- Dear Internet,
- CarrierIQ does a lot of bad things. It's a potential risk to user privacy, and users should be given the ability to opt out of it.
- But people need to recognize that there's a big difference between recording events like keystrokes and HTTPS URLs to a debugging buffer (which is pretty bad by itself), and actually collecting, storing, and transmitting this data to carriers (which doesn't happen). After reverse engineering CarrierIQ myself, I have seen no evidence that they are collecting anything more than what they've publicly claimed: anonymized metrics data. There's a big difference between "look, it does something when I press a key" and "it's sending all my keystrokes to the carrier!". Based on what I've seen, there is no code in CarrierIQ that actually records keystrokes for data collection purposes. Of course, the fact that there are hooks in these events suggests that future versions may abuse this type of functionality, and CIQ should be held accountable and be under close scrutiny so that this type of privacy invasion does not occur. But all the recent noise on this is mostly unfounded.
- There are plenty of reasons to be upset about CIQ, but please don't jump to conclusions based on incomplete evidence.
- Dan Rosenberg