CIQ FOI Request by MuckRock - General Topics

Did a search and only saw repeating questions on removal of CIQ...
From what "looking into" I did this looks legit..
by Michael Morisy on Dec. 12, 2011, 2:30 p.m.
FOI Request: Manuals or Documentation Regarding Accessing Carrier IQ Data (FBI)
A recent FOIA request to the Federal Bureau of Investigation for "manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ" was met with a telling denial. In it, the FBI stated it did have responsive documents - but they were exempt under a provision that covers materials that, if disclosed, might reasonably interfere with an ongoing investigation.
Carrier IQ came under fire after a security researcher demonstrated that the previously little-known company had software installed on a variety of phones on a variety of networks that could track user locations, keystrokes, encrypted Internet traffic and more, some of which was or could be sent back to either the cell phone owner's service provider or Carrier IQ's own servers.
What is still unclear is whether the FBI used Carrier IQ's software in its own investigations, whether it is currently investigating Carrier IQ, or whether it is some combination of both - not unlikely given the recent uproar over the practice coupled with the U.S. intelligence communities reliance on third-party vendors. The response would seem to indicate at least the former, since the request was specifically for documents related directly to accessing and analyzing Carrier IQ data.
I plan to appeal the blanket denial in hopes of answering that question.
Here is the full denial of the request:
Click to expand...
Click to collapse
http://www.muckrock.com/foi/view/un...-regarding-accessing-carrier-iq-data-fbi/947/
http://www.muckrock.com/foi/view/un...rier-iq-data-fbi/947/#273602-rejection-letter
http://www.muckrock.com/static/foia_documents/12-7_mr947.pdf

http://forum.xda-developers.com/showthread.php?t=1367282&highlight=the+ciq+thread

Related

[INFO REQ] Details on CIQ from DEV's

By now anyone who has an Android phone has heard about CarrierIQ, CIQ or IQAgent. Business Wire in London announced on June 8th:
LONDON--(BUSINESS WIRE)--Carrier IQ, today announced availability of a new Application Analytics module that will enable mobile operators and device manufacturers to monitor application performance and usage across multiple mobile device platforms, including tablet devices. Carrier IQ’s technology provides mobile network operators and device manufacturers with invaluable insights into the performance of various devices and networks from the user’s perspective. Carrier IQ’s solution is deployed on over 150 million mobile devices including smartphones, feature phones, data cards, radio-equipped devices, downloadable agents and now tablet devices.
Click to expand...
Click to collapse
For the few who may be scratching their heads wondering what CarrierIQ is...
Steve Topletz, a member of an international group of hackers, human rights workers, lawyers and artists that fights internet censorship and promotes the right to privacy has described it as follows:
Carrier IQ as a platform is designed to collect "metrics" at any
scale. What I found it to hook into is far beyond the scope of
anything a carrier needs - or should want - to be collecting.
Carrier IQ sits in the middle of, and "checks" the data of, SMS and
MMS messages. It listens for and receives every battery change
notifications. It hooks into every web page you view, and every XML
file your device reads. It receives every press of the touch screen.
It 'sees' what you type on the physical keyboard. It reads every
number you press in the dialer. It can track which applications you
use, what 'type' they are, how often, and for how long. It hooks into
data sent and received.
Click to expand...
Click to collapse
Information on CarrierIQ can also be found in the ACS SFR Epic4G ROM discussion thread and a thread I started requesting information from Epic4G Dev's here.
References to CIQ have been found deeply embedded Epic4G
Code:
Provided by chris41g
to be effectively removed you only need to remove it from 4 files. it is referenced elsewhere scattered throughout... but the four main files are
DialerTabActivity.apk
ext.jar
framework.jar
services.jar
then in the kernels initramfs, you have to disable the service in the init.rc
Provided by mkasick
Here's all the files that reference "CIQ", "carrieriq", or "libiq" with instances unrelated to Carrier IQ removed:
/ (initramfs):
- init: /dev/ttyCIQ0 UART, presumably to communicate with radio.
- init.rc: Start iqmsd service if property:service.iq.active=1.
- lib/modules/dpram.ko: Implements ttyCIQ UARTs.
/system:
- app/DialerTabActivity.odex
- app/FactoryTest.odex
- bin/iqmsd
- framework/ext.odex
- framework/framework.odex
- framework/sec_feature.odex
- framework/services.odex
- lib/libiq_client.so
- lib/libiq_service.so
Of these, bin/iqmsd is a purpose-unknown daemon, and libiq_client.so & libiq_service.so the client & service native code. The client & service managed code is implemented in framework/ext.odex & framework/framework.odex respectively.
In addition, the following framework classes reference Carrier IQ in some fashion:
framework/ext.odex:
- org.apache.http.impl.client.DefaultRequestDirector
framework.framework.odex:
- android.inputmethodservice.InputMethodService
- android.net.http.Request
- android.webkit.{BrowserFrame,CallbackProxy,LoadLis tener,WebViewCore}
- com.android.internal.telephony.SMSDispatcher
framework.services.odex:
- com.android.server.BatteryService
- com.android.server.WindowManagerService
- com.android.server.am.UsageStatsService
Finally, libiq_service.so is used exclusively by framework/framework.odex (com.carrieriq.iqagent.client.NativeClient), and libiq_client.so is used by:
- bin/iqmsd
- framework/ext.odex (com.carrieriq.iqagent.service.IQService)
- lib/libopencore_player.so
Makes you wonder what might be in the closed source.
The Android platform, like Linux, is based on openness. I am calling on all Android developers, programmers, hackers and users to band together as a community and come forward with any information you may have on CarrierIQ.
I am asking all those with the knowledge and resources to delve deeper into this issue to please do so and help spread the truth.
For anyone who wishes to contribute confidentially and anonymously please email:
CIQINVESTIGATION @ VERIZON dot NET
Below are some of the most recent statements made by Sprint in response to questions concerning CarrierIQ:
“The software that is in the Android phones is supplied by Google themselves as well as the manufacturer. We (Sprint) has no control over the actual operating system supplied to us such as the Carrier IQ as it is indigenous to the Android platform.”
“Removing the Carrier IQ software from your Samsung Epic device can void your manufacturer warranty.”
“I appreciate you taking the time to speak with me today. I understand your concerns about the Carrier IQ software and how it can access personal information on the device. As discussed on our call, we are committed to protecting our customers personal information.”
Click to expand...
Click to collapse
My questions were directed towards Sprint about CarrieriIQ and the Samsung Galaxy S Epic4G because that is my service and phone. I would love to hear from others on their experiences when questioning their carriers about CarrierIQ on Android phones.
I have contacted CarrierIQ, Inc., Google and Samsung Mobile US requesting comment on the above statements and other direct questions.
I have a quote from a telephone conversation with Samsung technical support that I am hoping to be able to release soon. After receiving the statement in response to a question about CarrierIQ I sought legal advice and was advised to give Samsung Mobile US's PR company, Edelman PR, the opportunity to comment on it prior to making it public.
I received a response yesterday to my questions about the capabilities of CIQ from a group that has disassembled IQAgent & CarrierIQ.
We have actually disassembled IQAgent/carrierIQ and captured its behavior to find exactly what it is sending back to sprint on the samsung optimus phone. The information we found it to collect was basic, such as cell towers, signal strengths, device battery. Nothing alarming on that phone, but Sprint could send a remote update to enable the surveillance features without the owner being aware.
Now while the above statement is about the Optimus, I was able to confirm through another source that IQAgent & CarrierIQ data collection and transmission capabilities are basically set the same across all Sprint Android offerings. (exception Nexus S)
Click to expand...
Click to collapse
Lets recap
IQAgent & CarrierIQ run as a backgroud service on boot.
CarrierIQ logging is set to OFF
CarrierIQ is collecting data and transmitting it on the fly without logging it.
The data CarrierIQ is collecting is basic metrics.
The surveillance capabilities of CarrierIQ can be activated through remote update running in the background at any time by Sprint.
hmmmmmm very interesting.
I am actually quite surprised by the apathy of Android users and consumers in general when it comes to privacy and protecting their personal information.
In just a few months this software has gone from 90 Million installations to over 150 Million across multiple smartphones, feature phones, tablets, etc...
Your next phone will most likely have CarrierIQ or a similarly capable software installed on it unless we make our voices heard now.

[GUIDE] Some incredibly simple things to protect YOUR PRIVACY!

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The term "privacy" means many things in different contexts. Different people, cultures, and nations have a wide variety of expectations about how much privacy a person is entitled to or what constitutes an invasion of privacy. Information or data privacy refers to the evolving relationship between technology and the legal right to, or public expectation of, privacy in the collection and sharing of data about one's self. Privacy concerns exist wherever uniquely identifiable data relating to a person or persons are collected and stored, in digital form or otherwise. In some cases these concerns refer to how data is collected, stored, and associated. In other cases the issue is who is given access to information. Other issues include whether an individual has any ownership rights to data about them, and/or the right to view, verify, and challenge that information.
This post does not intend to address the many definitions of privacy or the many technical means of protecting and invading one's privacy. There are already many posts addressing this aspect and brief search can turn up lots of answers for you.
This post is only intended to help the least technically savvy among us in maintaining some small amount of data security and privacy without getting very technical about things. It was derived from many diverse sources on basic privacy.
Note that I do NOT have a DONATE button anywhere.
I am not looking for donations.
If you feel that you should donate something, by all means,
send it to your favorite XDA developer and/or XDA itself!
And don't be shy about the
button for the many posters who were of help to you!
Recently, a friend handed me his phone and asked me to take a picture. “What’s the password?” I asked. “I don’t have one,” he said. I think I must have had a puzzled look on my face as, I suppose, I tend to grimace when someone I know tells me they’re choosing not to take one of the very simplest steps for privacy protection, allowing anyone to look through their phone with the greatest of ease, to see whichever messages, photos, and sensitive apps they please.
So, this post is for you, big guy with no password on your Galaxy/iPhone/Nexus/whatever, and for you, girl who stays signed into GMail on your boyfriend’s computer, and for you, person walking down the street having a loud conversation on your mobile phone about your recent doctor’s visit of that odd ailment you have. These are the really, really simple things you could be doing to keep casual intruders from invading your privacy.
1 Password protect your phone! It is one of the simplest things you can do to most devices (smartphones, tablets, etc.) with the least amount of effort. Many people tell me it is “annoying” to take the two seconds to type in a password each time before using the phone. Gimme a break, everyone!. Choosing not to password protect these devices is the digital equivalent of leaving your home or car unlocked. If you’re lucky, no one will take advantage of you. Or maybe the contents will be ravaged and your favorite speakers and/or secrets stolen. If you’re not paranoid enough, spend some time reading entries in Reddit, where many Internet users go to discuss issues of the heart. A good percentage of the entries start, “I know I shouldn't have, but I peeked at my gf’s phone and read her text messages, and…” Oh, and before you pick a password like "123456" or "password" do yourself a big favor and visit the Worst passwords of all time web page! No laughing allowed!
2 Turn on 2-step authentication in GMail (that is, if you use GMail, of course). The biggest conclusion you can derive from the epic hack of Wired’s Mat Honan is that it probably wouldn't have happened if he’d turned on “2-step verification” in GMail. This simple little step turns your device into a security fob — in order for your GMail account to be accessed from a new device, a person (you?) needs a code that’s sent to your phone. This means that even if someone gets your password somehow, they won’t be able to use it to sign into your account from a strange computer. (How it works - video) Google says that millions of people use this tool, and that “thousands more enroll each day.” Be one of those people! Yes, it can be annoying if your phone battery dies or if you’re traveling. Of course, you can temporarily turn it off when you’re going to be abroad or phone-less. Alternately, you can leave it permanently turned off, and increase your risk of getting epically hacked. Which do you like better?
3 Put a Google Alert on your name! This is an incredibly easy way to stay on top of what’s being said about you online. It takes less than a minute to do. Go here: http://www.google.com/alerts; anyone can do it easily. Google Alerts are email updates of the latest relevant Google results (web, news, etc.) based on your queries. Enter your name, and variations of your name, with quotation marks around it. Boom. You’re done. Now, that wasn't too tough, was it? I didn't think so. :-]
4 Sign out of your Facebook / Twitter / GMail / etc. account! Do it each time you are done with your emailing, social networking, tweeting, and other forms of general time-wasting. Not only will this reduce the amount of tracking of you as you surf the Web, this also prevents someone who later sits down at your computer from loading one of these up and getting snoopy. This becomes much more important when you’re using someone else’s or a public computer. Yes, people actually forget to do this, with terrible outcomes. Incidentally, if you have the Chrome browser on your PC and you use “incognito” (Ctrl Shift N) or Internet Explorer and you use “InPrivate” (Ctrl Shift P) you will automatically be logged out when you close the window, and no cookies or passwords will be stored. Pretty cool, right?
5 Don’t give out your email address, phone number, or zip code when asked. Hey, if some scary (or weird) looking dude in a bar asked for your phone number, you'd say no, wouldn't you? But when the person asking is a uniform-wearing employee at a local store, many people hand over their digits without hesitation. Stores often use this info to help profile you and your purchase. Yes, you can say no. If you feel badly about it, just pretend the employee is that scary looking dude!
6 Change Your Facebook settings to “Friends Only.” I really thought that by now, with the many Facebook privacy stories which have been published, everyone would have their accounts locked down and boarded up like a cheap Florida house before a hurricane. Not so. There are still lots and lots of people on Facebook who are as exposed on the internet as Katy Perry at that water park. Go to your Facebook privacy settings and make sure the “default privacy” setting isn't set to "public"! If it’s set to “Custom” make sure you know and understand any “Networks” you’re sharing with.
7 Use unique passwords for every site you go to. This sounds really difficult but - surprise - it is quite simple! Password managers come in many sizes and flavors these days. They will generate complex passwords and remember them for you. Protect yourself against phishing scams, online fraud, and malware. Many of these apps have versions you can use on your computer as well as on your tablet and phone. Some are free and some cost money. Your choice. Here, let me show you how simple it is to find a bunch of them: http://bit.ly/V4xehO! As I said, there are many - the one I use is this one here.
8 Clear your browser history and cookies on a regular basis. Do you remember the last time you did that? If you just shrugged, consider changing your browser settings so it is automatically cleared every session. Go to the “privacy” setting in your Browser’s “Options.” Tell it to “never remember your history.” This will reduce the amount you’re tracked online. Consider one of the several browser add-ons, like TACO, to further reduce tracking of your online behavior.
9 Read the posted privacy policy. Boring, isn't it? Every web site has one and likely for a good reason. Have you ever seen the XDA Privacy Policy? Yup, that's just what I thought!
In conclusion, here's one from the Wall Street Journal's Law Blog.
As I said, this is not a technical article but it may make you think if it does the job right.
Sixth Circuit: No Expectation of Privacy in Cell Phone GPS Data
Drug dealers, beware. Your pay-as-you-go phones probably have GPS. And, according to a federal appeals court in Cincinnati, police can track the signal they emit without a warrant.
The U.S. Court of Appeals for the Sixth Circuit ruled that the Drug Enforcement Administration committed no Fourth Amendment violation in using a drug runner’s cellphone data to track his whereabouts. The DEA obtained a court order to track Melvin Skinner’s phone, after finding his number in the course of an investigation of a large-scale drug trafficking operation.
The DEA didn’t know much about Mr. Skinner or what he looked like. They knew him as Big Foot, the drug mule, and they suspected he was communicating with the leader of the trafficking operation via a secret phone that had been registered under a false name. Agents used the GPS data from his throw-away phone to track him, and he was arrested in 2006 at a rest stop near Abilene, Texas, with a motorhome filled with more than 1,100 pounds of marijuana.
Mr. Skinner was convicted of drug trafficking and conspiracy to commit money laundering. On appeal, he argued that the data emitted from his cell phone couldn’t be used because the DEA failed to obtain a warrant for it, in violation of the Fourth Amendment.
The question in the case was whether Mr. Skinner had a reasonable expectation of privacy in the data his phone emitted. It’s a question that several courts are wrestling with. Federal law enforcement authorities, as in this case, say that investigators don’t need search warrants to gather such information.
Justice Department lawyers argued in a court brief that “a suspect’s presence in a publicly observable place is not information subject to Fourth Amendment protection.”
Judge John M. Rogers, writing for the majority, agreed:
There is no Fourth Amendment violation because Skinner did not have a reasonable expectation of privacy in the data given off by his voluntarily procured pay-as-you-go cell phone. If a tool used to transport contraband gives off a signal that can be tracked for location, certainly the police can track the signal. The law cannot be that a criminal is entitled to rely on the expected untrackability of his tools. Otherwise, dogs could not be used to track a fugitive if the fugitive did not know that the dog hounds had his scent. A getaway car could not be identified and followed based on the license plate number if the driver reasonably thought he had gotten away unseen. The recent nature of cell phone location technology does not change this. If it did, then technology would help criminals but not the police.
He was joined by Judge Eric L. Clay. Judge Bernice B. Donald, who concurred but disagreed with the majority’s Fourth Amendment reasoning, said the DEA couldn’t have figured out the identity of Mr. Skinner, the make and model of his vehicle or the route he would be driving without the GPS data from his phone.
“It is not accurate…to say that police in this case acquired only information that they could have otherwise seen with the naked eye,” she wrote. “While it is true that visual observation of Skinner was possible by any member of the public, the public would first have to know that it was Skinner they ought to observe.”
A lawyer for Mr. Skinner didn’t immediately respond to a request for comment.​
Comments? Suggestions? Ideas? They are all welcome.
Flame wars (relating to privacy or otherwise) are not. :-]
[GUIDE] Some incredibly simple things to protect YOUR PRIVACY - Part 2
Cameras on smart phones, getting better with each generation of new devices, allow people to take pictures or videos on the go and transmit these images by e-mail or post them to the Web. With phone in hand, unexpected sightings of celebrities can be snared with a flick of the wrist (turning the celled into the 'snaparazzi'), as can chance encounters with pretty girls or gorgeous sunsets. Their impact can be great for both good and evil.
Not too long ago two men lit themselves on fire in protest. But only one of them is credited with starting a revolution.
The difference between the two? Mobile phones recorded Mohamed Bouazizi, a Tunisian fruit vendor, as he set himself ablaze in despair over his economic plight. Those videos kicked off the wave of 2011 Arab Spring demonstrations.
Abdesslem Trimech, the other man, fell into relative obscurity. (Source: The Mobile Wave: How Mobile Intelligence Will Change Everything by Michael Saylor)
Back in 2005, a retail fraud investigator for one of the larger chain stores said that while he was still unable to capture a usable image of a credit card from even the then newer camera phones, he has been able to grab readable images of all account and routing info from the personal checks customers have produced at the checkout. Check writers, he says, have a tendency to "lay out" their check books on the writing counter at the registers and keep them stationary enough to obtain a clear image of all the personal information printed on the check. He has also tested this theory with camera-equipped palm tops and has found that with the adjustable resolution he has been able to get a pretty clear picture, with zoom, from a reasonable distance away (3-5 feet). So at this point in time, as phone cameras get better and better, your credit card might still be secure but your personal check might not be.
So, what personal information does your mobile phone reveal about you? Do you know? Do you care?
It seems that many people are slowly becoming more aware of the pitfalls and the mobile-privacy concerns.
According to reports, 54% of cell phone users in the U.S. have decided not to install an app once they discovered how much of their personal information it would access. (The amount of sensitive info an app can access typically is indicated by the "permissions" the app requests, listed on its information page.)
Also, nearly one-third of mobile app users report uninstalling an app from their phone because they learned it was collecting personal information they didn't wish to share.
We need to first be aware and also be willing to actively take steps in order to protect our own privacy. Children of all ages need to be carefully taught as well.
Okay, but what about students? Do students have an expectation of privacy on their cell phones while at school?
The short answer to this in the U.S. is a qualified yes. Whether educators have the authority to search the contents of student cell phones depends on a lot of factors. The key issue in this is the standard of reasonableness. According to New Jersey v. T.L.O (1985) students are protected by the Fourth Amendment to the U.S. Constitution which protects citizens against unreasonable searches and seizures. In T.L.O., the Supreme Court goes on to say that the standard that law enforcement officers must reach to conduct a search (probable cause that a crime has been committed), is not required of educators. In general, the standard applied to school officials is whether the search is “justified at its inception and reasonable in scope.” (See When can educators search student cell phones)
What information should children be taught NEVER to reveal?
The suggestions depend on their age. Common 'wisdom' suggests the following:
Elementary School Kids should NEVER share (their own or another’s):
Age
Full Name
Address
Phone Number
Name of School
Password Information
Images (with possible exception depending on parental involvement)
Middle School Kids should NEVER share (their own or another’s):
Age
Full Name
Address
Phone Number
Name of School
Password Information (even to friends)
Most Images (At this age, kids get into social networking and will be sharing images via cell phones and digital cameras. Parents should focus on limiting the images their children share online)
High School Kids should NEVER share (their own or another’s):
Address
Phone Number
Password Information (even to friends)
Offensive or Sexually Suggestive Images or Messages
If you managed to get this far there must have been something that concerned you.
Congratulations! Learning more about privacy is the first step.
Here's one more little trick you might try since you spent all the time getting here. :highfive:
Want to have an unlisted phone but would not like to have to pay monthly for it? Ask your phone company to replace your last name with another name - your grandmother’s maiden name or something that you never use. This will cost a few dollars, but works very well. Many phone companies will do this for you. No monthly fees for having your number unlisted and as soon as you hear someone calling you Mr. {your grandmother’s maiden name}, you can either block the number or request to be put on the company’s Do Not Call List or <fill in the blank of your choice>. Note that Caller ID takes its information from the phone book, so you will be identified as Mr. {your grandmother’s maiden name} on Caller ID units of people you call unless you turn this feature off.
Another helpful addition to the listing (available in some areas) is: "(data line)", meaning that the phone number is connected to a fax or computer and not to a live person. Check with your local company if this option is available.
Some time ago, in a concerted effort, multiple ACLU affiliates filed a total of 381 Freedom of Information Act (FoIA) requests in 32 states, asking local law enforcement agencies to disclose how they are using mobile phone location data.
The FoIA request in North Carolina struck gold: a copy of an official Department of Justice flyer, dated August 2010 that explains exactly what data is retained by Verizon Wireless, T-Mobile, AT&T, Sprint, and Sprint division Nextel. There's an enhanced copy on the ACLU website.
The eye-openers:
All of the mobile phone companies keep details about the location of cell towers used by every phone, for a year or longer.
All of the mobile phone companies keep records about voice calls and text messages received and sent for a year or longer. Verizon stores the contents of every text message for three to five days. (The others don't keep the text.)
IP session information -- tying your phone to an IP address -- is kept for a year by Verizon and 60 days on Sprint and Nextel.
IP destination information -- which IP addresses you connected to -- is stored for 90 days at Verizon and 60 days on Sprint and Nextel.
The ACLU is gathering information on what steps local police have to go through in order to acquire that stored data: warrants, formal requests, emergencies, possibly even informal procedures. They're also trying to figure out how law enforcement agencies share the data and how long it is retained.
There doesn't appear to be any sort of uniform nationwide policy or widespread judicial precedent.
The ACLU is also looking at law enforcement requests to "identify all of the cell phones at a particular location" and "systems whereby law enforcement agents are notified whenever a cell phone comes within a specific geographic area."
If you have been concerned about privacy and location data being leaked sporadically on your iOS or Android or Windows Phone device it seems you have been looking at very, very small potatoes!​
Comments? Suggestions? Ideas? They are all welcome.
Flame wars (relating to privacy or otherwise) are not. :-]
[ Another place holder ]
[GUIDE] Some Incredibly Simple Things To Protect Your Privacy!
If you find this thread helpful then do not forget to
Rate: *****
Submit thread as News Tip
If you find a particular post is helpful, please click on the Thanks button
If you are using XDA App or Tapatalk, long press on the post and select :good: Thanks
Thanks ny_limited - I just did all these!
Cheers
Tom
Szczepanik said:
If you find this thread helpful then do not forget to
Rate: *****
Submit thread as News Tip
If you find a particular post is helpful, please click on the Thanks button
If you are using XDA App or Tapatalk, long press on the post and select :good: Thanks
Thanks ny_limited - I just did all these!
Cheers
Tom
Click to expand...
Click to collapse
Appreciate the kind works, Tom, but.. This thread is for the non-technical ones among us. I suspect you are more technical than I am thus you hardly qualify to be here.
Thanks for the tips.
For extra protection, there's quite a few security apps on the market that will lock whatever information sensitive apps you want locked, usually with the same security options that your phone offers i.e. Password, PIN, pattern etc.
Just search "app lock" in the play store, for those interested.
--> dominating your screen from my t-mobile gs3, powered by: FreeGS3 R7 "Resurrection"
Complacency is one thing that most if not all internet/mobile/computing user have. I always advocate "Do not remember my password" while browsing from any form of medium to my friends. You never know when you will get compromised. Just leave your computer for a moment, your friend with malicious intent can extract all your private information with a simple and obtainable usb trick..
Even the thing most personal to me, my mobile phone, has no sites on "Log me in always" checked.
I hope websites would leave the box unchecked, as sites I visit always encourage user to have that option enabled. E.g. Ebay, Facebook..
Post # 2 has been updated just in case you need more reading material.
ny_limited said:
Post # 2 has been updated just in case you need more reading material.
Click to expand...
Click to collapse
like 1 better :good:
coohdeh said:
like 1 better :good:
Click to expand...
Click to collapse
Agreed. I guess I really didn't need the 3rd placeholder after all.
---
Spes in virtute est. (via XDA app)
This article is just over a year old but still makes good reading if you haven't seen it yet.
Few people would willingly carry around a device that tracks their movements, records their conversations, and keeps tabs on all the people they talk to. But, according to documents recently released by the American Civil Liberties Union, cell phone companies are doing all of that -- and may be passing the information on to law enforcement agencies.
"Retention Periods of Major Cellular Service Providers," an August 2010 document produced by the Department of Justice, outlines the types of information collected by various cell phone companies, as well as the amount of time that they retain it. On some levels, this is reassuring: Verizon (VZ) is the only company that holds on to text message content, and they erase it after 3-5 days. However, text message details -- the information about who you text with -- is retained for a minimum of a year, with some companies keeping it for up to seven years. In other words, that little back-and-forth you had with Bernie Madoff back in 2007 will be on the books until 2014.
Complete article is here
Click to expand...
Click to collapse
The privacy buck stops with the user
Yes, those terms of service are annoying. They're usually too complicated and too long, and users who want a certain mobile app will be inclined to click 'next' without actually reading the fine print, even if they're worried about what rights they're signing away. Still, "cellphone users need to take responsibility for their own data," maintains Steve Durbin, global VP of the Information Security Forum.
Click to expand...
Click to collapse
​
Cellphone and smartphone users have a love-hate relationship with mobile apps. While they love the functionality and enhanced user experience they bring to the table, clearly many hate the perceived privacy intrusions, suggests a newly released report from the Pew Internet & American Life Project.
More than half -- 54 percent -- of app users surveyed decided against installing a cellphone app when they discovered how much personal information they would need to share in order to use it. Thirty percent uninstalled an app that was already on their cellphone because they learned it was collecting personal information that they didn't wish to share.
Many cellphone users take additional steps to protect the personal data on their mobile devices, including backing up photos, contacts and other files -- tasks performed by 41 percent of those surveyed. Some 32 percent have cleared the browsing or search histories on their phone, and 19 percent have turned off the location-tracking feature due to privacy concerns.
Finally, 12 percent of cell owners say that another person has accessed their phone's contents in a way that made them feel that their privacy had been invaded.
The complete article was written by Erika Morphy and published in the E-Commerce Times in September.
i just know that you can monitor the keywords via google alerts
some useful information here. Thanks a lot!
More cell phone privacy notes
Police Searches of Cell Phones
You may have a legitimate expectation of privacy of the information stored in your cell phone, and so a search warrant may be needed before a police officer can look at your phone's data. However, an officer has the authority to search a cell phone when the search is "incident to an arrest." The search is deemed similar to an officer that searches a closed container on or near a person that he's arresting.
Traditional search warrant exceptions apply to the search of cell phones. Where the accessing of memory is a valid search incident to arrest, the court need not decide whether exigent circumstances also justify the officer's retrieval of the numbers from your cell phone. Police officers are not limited to search only for weapons or instruments of escape on the person being arrested. Rather, they may also, without any additional justification, look for evidence of the arrestee's crime on his person in order to preserve it for use at trial.
Illegally Intercepted Communications
Most people would think that public broadcasting of an illegally intercepted cell phone conversation would be illegal. Well, the US Supreme Court has found that (U.S.) the First Amendment allows an illegally intercepted cell phone conversation to be shared with others when the conversation involves matters of significant public interest. The lesson here is to be careful because technology has increased the chances that your cell phone conversations are being recorded and could be made public or used against you.
Cell Phone GPS Tracking
Although there are many advantages to cell phone GPS tracking, there are also privacy concerns. As most people carry their cell phone with them at all times, the ability is in place to track the exact movements of all individuals. Cell phone GPS could prove useful in saving lives during emergencies.
For these reasons the (U.S.) Federal Communications Commission (FCC) requires wireless network providers to give the cell phone GPS tracking location information for 911 calls that have been made from cell phones. This is known as E911. The law on E911 is fairly explicit. It allows carriers to provide tracking location information to third parties for E911 emergency calls only, however not under any other circumstances whatsoever without the consent of the cell phone owner. Recent court hearings have disallowed the requests of law enforcement agencies to obtain cell phone GPS tracking information from the cell phone companies for suspects in criminal investigations.
The complete article was written and published on Lawyers.com.
Instagram says it now has the right to sell your photos
Instagram said today that it has the perpetual right to sell users' photographs without payment or notification, a dramatic policy shift that quickly sparked a public outcry.
The new intellectual property policy, which takes effect on January 16, comes three months after Facebook completed its acquisition of the popular photo-sharing site. Unless Instagram users delete their accounts before the January deadline, they cannot opt out.
Under the new policy, Facebook claims the perpetual right to license all public Instagram photos to companies or any other organization, including for advertising purposes, which would effectively transform the Web site into the world's largest stock photo agency. One irked Twitter user quipped that "Instagram is now the new iStockPhoto, except they won't have to pay you anything to use your images."
"It's asking people to agree to unspecified future commercial use of their photos," says Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation. "That makes it challenging for someone to give informed consent to that deal."
The complete article is written by Declan McCullagh and published in c|net.
Thanks to FameWolf for the link!
Horrible Autoplay Video Ads Are Coming to Facebook
Facebook will unveil a new video ad product that will auto-play commercials upon arrival, executives told AdWeek's Jason del Ray. This most annoying addition, which will allow advertisers a chance to slap unsolicited videos all over the Facebook news feed, is expected to launch by April 2013, the sources say. And, to reiterate, yes, these will be the same variant of videos that pollute the ESPN.com homepage — the ones that start without you asking them to.
Facebook, which has been trying just about every kind of new ad it can this year, has not yet decided if these commercials will automatically play with or without sound. But in either case, you can bet they'll be a pain — and you can expect plenty of frustrated users. On the desktop version of Facebook, the vids will expand "out of the news feed into webpage real estate in both the left and right columns -- or rails -- of the screen," explains del Ray. Meaning: they will be everywhere. Also, for people who use a million tabs on older computers, imagine a ton of video playing over and over: slow-load city. Add a little audio in the mix and we can already see the confused masses looking for that one tab with the unwanted sound coming out of it. Oh, yeah, this is a really great idea, Facebook. As if you weren't full of those this week already.
The complete article is written by Rebecca Greenfield, published in The Atlatic Wire
ny_limited said:
Instagram said today that it has the perpetual right to sell users' photographs without payment or notification, a dramatic policy shift that quickly sparked a public outcry.
The new intellectual property policy, which takes effect on January 16, comes three months after Facebook completed its acquisition of the popular photo-sharing site. Unless Instagram users delete their accounts before the January deadline, they cannot opt out.
Under the new policy, Facebook claims the perpetual right to license all public Instagram photos to companies or any other organization, including for advertising purposes, which would effectively transform the Web site into the world's largest stock photo agency. One irked Twitter user quipped that "Instagram is now the new iStockPhoto, except they won't have to pay you anything to use your images."
"It's asking people to agree to unspecified future commercial use of their photos," says Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation. "That makes it challenging for someone to give informed consent to that deal."
The complete article is written by Declan McCullagh and published in c|net.
Thanks to FameWolf for the link!
Click to expand...
Click to collapse
Instagram has backed off the language in its new privacy and terms of service policies that set off a significant firestorm online. Instagram cofounder Kevin Systrom posted on the company’s blog under the title “Thank you, and we’re listening”. Whether you believe him or not you can read more about it at Forbes.
Happy New Year, everyone!
Enjoy the festivities!
Will see you all next year!
New 2013 CA laws affect online privacy, homeowners, schools
From protecting your online privacy to party buses, there are 750 new California (USA) laws taking effect in 2013.
The complete KABC-TV (Los Angeles) article of January 1, 2013 can be found here.
[USA] New laws keep employers out of worker social media accounts
Employers in Illinois and California cannot ask for usernames and passwords to the personal social media accounts of employees and job seekers under laws that took effect on Jan. 1.
Illinois Gov. Patrick Quinn in August signed legislation amending the State's 'Right to Privacy in the Workplace Act.'
California Gov. Jerry Brown signed legislation adding the prohibitions to the State's Labor Code in September.
The two states join Maryland, Michigan, New Jersey and Delaware in implementing such privacy laws.
Full ComputerWorld article: http://bit.ly/118L2tM

{Official} Net neutrality for India! We will make trai aware of our rights.

This message is only for people who live or vote in India. If you are not such a person, please forward it to someone who is.
What is net neutrality?
The principle that all traffic on internet should be treated the same.
No site will be sped up.
No website will be slowed down (throttling).
----------
So what's happening now?
TRAI consultation paper (open to comments till April 24) is the first step in potentially allowing operators to discriminate internet traffic.
----------
How does this impact me?
1. Your internet bill could go up.
2. Apps you love may no longer work.
ISPs and Telcos could charge you more. When you buy a 1 Gb data pack, you can use it for anything you wish. Without neutrality, you could be forced to buy a Skype pack for Skype calls, a video pack to watch YouTube and dailymotion.
Or you could be charged a different rate for each service. 4p/10 KB if you are browsing, but 10p/10 KB for VoIP calls. That would be like your milkman telling you 30 Rs/L if you make tea, but 75 Rs/L if you make milkshake.
You could be denied service as well. Telcos could decide that WhatsApp or Viber is eating into their sms revenue and block them completely.
Or Airtel could block gaana, saavn, hungama, rdio etc and allow access only to wynk (owned by airtel)
----------
Hmm.. I want to know more.
Sure follow the links here:
Well written article: http://www.firstpost.com/politics/b...trai-trying-screw-internet-users-2193321.html
A video explanation: https://m.youtube.com/watch?v=_G-OagxdCws
Another cool video: https://m.youtube.com/watch?v=mfY1NKrzqi0
Another video: https://youtu.be/uQjkCziopLA
Take some Action: http://www.savetheinternet.in/
----------
OK. Got it. What can I do?
Let TRAI know that you hate this idea. Go to http://www.savetheinternet.in/ and follow the instructions to email TRAI letting them know of your displeasure.
----------
Anything else I can do?
Yes. Inform family and friends about net neutrality and TRAI's attempts to kill it (under pressure from telcos probably).
You can also protest on https://www.change.org/p/rsprasad-t...e-how-they-want-to-use-internet-netneutrality
Contact your mp today http://j.mp/MailMyMP if there is no net neutrality, we will have to pay to use WhatsApp, Facebook, hike, Google, YouTube, etc.
Hashtag revolution #NetNeutralityIndia , #SaveTheInternet , #wewantnetneutrality and #TRAIDontevenTry
---------
Why do we need net neutrality?
India is a developing country. If there is no net neutrality, we cant develop ourselves.
Poor people; instead of getting onto the internet would stop using it completely as they wont be able to pay
Answers to those 20 questions (thanks to savetheinternet.in)
To the Chairman, TRAIThank you for giving me this opportunity to share my views on the consultation paper published by TRAI on March 27, 2015 titled "Regulatory Framework For Over-the-Top (OTT) Services”. I am worried that this consultation paper makes sweeping assumptions about the Internet, and does not take a neutral and balanced view of the subject of Internet Licensing and Net Neutrality. Any public consultation must be approached in a neutral manner by the regulator, so that people can form an informed opinion.I strongly support an open internet, for which I believe it is critical to uphold net neutrality and reject any moves towards licensing of Internet applications and Web services. I urge TRAI to commit to outlining measures to protect and advance net neutrality for all Indians. Net neutrality requires that the Internet be maintained as an open platform, on which network providers treat all content, applications and services equally, without discrimination. The TRAI must give importance to safeguarding the interests of our country’s citizens and the national objective of Digital India and Make In India, over claims made by some corporate interests.I request that my response be published on the TRAI website alongside other comments filed, in line with past practice regarding public consultations. I urge that TRAI issue a specific response to user submissions after examining the concerns raised by them, and hold open house discussions across India, accessible to users and startups before making any recommendations.
Question 1: Is it too early to establish a regulatory framework for Internet/OTT services, since internet penetration is still evolving, access speeds are generally low and there is limited coverage of high-speed broadband in the country? Or, should some beginning be made now with a regulatory framework that could be adapted to changes in the future? Please comment with justifications.
No new regulatory framework in the telecom sector is required for Internet services and apps - and no such regulation should come into effect in future either.This question incorrectly presumes that regulation of the Internet is absent and there is a need to create it. Additionally, the technical language of “Over-the-Top” applications used in the consultation paper fails to convey that it is truly referring to the online services and applications which make today’s Internet which we all use; Facebook, Ola, Zomato, Paytm, WhatsApp, Zoho and Skype etc. The Internet is already subject to existing law in India - any extra regulatory or licensing regime will only be detrimental to the customer and to Indian firms developing online services and apps.Under the current regulatory framework, users can access the internet-based services and apps either for a low fee or for free where the application owners make money by selling advertisements based on user data. With additional regulations and licenses, it will make it expensive for these services to reach out to their customers eventually leading to higher prices and undesirable levels of advertising - which is against the public interest and counterproductive.It appears that the telecom companies are shifting goalposts. Many telecom companies have earlier argued in the consultation paper floated by TRAI on mobile value added services (MVAS) that it was not necessary to regulate these value added services. They said MVAS are already governed by general laws under the Indian legal system and comply with the security interests as they operate on the networks of legitimate telecom license holders. Internet platforms also are regulated and governed by general laws in addition to specialised laws such as the Information Technology Act, and the same treatment should be extended to them as well.As TRAI said previously in its recommendations after consulting on MVAS regulation:“The Authority preferred least intrusive and minimal regulatory framework and thus no separate category of licence for value added services is envisaged. After second round of consultations, the Authority is also not favoring registration of Value Added Service Providers (VASPs) or content aggregators under the “Other Service Provider (OSP)” category.”“Content shall be subject to relevant content regulation and compliance of prevailing copyrights including digital management rights and other laws on the subject (para 3.12.2). The content is subjected to content regulation/ guidelines of Ministry of Information and Broadcasting, Information Technology Act, 2000, Cable Television Networks (Regulation) Act, 1995, Indian Copyright Act etc., as amended from time to time. The content regulation shall be as per law in force from time to time. There should be consistency in the treatment of content across all kinds of media including print, digital/multimedia to avoid any discrimination. (para 3.13.3):”
Imposing a licensing and regulation regime carry significant risks of destroying innovation. Launching new services and features will take more time and will make it difficult for new startups with low cash reserves to enter the market. It will basically ring the death knell for the country's fast-growing digital media sector.
Question 2: Should the Internet/OTT players offering communication services (voice, messaging and video call services through applications (resident either in the country or outside) be brought under the licensing regime? Please comment with justifications.
Firstly, there is no need for licensing of internet based communication service providers. To suggest such a move further points towards the TRAI consultation being tilted in favour of telecom operators.
Secondly, fundamentally both Internet-based communication services and non-communication services are the same. They sit on top of the network provided by telecom operators. And the spectrum that telecom operators utilise to offer this network on pipe is already licensed, hence there is no need for additional licensing.
This issue also needs to be looked at from another perspective. Many non-communication services on the Internet also offer real-time chat or video interaction features for the benefit of customers, which will be affected by bringing such services under a licensing regime.
The extent of innovation we have witnessed over the years has been greatly aided by the low cost of entry. Any form of regulation or licensing will increase the entry cost, thereby hindering innovation and equal opportunity to startups to establish themselves in the market. Behind every Zoho, WhatsApp and Skype there are numerous failures. Licensing will essentially increase the cost and likelihood of failure - and greatly discourage innovation.
Question 3: Is the growth of Internet/OTT impacting the traditional revenue stream of Telecom operators/Telecom operators? If so, is the increase in data revenues of the Telecom Operators sufficient to compensate for this impact? Please comment with reasons.
There is no evidence of data revenues cannibalizing revenues from voice or SMS. In fact, data usage is soaring and it is driving the demand for telecom networks.
The question fails to acknowledge that revenue from data services also fall under the traditional revenue streams category as per the Unified Access License Agreement
[http://www.dot.gov.in/access-services/introduction-unified-access-servicescellular-mobile-services]. So, to assume that data services are impacting the growth of “traditional revenue streams” is wrong.
Services such as Skype and WhatsApp have specific use cases. They are not, and should not be, considered as substitutes to voice calling or SMS. For instance, calls made using VoIP don’t have the same clarity that we have on voice calls. Moreover, services such as WhatsApp are used for real-time chatting as opposed to SMS. Voice and SMS have their own benefits and use cases, so do VoIP and internet messaging. Customers should be free to pick and choose among these.
There is still no concrete evidence suggesting that the decline in the revenues from messaging and voice calling is due to the growth of revenues from data services, and statements from experts and industry experts appear to in fact point to there being no cannibalization of revenues.
Gopal Vittal, CEO, Airtel
“There is still no evidence that suggests that there is cannibalization,” he said when asked about whether data is cannibalizing Airtel’s voice business. On internet messaging cannibalizing SMS revenues, he said: “At this point in time is very, very tiny. And so it is not really material as we look at it.”
[http://www.medianama.com/2015/02/22...tion-of-voice-airtel-india-ceo-gopal-vittal/]
Vittorio Colao, CEO, Vodafone
“Growth in India has accelerated again (October-December), driven by data” [http://computer.financialexpress.com/columns/india-high-on-3g/9462/]
The company’s India unit grew by 15%, going past its counterparts during the quarter ending December as customers used its data services. [http://articles.economictimes.india...ervice-revenue-vittorio-colao-vodafone-india]
Question 4: Should the Internet/OTT players pay for use of the Telecom Operators network over and above data charges paid by consumers? If yes, what pricing options can be adopted? Could such options include prices based on bandwidth consumption? Can prices be used as a means of product/service differentiation? Please comment with justifications.
Internet-based services and apps don’t pay for telecom operators for using the network, and it should remain the same going forward. Forcing Internet-based services to pay extra for using a particular network negatively impact consumers and harm the Indian digital ecosystem. As mentioned in the above answer, data revenues of Indian telecom operators is already on an upswing and is slated to increase rapidly over the next few years, hence the argument for creating a new revenue source is not justified.
Charging users extra for specific apps or services will overburden them, which in turn will lead to them not using the services at all. It is also akin to breaking up the Internet into pieces, which is fundamentally against what Net Neutrality stands for. Also, the Internet depends on interconnectivity and the users being able to have seamless experience - differential pricing will destroy the very basic tenets of the Internet.
Question 5: Do you agree that imbalances exist in the regulatory environment in the operation of Internet/OTT players? If so, what should be the framework to address these issues? How can the prevailing laws and regulations be applied to Internet/OTT players (who operate in the virtual world) and compliance enforced? What could be the impact on the economy? Please comment with justifications.
There is no regulatory imbalance in the environment in which the internet services and applications operate. In fact, the word “regulatory imbalance” is incorrect here. Telecom operators holds licenses to spectrum which is a public resource. Internet services and applications don’t have to acquire licenses. Moreover, there is a clear distinction between services provided by telecom operators and internet platforms—so no additional regulation is required.
Also, internet services and applications are already well-covered under the Information Technology Act, 2000 and Indian Penal Code, 1860. More importantly, internet services are intermediaries that allow a communication system for their users—and intermediaries cannot be held responsible for the acts of their users as per Section 79 of the IT Act, 2000. Our Supreme Court has recently ruled on this area in the Shreya Singhal versus Union of India case, holding that Internet content is protected by our Constitution’s right to free expression and setting out the acceptable limits for government regulation.
Question 6: How should the security concerns be addressed with regard to OTT players providing communication services? What security conditions such as maintaining data records, logs etc. need to be mandated for such OTT players? And, how can compliance with these conditions be ensured if the applications of such OTT players reside outside the country? Please comment with justifications.
The internet services and apps are well-covered under the existing laws and regulations. These include the Code of Criminal Procedure, Indian Telegraph Act, Indian Telegraph Rules, and the Information Technology Act and its different rules pertaining to intermediaries and interception. These different regulations allow the Indian government and law enforcement agencies to access the data stored by internet platforms when deemed legally necessary. Any additional regulations carry grave risk of breaching user privacy and would also require constitutional review - especially since the Government is still working on a proposed Privacy Bill.
The government and courts also have the power to block access to websites on the grounds of national security and public order. It has taken similar steps in the past and has been widely reported by the media. The transparency reports periodically published by major internet companies suggests Indian government routinely requests for user data and blocking of user accounts. Between July 2014 and December 2014, Indian authorities had 5,473 requests for data, covering 7,281 user accounts from Facebook and the company had a compliance rate of 44.69%. Google had a compliance rate of 61% with respect to the requests made by different government agencies across India.
Question 7: How should the OTT players offering app services ensure security, safety and privacy of the consumer? How should they ensure protection of consumer interest? Please comment with justifications.
Although user privacy and security is of paramount importance, additional regulation carries the inherent risk of breaching user privacy which is not in the consumer’s interest. The Information Technology Act, 2000 already addresses the security concerns of the user. But more importantly, any criminal act committed using these platforms can be tried under the Indian Penal Code. So, there is no need to burden the internet platforms with additional regulations.
Also, it is worth noting that many telecom companies in India have not made information publicly available as to whether and how they comply with regulations that guarantee security, privacy and safety of the customer. TRAI’s current paper fails to articulate why the internet services and apps should be brought under similar regulations.
Question 8:
In what manner can the proposals for a regulatory framework for OTTs in India draw from those of ETNO, referred to in para 4.23 or the best practices summarised in para 4.29? And, what practices should be proscribed by regulatory fiat? Please comment with justifications.
ETNO is similar to India’s COAI which makes it an industry lobby group. Understandably, the suggestions made by ETNO heavily favor the telecom companies and will be detrimental to customers if India refers to their suggestions.
ETNO’s stand have been widely criticized in the past. Europe’s own group of government regulators [Body of European Regulators for Electronic Communication (BEREC)]
http://berec.europa.eu/files/document_register_store/2012/11/BoR_(12)_120_BEREC_on_ITR.pdf ETNO’s proposals could jeopardize the “continued development of the open, dynamic and global platform that the Internet provides” which will “lead to an overall loss of welfare”. Additionally, the international free expression group Article 19 says ETNO’s proposal “would seriously undermine net neutrality.
According to Access Now, ETNO’s recommendations would have meant higher data charges for customers while from an entrepreneur’s standpoint, it will limit their ability to reach out to a wider market. For a small but fast growing startup and digital media sector in India, this can potentially ring the death knell. ETNO’s suggestions on this subject so far have failed to have been accepted by any government agency - including the regulators in their own host countries. It is therefore especially troubling that TRAI is choosing to make one of their proposals a pillar of this public consultation here in India.
Question 9: What are your views on net-neutrality in the Indian context? How should the various principles discussed in para 5.47 be dealt with? Please comment with justifications.
Net Neutrality, by definition, means no discrimination of traffic flowing on the internet with respect to speed, access and price. Chile and Brazil, which are developing countries just like India, have passed laws supporting net neutrality. This is in addition to government commitments to implement net neutrality legislation in the United States and European Union.
India has 1 billion people without internet access and it is imperative for our democracy to have an open and free internet where users are free to choose the services they want to access—instead of a telecom operator deciding what information they can access.
Internet apps and services are expected to contribute 5% to India’s GDP by 2020. That will only happen of entrepreneurs, big and small, have a level playing field that encourages innovation and non-preferential treatment—something that net neutrality ensures.
Assuming there is no net neutrality, only the big players will be able to strike deals with telcos while the smaller players remain inaccessible, which will go against the principles of net neutrality as listed below:
No blocking by TSPs and ISPs on specific forms of internet traffic, services and applications.
No slowing or “throttling” internet speeds by TSPs and ISPs on specific forms of internet traffic, services and applications.
No preferential treatment of services and platforms by TSPs and ISPs.
It is also worth noting that the proposed framework will give too much power in the hands of the telecom companies, which is not healthy for the ecosystem.
Question 10: What forms of discrimination or traffic management practices are reasonable and consistent with a pragmatic approach? What should or can be permitted? Please comment with justifications.
This question assumes that traffic discrimination is necessary and is a norm. Rather, traffic discrimination should be an exception as it is against the principles of net neutrality.
In such exceptional cases, telecom companies need to have the permission of TRAI or other competent government agency through public hearing to carry out “traffic management” to ensure transparency in the entire process. Further, it should be kept in mind that such steps shouldn’t interfere with the access, affordability and quality of the services.
More importantly, https://ec.europa.eu/digital-agenda.../Traffic Management Investigation BEREC_2.pdf jointly by BEREC and the European Commission suggest that the propensity of the telecom operators to restrict access of internet services is high. The report noted that telecom operators were most inclined to block and throttle P2P services on mobile as well as fixed line networks. VoIP, on the other hand, was blocked mostly on telecom networks.
Keeping this in mind, TRAI needs to ensure that instances of discrimination of traffic should be few, far between and, above all, transparent
Continued
Question 11: Should the TSPs be mandated to publish various traffic management techniques used for different OTT applications? Is this a sufficient condition to ensure transparency and a fair regulatory regime?
The question is based on the premise that publishing various traffic management techniques for Internet services will ensure a fair regulatory regime and therefore such discrimination is permissible. As I have repeatedly said in the above answers, discrimination of services will not bring about a fair regime for users.
Further, a recent study [http://bit.ly/1D7QEp9] in the UK has pointed out that merely publishing data on traffic management will not translate into a fair regime. The study found that most consumers did not understand traffic management or use it as a basis for switching operators. Those who did do so comprised a group perceived to be small or insignificant enough that most network operators did not seek to factor them into their product decisions, despite some consumers’ complaints about traffic management. In India where awareness and activism on issues of net neutrality is considerably less, it is unlikely to play the critical role that the Consultation Paper suggests.
Question 12: How should a conducive and balanced environment be created such that TSPs are able to invest in network infrastructure and CAPs are able to innovate and grow? Who should bear the network upgradation costs? Please comment with justifications
The underlying assumption of the question suggests that currently there is an imbalance in the environment within which telecom operators and internet services operate. However, as I have pointed out it my previous answers, no such imbalance exists. Telecom firms and internet services have distinct functions. The former has to provide the infrastructure to access content and the latter has to provide the platforms for users to create content. As financial results of the telecom operators and analysis by various independent agencies have shown that revenues from data are soaring. So, it makes logical sense for the telecom operators to invest to upgrade and improve their network infrastructure.
On the contrary, I would argue that there is no incentive for the telecom firms to invest to upgrade their networks if they charge the CAP instead of charging the customer for data. They would seek to further increase its revenues coming from the CAPs, a move that will be disastrous for India's telecommunications industry.
Question 13: Should TSPs be allowed to implement non-price based discrimination of services? If so, under what circumstances are such practices acceptable? What restrictions, if any, need to be placed so that such measures are not abused? What measures should be adopted to ensure transparency to consumers? Please comment with justifications.
Discrimination of services in any form is detrimental for the growth of the telecom industry itself and there should be no circumstance for a telecom operator to do so. Given the diverse nature of the Internet, telecom operators should not be allowed to determine what type of service should get more priority. For example, a consumer in India probably relies on VoIP calls to keep in touch with people abroad and if there is throttling of these services, it infringes on the user’s fundamental right of freedom of expression. An Internet service that a telecom operator thinks which could lead to traffic congestion, might be vital to consumers. Further, a telecom operator might use throttling to further a service promoted by them and induce consumers into using them, thereby eliminating choice.
Transparency alone will not bring about a fair regime for users, and it is crucial that TSPs be prohibited from discriminating between services
Question 14: Is there a justification for allowing differential pricing for data access and OTT communication services? If so, what changes need to be brought about in the present tariff and regulatory framework for telecommunication services in the country? Please comment with justifications.
As I have argued in my previous answers, there should be no differential pricing for data access and internet services. Therefore, the need for a change in the tariff and regulatory framework is not required.
It is important to note that nearly one billion people still don't have internet access in India - which means telecom companies stand to gain substantially from their data services in the near future. Moreover, different pricing is tantamount to discrimination which goes against net neutrality.
As stated before, customers should be charged on the basis of volume of data used and not on the basis of the internet services they are accessing.
Question 15: Should OTT communication service players be treated as Bulk User of Telecom Services (BuTS)? How should the framework be structured to prevent any discrimination and protect stakeholder interest? Please comment with justification.
Treating OTT communication service players as Bulk User of Telecom Services again amounts to discrimination of data services and hence it should not be allowed. The question also further assumes that the stakeholders are only the telecom operators and not the consumers. If only the interests of the telecom operators are protected by treating services which compete with their traditional services differently rather than innovating themselves, it would lead to a situation of anti-competitiveness. Telecom companies have an interest in imposing their control over information and communication networks, but the price of that would mean stifling competition, increased barriers for innovation and business and eventually infringe on the fundamental rights of Indian citizens.
Question 16: What framework should be adopted to encourage India-specific OTT apps? Please comment with justifications.
A recent Deloitte report titled Technology, Media and Telecommunications India Predictions 2015 predicted that paid apps will generate over Rs 1500 crore revenues in 2015 (http://bit.ly/1alhH5S). Increased acceptance of paid apps can only be possible if there’s Network Neutrality. In fact, Deepinder Goyal, the founder and CEO of the highly successful app Zomato recently commented "Couldn’t have built Zomato if we had a competitor on something like Airtel Zero"
The moment an app developer/company is forced to tie-up with a telecom operator to ensure that users opt for it, an artificial prohibitive barrier will be created. All app developers and the companies behind them need to be provided an even playing field.
We also need more reports on the Indian app economy, to understand, firstly, how the adoption and usage of apps is changing and, secondly, to comprehend its impact on the Indian economy.
Question 17: If the OTT communication service players are to be licensed, should they be categorised as ASP or CSP? If so, what should be the framework? Please comment with justifications.
The question of categorising doesn’t even arise, because as mentioned earlier any extra regulations or licensing is going to be detrimental to the end user. Requiring licensing of online services and mobile apps under the current telecom framework in India will have enormous negative consequences. The impossibly onerous burdens imposed by such licensing would results in many such globally developed services and apps not being launched in India - and our own startup efforts to develop local versions of such apps being killed in their early stages. The net results would be decreased consumer benefit and a massive slowdown in innovation and reduced “Make in India” efforts due to the regulatory cost of doing business becoming very high.
Question 18: Is there a need to regulate subscription charges for OTT communication services? Please comment with justifications.
Subscription charges for such apps need to be allowed to evolve as it would in a pure market economy. The subscribers (buyers) would want to pay the lowest possible price, and the app developers/companies (sellers) would want to charge as much as possible, eventually leading to a fair price.
Subscription charges for such Internet-based services have remained, more or less, quite low in India, especially because the cost of switching from one service provider to another is also quite low: This competition will ensure that charges remain fair, without the need to regulate them, going forward as well. As noted in response to earlier questions, existing Indian law also applies to online services - which would include the Consumer Protection Act and other regulations meant to prevent cheating or other illegal pricing issues.
Question 19: What steps should be taken by the Government for regulation of non-communication OTT players? Please comment with justifications.
As mentioned earlier, irrespective of what an OTT app is used for (communication, online shopping, etc) they’re all essentially Internet-based services, and hence there is no question of creating new regulatory measures.
Question 20: Are there any other issues that have a bearing on the subject discussed?
Here are the additional steps that I urge the TRAI to undertake in the interest of the public:
- Due to the absence of any formal regulations on net neutrality, TRAI should issue an order or regulation preventing network neutrality violations by telecom service providers. Some telecom companies have shown scant respect for the issues presently under consideration and despite its questionable legality have rolled out various services which violate network neutrality. Any delay in forming regulations or preventing them in the interim till the process is complete is only likely to consolidate their status. This is not only an affront to the Internet users in India but also to the regulatory powers of the TRAI.
- TRAI is requested to publish all the responses and counter responses to the consultation, including any other additional material, on its website.
- For better public involvement and awareness, open house debates should be held in major Indian cities after the consultation process is over.
In the US, there was a time when you had to pay for tethering. Imagine if it would happen in India

Verizon to Push AppFlash to gather all the datas!

What absolute [email protected]
So... how do we get around this?
The First Horseman of the Privacy Apocalypse Has Already Arrived: Verizon Announces Plans to Install Spyware on All Its Android Phones
Within days of Congress repealing online privacy protections, Verizon has announced new plans to install software on customers’ devices to track what apps customers have downloaded. With this spyware, Verizon will be able to sell ads to you across the Internet based on things like which bank you use and whether you’ve downloaded a fertility app.
Verizon’s use of “AppFlash”—an app launcher and web search utility that Verizon will be rolling out to their subscribers’ Android devices “in the coming weeks”—is just the latest display of wireless carriers’ stunning willingness to compromise the security and privacy of their customers by installing spyware on end devices.
The AppFlash Privacy Policy published by Verizon states that the app can be used to
“collect information about your device and your use of the AppFlash services. This information includes your mobile number, device identifiers, device type and operating system, and information about the AppFlash features and services you use and your interactions with them. We also access information about the list of apps you have on your device.”
Troubling as it may be to collect intimate details about what apps you have installed, the policy also illustrates Verizon’s intent to gather location and contact information:
“AppFlash also collects information about your device’s precise location from your device operating system as well as contact information you store on your device.”
And what will Verizon use all of this information for? Why, targeted advertising on third-party websites, of course:
“AppFlash information may be shared within the Verizon family of companies, including companies like AOL who may use it to help provide more relevant advertising within the AppFlash experiences and in other places, including non-Verizon sites, services and devices.”
In other words, our prediction that mobile Internet providers would start installing spyware on their customers’ phones has come true, less than 48 hours after Congress sold out your personal data to companies like Comcast and AT&T. With the announcement of AppFlash, Verizon has made clear that it intends to start monetizing its customers’ private data as soon as possible.
What are the ramifications? For one thing, this is yet another entity that will be collecting sensitive information about your mobile activity on your Android phone. It’s bad enough that Google collects much of this information already and blocks privacy-enhancing tools from being distributed through the Play Store. Adding another company that automatically tracks its customers doesn’t help matters any.
But our bigger concern is the increased attack surface an app like AppFlash creates. You can bet that with Verizon rolling this app out to such a large number of devices, hackers will be probing it for vulnerabilities, to see if they can use it as a backdoor they can break into. We sincerely hope Verizon has invested significant resources in ensuring that AppFlash is secure, because if it’s not, the damage to Americans’ cybersecurity could be disastrous.
AppFlash is just a custom bloated version of the Google Search Bar with intense focus on data mining. This is essentially a widget, which belongs to a package, which should be able to be disabled/uninstalled depending on its implementation. You may need a rooted phone to fully remove it from the system - but time will tell. Either way, this will end up in my pile of other Verizon 'Services/Apps' that are either uninstalled or frozen.
the_rev said:
But our bigger concern is the increased attack surface an app like AppFlash creates. You can bet that with Verizon rolling this app out to such a large number of devices, hackers will be probing it for vulnerabilities, to see if they can use it as a backdoor they can break into. We sincerely hope Verizon has invested significant resources in ensuring that AppFlash is secure, because if it’s not, the damage to Americans’ cybersecurity could be disastrous.
Click to expand...
Click to collapse
I find this comment amusing - eluding that 'hackers' don't probe every single aspect of a system and it's software, but now that this application is going to be pushed you better worry!
Calm down. The sky isn't falling yet.
"UPDATE: We have received additional information from Verizon and based on that information we are withdrawing this post while we investigate further. Here is the statement from Kelly Crummey, Director of Corporate Communications of Verizon: "As we said earlier this week, we are testing AppFlash to make app discovery better for consumers. The test is on a single phone – LG K20 V – and you have to opt-in to use the app. Or, you can easily disable the app. Nobody is required to use it. Verizon is committed to your privacy. Visit www.verizon.com/about/privacy to view our Privacy Policy.""
https://www.eff.org/deeplinks/2017/...e-has-already-arrived-verizon-announces-plans
Oh, and what can you do about it? You can vote every single individual in Congress that voted for repealing these protections out of office. Be vocal about this with friends and family. The general population does not understand this issue. I have answered so many questions like "So, if I clear my browser history this doesn't matter, right?" lately that it makes me sick to my stomach.
Averix said:
Oh, and what can you do about it? You can vote every single individual in Congress that voted for repealing these protections out of office. Be vocal about this with friends and family. The general population does not understand this issue. I have answered so many questions like "So, if I clear my browser history this doesn't matter, right?" lately that it makes me sick to my stomach.
Click to expand...
Click to collapse
This. Vote out every single person who voted to repeal what we've spent years fighting for. They let their own monetary gains guide their decisions and not what's best for the people, which is what their job is.
It's absolutely baffling to me how many people just don't give 2 fks about having companies mine personal and sensitive information about them. The classic "If you don't have anything to hide, then what does it matter" argument instantly enrages me.
Sent from my Samsung Galaxy S7 Edge using XDA Labs
just calm down.. I've been telling everyone about this for past 4 years.its not just this app.but hard bedded in every device..the only way to get rid of any of it is educate yourself on removing it. .as for the comment about hackers knowing the weaknesses​.hes absolutely right...the good amd bad hackers.not all of us are bad.
All of this concern over potential "spyware" on our devices is laughable because some of you may be missing the big picture here. Regardless of carrier-introduced data capturing apps or malware, etc on the device itself, carriers already store all user data and wireless data transmissions, texts, etc. This data is accessed by whomever has the "authority" to access it. If you are a suspect in a homicide for example, the homicide detectives will get a quick signature from a judge to retrieve all of you phone records including gps, tower pings, internet, incoming & outgoing texts, etc. Who's to say who phone carriers share your regular data with? You can't prove if they do or don't.
Within the last few hours of Obama's presidency, he did the unthinkable by legalizing the sharing of intelligence and sensitive data between numerous intelligence agencies so they can all share sensitive data between one another at their whims. The obvious reason for this was to better mask the source of the information and blur the lines of responsibility for the data retrieved. Data not only from citizens, but from anyone in the government, FBI, CIA, NSA, etc is able to be retrieved at any time and used for legal purposes and even illegal purposes if you have been paying attention lately. We now get to enjoy complete invasion of privacy in our daily lives. Not just with our cell phones. I find this topic useless at this point. So I have to say... unless you're doing something illegal, you have nothing to be concerned about and electronic privacy is non-existent these days so don't let that fool you. Someone posted that my last sentence instantly infurates them... well this is the facts so be infurated my friend because it's the truth. Nobody is able to defeat the electronic data that is stored and accessed by those who have the "authority" to access it. Get over it.
As for defeating ads and stuff like that, well that's a different topic all together.
tx_dbs_tx said:
All of this concern over potential "spyware" on our devices is laughable because some of you may be missing the big picture here. Regardless of carrier-introduced data capturing apps or malware, etc on the device itself, carriers already store all user data and wireless data transmissions, texts, etc. This data is accessed by whomever has the "authority" to access it. If you are a suspect in a homicide for example, the homicide detectives will get a quick signature from a judge to retrieve all of you phone records including gps, tower pings, internet, incoming & outgoing texts, etc. Who's to say who phone carriers share your regular data with? You can't prove if they do or don't.
Within the last few hours of Obama's presidency, he did the unthinkable by legalizing the sharing of intelligence and sensitive data between numerous intelligence agencies so they can all share sensitive data between one another at their whims. The obvious reason for this was to better mask the source of the information and blur the lines of responsibility for the data retrieved. Data not only from citizens, but from anyone in the government, FBI, CIA, NSA, etc is able to be retrieved at any time and used for legal purposes and even illegal purposes if you have been paying attention lately. We now get to enjoy complete invasion of privacy in our daily lives. Not just with our cell phones. I find this topic useless at this point. So I have to say... unless you're doing something illegal, you have nothing to be concerned about and electronic privacy is non-existent these days so don't let that fool you. Someone posted that my last sentence instantly infurates them... well this is the facts so be infurated my friend because it's the truth. Nobody is able to defeat the electronic data that is stored and accessed by those who have the "authority" to access it. Get over it.
As for defeating ads and stuff like that, well that's a different topic all together.
Click to expand...
Click to collapse
The main issue is the blatant disregard by our government to even acknowledge the American people's privacy. Of course this all comes down to money and corruption as usual. For a simpler solution to a lot of these issues is remove all of the lobbyists, but I digress.
Look at it this way people. No one is pointing a gun at your head making you use cell phones social media, etc. If you don't want to be spied on buy a house in the mountains with no outside connections and enjoy life.

Is Google Data Mining RCS Messages?

I've entirely stopped using GMail after reading numerous article around how Google is data mining your personal emails for ad targeting. However I recently upgraded my phone, and it appears that Sprint's agreed to have RCS enabled on their new phones by default (on my old phone, it was a feature that popped when the "Messages" app updated as some point).
TLDR on RCS of you're not up to speed: It attempts to fill in the gaps of the horribly dated carrier-based SMS/MMS systems. When enabled, it still looks like an SMS/MMS message, but under the hood it's actually creating unique URLs for your chat thread and sharing the chat thread URL with the recipient(s) through the Messages app. Super clever and a great use of tech, but nothing is truly "free"...
I've done some technical reading on the back-end functionality of RCS, and it appears that Google's trying to say that it's secure and mostly ephemeral in nature. However they are using your phone number as the primary-key (albeit hashed) and as we probably all know, your phone number is now the equivalent of your SSN when it comes to correlation between digital services (this is how the mountain of digital purchase data is correlated between vendors and ad-targeting agencies like Google).
The Jibe ToS immediately redirects to the Google ToS, which basically says: All your base are belong to us... (Jibe ToS for reference: _https://jibe.google.com/policies/terms_)
Any privacy advocates out there done any investigation into this? They don't specifically say their doing this, but looking at the ToS it's certainly appears that from a legal standpoint they are entirely allowed to do so. Anyone have access to more technical details on how Google is doing this?
Don't get me wrong, this is a much-needed service. But this is something my carrier should maintain as a paid-for service and my data kept private. It's crap that we now have to relinquish our private message data, which is arguably some of the most private data on your device to Google because carriers are incapable of maturing a decade old technology.

Categories

Resources