Communist tablet? —

This story is sketchy and unsourced, but it claims that the Chinese Communist Party has commissioned its own Android tablet, a boondoggle that costs twice as much as an iPad and comes with a state-run miniblogging app, an app for reading state newspapers, and an app for reading official announcements. I'm blogging it because even if it turns out to be a hoax, I want to stick it in the rock-tumbler for potential inclusion in a science fiction story. (Thanks, Steven!) — Cory •

Alan sez, "TechCrunch and others are reporting that a program called "Carrier IQ" that comes pre-installed on Sprint phones has some pretty amazing spyware capabilities, right down to keylogging everything you do on the phone."

Note the careful use of the words “record,” “provide,” “inspect,” and “report.” It’s obvious from this video that the application has access to the information in question, and whether it records, provides, inspects, or reports it is simply a setting they can choose. The purposes for which CIQ says their software is installed — identifying trending problems in the fleet, for instance — don’t seem to me to require the level of access the software has granted itself. Add this to the fact that users are not informed at any step of the fact that their information is passing through “quality assurance” layer (sometimes before the user layer itself is aware of it), and their indignant denial begins to ring hollow.

Furthermore, as many developers have pointed out, the mere presence of the software is detrimental. Removing the software has reportedly improved performance and battery life. Furthermore, secure handshake information over wifi is passed through the software unencrypted, something that has little to do with carrier quality assurance. And if that information is cached even temporarily, that’s a security risk.

CarrierIQ, makers of the rootkit/spyware, threatened legal action against Trevor Eckhart, the researcher who reported on this, and backed down after EFF took up his case.

Carrier IQ Video Shows Alarming Capabilities Of Mobile Tracking Software (Thanks, Alan!)

iFixIt tears down the Galaxy Nexus, the latest "Google Experience" phone (a phone that ships with a stock Android installation and no telco/manufacturer crapware installed) and finds it to be admirably tinkerer/repair-friendly. The device is held together with standard screws, and very few of the components are glued together, meaning that it will be fairly straightforward to repair.

The phone is meant to ship next week, and I've already pre-ordered mine (I'll let you know how it works out). I've owned two other Google Experience phones (the Nexus One and the Galaxy S) and been very happy with them.

Samsung Galaxy Nexus Teardown (via Wired)

Twitter has bought a company called Whisper Systems, who make a secure version of the Android operating system as well as suites of privacy tools that are intended to protect demonstrators, especially participants in the Arab Spring. Many speculate that the acquisition was driven by the desire to hire CTO Moxie Marlinspike, a somewhat legendary cryptographer.

At first blush, the move is a bit baffling. Twitter, the quintessential consumer internet service, would seem to have little need for a company that has revamped Android security from the ground up for business use. But the micro-blogging site may simply be acquiring Whisper Systems for its talent — including Marlinspike, who serves as the startup’s chief technology officer, and roboticist Stuart Anderson — and the two companies do have a certain affinity. Both pride themselves on the support they’ve provided to protesters in the Middle East.

Security and privacy guru Chris Soghoian believes Twitter may have brought Moxie Marlinspike into the fold because the micro-blogging site has developed a reputation for not having the best security. Marlinspike is an expert in SSL (secure sockets layer) encryption, and Twitter — which has yet to turn on SSL by default for all users — could use his skills to lock down its services and make life harder for phishers.

I've been worried lately about the crumbling infrastructure of the SSL system, and what it means for our ability to communicate in private, to conduct banking and ecommerce, and to have any assurance of identity online. I've been asking all the security/crypto supernerds I know about this for a few months, and to a one, they've mentioned Marlinspike's Convergence and said, effectively, "I'm not sure if it'll solve this, but there's nothing else I have any hope for."

Twitter Buys Some Middle East Moxie (Thanks, Larry!)

This LG mobile phone ad "event" projected a startling and well-conceived montage of 3D effects onto a building's facade in Berlin. It's all very spectacular and beautiful -- pretty amazing for an ad (though I can imagine that if a whole city were taken over by this sort of advertising every night, it would be rather tedious). Meanwhile, I seriously covet that projector, which is blasting out enough lumens that I wonder if it incinerates small insects that stray into the path of the beam. I could get into serious mischief with one of those.

LG Optimus Hyper Facade in Berlin - Long Version (Thanks, Dad!)

HTC Rezound —

Ars Technica's Casey Johnston checks out a new Android handset designed to be good at playing music: "we're not sold" — Rob •

Ice Cream Sandwich —

Gadget Lab's Mike Isaac take a "deep dive" into the latest version of Android, with the platform's chief engineer as tour guide. — Rob •

The Electronic Frontier Foundation has been investigating Silk, the web browser built into Amazon's new Android-derived Kindle Fire. Silk is billed as being a very fast browser, thanks to acceleration achieved by funneling all requests through Amazon's cloud servers. This may speed up network sessions, but it creates many privacy questions, since it means Amazon gets a view into your network sessions that it wouldn't otherwise have -- a copy of all the web-pages you receive.

But as Dan Auerbach reports, Amazon made some very good privacy choices in the design of Silk. First, the "acceleration" is user-configurable, and you can just turn it off if you're worried. Further, SSL connections are never intercepted, and Amazon only lightly logs your network sessions, and expires those logs after 30 days. The service isn't perfect, but it's got a lot to recommend it.

It is good that Amazon does not receive your encrypted traffic, and does not record any identifying information about your device. And there are other benefits to user privacy that can result from cloud acceleration mode. For one, the persistent SPDY connection between the user’s tablet and Amazon’s servers is always encrypted. Accordingly, if you are using your tablet on an open Wifi network, other users on that network will not be able to spy on your browsing behavior.

Amazon does not act like an anonymizing proxy, because it does not shield your IP address from the websites you visit or strip unnecessary information out of the outgoing request. Indeed, because the XFF header is set for HTTP requests, your IP is still passed through to the websites you visit. Other headers, such as the HTTP referer header, are set as normal. Thus, the website you are visiting using Silk has access to the exact same information that it would if you were using a normal browser.

Shares of beleaguered Blackberry maker Research In Motion dropped more than 5 percent today after the company tried to make up for a four-day BlackBerry outage by offering customers $100 worth of free apps and technical support. That outage was a quiet killer. But what should they have offered their loyal users? Other than an iPhone or an Android phone, I mean. Your suggestions welcomed in the comments.

VLC coming to Android —

The open Android ecosystem keeps on getting more interesting. Austen Dicken, a key developer on the CyanogenMod project, is making great strides in porting VLC Player, the best, most versatile media player in the universe, to run on Android handsets and tablets. — Cory •