maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Applications (https://talk.maemo.org/forumdisplay.php?f=41)
-   -   Once again N900 apps win! (https://talk.maemo.org/showthread.php?t=67129)

HellFlyer 2010-12-18 03:51

Once again N900 apps win!
 
Take a look at this article

http://online.wsj.com/article/SB1000....html?mod=e2fb


In short it says how a lot of apps misuse data and share personal details about smartphone users without their consent.

Only incident that we had was My Nokia introduced in PR 1.2 but that not very serious since info went to Nokia only and it didnt even work in some countries.

Hence, OPEN source RULEZ and N900 is still the best :D

danramos 2010-12-18 06:20

Re: Once again N900 apps win!
 
Only incident... as far as you know. That's kind of the whole POINT of surreptitiousness. Considering the plethora of closed-source portions (despite all the puffery about being open), how do you know there isn't more going on?

kingoddball 2010-12-18 06:28

Re: Once again N900 apps win!
 
It's a conspiracy...

danramos 2010-12-18 06:32

Re: Once again N900 apps win!
 
Quote:

Originally Posted by kingoddball (Post 899197)
It's a conspiracy...

Just because you're paranoid doesn't mean they're not out to get you.

festivalnut 2010-12-18 06:46

Re: Once again N900 apps win!
 
what about the anti-theft app that was sending data to a russian email address? and the maintainer was nowhere to be seen when people found out and wanted to ask a few questions about that...

danramos 2010-12-18 07:03

Re: Once again N900 apps win!
 
Quote:

Originally Posted by festivalnut (Post 899203)
what about the anti-theft app that was sending data to a russian email address? and the maintainer was nowhere to be seen when people found out and wanted to ask a few questions about that...

That was for the N900?

festivalnut 2010-12-18 07:12

Re: Once again N900 apps win!
 
Quote:

Originally Posted by danramos (Post 899206)
That was for the N900?

i believe it was iamhere, which i actually had installed. as always, i may be wrong.

frostbyte 2010-12-18 07:14

Re: Once again N900 apps win!
 
Since we are going with the "not mentioned so it wins" -approach, and I didn't see WebOS mentioned in the article either, I'm going to say WebOS rules.

WSJ didn't say anything about Windows Mobile either so maybe this is a Maemo/WebOS/Windows threesome?

End sarcasm.

rotoflex 2010-12-18 23:23

Re: Once again N900 apps win!
 
Practical use of this would be to conceptualize a framework for detecting eavesdropping/spying by applications and incorporating it into an application to run on the N900 to monitor for the behavior.

The story states:
Quote:

To expose the information being shared by smartphone apps, the Journal designed a system to intercept and record the data they transmit, then decoded the data stream.
...
Many apps tested by the Journal appeared to violate that rule, by sending a user's location to ad networks, without informing users.
...
For example, Apple says that, internally, it treats the iPhone's UDID as "personally identifiable information." That's because, Apple says, it can be combined with other personal details about people—such as names or email addresses—that Apple has via the App Store or its iTunes music services. By contrast, Google and most app makers don't consider device IDs to be identifying information.
...
A growing industry is assembling this data into profiles of cellphone users. Mobclix, the ad exchange, matches more than 25 ad networks with some 15,000 apps seeking advertisers. The Palo Alto, Calif., company collects phone IDs, encodes them (to obscure the number), and assigns them to interest categories based on what apps people download and how much time they spend using an app, among other factors.

By tracking a phone's location, Mobclix also makes a "best guess" of where a person lives, says Mr. Gurbuxani, the Mobclix executive. Mobclix then matches that location with spending and demographic data from Nielsen Co.
...
Other apps transmitted more data. The Android app for social-network site MySpace sent age and gender, along with a device ID, to Millennial Media, a big ad network.

In its software-kit instructions, Millennial Media lists 11 types of information about people that developers may transmit to "help Millennial provide more relevant ads." They include age, gender, income, ethnicity, sexual orientation and political views. In a re-test with a more complete profile, MySpace also sent a user's income, ethnicity and parental status.
...
A spokesman says MySpace discloses in its privacy policy that it will share details from user profiles to help advertisers provide "more relevant ads." My Space is a unit of News Corp., which publishes the Journal. Millennial did not respond to requests for comment on its software kit.
...
Google was the biggest data recipient in the tests. Its AdMob, AdSense, Analytics and DoubleClick units collectively heard from 38 of the 101 apps. Google, whose ad units operate on both iPhones and Android phones, says it doesn't mix data received by these units.

Google's main mobile-ad network is AdMob, which it bought this year for $750 million. AdMob lets advertisers target phone users by location, type of device and "demographic data," including gender or age group.
I suppose something could monitor for outgoing identifiable data, & blacklist ad sites. Choking Google off is more problematic, as exceptions would have to be made for apps which send location data to Google maps, etc.

Wikiwide 2010-12-18 23:41

Re: Once again N900 apps win!
 
Quote:

Originally Posted by rotoflex (Post 899687)
Practical use of this would be to conceptualize a framework for detecting eavesdropping/spying by applications and incorporating it into an application to run on the N900 to monitor for the behavior.

The story states:


I suppose something could monitor for outgoing identifiable data, & blacklist ad sites. Choking Google off is more problematic, as exceptions would have to be made for apps which send location data to Google maps, etc.

I would suggest the opposite firewall: blacklist sites by default, white-list sites you use and trust. It might be a bit tiresome (when browser refuses to open a website until it's white-listed), but you will get no advertisements at all.

onethreealpha 2010-12-19 00:18

Re: Once again N900 apps win!
 
Quote:

Originally Posted by danramos (Post 899201)
Just because you're paranoid doesn't mean they're not out to get you.

I'm not paranoid........... who said I am?

jd4200 2010-12-19 00:54

Re: Once again N900 apps win!
 
Quote:

Originally Posted by festivalnut (Post 899203)
what about the anti-theft app that was sending data to a russian email address? and the maintainer was nowhere to be seen when people found out and wanted to ask a few questions about that...

Wow, I had my suspicions about that app. do you have a link to a source on the claims?

Saturn 2010-12-19 01:23

Re: Once again N900 apps win!
 
Quote:

Originally Posted by festivalnut (Post 899203)
what about the anti-theft app that was sending data to a russian email address? and the maintainer was nowhere to be seen when people found out and wanted to ask a few questions about that...

From what I know, imhere was using an account owned by the developer in a Polish mail server to forward massages from all mobiles.

Nobody confirmed ever a misuse of the data. The developer disappeared leaving a broken and closed source version in devel that many had problem unistalling.

zimon 2010-12-19 01:28

Re: Once again N900 apps win!
 
Since N900 uses deb-packages and not GPG-signed rpm-packages, and people, even and because even developers install software just by wget'ing it and 'dpkg -i'ing it without any way checking the authenticity of the package
and
because there is tools like DNS-spoof and Mallory,
I think almost all N900 users are backdoored long ago.

Sadly, I think, all Linux-users also.
There is an interest, it is cost-effective for the 3 letter agencies and there is examples.

It would be quite huge job to check there is no well hidden Thompson Trojan's in Linux (and Maemo) -code.

Anyway, after these "few" beers :-), I think everything Google knows, knows also these infamous three letter agencies. Information is power and it is never deleted. It is hard to find services or people who wouldn't be connected to Google somehow nowadays and it is practically impossible to stay anonymous in Internet.

gerbick 2010-12-19 01:40

Re: Once again N900 apps win!
 
Quote:

Originally Posted by HellFlyer (Post 899152)
Hence, OPEN source RULEZ ...

The FBI thinks so too...

edit: zimon beat me to it by like 12 minutes.

There are other backdoors supposedly out there, I've always wondered about one that was surrounding the Unix BIND libraries - there seemed to be something around that area that was once questioned, then disappeared back in the early 2000's.

danramos 2010-12-19 06:32

Re: Once again N900 apps win!
 
OPEN YOUR EYES, PEOPLE!

Scottlfa 2010-12-19 20:47

Re: Once again N900 apps win!
 
I would think if enough demand is there we could do what the others won't or can't ... make a firewall app. Then of course you can be as closed off as you want and would know when the snitch runs for another company with your personal information.

That's the true beauty of the N900

theonelaw 2010-12-19 22:29

Re: Once again N900 apps win!
 
Quote:

Originally Posted by Scottlfa (Post 900111)
I would think if enough demand is there we could do what the others won't or can't ... make a firewall app. Then of course you can be as closed off as you want and would know when the snitch runs for another company with your personal information.

That's the true beauty of the N900

Nailed it there.

<Rather than pointlessly b1tch, moan and complain that
the n900 is compromised and not worth the effort>
An app could be created to address the issue.

I would guess that this could never be done completely
on an iPhone or an Android because backdoor comms
are probably invisible to apps inside their prisoncells.

The n900 could have just such an app to blockade
or at least inform the owner of any nasties being broadcast.

I thought wireshark would be able to show anything being sent,
perhaps there would be an easier way though,
since you would not necessarily need to listen to
anything other than outgoing messages.
For the truly paranoid it might be necessary to do some kind of
traffic monitoring on the inputs to the GSM hardware
to make sure there is nothing extra being generated
beyond what the system network actually generates.
Wish my broken unit was healed so I could check on this..:(

zimon 2010-12-19 23:20

Re: Once again N900 apps win!
 
The start would be if developers would start to GPG-sign their packages with debsig.

Then at least there would be some traces where the backdoor or other type of Trojan horse came from.

It is a fact, people has and will be installing deb-packages also out of apt-repositories.

And we could have something else in /etc/dpkg/dpkg.cfg
Quote:

# Do not enable debsig-verify by default; since the distribution is not using
# embedded signatures, debsig-verify would reject all packages.
no-debsig
Meego will hopefully fix this problem with rpm-package system, which usually has signed packages granted.


All times are GMT. The time now is 01:08.

vBulletin® Version 3.8.8