Philip Elmer-DeWitt | 2011-12-02 16:32
你听说了吗,在搭载谷歌(Google)安卓系统(Android)的手机上输入的每条短信、每封电子邮件、以及每个电话号码、甚至每一次击键操作,可能都已经被一款名为Carrier IQ的追踪服务偷偷地记录下来,发送给了手机供应商? 如果你对此闻所未闻,那我真有点惊讶了,因为几周以来,关于此事的传闻一直在坊间发酵,其导火索则是安全研究人员特莱沃•艾克哈特的一项发现——在搭载安卓系统的宏达电(HTC)手机上运行着Carrier IQ分析应用程序。超过1.4亿部手机上预装了该应用,其中包括三星(Samsung)、诺基亚(Nokia)、以及黑莓手机生产商RIM公司生产的手机,唯独只有苹果手机除外。 Carrier IQ的第一反应是令其律师致函艾克哈特,请求其停止相关报道,撤回已公开的报道并且道歉。他们的第二反应是发表声明,称其软件并未记录用户的任何按键操作,而且该软件收集的所有信息都“经过加密并且确保安全”。 没过多久,艾克哈特就揭穿了Carrier IQ的谎言。本周一,他在YouTube上上传了一段为时17分钟的视频。这段视频循序渐进地向观者揭示了Carrier IQ服务应用的内幕,视频的第13分45秒清晰地显示,Carrier IQ确实记录了艾克哈特的击键操作,更准确地说,当时他应该是在进行原本是加密的HTTPS谷歌搜索。 多位记者对此事进行了报道。其中,科技博客网站ExtremeTech的乔尔•胡鲁斯卡写道:“就侵犯个人隐私这一点来讲,今年早些时候苹果公司的‘定位门’丑闻相比之下实在是小巫见大巫。” 本周三,科技博客网站Daring Fireball的约翰•格鲁伯在其谈话节目的播客中谈到,Carrier IQ门事件并未在新闻界引起轩然大波,借此证明媒体界的反苹果情绪。我觉得言过其实了,苹果获得的正面报道很可能已经超过了应得的数量。 但是,我对胡鲁斯卡向安卓用户提供的建议感到震惊: • 安装CyanogenMod,该程序将删除Carrier IQ应用的内核钩。 • 改用iPhone手机 “Carrier IQ软件的所作所为,”他写道,“既明目张胆地侵犯了隐私协议,同时也玷污了安全最佳实践。这也是几个月来我们听到的购买iPhone的最佳理由。一个手机采用封闭的软件生态系统,一个手机虽然使用开放系统,但却对用户进行监视,在这二者之间我们会毫不犹豫地选择前者。” 译者:大海 | Have you heard that every text message, every e-mail, every phone number, every keystroke made on a Google (GOOG) Android phone may be secretly recorded, logged and sent to your cellular provider by a tracking service called Carrier IQ? No? That's a surprise, because it's a scandal that's been brewing for several weeks -- ever since security researcher Trevor Eckhart discovered Carrier IQ's analytics app on HTC phones running Android. The app comes pre-installed on more than 140 million handsets, including phones made by Samsung, Nokia (NOK) and Research in Motion (RIMM) -- but not Apple (AAPL). Carrier IQ's first response was to have its lawyers send Eckhart a cease-and-desist letter (since withdrawn, with an apology). Its second was to issue a statement that its software does not record keystrokes and that any information it gathers is "encrypted and secured." It didn't take long for Eckhart to put the lie to those claims. On Monday he posted a 17-minute YouTube video that takes viewers step by step through the set-up and then, at the 13:45 mark, shows Carrier IQ recording his keystrokes -- in clear text -- as he performs a supposedly encrypted HTTPS Google search. "As violations of privacy go," writes ExtremeTech's Joel Hruska, one of a handful of reporters who has covered the story, "this makes Apple's 'locationgate' scandal from earlier this year look like nothing more than a minor hiccup." On his Talk Show podcast Wednesday, Daring Fireball's John Gruber offered the fact that Carrier IQ-gate isn't headline news all over the world as proof of the media's anti-Apple bias. I wouldn't go that far; Apple probably gets more positive coverage that it deserves. But I was struck by the workarounds Hruska offers Android users: • Installing CyanogenMod, which removes the kernal hooks used by Carrier IQ's app • Switching to an iPhone "The CIQ software, as it currently functions," he writes, "blatantly violates both privacy agreements and security best practices. It's also the best reason to buy an iPhone that we've heard in months. Given the choice between a closed software ecosystem and an open phone that spies on its user, we'll take closed software every time." |