????你聽說了嗎,在搭載谷歌(Google)安卓系統(Android)的手機上輸入的每條短信、每封電子郵件、以及每個電話號碼、甚至每一次擊鍵操作,可能都已經被一款名為Carrier IQ的追蹤服務偷偷地記錄下來,發送給了手機供應商? ????如果你對此聞所未聞,那我真有點驚訝了,因為幾周以來,關于此事的傳聞一直在坊間發酵,其導火索則是安全研究人員特萊沃?艾克哈特的一項發現——在搭載安卓系統的宏達電(HTC)手機上運行著Carrier IQ分析應用程序。超過1.4億部手機上預裝了該應用,其中包括三星(Samsung)、諾基亞(Nokia)、以及黑莓手機生產商RIM公司生產的手機,唯獨只有蘋果手機除外。 ????Carrier IQ的第一反應是令其律師致函艾克哈特,請求其停止相關報道,撤回已公開的報道并且道歉。他們的第二反應是發表聲明,稱其軟件并未記錄用戶的任何按鍵操作,而且該軟件收集的所有信息都“經過加密并且確保安全”。 ????沒過多久,艾克哈特就揭穿了Carrier IQ的謊言。本周一,他在YouTube上上傳了一段為時17分鐘的視頻。這段視頻循序漸進地向觀者揭示了Carrier IQ服務應用的內幕,視頻的第13分45秒清晰地顯示,Carrier IQ確實記錄了艾克哈特的擊鍵操作,更準確地說,當時他應該是在進行原本是加密的HTTPS谷歌搜索。 ????多位記者對此事進行了報道。其中,科技博客網站ExtremeTech的喬爾?胡魯斯卡寫道:“就侵犯個人隱私這一點來講,今年早些時候蘋果公司的‘定位門’丑聞相比之下實在是小巫見大巫。” ????本周三,科技博客網站Daring Fireball的約翰?格魯伯在其談話節目的播客中談到,Carrier IQ門事件并未在新聞界引起軒然大波,借此證明媒體界的反蘋果情緒。我覺得言過其實了,蘋果獲得的正面報道很可能已經超過了應得的數量。 ????但是,我對胡魯斯卡向安卓用戶提供的建議感到震驚: ????? 安裝CyanogenMod,該程序將刪除Carrier IQ應用的內核鉤。 ????? 改用iPhone手機 ????“Carrier IQ軟件的所作所為,”他寫道,“既明目張膽地侵犯了隱私協議,同時也玷污了安全最佳實踐。這也是幾個月來我們聽到的購買iPhone的最佳理由。一個手機采用封閉的軟件生態系統,一個手機雖然使用開放系統,但卻對用戶進行監視,在這二者之間我們會毫不猶豫地選擇前者。” ????譯者:大海 |
????Have you heard that every text message, every e-mail, every phone number, every keystroke made on a Google (GOOG) Android phone may be secretly recorded, logged and sent to your cellular provider by a tracking service called Carrier IQ? ????No? That's a surprise, because it's a scandal that's been brewing for several weeks -- ever since security researcher Trevor Eckhart discovered Carrier IQ's analytics app on HTC phones running Android. The app comes pre-installed on more than 140 million handsets, including phones made by Samsung, Nokia (NOK) and Research in Motion (RIMM) -- but not Apple (AAPL). ????Carrier IQ's first response was to have its lawyers send Eckhart a cease-and-desist letter (since withdrawn, with an apology). Its second was to issue a statement that its software does not record keystrokes and that any information it gathers is "encrypted and secured." ????It didn't take long for Eckhart to put the lie to those claims. On Monday he posted a 17-minute YouTube video that takes viewers step by step through the set-up and then, at the 13:45 mark, shows Carrier IQ recording his keystrokes -- in clear text -- as he performs a supposedly encrypted HTTPS Google search. ????"As violations of privacy go," writes ExtremeTech's Joel Hruska, one of a handful of reporters who has covered the story, "this makes Apple's 'locationgate' scandal from earlier this year look like nothing more than a minor hiccup." ????On his Talk Show podcast Wednesday, Daring Fireball's John Gruber offered the fact that Carrier IQ-gate isn't headline news all over the world as proof of the media's anti-Apple bias. I wouldn't go that far; Apple probably gets more positive coverage that it deserves. ????But I was struck by the workarounds Hruska offers Android users: ????? Installing CyanogenMod, which removes the kernal hooks used by Carrier IQ's app ????? Switching to an iPhone ????"The CIQ software, as it currently functions," he writes, "blatantly violates both privacy agreements and security best practices. It's also the best reason to buy an iPhone that we've heard in months. Given the choice between a closed software ecosystem and an open phone that spies on its user, we'll take closed software every time." |
相關稿件
最新文章