I've just done an OTA update to PR1.2. After the first reboot I got a text message from Nokia telling me that my MyNokia registration had failed.

Huh?!?

I went to the Settings page and read the terms and conditions attached to MyNokia and it states that my device will automatically send a message to Nokia with my number (obviously!), serial number and some other stuff.

That's just plain cheeky and I'm not happy about it.

it is an optional registration (it asks you to accept or decline DURING the upgrade, so you must have accepted, or do you just click yes to stuff without reading it?). Think it uses your nokia/ovi login. It apparently gives you hints & tips if you register. Sounds crappy, but I registerd anyway - don't see any issue with Nokia knowing who I am based on my existing voluntary registration with them & I can turn off the contacts if it turns out to be a PITA.

That's the thing, it DIDN'T ask. And no, I don't just click through Yes/OK/Whatever.

I don't mind sharing some info with Nokia. But I DO mind them having my number.

go to settings, my nokia, then unsubscribe!

Yes, I know that. Which also fails, BTW.

My problem is the sneaky way in which Nokia tried to do it in the first place.

as i posted elsewhere - the failure may be because you are running a modified browser agent to get full versoin of facebook? That was my case, and I know it messed up Ovi store - so, I reset the agent to stock, retried the registration via settings/myNokia and it worked OK.

@xmob - if you weren't asked, did you flash the 1.2? I updated OTA, and I got a full screen blurb with a dialogue asking me to confirm Nokia's T's & C's before proceeding with the registration.

I did an OTA upgrade. I have not changed my UA.

It would be interesting to go through the upgrade process again, but I really can't be bothered downgrading just to upgrade again.

I'm going to put it down to "one of those things" for now.

I had the prompt. makes me wonder do you have everything unmodified? I mean kernel, system settings outside GUI settings etc

I have done a full clean PR1.2 firmware flash including the eMMC.

Then when I check the "My Nokia" settings there is NOT AN OPTIONAL CHOICE since the Subscribe button is ALREADY ACTIVE!

My private information is now probably ALREADY sent to Nokia, and unsubscribe DOES NOT work either.

Privacy breaches like this really pisses me off!!! :mad:

As a principle of reason I really feel an urge to boycott this privacy breach by returning my N900 to the store...

It is a long awaited feed for all the anti-nokia bloggers out there.

It sends a sms. i didnt ask me either I have to pay for sms. luckily I had tmobile block all sms to and from my phone. I like nokia but this is just stupid.

I haven't subscibed my nokia. When I clicked unsubscibe I got a SMS from Nokia that the unsubscription did't work. Kinda strange.

well, you can't unsubscribe from something you did not subscribe to in the first place

Subscribe and unsubscribe always send an sms at your cost.

Regardless of whether a notification does/doesn't appear, it's still not very clear that Nokia are doing this.

Upon first use of your device and after you have updated the Nokia device software an activation text message will be sent to Nokia.

To provide you with the services described above your mobile number, device serial number and mobile subscription identifiers will be sent to Nokia upon first use of the device.

I'm sorry, but stuff like this should be in big red letters. Not burried within T&Cs.

I'm sorry, but stuff like this should be in big red letters. Not burried within T&Cs.

Sorry to step in here but Nokia didn't break any laws.

This thread suggests that they are "breaching" some privacy agreement. The true argument is that their Terms should be clearer with what data they use and when they take it.

Moreover, your details are already held with your mobile provider, I'm sure a massive corporation such as Nokia has adequate policies and safeguards and would not sell on your data and risk bad publicity.

i think they've just 'done' every one during the excitement of updating!
i know i just hit yes yes yes to skip it all quickly, i always do, maybe were all gonna get a 250euro bill for the update fee!

i think they've just 'done' every one during the excitement of updating!
i know i just hit yes yes yes to skip it all quickly, i always do, maybe were all gonna get a 250euro bill for the update fee!

Well, I guess we'll just have to see if Nokia start sending us junk texts offering cheap meds or enlargements... :p

The true argument is that their Terms should be clearer with what data they use and when they take it.

Isn't that what I just said?

Moreover, your details are already held with your mobile provider.

Yes, but I gave explicit, informed permission for them to hold my details. They need those details to offer me a service. Nokia don't NEED my details to allow my to own a mobile phone.

I'm not saying that Nokia have broken any laws, but they have certainly broken my trust.

Wouldn't be suprised if it re-activates after the pr-1.2 update to confirm how many devices are switching over,

either way i had this when i purchased the device, and its here again now, i dont really care.

Some of you may feel unsafe, but to be fair, they can't really get much from a freshly flashed :D (Well in my case anyway.)

Isn't that what I just said?

Yes, I was referring to the title of the thread "Privacy breach" which is technically incorrect. But hey who really cares, it's just semantics. And me being a bit of a picky sod...

Well, I guess we'll just have to see if Nokia start sending us junk texts offering cheap meds or enlargements... :p

I joined MyNokia 1,5 year ago (with N95) and they send me crap on regular basis.
More, I have no idea how to "unjoin".

That's the thing, it DIDN'T ask. And no, I don't just click through Yes/OK/Whatever.

I don't mind sharing some info with Nokia. But I DO mind them having my number.

I also just finished doing an OTA update to pr 1.2 - I didn't get any kind of prompt or question...

I'm running a fairly stock device - installed some apps, but no new kernels or anything like that...

After a reflash, I got the "My Nokia" page. It gave 2 choices:
* Read agreement
* Done

I clicked "Done", because there wasn't a "Cancel" or "No Thanks" button. "Done" in my mind doesn't mean "Yes subscribe me" or "Yes start sending out texts at cost to me".

After I received a text from Nokia, I remembered from the My Nokia splash page that you can unsubscribe in the Settings dialog. I did this a couple of times, to be sure. Again, never having been informed that this was sending texts or costing me each time.

It's not a lot of money, but pretty shoddy behaviour in my opinion.

So how does one unsubscribe from this service, or rather how do I make it STOP sending me those "failed to unsubscribe" sms all the time and charging me for them?
Thanks.

Wow, people need to relax. I think you have bigger things to worry about than Nokia knowing you have a n900. Go into settings and unsubscribe and stop crying about your privacy.

MyNokia is a service put into place with only good intentions to inform people. If you have that big of an issue, call Nokia and they'll pretend to care, like the rest of us on this forum

After a reflash, I got the "My Nokia" page. It gave 2 choices:
* Read agreement
* Done

I clicked "Done", because there wasn't a "Cancel" or "No Thanks" button. "Done" in my mind doesn't mean "Yes subscribe me" or "Yes start sending out texts at cost to me".


I don't like the sound of this. Can you cancel (i.e. not agree to sending the details) by clicking outside the dialogue box?

Does anyone know what process or config file could be modified to stop the text being sent? For example, I could update with no SIM inserted, modify the file, then insert the SIM safe in the knowledge that my details won't be sent.

I don't like the sound of this. Can you cancel (i.e. not agree to sending the details) by clicking outside the dialogue box?

It's a window: You have no choice. Well done, Nokia.

I really feel an urge to boycott this privacy breach by returning my N900 to the store...

Yes, you should use the nuclear option for everything that happens with the n900. Really, I'm kinda bored with this "I'm going to burn every nokia device I ever owned and poop on them forever" threat attached to these kind of posts.

It should have popped up a notice, and we have no way of knowing if it did or not for you. In any case, it isn't a breach of privacy unless they leak the info (assuming that somewhere in the T&C it says you'll be providing the info to them, which it no doubt does) or use it in a way that is not disclosed in the terms and conditions.

That's the thing, it DIDN'T ask. And no, I don't just click through Yes/OK/Whatever.

I don't mind sharing some info with Nokia. But I DO mind them having my number.

i am pretty sure Nokia is not gonna give your cell phone a ring and bother you in all my years of using nokia they have never ever ever once called me or bombarded me with spam texts or anything of the sort. i think you will be just fine

Quick answer for you. I just got a text from my Nokia saying new software is available. Just reply stop and no more texts other than the one confirming you wont be getting anymore. Just did it on my Nexus One with tmobile USA. Hope this helps.,

i am pretty sure Nokia is not gonna give your cell phone a ring and bother you in all my years of using nokia they have never ever ever once called me or bombarded me with spam texts or anything of the sort. i think you will be just fine

Yes because they are gathering army of Zombie N900s , soon they will rise and Nokia will control brains of all people who use My Nokia service! I'm the only one who is not aff.....ALL HAIL NOKIA ALL HAIL NOKIA.....

Two points:

1.: it's not fair sending a sms from a user's device without notifying him about that. I think, they could have collected the data as well in another place and send it the next time the users goes online. In any way they should first inform the user and afterwards collecting or sending anything home.

I installed PR1.2 via flashtool because OTA didn't work (and I even didn#t get any message why it didn't work so I just used the flasher). I never saw any question about that stuff and wondered why the hell they sent me an sms. Where did they get my number?

2. In the second sms, which arrived today (I flashed yesterday), they told me, there'd be a new update for my phone. The sms pointed me to www.nokia.de/softwareupdate. I opend this site in a browser and what did I see? Newest update is 2.2009.51.1. :confused:
What do they want from me?

Two points:

1.: it's not fair sending a sms from a user's device without notifying him about that. I think, they could have collected the data as well in another place and send it the next time the users goes online. In any way they should first inform the user and afterwards collecting or sending anything home.

I installed PR1.2 via flashtool because OTA didn't work (and I even didn#t get any message why it didn't work so I just used the flasher). I never saw any question about that stuff and wondered why the hell they sent me an sms. Where did they get my number?

2. In the second sms, which arrived today (I flashed yesterday), they told me, there'd be a new update for my phone. The sms pointed me to www.nokia.de/softwareupdate. I opend this site in a browser and what did I see? Newest update is 2.2009.51.1. :confused:
What do they want from me?

Me too , via flasher both fiasco and eMMC and it didnt even notified me, I was subscribed when I turned it on however I'm not getting any sms from Nokia probably because my operator Rogers is blocking them:D

Well, I actually don't mind them sending me a sms. I guess they won't sell the numbers or start sending ads.

But I really do mind if they make MY phone send THEM a sms without asking ME! It's not the fact that I get charged for the sms but it's a matter of privacy (YES IT IS!) and it shows how they are beginning to handle their customers.

If they want to do something good to me, they can ask if I really want it. But they never did.

After I have reflashed my n900 to PR1.2, n900 has sent an SMS to Nokia. This is a privacy violation. I do not remember agreeing to that and I do not want Nokia to be informed every time I upgrade my firmware, specifically if I have to pay for that. Is there any way to disable this feature?

Settings > My Nokia > Unsubscribe

Settings > My Nokia > Unsubscribe

Choosing this option actually sends an SMS to Nokia.
Will it prevent sending anything to Nokia after the next reflash?

The thread "n900 sends SMS without my permission" with three posts has been merged with this thread.

and my provider does not allow international sms on my plan :D..

and my provider does not allow international sms on my plan :D..
This is not an international SMS. It is local.

66542: Attempt to unsubscribe has failed. Go to "my Nokia" in Settings and try again. Visit http://www.nokia.com/mynokia for more information.

All I can say is WOW.... I was not aware I had agreed to the subscription either.. But not being able to unsubscribe and giving away my details. Definately Breach of Trust

Does anyone know what process or config file could be modified to stop the text being sent? For example, I could update with no SIM inserted, modify the file, then insert the SIM safe in the knowledge that my details won't be sent.

I cannot ensure this'll work (my credit was killed off - three guesses as to what did it :rolleyes:) but you can try replacing /usr/bin/cherry with a script that returns 0. It appears to be the process instigating the SMSes sent to Nokia, looking at the list of numbers contained in it and the references to the SMS D-Bus Service.

This will be covered in a blog article I am about to write. Details like the ones qwerty12 posted will be very helpful.

I have yet to update. Is there any way i can do so without sharing my info with Nokia and without being charged for a text?

Yes, I was referring to the title of the thread "Privacy breach" which is technically incorrect.

it isn't.
nokia makes _your_ phone send _private_ information (yes, your phone number _is_ private information) without your consent and on top of that makes you pay for it.

it's not only a breach of privacy, but at least in germany, and probably the rest of the eu as well, illegal.

and due to the usual incompentent package creation, you can't even simply uninstall that crap!

btw: according to
/etc/X11/Xsession.d/34cherry
that thing tries it sneaky stuff only, when there's no file
/home/user/.cherry_state

thus, one could either create that file

touch /home/user/.cherry_state

or disable/remove the script
/etc/X11/Xsession.d/34cherry

I have yet to update. Is there any way i can do so without sharing my info with Nokia and without being charged for a text?

I have been wondering if I could just pull out the SIM before updating, reboot a few times, and let it do its thing for a while before putting the SIM back in.

That should stop the SMS from going out, shouldn't it?

Unless, of course, it is eagerly awaiting me putting the SIM back in....

I have yet to update. Is there any way i can do so without sharing my info with Nokia and without being charged for a text?

I think nobody knows exactly at the moment.
I made my Update OTA, at the point where I've been asked about this subscribtion I carefully read the terms of privacy, after that there's only a "continue" button, no apply or deny, and the update continues. After updating successfully I got the SMS....

What's really annoying, is that - beside of the eventually costs - it seems that there is no way to NOT receive that message (beside it would be blocked by operator, but this does not mean it is not sent to you). After the first use of the handset after upgrading there wil be an SMS sent to Nokia automatically (!) which contains your phonenumber, serialnumber and identificationnumber
This means that Nokia in any case knows your number(s) and is able to use (abuse) it.

BTW - if you read the terms of policy again you'll find that passus, that the SMS' costs come up to standard.

CU - M_99

BTW - if you read the terms of policy again you'll find that passus, that the SMS' costs come up to standard.

CU - M_99

I have unpacked the terms and it really says, that the SMS will be billed according to the operators tariff. However, it does not say, to which number the SMS is sent, which does not allow me to tell the price.

I have unpacked the terms and it really says, that the SMS will be billed according to the operators tariff. However, it does not say, to which number the SMS is sent, which does not allow me to tell the price.

I wonder if it sends to one of those "short codes" ... which my cell provider does not support... that would be interesting. :)

Using N900 is probably against the Terms of Service of most cell providers in Poland, which generally forbid using their SIM cards for the traffic between the machines.

Edit: not most, but there is at least one which forbids using their
SIM cards for the machine-generated SMS messages.

I installed PR 1.2 via the command line flash tool. I don't recall any dialogs asking me about this. It was only after reading this article that I checked in settings and found that it was defaulted to the on position. I tried to click it off, but found I could not, as I have explicitly blocked SMS on my account. There are many things that piss me off about this incident:

1. Many users who don't like SMS (such as myself) and do not have an SMS plan could have to pay upwards of $.45 a message both coming and going. Gee thanks, Nokia.

2. Once the data is sent, even if we unsubscribe, we have no way of verifying what Nokia is doing with the data.

3. Many phone users may be quite uncomfortable with providing Nokia or any other corporate or governmental agency with their device's phone number, as this can now be fully correlated with other data from OVI store for instance for marketing purposes or in the case of governmental agencies, to track down an individual using tower triangulation & or GPS. This move, while seemingly innocuous has potentially serious real world implications and again, it is hard to determine what those ramifications are now.

Privacy issues don't tend to bite you in the short term, they tend to creep up on you and pounce years latter when you least expect it. How many people have gotten fired because they made incautious remarks on Facebook, expecting them to be kept for friends only?

This issue is serious and should be referred to authorities.

I do agree that this is very disappointing. I also flashed 1.2 before OTA was even an option. I got no prompt or dialogue.

After reading this thread I checked My Nokia, and the "Subscribe" was already greyed out and the "Unsubscribe" is my only option, leading me to believe I auto-subscribed to something I have no idea about.

Now, I have unlimited texting, so this isn't a major thing for me: However, my phone sending any of my information at all without clear, prior, well defined consent on my part seriously makes me go "WTF?!"

How do I know for sure all they stole was my number? Hell.. for all I know at this point Nokia is receiving full lists of all my contacts and their numbers too! Hell.. Facebook likes to share this information with the world.. Nokia could want to gather it all!

(obviously being an alarmist here.. I don't really think my phone is sending every private detail to Nokia - but the point remains: There's a certain trust when you get a phone, and now that trust is hindered. I obviously have no idea what Nokia is doing with my phone.)

Shortly after I first started this thread, I was starting to think that it was only me that wasn't informed that I would be sending a message. I was also starting to think that it was only me that had a problem with it.

It now looks like that's not the case.

I think we (the maemo community) need to push Nokia for an official response to this.

Now, I have unlimited texting, so this isn't a major thing for me

So do I, but the registration process sent the text to one of those 'special' numbers that charge you anyway. My bill says it was 84000 (in the UK) and cost me 10p (15c) per message.

The sad thing is that this used to be one of the things that, from my personal POV, set Nokia apart from the others (esp. Google and Apple): trust. I trusted them. I never thought I'd have to worry about privacy issues with Nokia. Especially Maemo as an open platform... Who would create an open platform and play foul tricks? Unthinkable.

I'm personally disappointed. Why did the managers of the Maemo/MeeGo team do this? How can they blog about openness and trust and building communities and then install a trojan on my phone?

We need Peter, Qgil or konttori to reply back to us on this issue.. I would like to see what their point-of-view of all of this... I am very disappointed of Nokia by this..

Nokia really needs to make an official statement regarding this issue. To me, this represents a clear breach of trust of privacy. I've for years bought unlocked Nokia GSM phones and used them with prepaid sim cards precisely because I value my privacy. I've contact several people in the press who report on privacy & security issues and pointed them at this thread.

The sad thing is that this used to be one of the things that, from my personal POV, set Nokia apart from the others (esp. Google and Apple): trust. I trusted them.....

That's exactly my point. I trusted them. I trusted them six months ago when they promised a new flagship device which will set a new standard in mobile computing. After months of waiting the device still lacks not only in (promised) software functionality, there are also some hardware parts still not officially supportet by Nokia (radio broadcast, infrared, front camara).
I'm tired of waiting, and now knowing my device is not only calling home when I decide to (e.g. for updates), please tell me why shouldn't I choose an Android next ?

CU - M_99

I have been wondering if I could just pull out the SIM before updating, reboot a few times, and let it do its thing for a while before putting the SIM back in.

That should stop the SMS from going out, shouldn't it?

Unless, of course, it is eagerly awaiting me putting the SIM back in....

if i read and interpret correctly, that thing (package is called cherry) will come up at every start and check for the lockfile.
if none present, it will bother you.

i've both created the lockfile and commented the Xsession.d/ script and haven't seen anything of it after connecting to my provider.
according to my provider no sms was sent either.

see:
http://talk.maemo.org/showpost.php?p=684038&postcount=46

a hard way would be to remove the binary and libs belonging to cherry:

dpkg -L cherry

lists all files belonging to that package. delete /usr/bin/cherry and the *.so, *a, and *.la files and remove the matching lines in
/var/lib/dpkg/info/cherry.list
to prevent issues at the next update whatsoever of the package.

I upgraded OTA and I didn't get any warning about this. It was only when I browsed around and saw the (new?) "My Nokia" thing under Settings that I realized that somehow I had been subscribed without my concent, and without letting me read the terms first. Gotta wonder if that's even legal. I haven't yet recieved any sms about it though, so I don't even know if a message was actually sent to Nokia. If so, it doesn't show up in the Conversations dialog. I'm tempted to send an email to customer services to unsubscribe me, because I certainly don't want to put money on the table for Nokias mistakes. I guess if we all do that, they might get a clue.

Thanks arne.anka for your in-depth analysis of the situation!

I'm guessing this is the screen that myself and others never saw. Notice the lack of means of not agreeing.

http://www.xmob.co.uk/downloads/images/cherry.png

From my investigations so far, it seems that this program sends the MCC and IMSI of your SIM to Nokia.

The /usr/bin/cherry program contains the following numbers:

65535
+491771787772
+61416906978
082822828
5555
3546
1723
88108
+420720002434
1231
15977
12150
36300
20270
72626
54009
+852649656884
06305555505
55555
3789
51203
0529997103
+393424113333
3157
1897
1337
32424
6262
2553
2012
09228866542
4777
4404
1871
4440
1550
75665
+421902021021
3838
31630
72660
+886961098566
4808665
84000
8069


Notice how the majority of them are shortcodes. I haven't yet tied each MCC (country) to each number. If I do I will report back.

My SMS went to 72626 in germany. I was charged the usual 9 Ct for this SMS.

One of the '3xxx' numbers is slovenia. Sadly the phone company for some insane reason considers phone numbers I dialed a privacy violation so blanks out the last 3-4 numbers.

Hmm... you never had a Nokia before? This is nothing new, I had it already with my good old N95. They never send you any ads or anything, just some useful tips and tricks about your phone (the less known keyb shortcuts and things like that).

Oh, and I actually had that screen asking me for permission after upgrading OTA to PR1.2 (not the one posted by xmob btw, it actually allowed me to decline).

Notice how the majority of them are shortcodes. I haven't yet tied each MMC (country) to each number. If I do I will report back.

My service provider doesn't support shortcodes, so technically my N900 should fail to register.

But, I have a US model and live in Canada (N900 is not to be released here :( ), so I would assume it should try to send to a US-based number... which could potentially cost me extra if it's successful.

I've been holding off on upgrading for several reasons, now I'm still trying to decide what to do. I'm considering waiting until there is some sort of official comment from Nokia... but given how long we waited for 1.2, maybe Harmattan will be out by then... :D

Here is a tab delimited list of countries and the numbers used:


MCC Country Number used

232 Austria 082822828
470 Bangladesh 5555
206 Belgium 3546
284 Bulgaria 1723
219 Croatia 88108
230 Czech Republic +420720002434
238 Denmark 1231
248 Estonia 15977
244 Finland 12150
208 France 36300 (and 20270?)
262 Germany 72626
202 Greece 54009
454 Hong Kong +852649656884
216 Hungary 06305555505
404 India 55555
510 Indonesia 3789
272 Ireland 51203
425 Israel 0529997103
222 Italy +393424113333
401 Kazakhstan 3157
247 Latvia 1897
246 Lithuania 1337
502 Malaysia 32424
204 Netherlands 6262
530 New Zealand 2553
242 Norway 2012
515 Philippines 09228866542
260 Poland 4777
268 Portugal 4404
226 Romania 1871
250 Russian Federation 4440
220 Serbia 1550
525 Singapore 75665
231 Slovakia +421902021021
293 Slovenia 3838
655 South Africa 31630
240 Sweden 72660
466 Taiwan +886961098566
520 Thailand 4808665
234 United Kingdom 84000
452 Vietnam 8069


If your country doesn't appear on the list, it may use one of these:

+491771787772 (Germany)
+61416906978 (Australia)

I will definitely be checking my phone bill then...

I tried unsubscribe and received a SMS from the listed number for Romania that un-registration has failed.

Then... We can say that deleting "/etc/X11/Xsession.d/34cherry" after the update & without the SIM card solve the problem?

Then... We can say that deleting "/etc/X11/Xsession.d/34cherry" after the update & without the SIM card solve the problem?

I have booted the phone with a prepaid simcard with a negative balance, the .cherry_state file has been created. Then I have put in my regular simcard and an sms has been sent to Nokia. So I think it will not work.

This is what the status of "My Nokia" looks at my device. Somehow it seems to not be activated, but I already sent and received SMS.

It's encrypted in German. I assume it says "subscribe" and "unsubscribe"?

Settings > My Nokia > Unsubscribe

I haven't upgraded yet. There is no such option in my PR 1.1 N900.
How do I upgrade without my N900 sending any information to Nokia or any other agencies?

If I take a SIM-card out, and make a OTA upgrade through WLAN or Bluetooth-PAN, will it send a SMS later when I insert the SIM-card?

Reading the posts, this seems Nokia has broken the rules, if not laws.

Don't know if it sends one no-sim, but it's likely. During reflash, phone goes offline at least to update GSM modem firmware so it's likely it's sent after the first boot. If it fails, it will be kept in the outbox at least, if not retried.

But do try, it's be nice to see if it at least pops if it's failed or delivery failed. I never saw anything like that and hiding that as well as the SMS IMO proves the intent to hide the sms as opposed to, you know, slipped their minds

It's encrypted in German. I assume it says "subscribe" and "unsubscribe"?
It's more like subscribe and cancel. I never touched any of these buttons. Luckily I can go around by tapping above the message, so it disappears.

Epic fail!

I haven't upgraded yet. There is no such option in my PR 1.1 N900.
How do I upgrade without my N900 sending any information to Nokia or any other agencies?

If I take a SIM-card out, and make a OTA upgrade through WLAN or Bluetooth-PAN, will it send a SMS later when I insert the SIM-card?

Reading the posts, this seems Nokia has broken the rules, if not laws.

When you upgrade, it'll ask you if you want to do this. If it doesn't, just go to My Nokia and unsubscribe

People were putting there information including phone number on Nokia/Ovi site to get rebate. You can't unsubscribe through Settings > My Nokia it gives you failure massage. I did it through website.

You can't unsubscribe through Settings > My Nokia it gives you failure massage. I did it through website.

Mine didn't

When you upgrade, it'll ask you if you want to do this. If it doesn't, just go to My Nokia and unsubscribe

I did OTA, and it never asked. I goto unsubscribe (subscribe is greyed out) and then an SMS arrives saying unsubscribe failed. WTF is going on? Does Nokia secretly have my info or not?

I did OTA, and it never asked. I goto unsubscribe (subscribe is greyed out) and then an SMS arrives saying unsubscribe failed. WTF is going on? Does Nokia secretly have my info or not?

If they didn't before... I'm pretty sure they do now.

I haven't upgraded yet. There is no such option in my PR 1.1 N900.
How do I upgrade without my N900 sending any information to Nokia or any other agencies?

If I take a SIM-card out, and make a OTA upgrade through WLAN or Bluetooth-PAN, will it send a SMS later when I insert the SIM-card?

Reading the posts, this seems Nokia has broken the rules, if not laws.

I am afraid it will. I think that removing /usr/bin/cherry and its control panel libraries, as stated in one of the previous posts, would prevent this, but I am not sure, if this SMS is not buffered somewhere.

Thats why i never was big fun of all those social gathering places like myspace facebook twitter or whatever its. Dont have it on my phone or my computer. Not that i have something to hide but that there always someone psycho so call big brother who really think that there's something defiantly should wrong with you. Im sick and tired of it.

You know, it's weird but I'm less worried about phychos and big brothers than I am of ending up in a public database. When I moved, there were years of confusion with the address and, at some point, I even received a 24 hour forced enforcement order. I had to call people myself.

I also had to abandon several mail accounts because someone sent me an e-greeting. Once listed, the next day I has 1220 spam emails. I have a screenshot.

My phone is my temple. I only give out my number to people who I have the number of and go as far as to not answer unknown numbers. If the list gets out and I get targeted ads, I don;t know what I'll do. I've had this number for 10 years. And no, I don't have an IM account, Facebook, Whatisitsname dot com and no pictures online. Me and my digital self are not on speaking terms.

To me, that's the reason this annoys me so much. If the list gets out, I forfeit my number, my long-client bonuses, have to notify people I no longer want to talk to, and dump my SIM.

I know I'm on the extreme side, but surely this level of discomfort beats a yes/no prompt?

It's more like subscribe and cancel. I never touched any of these buttons. Luckily I can go around by tapping above the message, so it disappears.

That's great. Mine said Subscribe and Unsubscribe and Subscribe is grayed out.

With a little luck, it just remembers your OVI user/pass and if you allowed communication ... who am I kidding, they sent an SMS.

I believe there was a threat here about creating an application that allow you to block unwanted messages just like the one to block a phone numbers. So it would be possible to setup receiving SMS only from your contacts list for example. Not even mention that you ending up paying for all those spam messages.

I have booted the phone with a prepaid simcard with a negative balance, the .cherry_state file has been created. Then I have put in my regular simcard and an sms has been sent to Nokia. So I think it will not work.
Hmm... But that file/script, I think, it's responsible of to create the .cherry_state file, so... maybe deleting it or just disabling its commands into the script file could do the job... just my thought...

Has anyone got it somehow?

I flashed my phone as well. Fortunately for me, I blocked SMS on my phone - (1) It is technologically inferior and (2) Even if I subscribed to an unlimited texting plan, it does not add value to me.

I flashed my phone as well. Fortunately for me, I blocked SMS on my phone - (1) It is technologically inferior and (2) Even if I subscribed to an unlimited texting plan, it does not add value to me.
???
What are you talking about? N900 or another phone?
(1)If you're talking about N900... How did you get it?
(2)If you're talking about another phone... who cares?

One thing I know for sure... I'm not going to update until this BIG PROBLEM get solved... and... if we don't get it solved... I will return or sell my N900.That for sure.

Regards.

PS: I cannot understand how it's possible that this thread it's not full of post and without a stick. Nokia is clearly breaking the law on this matter.

PS: I cannot understand how it's possible that this thread it's not full of post and without a stick. Nokia is clearly breaking the law on this matter.

What law? Can you please cite the statute or common law precedence?

I thought about a class action over the cost of a text times the number of phones, but even then, the average marginal cost is low since most people have an unlimited plan, so call it $0.05. Times maybe 500k phones that updated and damages to the class are $25,000 - not worth a lawfirm's time.

Regarding the privacy violations, I haven't checked, but I'm betting that nokia's privacy policy states that they may collect a large swath of information. Even if it doesn't, intangible damages like loss of privacy of a number are very hard to monetize, so again, I don't think anyone is going to go after nokia, legally.

I agree with the sentiment that this is the wrong ply on Nokia's part, but i think that it really just comes down to is this enough to make your next smartphone purchase not be nokia?

What law? Can you please cite the statute or common law precedence?

I thought about a class action over the cost of a text times the number of phones, but even then, the average marginal cost is low since most people have an unlimited plan, so call it $0.05. Times maybe 500k phones that updated and damages to the class are $25,000 - not worth a lawfirm's time.
What are you talking about? It's not a matter of how much money the people spend by installing this update. It's a violation of the people's privacy. I could imagine that laws concerning computer piracy may be relevant on this topic. Nokia is installing a program that is suitable to collect private data and send them to a foreign server (at least if you live outside of finland). That is exactly what most spyware does and people go to jail for that.

Regarding the privacy violations, I haven't checked, but I'm betting that nokia's privacy policy states that they may collect a large swath of information. Even if it doesn't, intangible damages like loss of privacy of a number are very hard to monetize, so again, I don't think anyone is going to go after nokia, legally.At least in germany there is a thing called criminal law and it's used even if it is no matter of money.

I agree with the sentiment that this is the wrong ply on Nokia's part, but i think that it really just comes down to is this enough to make your next smartphone purchase not be nokia?This is another question. After Nokia closed it's location in germany many people said "uuuuh, never ever buy anything from nokia, they are so bad". I guess they just don't remember anymore.

I never got any screen warning me about any of this either. Such stuff really bugs me, much like having to have a Google account to activate an Android phone.

Like others here I'd hit 'Unsubscribe' and gotten a 'Failed' return SMS. As it turns out, that's good - it's actually telling you you can't unsbscribe to what you aren't subscribed to. More about that later.

I decided to take a less technical, ordinary-user approach to what could learned about data collection and how to stop it. After all, most N900 owners won't be coming here for which files to delete, etc. Turns out not too much.

Regarding stopping the service...from the MyNokia Support FAQ:

"Q: How can I opt out of receiving communications from My Nokia?

A: You can opt out of receiving My Nokia communications at any time. The easiest way is to go to nokiausa.com/mynokia and log in to your My Profile section. You may also opt out via SMS by sending the text “STOP” to 21342."

I sent a 'STOP' message to 21342. No reply, nothing happened.

I already have an Ovi acccount so I went to nokiausa.com/mynokia and logged in successfuly using my Ovi ID and password. That took me to a registration page already partially filled out but only with what little information I had given when I registered for Ovi - name and email address but nothing else - no phone number, home address, gender, birthday etc. Could not find a 'My Profile' section. A little more mucking around and it was clear I couldn't find My Profile because I didn't have one. IOW I had not automatically been registered for My Nokia. If I wanted into it, i would have to complete the registration form and choose to opt in. That's Good.

Regarding data collection...other than reading a short story that is the Terms of Conditions in Settings > My Nokia I never found any additional information - using normal means, understand - about exactly what info had been collected and sent or how to stop it. Nothing technical at all. That's Bad.

I'm pretty security-paranoid usually. It was a primary consideration in switching from Windoze to linux 11 years ago. it's one of several reasons I'll never own another Android phone. But I admit after learning all I could here and elsewhere I'm not particularly alarmed about this. The Big Brother quotient going on is still much less than Google or Apple. Just smells really bad more than anything.

I'm now in this boat too. I couldn't update OTA so I used the CLI flasher (since NSU is Windows only and seems to not really work very well anyways).

As far as I can tell, I never sent any SMS to Nokia (didn't receive any either) but My Nokia in Settings only had the unsubscribe option. Just now I stupidly hit unsubscribe and got the 'failed to unsubscribe' SMS back. I'm guessing this is just more QA failure on Nokia's part and I wasn't subscribed to begin with, good thing they've definitely got my info now...

The cherry package (the one that contains the MyNokia related programs) includes the development (.la and .a) versions of libraries, so obviously this package did not go through any QA.

Sorry to step in here but Nokia didn't break any laws.
(....)
'm sure a massive corporation such as Nokia has adequate policies and safeguards and would not sell on your data and risk bad publicity.
Haha.
Remember google? Using their streetview cars to record private WLAN data?
Probably not illegal either, but on such a big scale... seriously.
And their response?
"It was an accident and we did not notice an extra terrabyte of data per day that wasnt even pixel data.
Whoopsie"

Anyway, in my update I too only had the choice between "Read eula" and "Done".
I read somewhere in this forum that I could have just tapped outside of the window somewhere and that would have meant "I do not accept that crap". But can't confirm that.
Another rather sneaky aspect is that this SMS doesnt even appear in your SMS logs. It gets smuggled out somehow.

In what files in the filesystem outgoing delayed SMS messages wait to be delivered?
Say, if I next week upgrade OTA throug USB-networking without SIM-card.

Who changed the topic subject, and why?

In order to seek damages to privacy you need proof of intent and you can't possibly prove that. Message is legal and well intended if you pressed the button and the hiding is an UI decision. They can (and will) say someone had a loose checkbox and the release went out with a true instead of a false.

A regrettable oversight on our part and measures will be taken...

Before making this too big issue, please go to site you downloaded pr1.2 and read eula and privacy statement there.

You didn't read them when downloading ? Shame, since otherwise you would known that by downloading you agreed those terms and thus gave permission for data collecting.

And on Software agreement; software is provided as it is. If automatic registration is part of PR1.2, then you either accept that or you won't upgrade, simple as it is.

Who changed the topic subject, and why?

I did. "Security breach?" wasn't descriptive. Other threads were opened because people didn't see this thread or didn't realize it might have to do with their problem. The automated, similar thread search during new thread creation had little chance of finding this existing thread. And the longer, descriptive title should draw more attention, alerting other users to the problem.

Before making this too big issue, please go to site you downloaded pr1.2 and read eula and privacy statement there.

most of us didn't "go to a site". they only clicked on an orange exclamation mark.

First of all people should read sometime things calling "Terms and Conditions". And i got to say not a pleasant thing. I think if people pay more attention to that in all the products that they buy probably most of them will think twice before buying anything especial concerning technology and communication devices.
So i flashed my phone the good news is that rootsf jumped from 74 to 92Mb. But the bad news i still getting that failed message. Although i did unsubscribe from nokia.com/mynokia as i posted in a previous post.

Nokia you owe me one dollar for messages that i didnt ask :D
and stop invading my privacy ! :cool:

I think this a BIG issue, no the one to make jokes...
I don't care about their "Terms & Conditions", if they abuse on them, they are invalid, at least here, in Spain.

Regards to all.

PS: Personally... that only a few who are regulars to this forum showed great concern over this... makes me feel great embarrassment.
We have the world we deserve...

I am sure the fanbois are concerned about this issue as much as anyone. They just can't say it.

Before making this too big issue, please go to site you downloaded pr1.2 and read eula and privacy statement there.

You didn't read them when downloading ? Shame, since otherwise you would known that by downloading you agreed those terms and thus gave permission for data collecting.

And on Software agreement; software is provided as it is. If automatic registration is part of PR1.2, then you either accept that or you won't upgrade, simple as it is.

Would you mind if your N900 after the upgrade started mass sending of premium SMSes leaving you with a bill of several thousand Euro?

Before making this too big issue, please go to site you downloaded pr1.2 and read eula and privacy statement there.

First of all people should read sometime things calling "Terms and Conditions".

Don't forget that some of us never saw any T&Cs to accept.

I did. "Security breach?" wasn't descriptive.

That wasn't the original subject.

From section 4.1 of the maemo.org T&Cs:
Thus, the advice, views, opinions, and validity of information expressed are solely the responsibility of the original sender.

Unless somebody changes it for you!

Don't forget that some of us never saw any T&Cs to accept.
That's the REAL problem... at least, for me...

That wasn't the original subject.


You're right, the original title included "PR1.2".

06:17, 28th May 2010 sjgadsby Thread title (original 'PR1.2 Privacy breach?') changed

06:17, 28th May 2010 sjgadsby Thread title (original 'PR1.2 Privacy breach?') changed

See the subtle difference to the original quoted subject title?

It's minor, I know, but important nonetheless.

Now let's get back to discussing the Nokia faux pas.

most of us didn't "go to a site". they only clicked on an orange exclamation mark.

Also, I'm not clicking anything that says "Stop" "No" or "Cancel" when flashing firmware. Once it's done we discuss.

Would you mind if your N900 after the upgrade started mass sending of premium SMSes leaving you with a bill of several thousand Euro?

this is gotta be the worst post in this thread....

Have I understood correctly, right now only way to avoid this is not to upgrade to PR1.2 ? Even if I upgrade without SIM-card, after SIM-card is installed, it will send the SMS?

I am sure somewhere in the filesystem is the SMS which is delayed, which can be manually deleted before SIM-card is inserted?

Shouldn't outbox messages expire in like 24 hours? Do they stick around? Does the message show in outbox?

Oh, I have an idea. Set the SMSC to a bad number before re-insering the SIM. That should fix its wagon?

outbox expiring can be configured while sending a message. from 3 hours to "max time" (that comes after 7 days if I remember correctly)

I guess it should be possible o avoid the subscription by pressing on the empty screen area above the popup dialog (as everywhere in maemo5). Haven't tried it though... I have fallen into the trap too by just hitting the "Done" button.

In my opinion the dialog that asks about the subscription really should have "Yes, subscribe" and "No, don't subscribe" buttons instead just the "Done" button and not offering a clear way to refuse the service.

Regarding the error when unsubscribing: I noticed that when pressing th unsubscribe button it sends out the SMS but doesn't disable the button. Pressing it a second time, sends out a second SMS. A few seconds later you get get two replies. One containing the unsubscription confirmation, and a second one containing the error message because you are already unsubscribed. I noticed the successful unsubscribtion only at a closer look.

This clearly shouldn't be the way to go...

I upgraded (OTA) to PR1.2 without a SIM, and did not have a SIM in my N900 since then.

I have a file changed on May 26 12:02, which sounds like the time I upgraded:

/var/spool/sms/regs_out.txt

With content:

ba212ae1-4bfce3b7-1-/com/nokia/phone/SMS/ba212ae1


The directory /var/spool/sms/outgoing is empty.

I wonder what this means.

outbox expiring can be configured while sending a message. from 3 hours to "max time" (that comes after 7 days if I remember correctly)

How?

fillfillfill.

i dont know what some of you talking about. But how come not to see this:

And my concern not even about if Nokia will keep sending me text messages but Why i cant unsubscribe even after unsubscribing from website. Thats what bothering me. And beside also that probably many of us have an account @ OVI and they even have my phone number again as i mention before that was one of the requirements to get a rebate from Nokia have to sign on to OVI store and receive SMS as confirmation. Not mention Nokia messaging need phone number too. So as great George Carling used to say " They got you by the balls...

i dont know what some of you talking about.

stating the obvious.

1.: it's not fair sending a sms from a user's device without notifying him about that. ...

The sending of an SMS at the first run of an application is what caused a furor in the Ovi store when NewLC released the Symbian application Phone Info. In that instance the application was offered at no charge but sent an SMS to a UK number on first start-up. I believe it asked permission prior to sending but it has been many months and I do not recall. For many people this is an international SMS and caused some folks to have to pay the international SMS rate to use the free program. The argument went that the application was not really "free" since they had to pay for the SMS. That NewLC did not receive any funds did not enter into this discussion.

Phone owners are very sensitive about what comes from and goes to his or her phone to the point of irrationality at times. I can understand it. The feelings expressed by x-lette are widely held.

I do not recall receiving a notification about the Nokia SMS as part of the PR1.2 update. However, it saved me from having to add the device to my Nokia account. I had previously registered my 5610 and 5800 XpressMusic. For these devices I receive about three SMS or e-mail notifications per month. It is because I was already with an account that I didn't attach any importance to the notification, if I received it.

I do not feel there was a privacy breach in the sense that my personal information is "out there". I guess it all comes down to one's personal tolerance for having this sort of information extracted even for limited distribution.

The SMS is not charged....I think

The SMS is not charged....I think

It is, depending on your plan.

It is, depending on your plan.
In Spain, we have not sms plans but, even that, i'm abroad so... if I update it means international sms.
But... al least for me... as stated before... the problem isn't the sms money. It's that sms is sent with personal info & at our expense without give us the option to say... NO!!!

How?

fillfillfill.

with a byte in PDU string

http://wiki.maemo.org/VertSMS/secret

there is some additional information about what data is included when you send a message. (delivery report, msg type, TON, ....)

I guess it should be possible o avoid the subscription by pressing on the empty screen area above the popup dialog (as everywhere in maemo5). Haven't tried it though...

No, it's impossible. Its a Windows and not a Dialog. :(

The bugs.maemo.org reference for this is Bug 10366 (https://bugs.maemo.org/show_bug.cgi?id=10366). If you dislike this behaviour, please "vote" for the bug there, but please don't add comments to that bug report as it's not designed to be used as a forum. Please keep discussion here.

i didn't find any odd number in my billing specifications, so it seems no text message was sent from my phone. i had downloaded the image and reflashed the device. during installation i was not asked to agree on anything, afair.

the first time i opened the "my nokia" settings, it took quite some time for the application to launch. when it launched, the subscribe option was greyed, and i could click the unsubscribe button. i did not, just in case.

this all is a bit confusing and imho a serious issue of trust. i too would appreciate some communication about this from ari or quim.

Thought I avoided this one, sadly check my account and this number shows up 491771787772 :mad:.

I flashed mine sys and emmc and then restored my back up. never remember seeing anything about sms. I did goto my ovi store account and it had sms unchecked, but I'm not sure it that was like that before or after I press (only choice) unsubscribe (rookie move :().

I never received any sms's at all and nothing in the out box (pretty sneaky sis), you would think they would do that over wifi.

I too chose this phone so I wouldn't have to activate it or login to use it. I enjoy controlling what nokia know about me or my uses (not that they really care about me, probably more about stats) so this is a bit of a let down and hint to what coming down the road..I think.

I'm happy that this community is on top of it (another reason I got the n900) though I wish I would have know about the cherry stuff before I updated (dammit, thought I waited long enough..:()

So what's next? Bug report? Hack'n & delete'n? Curs'n & spat'n...;)

x

it isn't.
nokia makes _your_ phone send _private_ information (yes, your phone number _is_ private information) without your consent and on top of that makes you pay for it.

it's not only a breach of privacy, but at least in germany, and probably the rest of the eu as well, illegal.


If they didn't ask for permission, it is indeed illegal in all of the EU. Directive EC95/46 clearly establishes that, and it was transposed into Finnish national law by way of the Personal Data Act (June 1999).

Maybe someone should contact the Finnish Data Protection Ombudsman:

http://www.tietosuoja.fi/

Greetings.

I assume the source code for the cherry executable and libraries aren't available?

Does the .cherry_state file contain anything, or is it just a 0-byte length file which means something by its presence or absence?

Well, it's a bit late for that now, the message was sent for most of us.

Also, that bug report makes me wanna scream. All kinds of people reporting that the SMS costs money and then they have to pay 2 messages. TWO! You'd think they had to sell their car.

The problem is that they send personal info to Nokia. The very nature of the service is keeping a list of numbers, all having N900 phones. I don't want to start receiving SMSs with personalized offers. If they do, I'll go and not quietly. Nokia can have a testimony from my phone company when they started sending me "offers" through the SMS service.

They subscribed me by opt-in, and sent me a pre-paid envelope I should manually check what I want, then mail it back. In the mean time, they would keep sending me stuff. That was a heck of a show. After threatening to move my whole company to the competition and lodging several complaints with various regulatory bodies, they backed down and unsubscribed me. I probably have a big red comment in my file that says "Don't send anything to this nutcase".

And I'm loving it. This isn't Google, it's not free. I pay for my service and my phone and it should be ad free. Advice free. Hint free. Whatever.

And just to give you the idea of what pushed me over the edge, after days and days of inane messages, I went to bed at 6 AM, completely shot. At 8 AM, phone rings (2 hours sleep in 48). I jump out, fiddle with the controls, I answer. A robot voice informs me that staring today, there's an offer ... I hang up, swearing. I must have dozed of for 2 seconds, the phone rings. Scramble up, answer. "Starting today ...". Hang up. The third time my brain actually boots up and I realize they'll keep doing it until I press whatever DTMF they want. I pull the battery.

6 PM, I wake up. Power the phone, a SMS pops in under 10 seconds. "Starting today ...". Apparently, if I am fast enough to press the DTMF when they call me, I get SMSs to 5 cents from the regular 7, on Monday. During the day, until 7 PM (09:00-19:00).

That's when I snapped.

I'll fight tooth and nail for my right to have a ring tone attached to my SMS and sleep at night. My phone is an important tool. People call me when a server is down and a hundred people stand still, twiddling thumbs, at 3 AM. When it rings, I jump. I get SMSs from fire alarms and monitoring stations. When I get an SMS, I read it. This isn't the number to send junk to.

Some people like junk emails, junk SMS, notifications and attention. They go vacationing with friends. I don't want attention. I leave for a small island in a country where I can't understand the language.

Am I in the minority about the privacy over price?

It's not the end of the world! Just unsubscribe!

Well, it's a bit late for that now, the message was sent for most of us.

It's not too late for those of us (like myself) who haven't yet updated to PR 1.2. We shouldn't give up trying to analyse/fix/workaround this bug yet.

I'll need instructions what to do, after I have upgraded OTA through USB-networking without SIM-card, so the SMS would not get send, when I first time boot N900 with a SIM-card.

If Nokia sell the N900 in your country, maybe you can ask them this exact question.

At the first run in PR1.2 i just got a message asking me for My Nokia registration ...

For all those, who say its not a problem, if Nokia does that - is it a problem when another company does it ? What if other installed software also wants to send SMS ? What if more than one SMS gets sent ? Is two also ok ? ... or 5, or 10 ?

Where do you want to draw the line ?

I draw my line at zero SMS from nobody.
This behavior is not ok, not by Nokia and not by any one else. Period.

Am I in the minority about the privacy over price?

I consider them both equal:

No stealing my information to begin with... and no making me pay for you to steal my information either! It's not one "over" the other.. it's additional ammo to load the firing squad with. It's like salt on the injury type of thing.

Well, it's a bit late for that now, the message was sent for most of us.

still it's worth voting for the bug and discussing the issue. there'll be consumers who buy new n900 with pre-installed pr1.2. there may even be a new firmware following pr1.2 for us. in both cases i don't want to see this bug again. a pr1.2.0.1 for new devices needs to fix this... and it needs to be fixed for each and every future update.

Am I in the minority about the privacy over price?

probably, because i share your opinion on this (price is hardly the issue here) and i'm always in the minority. :D

odd, which networks charge for these service msgs?
All nokia handsets now do this regardless of os. Its quite a handy knowing when updates are available etc. It only gives basic tips to basic handsets as far as i know.

Surely it is part of Nokia's package you buy into with a phone? I see no privacy breaches really as airtime operators swap info with the manufacturers anyway.

odd, which networks charge for these service msgs?
All nokia handsets now do this regardless of os. Its quite a handy knowing when updates are available etc. It only gives basic tips to basic handsets as far as i know.

Some operators here in Canada charge for incoming text messages, and I'm pretty sure most operators (at least in Canada and probably the US, and probably others) charge for outgoing texts unless you have some texting plan. I get 50 outgoing texts a month and don't even come close to using all of them, so it's not the text charge I'm concerned about...

All nokia handsets now do this regardless of os. Its quite a handy knowing when updates are available etc. It only gives basic tips to basic handsets as far as i know.

Surely it is part of Nokia's package you buy into with a phone? I see no privacy breaches really as airtime operators swap info with the manufacturers anyway.

the last nokia handset i bought (3720 classic) did not do this. none of the nokia phones i bought before did. also the n900 didn't before pr1.2. so it's of course not as usual as you say. - if it's a handy feature, i want to be told about it and activate it myself. besides, if it only tells you about updates, why would you need it on a maemo device? we get the orange icon, anyway.

as for the "nokia package you buy into": you usually don't. i got my n900 from my carrier. no nokia package. i accepted a lot of terms and conditions from my carrier to get the n900 for €250,-. "my nokia" was not part of the deal.

It's not too late for those of us (like myself) who haven't yet updated to PR 1.2. We shouldn't give up trying to analyse/fix/workaround this bug yet.

I didn't realize there were a number of people still hanging back. I hung back for 2 days before giving up. All this post-factum talk, it slipped my mind.

Well, if it's the cost you're bothered by (I know it's not), I'm sure it's not much. If I had known, I'd borrow a SIM card from someone who gets a lot of messages, or uses a disposable SIM. Or, buy a pre-pay. Out here you can get one for like 10$ if you're really cheap. That comes to 100 times the cost of the SMS, but no number publishing.

I assume you have the option of copying the "done" file from one of the phones that have already sent the message (in your country/zone), nuking the package before it sends, or, in extremis (but free) call the provider and ask them to suspend SMS service for 24 hours until the darned message expires (if sent).

I also assume one could modify the target number in the said file to point to yourself, that way it gets delivered. You can even send yourself tips about new versions!

still it's worth voting for the bug and discussing the issue.

Yes, yes it is. I didn't suggest stopping, I was just ... well, ranting apparently. Well, I'm sure whoever is at the other end of the bug knows full well the price of the message is precisely nothing, it's the principle of the thing. And the bad, bad publicity this gets them.

Nokia needs bad publicity now like skull vents. I still can't believe anyone gave this idea the green light. Who's that naive?

ETA:

as for the "nokia package you buy into": you usually don't. i got my n900 from my carrier. no nokia package. i accepted a lot of terms and conditions from my carrier to get the n900 for €250,-. "my nokia" was not part of the deal.

I got the package from Nokia for full 600E price (ouch) and I never got anything like that. Also, there's nothing on the cover, and once you crack open the box you get still nothing, just the phone, charger, adapter, cable, headphones and extra plugs, screen wipe, etc. No manual, no warning, nothing.

You can't justify acceptance after the fact. This reminds me on some guy's rant "One of these days I'm gonna put a brick through Sony's window. On that brick will be a paper that says <by accepting this brick through your window, you accept full responsibility ...>".

Surely it is part of Nokia's package you buy into with a phone? I see no privacy breaches really as airtime operators swap info with the manufacturers anyway.

They certainly don't in the UK! That's just crying out for a DPA/ICO investigation.

the last nokia handset i bought (3720 classic) did not do this. none of the nokia phones i bought before did. also the n900 didn't before pr1.2. so it's of course not as usual as you say.

Well it definetly is usual now, certainly every handset from nokia sold in the last say two months automatically opts in to 'my nokia', well ones of which i have sold. This just lead me to beleive that it was now common practice now.
I certainly think they should have kept the opt out option, though i don't see this is the extreme issue that people may be making out.

I certainly think they should have kept the opt out option, though i don't see this is the extreme issue that people may be making out.
Did you read the message from the guy who gets messages at all hours of the day and night regarding serious matters at work? Maybe he is using an n900 for this precisely because it is one of the very few phones that can actually be used to fix a wide variety of problems involving computers from almost anywhere in the world. It may not be as grave as a telemarketer calling a diplomatic hotline reserved for imminent nuclear war, but no one required to receive emergency messages should have to endure junk messages or calls.

I suppose that you think pickpockets are not much of a problem if they don't take much and tell you first.

It's not too late for those of us (like myself) who haven't yet updated to PR 1.2. We shouldn't give up trying to analyse/fix/workaround this bug yet.

well, i described a way (technically two) to prevent that kind of stuff.
since i read beforehand something about pr1.2 calling home, i did the upgrade w/o sim and before putting back the sim, i investigated.

for details see further back in the thread, but basically it boils down to two scenarios:
- at the start of the gui, a script runs that checks for the existence of a certain empty file -- if it isn't there, my nokia hasn't bothered you and you should be bothered now. according to the scripts comments, the binary doing the bothering checks the file, too (script tries to speed up the check)
thus: disable the script, create the file
- the package (cherry) owning script and binary can not be uninstalled (easily) due to the usual incompetence on nokia's part (although, with ideas like the issue at hand, it's more like deliberate hogtying of users). but you can remove its contents, thus the bothering fails.

btw: according to
/etc/X11/Xsession.d/34cherry
that thing tries it sneaky stuff only, when there's no file
/home/user/.cherry_state

thus, one could either create that file

touch /home/user/.cherry_state

or disable/remove the script
/etc/X11/Xsession.d/34cherry

I have booted the phone with a prepaid simcard with a negative balance, the .cherry_state file has been created. Then I have put in my regular simcard and an sms has been sent to Nokia. So I think it will not work.

Just to be clear about this, does anyone know if creating (e.g. using "touch" as arne.anka suggests) the /home/user/.cherry_state file will or will not be sufficient to stop the SMS being sent, as gwj suggests that the presence of that file did not stop the SMS being sent in his case?

don't know, what gwj did (maybe inserting a sim at all was wrong), but i never saw anything of that sms and my provider does not list any sms sent to an unknown number.

Can someone point me as to how I can download the cherry package? I've found http://maemo.org/packages/view/cherry/ and the links off it, but can't seem to actually download it from there.

Can someone point me as to how I can download the cherry package? I've found http://maemo.org/packages/view/cherry/ and the links off it, but can't seem to actually download it from there.

It's closed source (as usual), only to be found in the SSU repositories. One way of getting it would be reinstalling it (apt-get install --reinstall cherry) and taking the deb from /var/cache/apt/archives afterwards.

Is this messaging anything like operator sending me few SMS messages when I upgrade or return to factory settings on any phone.. usually a welcome message and some settings for my phone.

apt-get install --reinstall cherry

with standard apt,
apt-get -d install cherry
would only download it to /var/cache/apt/archives

with standard apt,
apt-get -d install cherry
would only download it to /var/cache/apt/archives

"install" on its own refuses to do anything here because cherry is already installed and when I do specify "-d" with "--reinstall", it still reinstalls it :\

Is this messaging anything like operator sending me few SMS messages when I upgrade or return to factory settings on any phone.. usually a welcome message and some settings for my phone.
No, those messages are special system messages containing settings for SMS or MMS and get automatically used ('installed') by the phone. Nokia instead is making your phone first sending them a standard SMS and then sends you SMSs with 'important' messages.

don't know, what gwj did (maybe inserting a sim at all was wrong), but i never saw anything of that sms and my provider does not list any sms sent to an unknown number.

This sim card is expired for outgoing calls, but still valid for accepting calls. After I have replaced it with my regular sim, at the boot up I did get a dialog about setting the time, but no OVI dialog.

It's closed source (as usual), only to be found in the SSU repositories. One way of getting it would be reinstalling it (apt-get install --reinstall cherry) and taking the deb from /var/cache/apt/archives afterwards.

I haven't upgraded to PR1.2 yet, so I was hoping to just wget the package from another machine, if someone can work out the URL...

After some hours of researching how to do so, I finally managed to download the cherry deb file. On my PR1.1.1 N900 I used (as root) apt-get install wget then (not as root), wget --no-check-certificate https://qa9recEP:Pat2UGuP@downloads.maemo.nokia.com/fremantle/ssu/mr0/cherry_0.20-2+0m5_armel.deb to get the archive. Strangely, that same wget command doesn't seem to work on my Ubuntu box, only from the N900.

Anyway, of course the main cherry binary is closed source, but I now see the /etc/X11/Xsession.d/34cherry script that arne mentioned, which for the record contains:#!/bin/sh

# Cherry checks for .cherry_state anyway, but testing here makes it faster
if [ ! -f /home/user/.cherry_state ] ; then
. /etc/X11/Xsession.d/04b_start_matchbox
/usr/bin/cherry 1>&2
. /etc/X11/Xsession.d/06stop_matchbox
fi

It would certainly seem that doing touch /home/user/.cherry_state as arne said, should stop the binary from doing anything.

Note that there is also a script called /etc/osso-cud-scripts/cherry-clean.sh which deletes the /home/user/.cherry_state file:
#!/bin/sh
/bin/rm -f $HOME/.cherry_state

Maybe this is called when the user does "Restore Original Settings" from the menu in the Settings app? If that is true, if you ever do that, you might want to touch /home/user/.cherry_state again to stop the SMS from being sent next boot.

I found the changelog mildly interesting, as you get to read a little about how the app developed over time. It contains:
cherry (0.20-2+0m5) unstable; urgency=low

* This entry has been added by BIFH queue processor
version has been changed to 0.20-2+0m5

-- Urho Konttori <urho.konttori@nokia.com> Tue, 16 Mar 2010 16:46:41 +0200

cherry (0.20-2) unstable; urgency=low

* 0.20-2 uses PROD configuration

-- Alban Crequy <alban.crequy@collabora.co.uk> Mon, 15 Mar 2010 12:11:51 +0000

cherry (0.20-1) unstable; urgency=low

* Read environment variables CHERRY_FORCE_MCC_FOR_TERMS and
CHERRY_MCC_FOR_TERMS for debugging
* Fixes: NB#159338 Disable keys ctrl-n/ctrl-u
* 0.20-1 uses QA configuration

-- Alban Crequy <alban.crequy@collabora.co.uk> Mon, 15 Mar 2010 11:50:30 +0000

cherry (0.19-2) unstable; urgency=low

* 0.19-2 uses PROD configuration

-- Alban Crequy <alban.crequy@collabora.co.uk> Thu, 04 Mar 2010 14:23:10 +0000

cherry (0.19-1) unstable; urgency=low

* Fixes: NB#159208 Fix terms cleaning script for h1 titles
* Fixes: NB#159084 Fix terms language with Norwegian SIM cards
* 0.19-1 uses QA configuration

-- Alban Crequy <alban.crequy@collabora.co.uk> Thu, 04 Mar 2010 14:10:55 +0000

cherry (0.18-2) unstable; urgency=low

* 0.18-2 uses PROD configuration

-- Alban Crequy <alban.crequy@collabora.co.uk> Wed, 03 Mar 2010 14:29:48 +0000

cherry (0.18-1) unstable; urgency=low

* Fixes: NB#158773 Cherry uses the correct ovi icon
* 0.18-1 uses QA configuration

-- Alban Crequy <alban.crequy@collabora.co.uk> Wed, 03 Mar 2010 14:24:40 +0000

cherry (0.17-2) unstable; urgency=low

* 0.17-2 uses PROD configuration

-- Alban Crequy <alban.crequy@collabora.co.uk> Fri, 26 Feb 2010 15:20:47 +0000

cherry (0.17-1) unstable; urgency=low

* New PROD configuration from Jukka 2010-02-26
* Terms: add terms for country code 235 (UK)
* New QA configuration from Jukka 2010-02-26
* Terms: add terms for country code 310 311 316 (USA)
* KeyLeadService: set to Store (9)
* 0.17-1 uses QA configuration

-- Alban Crequy <alban.crequy@collabora.co.uk> Fri, 26 Feb 2010 15:02:09 +0000

cherry (0.16-3) unstable; urgency=low

* Fixes: NB#154397 - Cherry integration
* Remove English support for Finland in the PROD image

-- Alban Crequy <alban.crequy@collabora.co.uk> Wed, 24 Feb 2010 15:48:36 +0000

cherry (0.16-2) unstable; urgency=low

* Same as 0.16-1 but with PROD numbers

-- Alban Crequy <alban.crequy@collabora.co.uk> Tue, 23 Feb 2010 14:10:02 +0000

cherry (0.16-1) unstable; urgency=low

* Fix bug on sending SMS to international or short numbers, again

-- Alban Crequy <alban.crequy@collabora.co.uk> Tue, 23 Feb 2010 14:06:10 +0000

cherry (0.15-2) unstable; urgency=low

* Switch to QA configuration for testing

-- Alban Crequy <alban.crequy@collabora.co.uk> Tue, 23 Feb 2010 13:45:17 +0000

cherry (0.15-1) unstable; urgency=low

* Fixes: NB#156627 - powerup_to_get_most text is displayed partially

-- Alban Crequy <alban.crequy@collabora.co.uk> Fri, 19 Feb 2010 17:21:41 +0000

cherry (0.14-2) unstable; urgency=low

* Fixes: NB#156620 - Legal disclaimer looks bad
* Fixes: NB#156703 - My Nokia icon missing in the control panel
* Fixes: NB#156709 - use real phone number instead of QA number
* Fixes: NB#156886 - Unable to unsubscribe if the language is not supported
* Fixes: NB#157395 - An extra button starts with Norsk(Norge)
* Fixes: NB#157494 - Terms and Conditions dialog is empty with Indian SIM

-- Alban Crequy <alban.crequy@collabora.co.uk> Fri, 19 Feb 2010 12:51:41 +0000

cherry (0.14-1) unstable; urgency=low

* Fix bug on sending SMS to short numbers

-- Alban Crequy <alban.crequy@collabora.co.uk> Thu, 18 Feb 2010 16:08:48 +0000

cherry (0.13-1) unstable; urgency=low

* Fix control panel UI in Norsk(Norge) NB#157395
* Production configuration: 2010-02-18 + revert on terms&conditions lang.

-- Alban Crequy <alban.crequy@collabora.co.uk> Thu, 18 Feb 2010 13:50:31 +0000

cherry (0.12-1) unstable; urgency=low

* New QA configuration from Jukka 2010-02-18 with English in Finland

-- Alban Crequy <alban.crequy@collabora.co.uk> Thu, 18 Feb 2010 10:34:53 +0000

cherry (0.11-1) unstable; urgency=low

* Terms and conditions faster to load in the control panel
* Add empty line between paragraphes in Cherry
* Use the real phone number from the configuration
* Terms: use the fallback when the country is unknown
* New QA configuration from Jukka 2010-02-18

-- Alban Crequy <alban.crequy@collabora.co.uk> Wed, 17 Feb 2010 15:42:15 +0000

cherry (0.10-1) unstable; urgency=low

* Enable debug to test US UI and non-US UI
* Ability to unsubscribe from the control panel NB#156886
* Language of terms based on locale
* Fix tidying script of terms NB#156620

-- Alban Crequy <alban.crequy@collabora.co.uk> Mon, 15 Feb 2010 15:32:38 +0000

cherry (0.9-1) unstable; urgency=low

* New config, based on Jukka Ahokas' email
* Update eTerms.tar.gz with Uhro's script and Tidy NB#156620
* Remove last piece of sms-manager
* Send the SMS to the phone number according to the SIM's MCC-MNC
* Add terms in the control panel applet

-- Alban Crequy <alban.crequy@collabora.co.uk> Thu, 11 Feb 2010 16:01:32 +0000

cherry (0.8-1) unstable; urgency=low

* Optimizations on D-Bus calls
* Use matchbox at startup, UI beautification
* Terms and conditions are compressed

-- Alban Crequy <alban.crequy@collabora.co.uk> Wed, 10 Feb 2010 17:46:24 +0000

cherry (0.7-1) unstable; urgency=low

* Packaging: fix integration errors detected by lintian
* Get the phone number associated to the current country and network

-- Alban Crequy <alban.crequy@collabora.co.uk> Tue, 09 Feb 2010 11:43:18 +0000

cherry (0.6-1) unstable; urgency=low

* Update UI according to UI spec
* Display the checkbox for USA
* Display cherry again after usage of Clear User Data feature

-- Alban Crequy <alban.crequy@collabora.co.uk> Mon, 08 Feb 2010 18:41:56 +0000

cherry (0.5-1) unstable; urgency=low

* Add applet into control panel

-- Alban Crequy <alban.crequy@collabora.co.uk> Thu, 04 Feb 2010 16:27:34 +0000

cherry (0.4-1) unstable; urgency=low

* Disable optification for now
* Remove translations, it should be integrated by osso-powerup-shutdown

-- Alban Crequy <alban.crequy@collabora.co.uk> Wed, 03 Feb 2010 14:57:21 +0000

cherry (0.3-1) unstable; urgency=low

* Language check, cleanup
* Fix dependencies

-- Alban Crequy <alban.crequy@collabora.co.uk> Wed, 03 Feb 2010 11:52:29 +0000

cherry (0.2-1) unstable; urgency=low

* Send subscribe and unsubscribe SMS to the QA Cherry server

-- Alban Crequy <alban.crequy@collabora.co.uk> Tue, 02 Feb 2010 14:50:36 +0000

cherry (0.1-1) unstable; urgency=low

* Initial release

-- Alban Crequy <alban.crequy@collabora.co.uk> Thu, 14 Jan 2010 15:32:27 +0000

I hadn't even considered when I installed 1.2 that an SMS would be sent.

Seriously unhappy, even more than I was already. That is the simple reason I didn't go for android was the trickling of information BACK to some corporation. Now Nokia are doing it anyway.

and risk bad publicity.

ROTFL

What like this forum and their handling of everything from the OVI store, Maemo and N900 isn't enough bad publicity. Nearly all Maemo things in google hit back to this forum, nearly all this forum is abuse at Nokia. I would like to see really bad publicity and what makes Nokia actually take action to rectify.

It would be interesting to see exactly what the SMS texts contain, but I'm not quite sure how to achieve that. Maybe we could hack the numbers stored in the cherry binary to a phone number of another phone.

haha I'm happy to have asked Fido to block my SMS out ability long before this ...

The related bug report seems to indicate that the "subscribe" button being greyed out doesn't indicate that you are already subscribed. This could very well be the reason the unsubscribe button doesn't work.

For Tmobile USA customers, you can have mynokia blacklisted by calling into customer care as well. Actually, if you don't use any of the web2go services, you can sign up for content blocking at my.tmobile.com >> plans and services or by calling cutsomer care as well.

After some hours of researching how to do so, I finally managed to download the cherry deb file. [...]
Strangely, that same wget command doesn't seem to work on my Ubuntu box, only from the N900.
Great job! Many thanks for investigating that.
Did you use a normal Linux or did you try to download from within the maemo ide? Might be the server checks somehow from which system you are connecting.

I'm just downloading the file too from my n900 with the UA string set to 'wget'.

Works ;) an empty string works too. They might check something different.

It would be interesting to see exactly what the SMS texts contain, but I'm not quite sure how to achieve that. Maybe we could hack the numbers stored in the cherry binary to a phone number of another phone.

Great idea! I modified the cherry bin, and the message still went to Nokia. I've since found a list of numbers in libcpcherry.so. I've modified that and had success at sending messages to my other phone!!!

They seem to be base64 encoded. I will report back soon with my findings.

I did a firmware and emmc flash.

Was never asked to subscribe. Looking at the option in settings, looks like I am subscribed.

It doesn't bother me at all. They probably just want to know how many people are actually using pr 1.2, upgraded, etc.

I still have yet to get any tips though.

I just went through the license and terms (in finnish) and it reads roughly translated that "This announcement is not valid and welcome screen WILL NOT open on first run and NO sms is sent if the service is not available at your country, in your version of software or in chosen language."

So most likely you who didn't get the welcome announcement or don't have subscribe active won't be able to unsubscribe either - you haven't been subscribed at all in the first place? I can re subscribe even though I already did.

Great job! Many thanks for investigating that.
Did you use a normal Linux or did you try to download from within the maemo ide? Might be the server checks somehow from which system you are connecting.

I'm just downloading the file too from my n900 with the UA string set to 'wget'.

Works ;) an empty string works too. They might check something different.

I've tried wget from a couple of different normal Linux desktops (not SDK), and I get a 403 forbidden. I don't know why wget from the N900 works. Strange, isn't it?

I don't really know enough about deb packaging, but would it theoretically be possible to create a .deb that overwrote or deleted /etc/X11/Xsession.d/34cherry, /usr/bin/cherry, libcpcherry.so (the hildon-control-panel plugin) etc? I guess maemo.org Extras won't host it, but it could be hosted elsewhere.

My aim is to find the most user-friendly way for people to avoid this.

This is not an international SMS. It is local.

Yes it is. My T-Mob bill said the outgoing went to Denmark and the return came from Germany.

I've tried wget from a couple of different normal Linux desktops (not SDK), and I get a 403 forbidden. I don't know why wget from the N900 works. Strange, isn't it?
I guess there are many more points they can chack out. Probably they are just comparing the ip adress of the client with a set of known mobile networks. In that case one should be able to get it with a laptop connected via the n900. Can anyone try that? Or try to get that file when connected via WLAN? I can test neither of them.
It's not really important but now I'm curious ... :rolleyes:

I don't really know enough about deb packaging, but would it theoretically be possible to create a .deb that overwrote or deleted /etc/X11/Xsession.d/34cherry, /usr/bin/cherry, libcpcherry.so (the hildon-control-panel plugin) etc?For sure this is possible. But not the standard way. The packaging system should normally quit installing when there are conflicting files, i.e. overwrites. But overwrite as well as deletion might be possible when using an install script that is automatically run while installation. As far as I know the action of such a script don't get supervised by dpkg. But I may be wrong. At least it isn't the "clean" way.

I guess maemo.org Extras won't host it, but it could be hosted elsewhere.
My aim is to find the most user-friendly way for people to avoid this.Hosting would not be that problem I guess. There are some alternative repositories already, so one might find a suitable one. But the problem will be to serve the package to the user before the cherry-action starts. It has to be somewhen between the update (or flash) and the first connect to GSM.

I've tried wget from a couple of different normal Linux desktops (not SDK), and I get a 403 forbidden. I don't know why wget from the N900 works. Strange, isn't it?


This is just a wild, stab in the dark guess (I haven't checked). Are there client side certificates in use?

I guess there are many more points they can chack out. Probably they are just comparing the ip adress of the client with a set of known mobile networks. In that case one should be able to get it with a laptop connected via the n900. Can anyone try that? Or try to get that file when connected via WLAN? I can test neither of them.
It's not really important but now I'm curious ... :rolleyes:


When I could wget it via the N900 this was via Wi-Fi behind a NATting router, so the exact same external IP as my Ubuntu desktop machine that couldn't wget the file, so it won't be an IP check for sure.

a link like
https://qa9recEP:Pat2UGuP@downloads.maemo.nokia.com/
is already unique, b/c nokia generates it individually for each device. it allows nokia to track your upgrades/installations frome their repository already -- meaning, there's no need for an sms to check if people upgrade to pr1.2 (and i don't think My Nokia was created for only that purpose).

since all inet access on the n900 is done through the system, there's no reason, why nokia should not hook in somewhere between your request and the network interfaces, doing some black magic with your request (would be interesting to see, what a network sniffer makes of the url).

after all
- nokia individualizes apt-lines to track your activity in their repository (since you can access those repos via web interface after accepting the tos, "password protection" is no explantion and unneccesary) [edit: username and password seem to be the very same for all devices, not individual. see below.]
- nokia sends sms w/o informing you what information is send, very often w/o even asking you and subscribes you to a service you have no information of
- the eula or terms of service are invalid since they need to be available _before_ you are installing something (that's why the ms windows eula is invalid, at least in germany, since it only pops up while installing, "unexpectedly" as the law calls it), they need to be easily read (not a small window with much scrolling), they need to be there at once, no "check this link for full version" allowed

a link like
https://qa9recEP:Pat2UGuP@downloads.maemo.nokia.com/
is already unique, b/c nokia generates it individually for each device.

Actually, I'm pretty sure all N900s use the same username and password. See thread http://talk.maemo.org/showthread.php?t=49021

Actually, I'm pretty sure all N900s use the same username and password. See thread http://talk.maemo.org/showthread.php?t=49021

interesting.
i was infering from the procedure when configuring sbox, where the apt-line apparently was generated with a unique key in it.

and more interesting: why a username/password at all? if we all share the same, how sensible is it to have username/password protection?

interesting.
i was infering from the procedure when configuring sbox, where the apt-line apparently was generated with a unique key in it.

and more interesting: why a username/password at all? if we all share the same, how sensible is it to have username/password protection?

Could be per device, to track future devices. Could be to separate test devices from the real ones by changing the user/pass without using a different link that might actually work.

Besides, as each user has a separate access to repositories from Nokia (as per purchasing), activity is already tracked. My Stuff in the store knows what I installed.

But no number.

Besides, as each user has a separate access to repositories from Nokia (as per purchasing), activity is already tracked. My Stuff in the store knows what I installed.

But no number.

store and normal repositories are different.
at the store i am sure, they log my purchases (that's why i don't even dream of using the store), and i guess they somehow point that logging out to you.

being tracked when doing normal operation like updating or installing software through the repos is a) not made clear somewhere (some tos safely tucked away in the bowls of the os are not binding) and b) imo illegal at least in the eu.

When you flash to 1.2 with the flasher you dont get a warning. you just receive the sms. so it indeed is a privacy breach. and it indeed sends an sms with your number right to them.

I dont like it and i think if you sue nokia they are gonna loose this fight too! ou cant just send an sms from host without asking it first! thats ridiculous!

being tracked when doing normal operation like updating or installing software through the repos is a) not made clear somewhere (some tos safely tucked away in the bowls of the os are not binding) and b) imo illegal at least in the eu.

So what? Let them store track me. I created an account with bogus user and pass, and a disposable address, like I always do. Then I told them I have an N900 and that was it. They keep bugging me to confirm my e-mail and insert my phone number, I did none of those, nor do I intend to.

Note the legal agility of the Nokian lawyer: The site pops up an error in red your number is bogus/missing/etc, but it DOES save your settings ans lets you use it. Just because you assumed errors are non-continuable doesn't mean they do illegal things. You typed you number/mail/whatever there. You type it, you lose it.

When they require phone number to download, I'll be in the front of the revolution, while using a disposable SIM. I have a few lying around. And if they keep sending messages without asking so they get my real number, I'll find a way to bone them.

We can all meet somewhere and we rotate sims with each other. That way, all IMEIs will be associated with all SIM numbers. Flood them with garbage. I'll use every SIM I can get my hands on so they have 20 numbers from me.

This isn't the first time a company refused to delete my data. To this day, I'm only one event away from a perfect record.

I wonder how much garbage can be generated once I know what is being sent.

I haven't upgraded to PR1.2 yet, and I won't be until I can be assured it will not be telling Nokia my phone number (and what else is in the message -- anyone deciphered it yet?).

But the problem will be to serve the package to the user before the cherry-action starts. It has to be somewhen between the update (or flash) and the first connect to GSM.

So, a package which installs an early running startup script which creates the /home/user/.cherry_state file at boot time if it doesn't exist, and which can be installed before installing PR1.2, should be a fix?

Of course, that only works for OTA upgrades. For reflashes is it good enough to create the cherry_state file before inserting the SIM card or does it have to be before the first boot?

So, a package which installs an early running startup script which creates the /home/user/.cherry_state file at boot time if it doesn't exist, and which can be installed before installing PR1.2, should be a fix?

Has anyone checked whether the installation scripts in the PR1.2 packages (I'm talking OTA here) remove the .cherry_state file if it exists?

Sounds to me like something it "should" do if they're serious about capturing info from everyone.

Has anyone checked whether the installation scripts in the PR1.2 packages (I'm talking OTA here) remove the .cherry_state file if it exists?

Sounds to me like something it "should" do if they're serious about capturing info from everyone.

I don't know about the rest of PR1.2, but there are no preinst or postinst (or prerm, postrm) scripts in the cherry package itself, which is where I would expect to see them.

By doing it automatically, Nokia are also signing up people to MyNokia that are not legally permitted to be signed up to the service...

From the MyNokia FAQ:
****
Question 7: Can I join My Nokia if I am under 13?

Answer: You need to be of a certain age limit (which differs from country to country) to register for "My Nokia". The following are the age limits for the respective countries:

* Australia - 13 years old
****

There's no age check on the automatic sign-up.

From the MyNokia Terms of Service:
****
Eligibility for the Service(s) No person under the age of 18 or who otherwise is a minor under his/her local legislation (even if 18 or older) is eligible to use and/or register as a User of the Service(s). In the event that you are of the age of 18 but still a minor in your country, you will need to obtain consent from your parent(s) or other legal guardian(s) for using and/or registering as a User of the Service(s).
****

There are no checks at all to verify whether it is actually "legal" for the owner of the N900 to be signed up to their service.

I got the N900 on the weekend, applied the update before installing any other software, and immediately received an SMS back from Nokia. Until I saw this thread, I didn't realise that they'd SENT an SMS from MY phone at MY cost to automatically sign me up for the MyNokia service. I was never presented with a prompt, notification or option for whether I wanted this additional "free" service.

I've since confirmed that I have been billed for the SMS that was auto-sent to Nokia, and I'm not at all happy about it - more about the principle than actual cost. If they send one SMS from MY phone at MY cost, how many others will they send? A new one with each update? A "touch bases" one each month? How will I know when the SMS is not listed? How can I trust that I won't get a phone bill one month with tons of SMS's sent from my phone that I didn't authorize or send myself?

Given a choice, I may well have signed up to MyNokia via their website (at no cost to me) after reading terms/etc and deciding whether I wanted to be notified of updates via SMS (the package manager can notify me - I don't really need SMS notifications!). I would never have sent them an SMS to subscribe. I have never previously subscribed to anything by SMS, and will never willingly subscribe to anything via SMS.

The decision made by Nokia to auto-subscribe N900 owners via a user-paid SMS stinks. It's a clear violation of privacy, a denial of consumer rights (being silently auto-subscribed at a cost to the user to an optional service while providing NO ability to refuse the subscription before the user is charged), and for some of the users being subscribed it's downright illegal to have subscribed them at all - even according to Nokia's own EULA.

I joined MyNokia 1,5 year ago (with N95) and they send me crap on regular basis.
More, I have no idea how to "unjoin".

I dumped that email in my spam and have not got it since, also did not find anywhere where it resembles something like "Unsubscribe".

hey what sms? i never had any such incident having the latest PR1.2 middle east !! MY Nokia right i dont seem to have the icon too :D

hey what sms? i never had any such incident having the latest PR1.2 middle east !! MY Nokia right i dont seem to have the icon too :D
Probably Nokia doesn't have that "service" activated on your location...
You're lucky!

I got my first text off them today, from this so called service I was conned into.

It was great, it says "New software is available for my N900."

Given my "Ovi store game" gave me the same fun when I received their My Nokia email telling me all the great things added to the Ovi store. (Which incidentally was Anno for symbian.)

I rushed over to the website. www.nokia.co.uk/softwareupdate. To see what I get for them stealing details I didn't want to give.

The 'software update' is PR1.2. So they told me using a service that was installed with 1.2 that 1.2 existed.

Talk about typical Nokia.

BTW, My Ovi store game is to go to the ovi store via a web browser, look at all the great apps and THEN apply the phone to be N900, filtering the items. You can with count just how long it takes to remove absolutely all the decent apps. Or you can have guesses with yourself or a friend at how many icons will disappear, 98%, 99% All of them? It's great fun.
/sarcasm.

I've been thinking for a couple of days that we should create a wiki page about this issue, but I haven't got around to doing so myself. I think it should cover the background to the issue and how to avoid it before updating to PR1.2.

Are any phones sold yet which are already on PR1.2?

I dumped that email in my spam and have not got it since, also did not find anywhere where it resembles something like "Unsubscribe".

These instructions are based upon my location being within the United States and my language being English; however, I'm hopeful that the instructions transfer easily to My Nokia web sites for other locations and languages.

Starting out:
Go to Nokia.com (http://www.nokia.com/)
Follow through to the Nokia website for your region as necessary.
Tap the "My Nokia" tab near the top right of the page.
Log in to My Nokia if necessary.


To enable or disable email or SMS updates:
Tap the "Edit my details" link.
Check or uncheck "By e-mail" and "By mobile messaging" according to your preferences. The site will allow you to uncheck both options.
Tap the "Submit" button near the bottom of the page.


To close your My Nokia account:
Tap the "Edit my account" link.
Tap the "Remove backup data or cancel your My Nokia account" link.
Select a reason for unsubscribing. "Not satisfied with My Nokia" appears to be a good choice, though "Not satisfied with Nokia" or "Deceased" might also be tempting options.
Tap the "Unsubscribe" button.

Hi ,

If you have an Ovi account and use it to install apps on your Nokia phone, it already has your number.

Hope that helps.

I have started a wiki page on this issue called PR1.2 compulsory My Nokia subscription (http://wiki.maemo.org/PR1.2_compulsory_My_Nokia_subscription). Please can people check and update that page as necessary.

In particular, I am interested in improving the bottom section, "How to avoid the compulsory registration while upgrading to PR1.2". For people who flash both rootfs and emmc, what is the best way to avoid this problem, as they cannot create the .cherry_state file before /usr/bin/cherry is run? Is it sufficient to boot with no SIM, create the file (or it may be created automatically by /usr/bin/cherry), then reboot with a SIM?

They seem to be base64 encoded. I will report back soon with my findings.

Fancy sharing the message; many eyes can decode faster :-)

Cheers,

Andrew

Fancy sharing the message; many eyes can decode faster :-)

I considered that. However, there might be deeply personal information hidden in there. :o

If it is Base64 encoded, it's binary data. :(

I can, however, advise on how to edit the binary so that people can send messages to themselves. I will report back soon.

Given size of message, I'm guessing not more above IMEI and Phone no could be jammed in there, maybe few prefs. Definitely no logs or any media. So I'm thinking maybe PM a few trustworthy people who do good work, I'm sure you have little to worry about.

I'm thinking having a single data sample to compare notes could help - having separate data sets could slow down development. OTOH, could help by determining fixed bits.

Given size of message, ...

You never know, Nokia could've found a way to get a GPS fix quickly; compress all your contacts; build up your applications list; take a photo with both cameras; include your IMEI; local wifi info and phone number and compress that into 160 characters :-)

Seriously, though, it is probably sensible to not flash around the message too much. Reproduction instructions to save duplicated work would be handy.

You never know, Nokia could've found a way to get a GPS fix quickly; compress all your contacts; build up your applications list; take a photo with both cameras; include your IMEI; local wifi info and phone number and compress that into 160 characters :-)

Seriously, though, it is probably sensible to not flash around the message too much. Reproduction instructions to save duplicated work would be handy.

I know it's meant to be funny, but really, none of that info is really closed or private, save for the phone number. Camera was closed on the other end, and the front cam is pointing up, as it takes 30 minutes to run(*). Apps are public. I send my GPS position every lock because I use Nokia's positioning and searches. There's the talk of contacts being private, but really, while some are, most people sync with PC, Google, Yahoo and OVI and whatnot. What bad could come of IMEI, really, one could know where the phone was made and when. Which is roughly squat. And I don't even know my wifi settings, they were automatically generated by randomness itself and copied over via PIN smart logon.

It's shocking, how much info is public on a phone. I guess that's what hurts, number was our last island. Anyway, if someone has a spare SIM they don't use any more that SMS could be made public, I guess? I'll start digging around.

* ETA: I just realized, Nokia could build a database of ceiling models for its database, for when they re-profile from the phone business it flops to a ceiling company. Shrewd.

I know it's meant to be funny, but really, none of that info is really closed or private, save for the phone number.

I disagree. Strongly. YOU may CHOOSE to share the information you mentioned (maybe in order to get some useful services). I don't. And even when I DO choose to share, I choose who with, I read their privacy policies and I take note of their past behaviours.

So, for example, I do use Google Latitude, sometimes (I only turn it on when I want it and I understand the risks). I do not use Google for mail, contacts, etc. Those are both conscious decisions -- someone else will make different choices. The fact that they make those choices does not mean that their data is now "public".

From the terms and conditions (thanks to Faheem for attaching them to the bug report) it sounds like they send IMSI. Now, why on earth would they do that? Will they be sending encryption triplets next?

* ETA: I just realized, Nokia could build a database of ceiling models for its database, for when they re-profile from the phone business it flops to a ceiling company. Shrewd.

Aha! I think you have worked it out!! They don't need any sort of privacy reputation to enter the building business! And they used to make car tyres and rubber boots so ceilings wouldn't be too much of a stretch.

I had a text today, AGAIN from Nokia, which they only had because of the 1.2 rootkit thingy. Asking me if I wanted to take part in a survey about how the N900 is.

I have yet to get the survery as I replied and are waiting the questions with interest. It DID however at least tell me that an SMS at local rate was what would be charged.

So in as many weeks that is 2 text messages (The other told me of the 1.2 release) from Nokia using a service I didn't sign up for or want.

Anyone else getting these things, or just me?

I will post what the survery is when it arrives. Probably won't arrive and it just cost me and sms to find out.

Anyone else getting these things, or just me?

I will post what the survery is when it arrives.

The survey is being discussed in the "Nokia N900 SMS text survey" thread (http://talk.maemo.org/showthread.php?t=56159).

libcherry is very helpful; it does a lot of printfs whenever it collects information. To see them, run "maemo-summoner /usr/bin/controlpanel.launch" and run My Nokia. (Non-relevant information is sent to syslog, AFAIK, through the g_warning macros etc. GLog's default handler in Fremantle outputs to syslog.)

Anyway, here's what I saw it collecting (phone-related), in order of printfs:

IMSI
MCC
IMEI (twice, actually: one showing it "normally" and the other with single quotes wrapped around it with a 0 prefixing the first digit of my IMEI)
MNC
MSIN (http://en.wikipedia.org/wiki/International_Mobile_Subscriber_Identity)
PublicID


Out of these, I think only the MSIN and PublicID is sent. Why? They're the only ones that are checksummed - if that's the information Nokia is after, the information Nokia wants to stay intact during transmission, checksumming it makes sense. Then again...

PublicID is the one that interests me as I couldn't find much information about it on the Internet except that it seems somewhat related to the IMEI, so I guess it's for identification.
Oh Nokia, when did you start taking lessons from the Google Book of Privacy?
"dbus-send --type=method_call --system --print-reply --dest=com.nokia.csd.Info /com/nokia/csd/info com.nokia.csd.Info.GetPublicId" will print it to the Terminal; however, I've attached a quick program (http://slexy.org/view/s206okUwBM) that'll print it in the manner in which libcherry does so.

I disagree. Strongly. YOU may CHOOSE to share the information you mentioned

Please read carefully.

I never said that, emphasizing words don't make it so :)

And they used to make car tyres and rubber boots so ceilings wouldn't be too much of a stretch.

Please read carefully, again. Nokia has always been in telecommunications in the meaningful part of its existence (I'm not referring to pre-1900).

Nokia was bought by Finnish Rubber Works, which did rubber. The conglomerate did both telecommunications and rubber. It's reasonable to assume they didn't mix employees.

Nokia doesn't make rubber any more than Ford is a bank.

[QUOTE=qwerty12]
Why would Nokia checksum a SMS, I thought those were integrity maintained throughout the network? I never saw a distorted SMS.

Anti-garbage? Maybe they read my post :P

there's this thread. there's a bug report about this. texrat mentioned it in his recent blog post. what is nokia's reaction? they're supposed to communicate. even "not that big of a deal" would be better than this "la-la, can't hear you!".

Don't understand this myself, it seems like such bad publicity, I'd expect some damage control. Not _all_ that surprised, it's their policy, after all.

It's like they're waiting on something. But what? See if we figure what they sent? Wait for it to die down? Wait to see the wave size? Is this the first time it happens?

Wait for it to die down?

this, probably. which is even more disappointing.

Someone could contact the officier in Finland who monitors these kind of registries of (illegal/nonethical) personal data.
http://www.tietosuoja.fi/26392.htm
I am pretty sure that office will be interessted and will reply and will adress Nokia about the issue.


I haven't upgraded my N900 to PR1.2 yet. Waiting those instructions how to avoid the automatic registration with private information, which I in principle, would not share if asked, or at least not when I do not exactly know what private information is send to the register.

I haven't upgraded my N900 to PR1.2 yet. Waiting those instructions how to avoid the automatic registration with private information, which I in principle, would not share if asked, or at least not when I do not exactly know what private information is send to the register.

I'm waiting too...
Hope those instrucctions come someday....
:confused:

Meanwhile... could anyone post a modified version of the cherry thing with no nokia phone numbers or not real phone numbers?
It should do the job, right?

Upon OTA upgrade I got the "terms", actually read all of it, didn't agree to it, looked for the "I do not agree" button and couldn't find it.... No way to revert to the earlier version, either.

Although it sent the secret SMS, I got back the following SMS from Nokia:

Nokia: Your sign-up failed.
See 'My Nokia' in Settings to try again. For more information, visit www.nokia.com/mynokia

Curiosities: As Nokia isn't in my contacts list, and receiving didn't add it, that message is only retreivable through the Conversations app, and no number is shown for it. Selecting the face icon and "call" leads to the phone app which then says "this contact's application does not support calls".

I'm waiting too...
Hope those instrucctions come someday....
:confused:

Meanwhile... could anyone post a modified version of the cherry thing with no nokia phone numbers or not real phone numbers?
It should do the job, right?

I hope some people can modify the wiki page I started at "PR1.2 compulsory My Nokia subscription (http://wiki.maemo.org/PR1.2_compulsory_My_Nokia_subscription)", especially the bottom "How to avoid the compulsory registration while upgrading to PR1.2" section. I can't do much more work on that myself at the moment, as I'm avoiding PR1.2 too!

I expect "touching" the .cherry_state file before upgrading should be sufficient, but it seems a little fragile as flashing eMMC or "Restore original settings" in the Settings app, and maybe other things, will cause that file to be deleted.

I expect you can delete /usr/bin/cherry and the Settings applet as root (after booting for the first time with no SIM) to be more sure of avoiding this, although they might reappear with a package update.

I hope some people can modify the wiki page I started at "PR1.2 compulsory My Nokia subscription (http://wiki.maemo.org/PR1.2_compulsory_My_Nokia_subscription)", especially the bottom "How to avoid the compulsory registration while upgrading to PR1.2" section. I can't do much more work on that myself at the moment, as I'm avoiding PR1.2 too!


I decided to test the workround. However, my device doesn't want to offer me the upgrade!? I have tried going into AppMgr and selecting "Update" but it isn't offering me the PR1.2 upgrade.

Does this mean Nokia have actually taken some action and taken the OTA upgrade down? It is still offered as a download for flashing (and they haven't changed the terms and conditions for accessing that page, which would have been an obvious thing to do).

Graham

Oh, FWIW, the CSD daemon will try like **** to send the message out.

I kept getting USSD messages every two seconds telling me my credit is down to £0.00 because I had no credit in the first place and CSD wants to get the message out. Deleted the one file in /var/spool/sms/outgoing and also deleted /var/spool/sms/regs_out.txt and it stopped.

So, if you do workaround it by using no SIM, make sure you check for those files before putting one back in.

Oh, FWIW, the CSD daemon will try like **** to send the message out.

I kept getting USSD messages every two seconds telling me my credit is down to £0.00 because I had no credit in the first place and CSD wants to get the message out. Deleted the one file in /var/spool/sms/outgoing and also deleted /var/spool/sms/regs_out.txt and it stopped.

So, if you do workaround it by using no SIM, make sure you check for those files before putting one back in.

Many thanks for that. Please add this to the wiki page if you can. What's CSD, by the way?

I decided to test the workround. However, my device doesn't want to offer me the upgrade!? I have tried going into AppMgr and selecting "Update" but it isn't offering me the PR1.2 upgrade.

Does this mean Nokia have actually taken some action and taken the OTA upgrade down? It is still offered as a download for flashing (and they haven't changed the terms and conditions for accessing that page, which would have been an obvious thing to do).

Graham

The OTA upgrade is still showing up for me, even if I have done "touch ~/.cherry_state".

Many thanks for that. Please add this to the wiki page if you can. What's CSD, by the way?

I guess it's the phone stack in a way, look at what it provides:

ii csd-base 0.3.16+0m5 Cellular Services Daemon
ii csd-call 0.8.3.5+0m5 CALL service plugin for cellular services da
ii csd-gprs 1.0.13+0m5 GPRS service plugin for cellular services da
ii csd-info 0.2.6+0m5 Phone info service plugin for cellular servi
ii csd-sat 0.4.0+0m5 Transitional package from CSD SAT plugin
ii csd-sms 0.6.23+0m5 SMS service plugin for cellular services dae
ii csd-ss 0.4.1+0m5 SS service plugin for cellular services daem


CSD is the daemon itself and the others are modules for it, found in /usr/lib/csd/modules. Most of them provide D-Bus services for control (Cherry uses the Phone.SMS service...).

How easy is it to customise the firmware image before flashing to remove the cherry package completely, so that it is never on the device? I realise that the device will then no longer receive OTA Maemo 5 updates but that's fine with me.

It is probably easier with OTA. The procedure that should work (non tested):

Download mp-fremantle-generic-pr package (e.g. with command apt-get install -d mp-fremantle-generic-pr ).

Unpak it (with ar command), and unpack the file control.tar.gz.

This file includes a text file called control, which includes a list of dependencies. Edit this file, removing cherry.

Repack control.tar.gz and replace it in the deb file (again, with ar command).

Create your own repository, and put this modified package in it.

Add your repository to apt sources.list, and run apt-cache policy mp-fremantle-generic-pr to make sure it will be installed from your repository, and not from Nokia's.

Then, apt-get dist-upgrade should update your system OTA, without cherry package.

If you want to create an installable fiasco image, download the firmware image, and use the flasher-3.5 tool to unpack the fiasco image. The largest file is the root ubifs image. See instructions here for mounting it: http://osl.sed.hu/wiki/ubifs/index.php/Download_the_source . After mounting it, you can change it, unmount, and repack the fiasco image.

Upon OTA upgrade I got the "terms", actually read all of it, didn't agree to it, looked for the "I do not agree" button and couldn't find it.... No way to revert to the earlier version, either.

Apparently clicking outside the window cancels.

Curiosities: As Nokia isn't in my contacts list, and receiving didn't add it, that message is only retreivable through the Conversations app, and no number is shown for it. Selecting the face icon and "call" leads to the phone app which then says "this contact's application does not support calls".

Number-based SMS is for mortals. SMS have a CHAR header that allows anything to be sent as a source. For inter-mortal communications, they are sent as phone numbers, but providers can replace that with characters, to verify the sender.

A SMS sent with a character signature (say, "Vodafone") can only come from either Vodafone or some other provider that has been linked into the network.

I remember back in the old days there were open, free pages from providers that allowed one to send SMSs with whatever signature you wanted, making for a fun time. They also allowed for special "flash" messages to be sent from their gateway, which are the messages like credit reports that are only "flashed" to the user and never got saved unless you selected "save". Flash messages also have special payloads, like settings from providers, as well as special notifications: you have voice mail, you have mail, etc (those icons that lit up on your screen).

1999 was a lot more fun.

That's it! got today my bill just as i expected. Didnt help even after flashing . What i found out that its a cover up number from Vodaphone no matter who's sending sms text message behind it.

Apparently clicking outside the window cancels.

Although people have suggested to try that, I don't think it actually works, as it's a full-screen window, not a dialogue box.

That's it! got today my bill just as i expected. Didnt help even after flashing . What i found out that its a cover up number from Vodaphone no matter who's sending sms text message behind it.

How do you mean "A cover up number from Vodafone"?

I've been following this for some time, but I can honestly say I'm certain I didn't get an SMS sent when I flashed my handset to PR1.2.

There's a hell of a stink kicked up about Vodafone withholding firmware updates for some obscure reason. Peeps on Vodafone handsets are still only on pre V1.1.1 of the firmware, unless they flash to PR1.2 themselves.

If this SMS is something that was instigated by Vodafone, then I would like to throw it into the equation on the Vodafone forum, ask them what the hell is it.

Although people have suggested to try that, I don't think it actually works, as it's a full-screen window, not a dialogue box.

I don't know for sure, as I'm not cancelling anything during flash. I'd click ok on a box that says "You're an idiot".

It really doesn't matter, if this was ok because there WAS a cancel but not obvious and easily accesible, a dangerous precedent will be set.

Did anybody succeed in uninstalling the "cherry" package completely, such as by "apt-get purge cherry"?
I am a bit hesitant to do that as once I execute the command, apt-get tells me that many packages will no longer be required, including some libqt4 packages and even mplayer...

As well as many, who expressed their concern with this package, which was mysteriously included by Nokia, I am also a bit frustrated, to say the least. Just imagining the scamming possibilities of this package makes me shudder... There are way too many scams, like "send SMS to this number to win the prize", which empty people's accounts in a matter of seconds. And here we go - an automatic SMS sending machine...
I really hope that these Urho Konttori and Alban Crequy do understand the consequences of such mindless coding...

I kept getting USSD messages every two seconds telling me my credit is down to £0.00 because I had no credit in the first place and CSD wants to get the message out. Deleted the one file in /var/spool/sms/outgoing and also deleted /var/spool/sms/regs_out.txt and it stopped.


Did you do this with a SIM inserted but with no credit? I wonder what would have happened with no SIM at all inserted? In that case it could not find the MNC and other information so I wonder if the process would have been deferred?

If so, it seems like a workround for reflash would be to boot with no SIM card, create .cherry_state and then reboot with the SIM.

I have created a package called "notmynokia" which is in extras-devel. If you install this, it tries to protect you from the forced MyNokia registration.

You should install the package before upgrading to PR1.2. It seems to work for OTA upgrades. I have not yet tested it for re-flash but I believe it may work, as long as the eMMC is not re-flashed (unless the process removes the /home/user/.cherry_state file). Test reports are welcome!

I have attached the README file if anyone wants more information about what it is doing.

Graham

I have created a package called "notmynokia" which is in extras-devel. If you install this, it tries to protect you from the forced MyNokia registration.

You should install the package before upgrading to PR1.2. It seems to work for OTA upgrades. I have not yet tested it for re-flash but I believe it may work, as long as the eMMC is not re-flashed (unless the process removes the /home/user/.cherry_state file). Test reports are welcome!

I have attached the README file if anyone wants more information about what it is doing.

Graham

Many thanks for making this, Graham.

Regarding the ".USER_DOES_NOT_WANT_MYNOKIA" file, can you make it ".user_does_not_want_mynokia" instead? The "shouting" of upper case is a little distracting when doing an ls -a.

It would be good if your readme could reference the http://wiki.maemo.org/PR1.2_compulsory_My_Nokia_subscription page, and in fact some of your readme text would sit well on that page if you wanted to edit the wiki.

Do you have any ideas as to whether it is possible to programmatically clear out offending pending SMSes from /var/spool/sms/outgoing and /var/spool/sms/regs_out.txt, for the situation where people boot with a flashed eMMC and no SIM, or even, if you can get in early enough, if they boot with a SIM? I guess you would need to be careful to only target My Nokia SMSes.

Regarding the ".USER_DOES_NOT_WANT_MYNOKIA" file, can you make it ".user_does_not_want_mynokia" instead? The "shouting" of upper case is a little distracting when doing an ls -a.

Oh, all right :-) I was a bit annoyed with Nokia when I was creating it! There is a new version of the package (1.0-1) in extras-devel. Upgrading will remove the old file and install the new one.

Do you have any ideas as to whether it is possible to programmatically clear out offending pending SMSes from /var/spool/sms/outgoing and /var/spool/sms/regs_out.txt, for the situation where people boot with a flashed eMMC and no SIM, or even, if you can get in early enough, if they boot with a SIM? I guess you would need to be careful to only target My Nokia SMSes.

That is the problem. I haven't looked at this yet, but if we could find a reliable way to identify the MyNokia SMS I would be happy to add something to notmynokia to remove it.

Thanks. Oh and something else - have you considered trying to remove the My Nokia Settings applet too?

I did consider that but I don't think I can justify that. I don't object to Nokia installing an app which allows me to register if I want to. I am not even against the My Nokia service -- it is the illegal holding to ransom of my device that I object to.

Also, some people may install this package who are already registered somehow and who need to be able to deregister.

Also, some people may install this package who are already registered somehow and who need to be able to deregister.

Good point.

Presumably if I wanted to hide the applet I could just delete the /usr/share/applications/hildon-control-panel/cpcherry.desktop file? Or would I need to delete /usr/lib/hildon-control-panel/libcpcherry.so too?

Presumably if I wanted to hide the applet I could just delete the /usr/share/applications/hildon-control-panel/cpcherry.desktop file? Or would I need to delete /usr/lib/hildon-control-panel/libcpcherry.so too?

Just the desktop file'd be enough.

If you're paranoid, however, delete the so file too as it can be ran outside of Control Panel through osso_cp_plugin_execute().

Nokia have responded to the Community Council on this:

http://maemo.org/community/council/nokia_response_to_mynokia_subscription_in_pr1-2/

...and the post gets auto-posted here: http://talk.maemo.org/showthread.php?t=57214

Nokia have responded to the Community Council on this:

http://maemo.org/community/council/nokia_response_to_mynokia_subscription_in_pr1-2/

...and the post gets auto-posted here: http://talk.maemo.org/showthread.php?t=57214

incredible. it's very much in line with quim's initial comment on the bug report though. they've lost touch with us.

Many thanks to the Community Council for pushing this issue.

I'm very disappointed in Nokia's response. I'm not sure why they spend a paragraph saying that the N900 is a mobile computer as that seems completely irrelevant. None of my other computers need to send an SMS or indeed any message over the Internet before I can use them.

In the second para they say the user may like to get support texts. Well, this user respects his privacy and does not wish to receive such texts. From what I've heard, the texts are pretty useless anyway. For me, unsubscribing later is not good enough. I don't want to ever subscribe in the first place.

They have also not responded to the issue of whether a user is under age.

Just checked my recent bill with WindMobile (Canada). As much as I hoped that my phone did not have a problem with this notorious SMS, it was there... - two SMS messages sent to 491771787772 number, with the total cost of $0.30.

As many of you, I did not subscribe or legally obliged to subscribe for any hidden services. The latest reply from Nokia suggests that automatic (and often costly) message sending was not a mere bug but rather an intentional coding. Nokia, therefore did officially take full responsibility for such reckless and perhaps illegal action.
Although the community can find their own methods to prevent this messages to be sent, such as by notmynokia (http://maemo.org/packages/view/notmynokia/) scripts by Graham Cobb's (http://maemo.org/profile/view/gcobb/), it is still responsibility of Nokia to

1) Apologize
2) Reimburse
3) Quickly provide an official patch / remove the culprit "cherry" code

As I do not have any desire to pay for such messages in the future, and it does not seem that Nokia's managers realize all damaging consequences of their actions, for the moment I am planning to notify the Best Business Bureau of this case, also referencing this forum. I suggest that all other N900 users in North America do the same. The more complaints BBB will receive, the more pressure will be on Nokia, the sooner they realize that the class action lawsuit may not be that far.

I have also reflashed my device four times after PR1.2 and every time I'm being charged for those SMS -messages. Kind of sucks. When I have time and motivation I will write a letter to Nokia and demand them to give back my money spent on those SMSs.

Edit: and also demand them to provide me device that won't charge me anything unless I want to.

Not sure if this has been asked before but I'm wondering who's getting the cash generated by the premium number SMSes - puny though this may be, if you multiply it by the number of devices out there plus a few unfortunate "unable to unsubscribe" attempts, this might add up to something...

Not sure if this has been asked before but I'm wondering who's getting the cash generated by the premium number SMSes - puny though this may be, if you multiply it by the number of devices out there plus a few unfortunate "unable to unsubscribe" attempts, this might add up to something...

yes, something for operators that is...

yes, something for operators that is...

Quite often, there is some sort of revenue sharing with the owner of the target premium number. Wouldn't this be the case here?

Quite often, there is some sort of revenue sharing with the owner of the target premium number. Wouldn't this be the case here?

the operators take lions share of all those. I'd guess that nokia gets nothing but it doesn't have to pay anything either.

or how large are the charges? haven't got any so I have no clue... but if we are talking sums below one euro there is nothing to be shared with nokia because operators take their cut first...

Just a thought... if it's possible to have an application that suppresses the text message: Would it be possible to write an application that will only change the list of phone numbers used?

You know... I don't mind Nokia knowing whenever I need to re-flash PR 1.2; but maybe I want to choose who at Nokia gets the notification?

These statements from Nokia about how the device is more of a computer than a phone as an excuse for why it should register by SMS, also seems like an irrelevant answer to a question that was never asked. The fundamental question is still: Why are you doing that?

I'm increasingly glad I never bought an N900. :(

If it's more of a computer than a phone, then it could use tcp/ip and email or rss instead of sms ...

Would it be possible to write an application that will only change the list of phone numbers used?

I want one that modifies the SMS and changes MY phone number. They can have the rest.

Does anyone know if N900's bought after the release of PR1.2 is shipped with 1.2, and in that case, should I have to take precautions before even switching it on for the first time?
:confused:

Does anyone know if N900's bought after the release of PR1.2 is shipped with 1.2

That's a very good question, and it concerns me too (for future buyers).

and in that case, should I have to take precautions before even switching it on for the first time?
:confused:

You should make sure no SIM is inserted, boot it without the SIM, then check the last paragraph in http://wiki.maemo.org/PR1.2_compulsory_My_Nokia_subscription#Manual_meth od to clear out the pending SMS.

This won't help if your carrier or shop you buy the N900 from "helpfully" inserts the SIM for you and boots it before giving it to you, and of course doesn't help new purchasers who haven't read about this problem before buying.

You should make sure no SIM is inserted, boot it without the SIM, then check the last paragraph in http://wiki.maemo.org/PR1.2_compulsory_My_Nokia_subscription#Manual_meth od to clear out the pending SMS.


Does anyone know how to decipher /var/spool/sms/regs_out.txt ?

This won't help if your carrier or shop you buy the N900 from "helpfully" inserts the SIM for you and boots it before giving it to you, and of course doesn't help new purchasers who haven't read about this problem before buying.

Thanx!
I'm buying it without any carrier so no one should have inserted anything.
:)

Congratulations, you've made the news: http://www.theregister.co.uk/2010/07/01/nokia_n900_update/

"Nokia snaffles user data on the down-low

Both N900 owners in uproar"

Congratulations, you've made the news: http://www.theregister.co.uk/2010/07/01/nokia_n900_update/

"Nokia snaffles user data on the down-low

Both N900 owners in uproar"

The writer definitely overestimated the number of users here with multiple accounts...

brb, relogging in as gerbick...