablet, which will easily allow you to connect over 1000 meters to the next free, anon WLAN/TOR access point. Of course, all spyware ripped out of the phone. Of course, using your personal RPI server for all your "social" and "sharing" stuff. Think of Voice Messages over TOR (it's already fast enough for that !).
We can easily erect a Very Big Middle Finger to the ruling elite and their control freakery. And no, they didn't prevent 9/11 with comint and this is not at all the objective. The objective is control of average joe and his anger towards the 1% criminals who can't be caught. Because they have all the politicos in their pockets.
@NSA: Little suckers, why don't you do your job properly and get a handle on the banksters ?? Are their walls of numbers actually too difficult to scale ? Or is it just easier to target the law-abiding people ? It's your country that could be lost if you continue to target the wrong people.
We already do that and it already works quite nice. See how Nethanjahu badly wants to start a new war, now that Saddam has been hanged for the sins of Saudi Terror (9/11). Because Saddam was a "problem" (not really a threat) to Israel.
But it seems Mr Nethanjahu has a hard time to start the war against Iran. I attribute this to the relentless messaging of quite a few people including myself on the intertubes.
You can educate your government by posting messages below the drivel the "media gatekeepers" dump over the unsuspecting people. Believe me, they DO read it. So when Mr Shachtman of wired.com emits shit about Iran, call it out as a stealth attempt to condition the public for the war he and his Zionist friends want America to perform. It DOES work.
Of course this is just one example of educating your government, there are lots of other examples of how you can influence them by means of their many, many ears. Shout loudly and intelligently, and they will hear. The effects will be there, sooner or later and maybe they will at some point regret that they did this much of listening. Attack the brain of the listener, not his technology ! Well, you could even do the latter :-)
Having no cell phone would require far more geographic knowledge of where the pay phones are in a given part of town, in case one needs a ride home after the city buses stop running for the night or for the weekend.
But open source prevents this from happening because the source is constantly being looked at!
No, open source doesn't keep it from happening. Providers can stick any cruft in there that they want.
What it does do is make it much more likely to be discovered when some fool DOES stick it in there. Don't be surprised if you hear about a lot more bad stuff found in open source than you do in closed source, as a result. (At least until the bad guys wise up.) Try to find the malware in Microsoft's stuff, for instance. B-)
(Of course this stuff was found with a packet sniffer before anybody found it in the code. So it's an apples-to-oranges comparison and open/closed source has nothing to do with it.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I think they used their own money and share it.
As HTC pointed out, they were *required* to install it by the US Networks on all phones the network sell, it was found on most other US phones too . I'll call them 'networks' rather than carriers so you don't mix them up.
You also didn't address the Skype Link, the German who discovered skype was collecting links from messages and downloading the thing it pointed to to their servers in the US.
"No, but modding down idiotic falsehoods works pretty well. (And the poor schmucks who feed you. I suppose I deserve it.)"
It makes no difference, I will simply repeat it at every opportunity till it comes back to the conscious memory. Both items, ad nauseum.
The idfa feature has nothing to do with Apple tracking you. It has everything to do with *others* tracking you - or rather, limiting how others track you.
Prior to iOS6, third party apps would access your devices UDID and use it to track your device. There was no way for a user to disable or limit this. In iOS6, Apple shut that down and forced advertisers to use the idfa instead. The idfa is something you as a user can reset or turn off to limit how advertisers track you. The feature is a pure win for user privacy and anyone who claims otherwise is either a complete idiot or thinks his audience is.
Mmmm.. Donuts
http://en.wikipedia.org/wiki/O.B.I.T.
Nothing is secure you have to go in with this in mind. There is only secure enough for x.
I also own a motorola (razr hd) and in the privacy settings menu you can change your profile. Did you try to set the profile to "only anonymous data" and see if it really works? By default "tell it all" is set... About motoblur, it is also present in this relatively new handset, although it is not advertised as motoblur enabled. Just by browsing in the system files you can see lots of configuration files with that name.
He was using MotoBlur, so... duh?
Basically if Apple were doing this we would have known long ago
CarrierIQ
I remember a story just like this a year or so ago and there's even a video on YouTube about it with the "creepy conspiracy music" and everything. Now, a very critical question I had about it but of course it wasn't answered... Is he taking screenshots of the ADB Log as he has his phone plugged in? Or is he logging connections from his home router? And yes, this does matter.
Panic/
JUST SWITCH WITH A "P" AND YOU GET THE IDEA OF WHAT WIL HAPPEN TO THE MORON(S) PROGRAMMER THAT ALOWED THIS TO HAPPEN... /Panic
I have a Moto and hope to All Gods that this CRAP is not happening to MY data or someone will get their intestines pickled by my lawyers....