The point isn't how many texts they're getting --- one would be too many. The point is "10 gigabytes per day of metrics" doesn't itself imply that they're getting message contents.
You are militantly missing my point. There is no evidence that they are seeing message contents. All we are going on in this thread is the supposition that because they're getting "10 gigabytes a day", it must be message contents.
They themselves use the phrase "raw data" to describe what they collect (as "metrics"). Metrics are not comprised of raw data, but of measurements, so unless they're being hinky with word choice, a plain reading of their own materials would suggest that they do indeed receive user content.
They've said repeatedly that they do not collect that data. This is a common attitude on HN threads: the idea that the only facts for us to discuss are the ones in the article itself or in other comments on the thread. There are more facts just a Google search away for you.
Their own words are not dispositive; I'm not suggesting that they are. But here you're trying to interpret their words in a way that contradicts their own direct statement. Your interpretation is possibly accurate, but implausible.
I read this and don't see how it clears anything up.
My best guess (I know just as little about CarrierIQ as everyone else on this thread) is that CarrierIQ is trying to collect very innocuous information (performance statistics and event information to correlate them to), but is doing a slapdash job of generating that information --- for instance, by logging raw details to the Android filesystem.
I wouldn't want it on my phone either, but that doesn't make them Big Brother --- or, obviously, a "rootkit".
This is an important point that I think some people are forgetting. I use Verizon. They already have access to all of my text messages. I send my text messages to Verizon, who then forwards them on to the person I'm talking to. Just as Google first gets my email.
It is unfortunately a point that the contradicts the thread narrative that casts a hapless, poorly-marketed analytics company as Big Brother incarnate, so nobody's going to pay attention to it.
They put backdoors on basically every phone in secret, threatened the guy who outed them with a lawsuit and are perfectly capable of snooping on everything, whether they do so or not.
What do you know about them that makes you trust them?
Nothing. There's just a likely innocent explanation for all three of those things:
1. CarrierIQ is a "secret" in the same sense as the network management software that Sprint uses that can also see all your SMS messages is a "secret": (a) nobody at Sprint thinks its relevant to you, and (b) nobody at Sprint thinks its any of your business. Which, if you take a breath, strictly speaking about the performance metrics they're collecting, it isn't your business.
2. CarrierIQ was dumb about threatening this guy like lots of other companies have been identically dumb. Companies have threatened to sue me. I remain cordial with the owners of some of those companies. Welcome to security research; we don't have jackets, but we sure get a lot of press.
Incidentally, put yourself in CarrierIQ's position and assume that this particular researcher is full of shit, meaning, no, CarrierIQ is not snooping on people's keystrokes. What would you do? There's a guy out there claiming that their performance agent is a "rootkit". They got pissed. Surprised?
3. Any piece of systems software the carrier agrees to stick on the phone is capable of snooping. Sprint itself could just backdoor their Android distro.
You, earlier:
"What percentage of all the SMS messages ... do you think 10 gigabytes is?"
Stop moving the goalposts and maybe we'll get somewhere.