Motorola Is Listening

Don't you know... by msauve · 2013-07-02 05:36 · Score: 5, Funny

The NSA would like to thank Motorola for their cooperation.

--
"National Security is the chief cause of national insecurity." - Celine's First Law

Re:Don't you know... by Anonymous Coward · 2013-07-02 05:47 · Score: 2, Interesting

The NSA would like to thank Motorola .
Motorola (cell) in now owned by Google. Shouldn't that be "...would like to thank Google"? Pretty much use to Google doing these kind of shenanigans but I can't help feel that on Slashdot we need to be careful about linking Google and Android to bad things. Only Apple does such things (except it doesn't...the GPS tracking frenzy was a lot of gnashing of teeth for nothing). Remember Apple sells me a device, Google sells me.
Re:Don't you know... by Joce640k · 2013-07-02 05:55 · Score: 5, Informative

I think it might be this: https://en.wikipedia.org/wiki/Motoblur
Lots of phones/providers sync your personal data for you in case you lose your phone.
(And I'm sure there's an option somewhere to turn it off, although you never know with big corporations...)

--
No sig today...
Re:Don't you know... by Joce640k · 2013-07-02 05:58 · Score: 3, Interesting

Remember Apple sells me a device, Google sells me.
Riiiiight. Apple never spied on anybody.

--
No sig today...
Re:Don't you know... by h4rr4r · 2013-07-02 06:12 · Score: 1

Yup. This is just that POS.
Why anyone would want a phone like this I will never know.
Re:Don't you know... by TheCarp · 2013-07-02 06:16 · Score: 5, Insightful

Sigh.... they makes me more disappointed than mad, and reminds me of the phrase "The road to hell is paved with good intentions".
They want easy sync, they want it so they can restore user data and save people's bacon whose phone gets destroyed or lost. Awesome, great intention. However, http? No SSL? Come on guys! At LEAST encrypt the data in flight!
In reality, they should encrypt it at rest too, and have the user at least submit some sort of password or something so its not just.... gobs of juicy data waiting to be sniffed or scooped. Realistically this means everyone who had one of these phones, with few exceptions, have their data, out of their control, just waiting to be abused.

--
"I opened my eyes, and everything went dark again"
Re:Don't you know... by Joce640k · 2013-07-02 06:35 · Score: 4, Interesting

TFA has just been updated saying it's MotoBlur with an automatically created Blur ID - it doesn't even ask you to create an account any more
I guess that was Motorola's way of "removing" MotoBlur from phones - remove the account creation UI, generate the account secretly without any prompting.
Whatever, Motorola deserves to be bankrupted over this. If I was a class-action lawyer I'd be getting in touch with this guy right now.

--
No sig today...
Re:Don't you know... by blincoln · 2013-07-02 06:42 · Score: 1

I would be fine with what you're describing as an option, because that would mean I could turn it off. As far as I can tell, there is no way to truly disable this "feature" other than installing a different version of Android on the device. Maybe other Motorola phones have that option somewhere, but I am reasonably sure this one doesn't.

--
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
Re:Don't you know... by GNious · 2013-07-02 06:51 · Score: 3, Interesting

Google doesn't sell "you".
Google sees an aggregate or approximation, that may-or-may-not describe you.
Re:Don't you know... by Kaenneth · 2013-07-02 06:56 · Score: 1

No, Google sells your eyeballs. Well, rents them.
Re:Don't you know... by ebno-10db · 2013-07-02 07:02 · Score: 2

Google sees an aggregate or approximation, that may-or-may-not describe you.
So there is a probability distribution describing how much of you Google is likely to sell. Determining the shape and parameters of that distribution is left as an exercise for the reader.
Re:Don't you know... by AdamWill · 2013-07-02 07:12 · Score: 3, Insightful

You could try reading the article.
It does appear to be part of Blur, yes.
Only the X2 was not sold as a phone with Blur, it does not have the obvious UI elements. And the author never explicitly signed up for the Blur service or created an account. The phone appears to have silently created a Blur account for him and proceeded to send a bunch of private information to the service, all without his knowledge or consent. How helpful.
Re:Don't you know... by Crudely_Indecent · 2013-07-02 07:50 · Score: 2

It seems to me that the first form of abuse should be a user providing bogus data to moto. If it's HTTP, and the credentials to upload are available (unencrypted, so they should be), then this is a "service" ready to be abused.
Time to send moto some seriously disturbing things that will skew the results of whatever research they're doing toward the odd and completely wrong.

--

"Lame" - Galaxar
Re:Don't you know... by jythie · 2013-07-02 08:00 · Score: 3, Insightful

The downside of making it easy to turn things off is that people do, and then something goes wrong, and then they complain the recovery did not work, and you point out it was disabled, and they claim they never disabled it, and then they tell all their friends how much your company has screwed them with your buggy device that mysteriously switched off the useful feature they never heard of but got pissed about not being there.

I agree it should be an option, but I can sympathize with companies not wanting to deal with that expletive. People who do stupid things rarely blame themselves, but they are happy to blame others loudly in public where it can hurt your brand.
Re:Don't you know... by TheCarp · 2013-07-02 08:54 · Score: 1

Yes.....YES!
I didn't manage to make that connection myself, but wow...yes.
OMG what possibilities. Hows this for a form of abuse.... if its sync data, then I can get it back...right? Think its capped or did they just think "at most its a few gigs per phone we have the space"?
Perhaps this would be a nice way to do backups...encrypted of course. Going to have to run my phone through a proxy and see what it picks up (I have an older Moto, droid 2). If it has been sending, then I may have to see if they are interested in storing the contents of my /dev/urandom too :)

--
"I opened my eyes, and everything went dark again"
Re:Don't you know... by Crudely_Indecent · 2013-07-02 09:06 · Score: 1

TFA noted that some of the data was home screen contents - which tells me that they're researching usage patterns, most used widgets or other usage type information. So, why not send them data that's so ridiculous that their conclusions end up being entirely wrong. Maybe someone can turn it into an app that captures the real data and replaces it with what we want them to see.
How funny would it be if all of the sudden all moto usage research showed that a huge number of users were replacing all of their home screen widgets with Neko. Even funnier would be to report that everyone has that famous Rick Astley song on their home screen.

--

"Lame" - Galaxar
Re:Don't you know... by steelfood · 2013-07-02 10:11 · Score: 1

Yeah, because Google so needs another excuse for the U.S. government to come knocking on their doors again, this time for distributing child porn.
At least if it was encrypted, they could say they weren't aware of the contents. I know the telecos are protected because they're considered common carriers, but I don't think Motorola qualifies.

--
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
Re:Don't you know... by Bill,+Shooter+of+Bul · 2013-07-02 10:23 · Score: 1

yes it was. It was blur without the ui. Which is exactly what it is. I looked into buying the phone back in the day. I didn't because of blur.

--
Well.. maybe. Or Maybe not. But Definitely not sort of.
Re:Don't you know... by Xest · 2013-07-02 21:33 · Score: 2

Well Google own Motorola now, are we sure this isn't just the Android Sync integration? If it is then it does ask you when you set the device up first time.
You'll have to excuse me in suspecting that if the author of TFA didn't realise it was a sync tool that he also is inept enough to not realise he actually signed up to it when he first got the device.
Re:Don't you know... by TheGratefulNet · 2013-07-03 02:44 · Score: 1

easier solution: never buy motorola phones ever again.
the last moto I bought was a flip phone 10 or more years ago. I was warned not to buy moto stuff (by a moto employee at the time, no less!) and I have heeded his advice. they are a crap company even before google bought them. they do no real work; they integrate and have others do the programming. they design very little and it shows...
they were once a giant but they are now just, well, 'noise level' to me. heh.

--

--
"It is now safe to switch off your computer."
Re:Don't you know... by TheCarp · 2013-07-03 03:02 · Score: 1

That is a good long term solution. However, if one already has one of these phones and wants to respond in some way back to motorola, it seems to me that turnabout is fair play. If they are going to provide the service without an option to not use it...may as well use it right? Can't unbuy the phone now.

--
"I opened my eyes, and everything went dark again"

Well done, Motorola by Anonymous Coward · 2013-07-02 05:39 · Score: 5, Funny

"A company that listens to its users"

Re:Well done, Motorola by squiggleslash · 2013-07-02 06:41 · Score: 4, Funny

I don't see what the problem is. The information is comprised of basic GPS, microphone audio, and phone radio data that's very obviously being collected purely for debugging and diagnostic reasons. From the article*:

The phone collects the information, storing it in a file called "/media/.NSAquiredData" until it can be transmitted to the Motorola server at bmailvctms.gomoto.com, and comprises of the following:
* Number of dropped calls in the last 24 hours.
* Location data, sampled at 5am, 11am, and 6pm
* Location type of above (eg residential, business)
* If the location at 5am != 6pm, and 5am and 6pm are both residential locations, and 11am is a business, then:
- Whether 6pm is associated with a phone number that is frequently called but not marked "HOME", "FAMILY", or "WIFE"
- Whether a random, five minute, audio sample taken between 6pm and 6.30pm matches patterns marked "KISS", "WORD_LOVE", or "WHIP"
- Whether that audio sample contains both male and female voices, and whether, upon analysing a similar sample taken at 9.30pm, one voice matches but another voice does not.
* The date and time and location of any dropped calls
* The temperature of the phone at the time the calls were dropped
* The status of the humidity sensors at the time of any dropped calls

Seems perfectly reasonable to me.
* No, not that article, the other one.

--
You are not alone. This is not normal. None of this is normal.
Re:Well done, Motorola by pnutjam · 2013-07-02 08:47 · Score: 2

This is why I am so amused when people say your phone will be your wallet in the future.

Who the hell trusts their phone company? Now I can add who trusts their phone manufacturer? Not that I really trust my bank that much either...

--
Cheap storage VM.
Re:Well done, Motorola by KZigurs · 2013-07-02 10:28 · Score: 1

I don't even think you made that up. But which is the 'other' article?

Improved Customer Experience by evil_aaronm · 2013-07-02 05:39 · Score: 5, Funny

It's all for "improved customer experience." If they know to whom you're talking, or what pictures you're taking, or what documents you're reading or writing, or where you are at any given moment, they can better tailor their services to fit your needs. I'm surprised this isn't patently obvious. /snark

Re:Improved Customer Experience by NEDHead · 2013-07-02 05:56 · Score: 4, Funny

Patent? Did someone say Patent? What a great idea!
Re:Improved Customer Experience by FutureDomain · 2013-07-02 06:28 · Score: 1

If they know to whom you're talking, or what pictures you're taking, or what documents you're reading or writing, or where you are at any given moment
Well, I'll be sure to give them something to look at. Since this is plain HTTP, technically I can send them anything if I know the right URLs. So they'll see me talking to the presidents of various countries (some friendly, some not), taking pictures of goatse, reading leaked classified documents, visiting motorolasucks.com, and visiting various locations around the north and south poles, North Korea, and Motorola HQ.
Mix in enough chaff and it's harder to separate the real data. Too bad the article doesn't list the URLs, since I'm never in hell going to buy a Motorola phone.

--
Hydraulic pizza oven!! Guided missile! Herring sandwich! Styrofoam! Jayne Mansfield! Aluminum siding! Borax!
Re:Improved Customer Experience by dissy · 2013-07-02 09:18 · Score: 2

Too bad the article doesn't list the URLs

Yea, shame. The article only lists a bunch of thingies that all start with: ws-cloud112-blur.svcmot.com:443/blur-services-1.0/ws/
Too bad that isn't a URL :(

Sad, but also not surprising by tomkost · 2013-07-02 05:39 · Score: 5, Insightful

It seems every device, every internet service, basically every communication node that we use has been turned into something that is beyond George Orwell's worst nightmare. As long as there is continued complacency on the part of people using this technology, the invasion of privacy will continue to grow. This of course assumes that it could get much worse. The only options at this point are to stop or drastically reduce using these networks while we attempt to build our own.

Re:Sad, but also not surprising by Lumpy · 2013-07-02 05:46 · Score: 2, Insightful

"It seems every device, every internet service, basically every communication node that we use has been turned into something that is beyond George Orwell's worst nightmare."
Yes, if you use commercial easy to use toasters like a phone with stock android, iOS, Windows, OSX, etc on it... You are correct.
If you want privacy and control. Run linix or one of the hacked and cleaned Android releases.

--
Do not look at laser with remaining good eye.
Re:Sad, but also not surprising by tomkost · 2013-07-02 05:49 · Score: 1

OK, I'm down with that. I have iphone now, but I would consider switching to Android. Can you provide some examples or links of releases that you mentioned? I don't want to continue to be part of the problem.
Re:Sad, but also not surprising by Anonymous Coward · 2013-07-02 05:55 · Score: 1

You might want to start here: http://www.cyanogenmod.org/
Re:Sad, but also not surprising by rwise2112 · 2013-07-02 06:05 · Score: 1

Look up any device you might be instered in here.

--

"For every expert, there is an equal and opposite expert"
Re:Sad, but also not surprising by Maritz · 2013-07-02 06:26 · Score: 1

who could give a flying fuck about privacy or what implications it could have for them in the future.
OK so they give a flying fuck but what are they doing about it? ;)

--
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
Re:Sad, but also not surprising by MightyYar · 2013-07-02 06:29 · Score: 1

The "making phone calls" part of my phone is the least interesting aspect.

--
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Re:Sad, but also not surprising by BitZtream · 2013-07-02 07:13 · Score: 4, Insightful

So you've manually inspected the binaries from cyanogen to confirm that every release they make is 'safe'?
Instead of blindly trusting your manufacturer, you're blindly trusting a modder.
Not really sure why you think its different.

--
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Re:Sad, but also not surprising by AdamWill · 2013-07-02 07:16 · Score: 1

CyanogenMod is better than nothing, but with some CM builds you're still running OEM kernel and driver code, and who knows what that's doing. And an Android phone without at least some Google apps is useless for most people (mine would basically be a brick without Maps).
Personally I intended to switch to a Firefox OS phone just as soon as I can buy one. The hardware isn't as good as cutting-edge Android phones. The software is not yet polished. But at least I'm pretty confident I can trust the damn thing. Thank Pete for Mozilla.
Re:Sad, but also not surprising by scot4875 · 2013-07-02 07:28 · Score: 1

Not really sure why you think its different.
Not really sure why you think it's the same. There are a lot of eyes on the Cyanogen source; there are no eyes on Motorola's crap.
Obviously if you haven't personally inspected every line of code you can't be 100% sure that something nefarious isn't going on, but to paint the two situations of "Motorola's code inspected only by Motorola's couple dozen devs (who obviously have NO conflicts of interest in reporting nefarious activity)" vs "Cyanogen's code inspected by thousands of users who owe no loyalty to anybody" as functionally identical is completely disingenuous, if not downright stupid.
--Jeremy

--
Jesus was a liberal
Re:Sad, but also not surprising by Dracos · 2013-07-02 08:15 · Score: 1

How is blindly trusting a modder functionally different than blindly trusting a distro provider? Do you inspect every binary package you download from a distro's package repositories? I think not.
Re:Sad, but also not surprising by fahrbot-bot · 2013-07-02 08:32 · Score: 1

And an Android phone without at least some Google apps is useless for most people (mine would basically be a brick without Maps).
Technically, it would be a "phone" w/o Maps - you know, one of those things people use to make phone calls. Still pretty useful.

--
It must have been something you assimilated. . . .
Re:Sad, but also not surprising by fahrbot-bot · 2013-07-02 08:56 · Score: 1

That's funny, I didn't realize you were following me around observing my device usage and could decide better than me what kind of device I'd find useful or not.
Careful smug grasshopper. Quoting your original post:

And an Android phone without at least some Google apps is useless for most people ...
Who is deciding what for who?

--
It must have been something you assimilated. . . .
Re:Sad, but also not surprising by mystikkman · 2013-07-02 09:56 · Score: 1

Not really sure why you think it's the same. There are a lot of eyes on the Cyanogen source; there are no eyes on Motorola's crap.
Can you quantify the number of eyes on CM? What does a "lot" exactly mean compared to "few" ?
Re:Sad, but also not surprising by evilviper · 2013-07-02 10:20 · Score: 1

Instead of blindly trusting your manufacturer, you're blindly trusting a modder.
That modder isn't a multi-national corporation, who can get away with a small fine if he's caught stealing data.
Humans get jail time. Corporations pay a trivial fine.

--
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Re:Sad, but also not surprising by Lumpy · 2013-07-02 11:30 · Score: 1

"and who knows what that's doing." The guys working on and testing it. If you think that CM is sending secret data without the knowlege of the devs' then you need a better brand of tinfoil. they have sniffed every byte that comes out of the devices running CM. In fact the CM guys know more about Android than the best developers at LG,HTC,Samsung, and Motorola Combined. And I'm betting they know some things that the Google guys dont know.

--
Do not look at laser with remaining good eye.
Re:Sad, but also not surprising by amiga3D · 2013-07-02 14:52 · Score: 1

If anyone looks at the cyanogen source at all that will be at least one more than is looking at Motorola's. Motorola knows they are above the law and can do absolutely as they please.
Re:Sad, but also not surprising by AdamWill · 2013-07-02 18:15 · Score: 1

Ooh, touche. Fair point. So we're just comparing anecdata. I'd still go with my original contention, but you're right in terms of the flow from there.
Re:Sad, but also not surprising by fahrbot-bot · 2013-07-02 20:45 · Score: 1

The bottom line is "to each their own". My cell phone is a Qualcomm QCP-1900 I bought for $200 in 1998 - still works great. Only makes voice calls, only used it about 5 times in the past 5 years. (Plan is $10/month from nTelos - originally Primeco). [ Also, I use paper maps :-) ]
I'm not a Luddite - am Unix system programmer/admin with +25 years experience on *everything* from PCs to Crays - I just don't need anything more at this time. Others' mileage may vary...

--
It must have been something you assimilated. . . .
Re:Sad, but also not surprising by TheGratefulNet · 2013-07-03 03:03 · Score: 1

even 'clean' android has chip-level comms that you will never EVER defeat. loads of info goes to carriers on request and you can't stop it; its at the radio chip level. (disc: I work in a cell phone tech job that involves android and signalling at the various radio modulation (3g, 4g, etc) levels).
unless you have specs on all the chips in the phone, you'll never be able to fully 'quiet down' your rooted phone.
it would be nice if there was a 100% open phone, but I doubt it will ever happen.
best we can do is to be aware of this and not trust our 'phones' (pocket computers with locked down parts of it) and assume they are always leaking various bits of info about us to 'others'.
pull the battery out and leave the phone at home. that's the only way to stop the leaks.

--

--
"It is now safe to switch off your computer."

Sharing is caring by d.the.duck · 2013-07-02 05:39 · Score: 1

Technically, the Government isn't listening to your phone calls. Google is, then they share with the NSA. Sharing is caring.

--
Where does the signature go?

Re:Sharing is caring by SuperTechnoNerd · 2013-07-02 06:06 · Score: 1

Wait a minute! I thought sharing was illegal? I'm so confused!
Re:Sharing is caring by d.the.duck · 2013-07-02 06:19 · Score: 1

It's always illegal except when it's not. Which is when the government does it. Just ask Snowden.

--
Where does the signature go?
Re:Sharing is caring by Maritz · 2013-07-02 06:27 · Score: 1

As a pleb/citizen/consumer/voter or whatever, it is. Know your place!

--
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.

It is owned by Google by jader3rd · 2013-07-02 05:40 · Score: 2, Insightful

This is just Google collecting all of the worlds data, just like they said they were doing to do.

Re:It is owned by Google by swillden · 2013-07-02 05:55 · Score: 5, Informative

This is just Google collecting all of the worlds data, just like they said they were doing to do.
The Droid X2 was released on May 11, 2011. Google announced their intention to acquire Motorola Mobility on August 15, 2011, and completed the acquisition on May 22, 2012.

--
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Re: It is owned by Google by pixelpusher220 · 2013-07-02 06:22 · Score: 2

The former most definitely. I *know* google does that and I can opt-out of Google if I choose to do so. How do I opt-out of the NSA recording EVERYTHING?

--
People in cars cause accidents....accidents in cars cause people :-D
Re: It is owned by Google by Anonymous Coward · 2013-07-02 06:29 · Score: 2, Insightful

Yes.
Re:It is owned by Google by aristotle-dude · 2013-07-02 06:53 · Score: 1

This is just Google collecting all of the worlds data, just like they said they were doing to do.
The Droid X2 was released on May 11, 2011. Google announced their intention to acquire Motorola Mobility on August 15, 2011, and completed the acquisition on May 22, 2012.
The Droid X2 runs Android which is made by Google. Any servers Motorola runs today are most likely managed by Google now.

--
Jesus was a compassionate social conservative who called individuals to sin no more.
Re:It is owned by Google by pentadecagon · 2013-07-02 07:47 · Score: 1

The Droid X2 runs Android which is made by Google.
And what does this have to do with the problem at hand? The graphics chip is made by NVidia. But you can blame neither company for creepy software created by Motorola. The worst you can blame Google for is being remiss when it comes to cleaning up the existing infrastructure.
Re:It is owned by Google by quarmar · 2013-07-02 07:48 · Score: 1

When was the version of Android that he was running released by Motorola to their subscribers?
Re:It is owned by Google by Svartalf · 2013-07-02 09:15 · Score: 1

Doesn't mean much. This is peices of their idiot MotoBlur software. Google only probably half realizes it's still running, etc.

--
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Re:It is owned by Google by Nikker · 2013-07-02 09:23 · Score: 1

Think of it like this. You decide to invest in a mom and pop shop, lets say a convience store. You of course ask that all is on the 'up and up' and they of course tell you it is. You pay them their price and take over the business.

First day on the job someone comes in asking for drugs. You of course have no idea what they are referring to and the patron shows you the back room wich is full of said drugs. You facilitate the purchase of the drugs and send the person on their way.

Google owns the store but the people still come in looking for drugs and keep going away happy. I am pretty sure before Google acquired Motorolla Mobility (Google being into data and all) they did a very indepth audit of the data being stored and what was going over the network. It would be kind of hard to miss hundreds of thousands "call ins" from products in the field with and entire infrastructure to facilitate this data harvesting.

So as far as saying "How could they know?" just be considerate to us all and accept they definately know.

--
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.

Oops... by dstyle5 · 2013-07-02 05:41 · Score: 1

Motorola's future press release will contain something along the line of "It was mistake!?"

I blame the government by 93+Escort+Wagon · 2013-07-02 05:42 · Score: 4, Interesting

I know, that sounds like the lead-in to a joke - but not this time.

In the US, anyway, Congress established quite some time ago that companies had more rights to our personal information than most of us would want them to have. So it's not surprising when we find out the NSA (or whoever) has carte blanche to our information - and also that Congress doesn't grok why we get upset about it.

Europeans ostensibly have much stronger protections in this regard; but it seems to me there's a lot of "wink, wink, nudge nudge" going on over there, and those "protections" are mainly in place so their officials can posture indignantly whenever news like this comes out. In practice I don't think there's much of a difference on either side of the Atlantic.

So what's the big deal about yet another large entity slurping our personal information? Whether they're public or private - according to the folks elected to represent us, we shouldn't be upset about it...

--
#DeleteChrome

Re:I blame the government by rsborg · 2013-07-02 05:56 · Score: 2

Perhaps the government is to blame, but if I had a Moto phone, I could be liable for the security breach if I worked at a secure company location. If I were a responsible IT manager at one of those companies, I'd be pretty pissed about this.
You can't sue the government for Motorola's ineptitude, but you can sue Motorola. I hope someone does just that, and slaps down this culture of snooping and ineptitude that could ruin careers and lives.

--
Make sure everyone's vote counts: Verified Voting
Re:I blame the government by dkleinsc · 2013-07-02 06:02 · Score: 1

and also that Congress doesn't grok why we get upset about it.
Oh, Congress knows we're upset about it, and understands why we're upset, but about 3/4 of them don't care. There are a few major reasons for this:
(1) The only major campaign donors who care about it support the surveillance. That means that doing the will of the people will incur a financial penalty and no financial gain.
(2) Because both major parties basically agree that this kind of thing is at the very least not a problem, there's no threat of the other party fielding an effective candidate that will campaign against them on the issue of privacy.
(3) The NSA may have dirt (or may be able to create dirt) on them that would make the flak they take for ignoring this problem insignificant by comparison. An example of someone possibly falling victim to this is Anthony Weiner.
(4) A significant number of Americans actually support the surveillance, providing political cover for any politicians who fail to act.

--
I am officially gone from /. Long live http://www.soylentnews.com/
Re:I blame the government by InlawBiker · 2013-07-02 06:36 · Score: 1

We are correct to blame the government. It's the job of businesses to get away with as much as possible. It's the government's job to keep them in check. If they aren't doing their job we have a system in place to peacefully show them the door.
Re:I blame the government by yusing · 2013-07-02 07:08 · Score: 1

"So what's the big deal"
Careful you don't bend over too fast and rip your fashionable jeans.

--
"You must try to forget all you have learned. You must begin to dream." -- Sherwood Anderson
Re:I blame the government by GodfatherofSoul · 2013-07-02 07:32 · Score: 1

Blame the PEOPLE. Government isn't some nebulous entity out there trying to screw with you. This has all been happening because Americans are quite willing to sacrifice freedom for security. Shockingly, the stats back that up. Americans now have the mindset that government should do everything and anything to stop an act of terror, and if something happens there has to be someone in government to blame for it.
In that environment, a politician would be a fool not to adhere to the will of the people.

--
I swear to God...I swear to God! That is NOT how you treat your human!
Re:I blame the government by the+eric+conspiracy · 2013-07-02 07:55 · Score: 1

There are several problems with that statement.
1. One of the things business has gotten away with is the purchase of government.
2. It's people's job to watch out for that. But actually all the people watch are news shows that have been purchased by business.
3. Mostly people don't watch out for this stuff. They watch pwned news or the Kardasians.
Re:I blame the government by whoever57 · 2013-07-02 08:01 · Score: 1

Oh, Congress knows we're upset about it, and understands why we're upset, but about 3/4 of them don't care.
And then there are Senators who are lauding the program. Perhaps in a misguided attempt to support Obama.

Are they so dumb to believe that the system could not be abused to provide information that could be used against those same Senators?

--
The real "Libtards" are the Libertarians!
Re:I blame the government by AvitarX · 2013-07-02 09:43 · Score: 1

To point (2).
Seems pretty likely that they will. I know the democrats did in 2008. Of course, a 180 was made on that policy after election.

--
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg

It's motoblur... by Anonymous Coward · 2013-07-02 05:43 · Score: 2, Informative

It's a server side social service from motorola,see http://en.wikipedia.org/wiki/Motoblur

Re:It's motoblur... by Tr3vin · 2013-07-02 05:50 · Score: 1

It sure is. He says that it supposedly isn't and is basically stock Android, but after quickly looking at a review of the device it is running some form of Motoblur. It might not be as bad as other Motorola devices were but it is definitely not stock.
Re:It's motoblur... by fuzzyfuzzyfungus · 2013-07-02 05:51 · Score: 1

It's a server side social service from motorola,see http://en.wikipedia.org/wiki/Motoblur
Did you see the part of TFA where the user was given no indication that 'motoblur' was active, and the phone was using randomly generated 'motoblur' credentials because it had never even prompted him to create any?
Re:It's motoblur... by vux984 · 2013-07-02 05:56 · Score: 1

Its a "feature"
From wikipedia:
First generation Motoblur-based phones require a new user to create a Motoblur account, denying access to the main screen until the account is established. User account information is stored on Motorola's servers for access from web browsers and future phones. Newer devices allowed users to defer Blur services until a later registration
Presumably, once you got around to making a motoblur account it would like to the "temporary one".
Apparently it didn't occur to motorola that some poeple were opting out of registering because they didn't want the service at all, as opposed to merely not wanting to register.
Idiotic for sure, but probably not full on malicious.
Re:It's motoblur... by fuzzyfuzzyfungus · 2013-07-02 06:08 · Score: 1

If that's idiocy, it's well up into 'indistinguishable from malice' territory.

How is this even legal? by gstoddart · 2013-07-02 05:45 · Score: 1

I'm sure they feel they can write anything they want in an EULA, but I can't see how this is legal.

This is actively taking your data for their own purposes, and should be something with criminal penalties.

And Google recently added terms to the permission for the Android keyboard update which wants more access to your personal information -- forcing me to conclude that any device you buy these days is actively working against you, and is best kept in airplane mode as much as possible.

You don't own and control it -- the assholes in marketing do.

--
Lost at C:>. Found at C.

Re:How is this even legal? by Lunix+Nutcase · 2013-07-02 05:49 · Score: 1

It's legal because there is no law against it. What specific law do you think it is violating?
Re:How is this even legal? by gstoddart · 2013-07-02 06:00 · Score: 3, Insightful

How about this?
They've gone way beyond authorized access, and are collecting information they have no business accessing.
But somehow those EULAs magically give them the legal right to do anything they want to.

--
Lost at C:>. Found at C.
Re:How is this even legal? by pixelpusher220 · 2013-07-02 06:26 · Score: 1

See EULA, you've granted them full license to use your stuff.

--
People in cars cause accidents....accidents in cars cause people :-D

#1 reason to use Android by erroneus · 2013-07-02 05:48 · Score: 5, Insightful

You can RELOAD the device's OS with custom ROMs that don't do this crap. If it was discovered Apple does this (and who's to say they don't) what choice have you? And Windows phone? Don't even start.

Part of the reality of "security" is taking responsibility for your own. Security is not a product you can buy. It's not something that other people can do for you (because that's tyranny). It's a personal responsibility and it takes knowledge and understanding to do. Tough luck to all those people who have neither the inclination nor the ability to learn.

Re:#1 reason to use Android by sir-gold · 2013-07-02 05:55 · Score: 1

You can't reload with a custom rom if the phone uses a signed bootloader (which motorola is notorious for doing), or in the case of the article's author, you are "banned" from doing so by your employer (his employer bans rooted phones from accessing active sync)
Re:#1 reason to use Android by h4rr4r · 2013-07-02 06:01 · Score: 3, Informative

You can have a custom rom that is not rooted.
I do.
Why do people confuse these?
Re:#1 reason to use Android by rtkluttz · 2013-07-02 06:02 · Score: 4, Interesting

We only use rooted phones running Cyanogenmod 10.1 in our environment. We have a fleet of about 50 smart phones and all of them but about 4 are Google Galaxy Nexus phones. We don't consider anything that we don't control to be secure.

--
Digital is, by definition, imperfect. Analog is the way to go.
Re:#1 reason to use Android by Anonymous Coward · 2013-07-02 06:03 · Score: 2

Motorola signs/encrypts the kernel. This massively hampers any attempt to load a new ROM, because the kernel remains constant thereafter. Any low level API changes etc are impossible to support except in software at a much higher layer in the stack
Re:#1 reason to use Android by SuperTechnoNerd · 2013-07-02 06:12 · Score: 1

Security is not a product you can buy.
But its something you can't buy - by not buying a smartphone or any of thees spy devices..
Re:#1 reason to use Android by msauve · 2013-07-02 06:48 · Score: 1

People confuse unlocked bootloaders with rooted phones because they're closely related in practice. What's your excuse for calling software which can be loaded onto flash memory a "rom" (Read Only Memory)?

--
"National Security is the chief cause of national insecurity." - Celine's First Law
Re:#1 reason to use Android by meta-monkey · 2013-07-02 06:57 · Score: 2

Is that your recommended phone? If one were going to ditch an iPhone for something running Cyanogenmod today, which phone would you choose?

--
We don't have a state-run media we have a media-run state.
Re:#1 reason to use Android by ebno-10db · 2013-07-02 07:05 · Score: 4, Insightful

Part of the reality of "security" is taking responsibility for your own.
The only way to get real security and privacy with a cell phone is not to have one. A bonus is that implementation of that strategy requires no special technical knowledge.
Re:#1 reason to use Android by BitZtream · 2013-07-02 07:06 · Score: 1

What's your excuse for calling software which can be loaded onto flash memory a "rom" (Read Only Memory)?
Because the design is that it is read-only ... updating it is a secondary feature, rarely used by normal people.
For practical purposes, its read-only. You aren't supposed to even be able to modify it under normal circumstances (this prevents bricking by some random malware)
What's your excuse for being so ridiculously obtuse?

--
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Re:#1 reason to use Android by poetmatt · 2013-07-02 07:27 · Score: 1

you can't ban rooted phones from accessing exchange. Even the policy will not be able to prevent accepting the security settings merely because you're rooted.
Re:#1 reason to use Android by Charliemopps · 2013-07-02 07:37 · Score: 1

Because it's irrelevant. Enterprise customers aren't going to allow a custom rom or a rooted phone into their network... period. All applications like this check to see if the phone is rooted as well as do a CRC check on the phones rom. Trust me, I'm in the same boat. There's no way around it.
Re:#1 reason to use Android by someSnarkyBastard · 2013-07-02 07:55 · Score: 3, Interesting

Your best bet for installing custom firmware is almost always going to be the current Google dev-phone (previously the Galaxy Nexus, currently the Nexus 4 IIRC) The phone is directly supported by Google and has an unlockable bootloader, no tricky hacks required.
Re: #1 reason to use Android by someSnarkyBastard · 2013-07-02 07:57 · Score: 1

This ^^ Sooner or later the plebes will wise up about Big (and Little) Brother and want to root their phone. Guess who they are gonna call?
Re:#1 reason to use Android by gnasher719 · 2013-07-02 08:07 · Score: 4, Insightful

You can RELOAD the device's OS with custom ROMs that don't do this crap. If it was discovered Apple does this (and who's to say they don't) what choice have you? And Windows phone? Don't even start.
So there is a massive _actual_ privacy violation by Google (who owns Motorola and is 100% responsible for anything that happens under the name Motorola), and you complain about what-ifs with Apple and Microsoft?

Remember that Google's customers are the advertisers. Apple's customers are people buying Apple devices. I expect both Google and Apple to do what is good for their customers, even if it hurts others (like _you_ in the case of Google, and advertisers in the case of Apple).
Re:#1 reason to use Android by bonehead · 2013-07-02 08:16 · Score: 1

No, but it would require me to find alternative employment.
Re:#1 reason to use Android by dcherryholmes · 2013-07-02 08:29 · Score: 2

Pedantic point: the Galaxy Nexus I got from Verizon did not come with an unlocked bootloader. It was trivial to unlock it, though. Perhaps you meant phones purchased directly from Google?
Also, my reply to the parent's question of best ROM (there are limitless opinions about this, so this is nothing more than my own): JBSourcery ROM is my favorite, mainly because of JBSourcery Tools. There's nothing there you can't do with other ROMs... they just make it really easy to do things like drop in alternate kernels, change your fonts system wide, change icon sets for the status bar, etc. CyanogenMod is a perfectly solid choice, too, and probably has more eyeballs on it.
Re:#1 reason to use Android by h4rr4r · 2013-07-02 08:30 · Score: 1

It should be trivial to get around, just make the CRC check return a BS value. If you own the kernel you can make it do whatever you want.
Re:#1 reason to use Android by PixetaledPikachu · 2013-07-02 09:38 · Score: 1

Pedantic point: the Galaxy Nexus I got from Verizon did not come with an unlocked bootloader. It was trivial to unlock it, though. Perhaps you meant phones purchased directly from Google?
Things like that mostly happen only in US. My Galaxy Nexus did not come directly from google and it has unlockable bootloader
Re:#1 reason to use Android by dcherryholmes · 2013-07-02 09:41 · Score: 1

Unlockable is not the same as "unlocked." Did your phone come out of the box with an unlocked bootloader? Mine did not, although once adb was set up it was trivial to do it myself.
Re:#1 reason to use Android by brickmack · 2013-07-02 10:11 · Score: 1

Right, because a company that goes to the effort of putting custom ROMs on 50 phones is very likely to not bother to uninstall a few apps
Re:#1 reason to use Android by cbhacking · 2013-07-02 10:47 · Score: 1

Many Windows Phones (nearly all WP7 devices, and a growing handful of WP8 devices) have been "hacked" to enable custom ROMs. It's actually the preferred way to "root" most Windows Phone models, as it lets you overwrite some stuff that Microsoft locks when the OS boots up so you can't edit it regardless of permissions (technically this could be overwritten but it would require modifying kernel memory).
The XDA-Developers and WPCentral forums are full of custom ROMs and bootloader unlocks and so forth, at least for most of the older modules

--
There's no place I could be, since I've found Serenity...
Re:#1 reason to use Android by amRadioHed · 2013-07-02 11:04 · Score: 1

None of them come unlocked. The OP said Nexus devices are easily unlockable, as yours was.

--
We hope your rules and wisdom choke you / Now we are one in everlasting peace
Re:#1 reason to use Android by dcherryholmes · 2013-07-02 11:07 · Score: 1

Damn, reading fail. My apologies.
Re:#1 reason to use Android by TapeCutter · 2013-07-02 11:50 · Score: 1

All ROM is writable at least once.

--
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Re:#1 reason to use Android by msauve · 2013-07-02 11:59 · Score: 2

No. ROMs are manufactured with their data. Perhaps you're thinking of PROMs, which can be programmed (written to) once.

But, the GP is still incorrect - flash or eeprom are made to support change. A particular version of OS/software is not a ROM. Maybe ROP (read-only programming) or something similar, but ROM references the physical memory, not what's stored in it.

--
"National Security is the chief cause of national insecurity." - Celine's First Law
Re:#1 reason to use Android by thegarbz · 2013-07-02 19:57 · Score: 1

A bonus is that implementation of that strategy requires no special technical knowledge.
I would argue that in the modern world not owning a cellphone requires more special knowledge and strategy than not. No more pay phones, lack of information centres, the move to online banking, the move to online micropayments, etc. These are major roadblocks in the modern world for those without a basic cellphone.
Re:#1 reason to use Android by pakar · 2013-07-03 04:39 · Score: 1

http://wiki.cyanogenmod.org/w/Devices#vendor="Motorola";
well... cyanogenmod is running on quite a few....
Re:#1 reason to use Android by Makawity · 2013-07-05 11:51 · Score: 1

Not on Moto you can't. Locked bootloaders all along (except some developer units), which means the only thing you're able to boot is one of the vendor-delivered signed kernels. This has been circumvented somewhat by chain-loading, but it still means vendor kernel is started first and can setup whatever spyware they damn please, even if you're on (unofficial) CM.

So run stock android by h4rr4r · 2013-07-02 05:49 · Score: 1

This is why you run stock android, or one you built yourself not some blur BS.

Re:So run stock android by gstoddart · 2013-07-02 06:14 · Score: 2

This is why you run stock android, or one you built yourself not some blur BS.
Yeah, and then the only company you need to worry about not trusting is Google.
Unfortunately, even on a stock Nexus tablet, Google pushes very hard to force you to use their stuff, and actually signed me up for a You Tube account when I launched the app, even though I don't want a You Tube account and never got asked.
I'm pretty sure we're screwed no matter what we run these days.

--
Lost at C:>. Found at C.
Re:So run stock android by h4rr4r · 2013-07-02 06:15 · Score: 1

Or flash your own rom.

Achievement Unlocked by blincoln · 2013-07-02 05:51 · Score: 5, Informative

"An article you wrote for your personal website has appeared on the main page of both Slashdot and Hacker News, and you were not the submitter in either case."

I haven't logged onto this account in ages, but if anyone has any questions, I'd be happy to try to answer them.

--
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman

Re:Achievement Unlocked by wonkey_monkey · 2013-07-02 05:57 · Score: 1, Troll

Why don't pretty girls like me?

--
systemd is Roko's Basilisk.
Re:Achievement Unlocked by blincoln · 2013-07-02 06:10 · Score: 1

Of course, I have no need to worry about such things now! :)

--
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
Re:Achievement Unlocked by ThatsNotPudding · 2013-07-02 06:11 · Score: 1

What is the most straightforward way to monitor, analyze, and sandbox attempted network activity on a per-device basis on all three major OSes?
Re:Achievement Unlocked by blincoln · 2013-07-02 06:38 · Score: 4, Informative

In the absence of a better answer, I would go with the model I used for this testing:
Build a Linux system that acts as the sole gateway between your internal network and the internet (whatever means you are using to connect to the internet). Set it up with an intercepting proxy like Burp Suite or OWASP ZAP, and install the signing cert on your devices. Configure all of your devices to proxy HTTP and HTTPS traffic through that intercepting proxy. This will let you see nearly all HTTP and HTTPS traffic, and optionally to modify that traffic as it passes through.
That system can either just be a gateway for some other device (e.g. your wireless router), or you can set it up to perform the DHCP and other functions for the other devices on your network.
It would probably also be helpful to set it up as the DNS server so that if you end up needing to look at something that requires spoofing DNS, you're all set.
Mode 1 - for everyday use:
Use iptables to forward all traffic from the internal interface to the external interface.
Run network captures to see traffic patterns and anything that is unencrypted which is not going through the intercepting proxy.
When you see something interesting that is non-HTTPS (e.g. via a network capture) but is encrypted, temporarily switch to Mode 2, or if necessary (like it was in the case of the XMPP traffic here) selectively forward it (again, using iptables) to a custom MitM proxy.
Mode 2 - for special cases:
Run Mallory on the gateway instead of the regular iptables forward.
This is only for special cases because Mallory will impose a noticeable slowdown.
I'm working on a ground-up build doc for this type of system that will go into a lot more detail. It can be run in VirtualBox or another virtualization platform.
The only thing it may not do is the sandboxing requirement you listed, depending on what you're hoping for. It's also not super-straightforward (especially Mallory and any custom MitM stuff you need to do), but it's a lot easier than it used to be, especially since the intercepting HTTP/HTTPS proxy takes care of nearly all of the traffic these days.

--
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
Re:Achievement Unlocked by mystikkman · 2013-07-02 06:49 · Score: 1

What's your take on this thread on Hacker News where the commenter tried to cast complete blame on Microsoft for this? Is he right?
https://news.ycombinator.com/item?id=5974130
Re:Achievement Unlocked by Anonymous Coward · 2013-07-02 06:52 · Score: 1

But of course you can get pretty girls to like you! You simply have to pet them behind the ears and feed them. Also, it's best to keep their kennels clean and to take them on daily walks at a minimum. Do this and you'll be well loved!
Re:Achievement Unlocked by Anonymous Coward · 2013-07-02 07:14 · Score: 1

AC here. I've used twisted and variants of moxxie's sslstrip(search github) to do the DNS stuff... it's just easier and faster tweaking than bind or djbdns, although you'll have to run some python stuff as root or do iptables magic.
But what I wanted to chip in is that grabbing nameserver logs is a *great* way to profile a device and see WTF it talks to.
Beyond that, traffic opened to locations that weren't looked up in DNS at some points tends to really strongly stand out.
I haven't had a chance to use burp, but I have successfully pointed a ssh tunnel via ssh -D to a socks5 proxy netcatted into a windows install of fiddler (which is all types of handy for point-and-click interception, rewrite, replay, and saving your page requests as fully spoofed curl requests)
Re:Achievement Unlocked by blincoln · 2013-07-02 08:26 · Score: 1

...by which I mean, of course, that the whole Slashdot/Hacker News "Bifecta" solves that particular problem. I don't have any other good answers besides that :).

--
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
Re:Achievement Unlocked by manu0601 · 2013-07-02 14:20 · Score: 1

Configure all of your devices to proxy HTTP and HTTPS traffic through that intercepting proxy.

If your device does not complain about your self-signed certificate enabled HTTPS proxy, then there is something seriously rotten security-wise
Re:Achievement Unlocked by blincoln · 2013-07-02 16:14 · Score: 1

This has nothing to do with Microsoft or ActiveSync, other than that I discovered it while testing some ActiveSync functionality that required changing my EAS configuration on the phone repeatedly. Changing the EAS settings triggered a replication of those changes to Motorola.
I tried to figure out how to sign up for a HN account to correct that, but it looks like it's invite-only?

--
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
Re:Achievement Unlocked by Phroggy · 2013-07-02 17:53 · Score: 1

Configure all of your devices to proxy HTTP and HTTPS traffic through that intercepting proxy.
If your device does not complain about your self-signed certificate enabled HTTPS proxy, then there is something seriously rotten security-wise
If you can load your self-made CA cert onto the device and explicitly tell it to trust any cert issued by that CA, then everything is fine. Obviously if you don't do that, a MITM attack should cause scary warnings. :-)

--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Re:Achievement Unlocked by mystikkman · 2013-07-09 01:03 · Score: 1

It's not. Click on an upvote arrow and you should see a registration option.

Apathy by SuilAmhain · 2013-07-02 05:52 · Score: 1

By any chance is anybody else beginning to, against their own better judgement, stop caring about this type of thing because there seems to be nothing we can do about it?

There is no justifiable excuse for this or prism etc.. etc.. but we are clearly powerless to do anything and I think my mind needs a defence mechanism.

Re:Apathy by fuzzyfuzzyfungus · 2013-07-02 06:19 · Score: 1

It's more adorable in fuzzy animals; but it works with humans as well...
Re:Apathy by SuperTechnoNerd · 2013-07-02 06:26 · Score: 1

No. I refuse to give in. I'll go backwards if I have to. Throw out ALLLLLL this tech. It's tainted. It's made to work against you. And you can't trust anyone these days. (as if you could ever trust a corp.) THROW IT ALL AWAY!

It's soup cans and string for me from here on out...
Re:Apathy by cpghost · 2013-07-02 06:30 · Score: 1

There is no justifiable excuse for this or prism etc.. etc.. but we are clearly powerless to do anything and I think my mind needs a defence mechanism.
How about a little bit of subversive thinking and acting?
Let's turn this whole surveillance mania against them, won't we? Say, the US government won't give a rat's ass of what you want or what you think: write to them as much as you want, they won't even acknowledge you exist. However, try to keep something private, and they'll go out of their way to spy on you, to intrude your privacy etc.. And why? Just so they can hear what you wanted to say them altogether openly from the beginning. You've got their (big NSA) ears and their attention now: use 'em to deliver your message.
Or, said otherwise: forget about writing your elected representatives, write what you want your government to know to your own friends, and Government will eventually get to read it too.

--
cpghost at Cordula's Web.
Re:Apathy by idontgno · 2013-07-02 06:33 · Score: 1

Aaaaand on behalf of the entire Slashdot community (particularly the part of it that doesn't want me speaking on their behalf, because I love pissing off those douchewads)... I'd like to welcome you to our community, Mr. Kaczynsky.
Please don't blow us up, even if we silently note the hypocrisy of loudly advocating disposing of all the untrustworthy elements of the "industrial-technological system" on a technofetishist on-line computer-based weblog. Well, please don't blow me up, anyway. Kthxbye.

--
Welcome to the Panopticon. Used to be a prison, now it's your home.
Re:Apathy by Anonymous Coward · 2013-07-02 06:38 · Score: 1

Give up your cell phone. I did.
Give up Facebook. I did.
Run your own email server. I do.
Stop giving these companies your data. I do my best to.
Re:Apathy by idontgno · 2013-07-02 06:40 · Score: 1

OMG I misspelled your name. I'm so sorry. So very sorry! Please, don't mail me any packages, I'm allergic to explosives!

--
Welcome to the Panopticon. Used to be a prison, now it's your home.
Re:Apathy by SuperTechnoNerd · 2013-07-02 06:57 · Score: 1

Come visit my cabin.. It's real cozy.
Re:Apathy by meta-monkey · 2013-07-02 07:09 · Score: 1

I feel ashamed that, despite being an electrical engineer, being on /. for over a decade, a dues-paying member of the EFF, running Linux on all my servers but using Apple for my desktop/laptop/phone, it took me until now to really understand that free software is a social movement, and not a design philosophy. Sigh.

--
We don't have a state-run media we have a media-run state.
Re:Apathy by SuperTechnoNerd · 2013-07-02 07:13 · Score: 1

Alleluia! His eyes have opened!

So maybe they *do* have a copy... by msobkow · 2013-07-02 05:53 · Score: 1

So maybe Apple or Motorola or someone do have a copy of the infamous Rob Ford Smoking Crack video in their archives.

--
I do not fail; I succeed at finding out what does not work.

Carrier IQ by ZombieBraintrust · 2013-07-02 06:01 · Score: 1

Did he just rediscover Carrier IQ?

On November 12, 2011, Trevor Eckhart published a report indicating that Carrier IQ software was capable of recording user keystrokes.

Droid X2 was a Verizon phone so it shouldn't have Carrier IQ on it.

Numbers say they don't by SuperKendall · 2013-07-02 06:06 · Score: 4, Insightful

If it was discovered Apple does this (and who's to say they don't)

We know they don't because there are many hundreds of millions of people using Apple devices now, and lots of developers using network proxy monitoring tools in development that see all network traffic from the devices to boot.

Basically if Apple were doing this we would have known long ago, and there would be no shortage of people to shout about it continuously on Slashdot and elsewhere.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley

Re:Numbers say they don't by h4rr4r · 2013-07-02 06:09 · Score: 1

Or it sends it to the store when you browse. Assuming that is all encrypted you would never know.
Re:Numbers say they don't by h4rr4r · 2013-07-02 08:28 · Score: 1

Assuming good encryption how would you know what they are sending back, if they carefully do it at times the phone would have to send data to legit apple servers?
Re:Numbers say they don't by Anonymous Coward · 2013-07-02 08:48 · Score: 1, Insightful

God damnit, harrar. I'm really not trying to stock your chicken-hating ass, but I go to reply to a dumbass post and it's coincidentally you.
Even if the data were encrypted, the "proxy monitoring" software mentioned by the person you were replying to would still see encrypted traffic being sent to a specific IP address. You can't encrypt the IP address or the packets wouldn't get routed.
You're the stupidest and most vocal fucktard on this site. And I"m pretty sure BitzStream is one of your sockpuppet accounts.
Cluck a doodledo motherfucker.
Re:Numbers say they don't by Xest · 2013-07-02 21:30 · Score: 1

I usually disagree with you on almost everything but you're absolutely right about this.
It's the same point I've made to people claiming that the XBox One's Kinect will spy on them and so forth for the NSA. It wont because people will trivially be able to spot video data transfer.
The NSA can spy at data centres and so forth because the end user has no control over them, but spying when people control interim devices is much harder because you've got to not just hide the transfer from the device initiating the transfer, but somehow hide it on the wire from every other single device en-route to the destination server and I do not believe that's a problem that could realistically be achieved without being spotted.
This isn't to say the likes of the NSA couldn't do targetted attacks by bugging individual's devices where there's much lower possibility of discovery because unless the target is a technical expert they'd never know, but for a mass consumer product it's a different story because in that set of users there is always going to be at least one who would be doing what is necessary to notice it.
That is why I believe talk of wide scale surveillance by bugging consumer devices like the XBox One or iPhone en-mass are FUD, and if you believe they can bug these devices and hide it on the wire through devices you own and control then you might as well assume every single device you own with a camera/mic is also bug whether it's your Logitech webcam, your iPad, your digital camera, your CCTV system, or you Blackberry, Android, or Windows Mobile phone as well because if they're good enough to hide it even on some consumer hardware you might own like an XBox One's Kinect or iPhone, then they're good enough to hide it on any hardware you own whoever makes it. The more rational and realistic view is that they're not good enough to hide it on any hardware you own and so just don't bother. If you're a real threat they'll just bug your home, car and workplace directly.
Re:Numbers say they don't by h4rr4r · 2013-07-09 06:05 · Score: 1

Which would prove nothing in this case. So long as each time it does action A, like connecting to the app store it sends this snooping data, they would never know.
The whole idea is that the behavior does not change.

Re:What do you expect from Syncing Software? by Rob+Y. · 2013-07-02 06:06 · Score: 1

Even if this is true, they certainly ought to encrypt it. Don't dropbox, google drive, and skydrive encrypt their transfers?

--
Posted from my Android phone. Oh, I can change this? There, that's better...

Why do they keep trying to "social " us? by Bearhouse · 2013-07-02 06:08 · Score: 5, Insightful

What is this crap, and why do they always get it wrong?

Yes, I do want to seamlessly sync my mail, sms and contacts across my devices.
Except none of the solutions proposed really do that well...
(Or maybe I'm not typical, having multiple PCs and mobile devices, including iOS and Android?)

Photos too? Hell, why not. Picasa from Google used to be OK...

But now, after the "success" of FB, it seems that you can't have simple sync solution anymore; everybody is pushing unwanted, privacy-leaking, "social" features down our throats.

Just please fucking stop!

Re:Why do they keep trying to "social " us? by Anonymous Coward · 2013-07-02 06:55 · Score: 3, Funny

5 of your friends read this post. Blink some time within the next 30 seconds to read what they think!

the natural answer by nimbius · 2013-07-02 06:19 · Score: 1

https://whispersystems.org/
Moxie Marlinspike sends his regards.

--
Good people go to bed earlier.

Re:Why the defeatist mood? by Intrepid+imaginaut · 2013-07-02 06:20 · Score: 1

This. Fight back!

Re:Sue their asses to kingdom come by fuzzyfuzzyfungus · 2013-07-02 06:20 · Score: 1

If this is true that Motorola is spying on everything you do, stealing your goddamn IMAP and facebook passwords then sue their asses and press criminal "wiretapping" charges.

Silly consumer, the CFAA only makes more or less anything you do with or to a computer a felony if you aren't a corporation...

Re:Nonono, beware the evil chinese by arth1 · 2013-07-02 06:28 · Score: 5, Insightful

These are not the droids you are looking for... Look at the Chinese! Look at the evil Chinese! They're spying on us!

Well, of course they are. But look at it this way:

When the Chinese spy on you, what can they do to you based on the data it gathers?
When the your own government spies on you, what can it do to you based on the data it gathers?

Somehow, I feel safer sending my data to the Chinese...

Re:RTFA. by chaos_technique · 2013-07-02 06:34 · Score: 1

... and which one has a private fighter jet for its executive (no s)?

--
Singe capitulard mangeur de fromage

FOSS alternative(s) to Burp Suite? by Freshly+Exhumed · 2013-07-02 06:34 · Score: 1

The Burp Suite used by the investigator is a Java tool with a non-FOSS license. Blah.

--
I deny that I have not avoided attaining the opposite of that which I do not want.

Re:FOSS alternative(s) to Burp Suite? by blincoln · 2013-07-02 16:19 · Score: 1

I also linked to OWASP ZAP, which I used for most of the testing, partly because it is FOSS. Well, emphasis on the F, but the OSS is nice too.
ZAP should work fine for the kind of passive analysis I did for TFA, and if you're on a truly tight budget, you can certainly use it for more active testing. However, if you're going to do professional pen-testing, Burp is really worth shelling out for. It's the best web pen-testing tool I've seen, and I've heard the same thing from people I trust (including SANS instructors who are ZAP contributors). For professional work, it's a bargain at something like $500/year. Most professional security tools are 10+ times that expensive.

--
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman

Re:RTFA. by Anonymous Coward · 2013-07-02 06:35 · Score: 1

Of these three...

1. ExxonMobil
2. Verizon
3. Oracle
4. Google

Re:Carrier IQ, Skype links by geminidomino · 2013-07-02 06:37 · Score: 1

CarrierIQ was scumbag marketing bullshit, and wasn't "required" to be on anything. Since that's your jumping-off point, it's pretty much safe to disregard anything else you've got to say.

Censorship of this subject isn't a winning strategy

No, but modding down idiotic falsehoods works pretty well. (And the poor schmucks who feed you. I suppose I deserve it.)

Re:RTFA. by matrim99 · 2013-07-02 06:41 · Score: 1

To add some context, those jets are owned by an LLC named H211, and the LLC is owned (or at least operated) by several Google execs.

http://techcrunch.com/2011/12/11/googles-3-top-executives-have-8-private-jets/

--
Right. No, your other right. No, the other other right.

Does this use my monthly bandwidth? by jdc · 2013-07-02 06:45 · Score: 4, Interesting

I'm wondering if I get charged for this?

Re:Does this use my monthly bandwidth? by gstoddart · 2013-07-02 07:31 · Score: 1

Of course you do, if it's sending data from your phone, that's part of your monthly usage.

--
Lost at C:>. Found at C.
Re:Does this use my monthly bandwidth? by evilviper · 2013-07-02 10:17 · Score: 1

if it's sending data from your phone, that's part of your monthly usage.
That's not how it works. Your provider can and does exclude traffic to/from specific mediated IP addresses from your monthly bill. This is also why you can purchase services that actually use and require IP based data (such a streaming video/audio services, chat, navigation, etc.) without having a data plan.

--
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Re:Does this use my monthly bandwidth? by gstoddart · 2013-07-03 02:19 · Score: 1

Your provider can and does exclude traffic to/from specific mediated IP addresses from your monthly bill.
They can, but has Motorolla signed up for this with every cell-phone provider?
I think the more likely thing is that Motorolla added shit which phones home with your data, and you pay for it.

--
Lost at C:>. Found at C.
Re:Does this use my monthly bandwidth? by evilviper · 2013-07-04 10:01 · Score: 1

Assuming either way is just speculation.

--
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant

Unlimited Data by omnichad · 2013-07-02 06:51 · Score: 2

It's a good thing that everyone's on unlimited data plans in the U.S.

Re:Unlimited Data by koan · 2013-07-02 07:20 · Score: 1

NSA: Hey we want to reduce the amount of noise in our data blocks we receive from the telcos.
Telco/Contractor: No problem we will reduce the data cap, they will be forced to plot their devious plans on an ever shrinking data pool.
NSA: Is that legal?

--
"If any question why we died, Tell them because our fathers lied."

thanks, Obama! by Thud457 · 2013-07-02 06:57 · Score: 5, Funny

so I need a FOIA to restore my backup now?

--

the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

If I was a criminal by kawabago · 2013-07-02 06:57 · Score: 1

If I was a criminal I'd be investing in HPT. Homing Pigeon Technology. Which the NSA will have to counter with trained hawk no doubt.

Re:If I was a criminal by koan · 2013-07-02 07:22 · Score: 1

My suggestion was to live like it was 1970, with all the focus on modern data devices what is left to watch on a person living like it's 1970?
Think of the fashion possibilities.

--
"If any question why we died, Tell them because our fathers lied."

Your complaint has been heard... by Joe_NoOne · 2013-07-02 07:06 · Score: 1

Thank you for your complaint - please remain seated and an NSA agent will be by soon to "assist" you....

Re:Nonono, beware the evil chinese by ebno-10db · 2013-07-02 07:08 · Score: 1

Somehow, I feel safer sending my data to the Chinese...

Same reason I'm comfortable using Kaspersky at home - I doubt the FSB gives a damn about me.

Re:Multiple-Choice-Answer from Motorola by ebno-10db · 2013-07-02 07:12 · Score: 1

[ ] It was the NSA.
[ ] The NSA forced us
[ ] We need this information to make our products suck less
[ ] We have no idea why this is happening, it must be a bug
[ ] Hey, you're not suposed to notice

You forgot "all of the above".

Laugh by koan · 2013-07-02 07:15 · Score: 2

My traffic logs at home show that the Nexus Tablet is by far the most prolific chatter box on the network, some of the traffic was headed to China for some reason, one of the apps pinging home.
*shrug* it's all pretty sketchy now a days.

--
"If any question why we died, Tell them because our fathers lied."

It sells Adverstisng Space by tuppe666 · 2013-07-02 07:45 · Score: 1

No, Google sells your eyeballs. Well, rents them.

Not unless it can put adverts on them. It sells advertising space like newspapers.

Re:It sells Adverstisng Space by Kaenneth · 2013-07-02 23:46 · Score: 1

It's called Google Glass.

blaming the government by epine · 2013-07-02 07:55 · Score: 4, Funny

I watched a Bill Maher video yesterday in which a conservative politician who clearly believed that cleanliness (and short hair) is next to godliness claimed to believe in "adaptation" but not a certain fish story when confronted by a historically unelectable Canadian politician about whether he believed in antibiotic resistance (in which the evolution of the resistance trait was greatly accelerated by careless overuse).

I actually cut the guy some slack. There's no reason why he can't logically believe in the special theory of evolution (local adaptation) without necessarily believing in the general theory of evolution (the ascent of complexity from primordial origins). To believe in one without the other requires a larger than average mental judgement in between. Unfortunately, he lamely fell back on invoking the missing link. Bzzzzt. Thanks for playing.

Clearly he hasn't checked in with the Out of Africa theory lately, which was speculative until we began to read DNA in the early 1980s with all the proficiency of a clever three year old. Right now we're at about year two of a ten year post-graduate program in speed reading for lifeforms with facet eyes. Things have changed. If there were any region of the globe over the past 10,000 years (or 100,000 years) where the genetic lineage of any species of quadruped (Noah being the patron saint of charismatic megafauna) is constricted to a single breeding pair, we'll surely find it soon on the rising flood of sequence data. Dude groomed for rapture should be worrying about the missing crink, not the missing link.

I can't say I have a higher opinion of "blame the government". It's like blaming calcium for arthritis, on the grounds that sans calcium, arthritis as we know it would no longer exist. The problem here is that calcium is just the implementation. The specification is to have a load bearing structure nimble enough to evade and pursue (aka biosecurity). A large branch of the solution space descends from elbows and kneecaps.

One of the major functions of a large population is agreeing on the threat enough to achieve cohesion in the threat response. This is mirrored in the organism by how the fight/flight response is balanced on a knife edge, and how the hormones that prime this metabolic state also tamps down immune response. Guess what, libertarians, that's a centralized response.

You can discard the implementation (government as we know it), but you can't discard the specification. Unfortunately, contrary to the most vociferous howls, the problems are actually rooted in the specification, not the implementation.

Just like replacing an aging software system, while it's absolutely certain that the worst points of friction in the existing system will go away, new points of friction are extremely likely to take their place, unless you stumble upon the "silver bullet" solution paradigm (social media won't let you down). I tend to be fairly reluctant to stick up my hand when a surgeon promises to cure my arthritic knee by lopping off my leg and grafting on a tentacle to replace it. I worry that might bring with it new problems every bit as annoying as the previous problem.

The present state of the NSA and the legislation around it is pretty much an unbroken story since the end of the first world war. (The Germans did not invent Enigma on a fall afternoon in 1939.) I vaguely recall reading in the The Puzzle Palace (or something similar from the same era) that before the U.S. government passes a law preventing secret agencies from spying on American citizens there was already a secret law on the books exempted a certain no such agency from being beholden to any such future law.

Democracy it turns out is a lot like the human immune system. It shuts down on a dime in the presence of an acute threat, as defined by the pulsed secretion of some small gland. Once you get to the place where the small gland sees a lion in every box of Cracker Jack, democracy is reduced to vestigial status, until

Re:RTFA. by SiChemist · 2013-07-02 08:05 · Score: 5, Funny

There are only two hard things in Computer Science: cache invalidation, naming things, and off-by-one errors.

--
God is imaginary

Re:RTFA. by Sarten-X · 2013-07-02 08:37 · Score: 1

which one has a private jumbo jet for its executives:

I'm going to guess "any one that thinks it's worth having". While it's fun to mock companies for having an expensive private jet, it might actually be worth having if the executives need to be physically present in several places quickly, without the delays of security or the risk of missing flights. There are no hubs, layovers, or transfers, and while on board the executive can stay in constant contact with the company without distraction.

--
You do not have a moral or legal right to do absolutely anything you want.

Re:RTFA. by icebike · 2013-07-02 08:46 · Score: 4, Funny

Of these three multibillion-dollar corporations, which one has a private jumbo jet for its executives:

1. ExxonMobil
2. Verizon
3. Oracle
4. Google

"Don't be evil"? My ass.

Probably the one that only hires people who know how to count.

--
Sig Battery depleted. Reverting to safe mode.

READ forums for the ROM you want by Zynder · 2013-07-02 08:50 · Score: 1

Whatever phone you choose, you go to XDA devs website, droidforums, and the like and read to make sure that all the features you want work on the phone you chose. Many ROMs will not be 100% functional except on the device the developer used. I have the Moto Droid 4 with the locked bootloader and no ROM that I can find will operate every piece of hardware properly. One of the ROMs can't make the GPS work, another can't get the camera to work, some are buggy as hell. Just read those forums and make sure it is soemthing you can live without. Personally, I don't want a device that doesn't function at least as well as built. For this reason I have my Droid rooted but it still runs that crappy Motoblur and guess what? The camera works, the GPS works, and I stripped most of the bloatware so the UI isn't laggy. I was trying to uprade ROMs this past January so maybe by now they have finally work the bugs out. Cyanogenmod of any version wasn't fully compatible. I HOPE someone on here can prove me wrong cause I'd love a stripped ROM.

Re:RTFA. by exomondo · 2013-07-02 11:19 · Score: 1

He bought the phone in 2011, before Google completed their purchase of Motorola Mobility, likely before Google even made the offer. Google had nothing to do with putting the spying code into this particular phone.

Correct, but as owners of Motorola Mobility became their responsibility, this information was being sent to Motorola Mobility which has been owned by Google for quite some time, so Google knows about this and continues to allow this privacy violation. You are right that they didn't put it there and they probably (certainly give them the benefit of the doubt) haven't done it since buying Motorola Mobility but that doesn't mean they can ignore the fact that it exists and knowingly allow it to continue.

But where are the pay phones? by tepples · 2013-07-02 12:05 · Score: 1

Having no cell phone would require far more geographic knowledge of where the pay phones are in a given part of town, in case one needs a ride home after the city buses stop running for the night or for the weekend.

Re:But where are the pay phones? by booch · 2013-07-03 07:50 · Score: 1

Easy, just use Google Maps to find the nearest pay phone.
Oh....

--
Software sucks. Open Source sucks less.

QED by Ungrounded+Lightning · 2013-07-02 12:10 · Score: 1

But open source prevents this from happening because the source is constantly being looked at!

No, open source doesn't keep it from happening. Providers can stick any cruft in there that they want.

What it does do is make it much more likely to be discovered when some fool DOES stick it in there. Don't be surprised if you hear about a lot more bad stuff found in open source than you do in closed source, as a result. (At least until the bad guys wise up.) Try to find the malware in Microsoft's stuff, for instance. B-)

(Of course this stuff was found with a packet sniffer before anybody found it in the code. So it's an apples-to-oranges comparison and open/closed source has nothing to do with it.)

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way

Re:I've pretty much had it by farble1670 · 2013-07-02 12:15 · Score: 1

if some douche stores pictures of his GFs ass on picasa and photobucket, then i hope he gets what he deserves.

Sergei and Larry bought their own jet by mbkennel · 2013-07-02 12:28 · Score: 1

I think they used their own money and share it.

That article is utter nonsense by donutello · 2013-07-02 13:18 · Score: 3, Informative

The idfa feature has nothing to do with Apple tracking you. It has everything to do with *others* tracking you - or rather, limiting how others track you.

Prior to iOS6, third party apps would access your devices UDID and use it to track your device. There was no way for a user to disable or limit this. In iOS6, Apple shut that down and forced advertisers to use the idfa instead. The idfa is something you as a user can reset or turn off to limit how advertisers track you. The feature is a pure win for user privacy and anyone who claims otherwise is either a complete idiot or thinks his audience is.

--
Mmmm.. Donuts

Outer Limits O.B.I.T. by deodiaus2 · 2013-07-02 15:35 · Score: 1

http://en.wikipedia.org/wiki/O.B.I.T.

Sad fact all this tells us by ralphaostrander · 2013-07-02 17:56 · Score: 1

Nothing is secure you have to go in with this in mind. There is only secure enough for x.

He was using MotoBlur, so... duh? by thisisauniqueid · 2013-07-02 21:34 · Score: 1

He was using MotoBlur, so... duh?

Re:He was using MotoBlur, so... duh? by Novogrudok · 2013-07-02 23:53 · Score: 1

RTFA : "A clarification I'd like to make (because there seems to be a lot of confusion about this) is that the Droid X2 does not use Motorola's "Blur"/"MotoBlur" user interface."
Duh?

Re:No, US Network Carriers required it by geminidomino · 2013-07-03 00:08 · Score: 1

As HTC pointed out, they were *required* to install it by the US Networks on all phones the network sell, it was found on most other US phones too . I'll call them 'networks' rather than carriers so you don't mix them up.

What color is the sky in your world, that "the US Networks" are a government agency?

There's legitimate paranoia, and there's being a fucking nutter. See that speck in the distance behind you? That's the line.

Re:RTFA. by TheGratefulNet · 2013-07-03 02:47 · Score: 1

lol. good one. wish I had mod points today.

--

--
"It is now safe to switch off your computer."

ADB Connection or Proxy Server? by giannileuani · 2013-07-03 10:13 · Score: 1

I remember a story just like this a year or so ago and there's even a video on YouTube about it with the "creepy conspiracy music" and everything. Now, a very critical question I had about it but of course it wasn't answered... Is he taking screenshots of the ADB Log as he has his phone plugged in? Or is he logging connections from his home router? And yes, this does matter.

192 of 287 comments (clear)