In the defense of my good friend Thuo;

1. The kind of entities that would (allegedly so far) compel Safaricom (SC) to mine your data has access to all the below mentioned. 

1. National ID card details
2. High school results slip, and university transcripts 
3. Payslip
4. Bank statement 
5. Health status, and medical records 
6. Name of past and current girl friends, wife, and kids (Unless you have never texted or called them)
7. The name of your kids, age, where they go to school, and class

2. I think we also need to give some benefit of doubt that SC is simply running an optimizer that could essentially be doing some transparent caching. Whenever the actual truth will be confirmed, I will perhaps join the protest by making some serious noises with my keyboard.

3. We could also blowing this out of proportion. How much sensitive data do we transmit over the basic HTTP protocol nowadays? And if you are telling me that KE has NSA and GCHQ grade HTTPS popping capabilities, then first of all I am impressed.. 

The issue for me would be more towards the protection of this data by requiring court orders (even if in secret but recorded requests eg. between AG -> CJ) for a particular person's data to be accessed from the archives or in real-time. 

For my part, a concern that I have had with SC has to do with the permissions they request for on their Apps. I could be very wrong here, but I believe that these Apps only need Internet access so that they can pull your data from SC servers. These permissions could potentially grant a malicious attacker access to a lot of information if SC's systems were to be compromised.

I request Steve to clarify these in detail so that I may be able to have the peace of mind of installing and using their very useful (really) features, and remove my bad rating for mledger :)

Below are the current permission requests.

mLedger:-

Version 5.0 can access:
Identity
  • find accounts on the device
Contacts
  • find accounts on the device
  • read your contacts
SMS
  • read your text messages (SMS or MMS)
  • edit your text messages (SMS or MMS)
Phone
  • directly call phone numbers
  • read phone status and identity
Photos/Media/Files
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
Storage
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
Device ID & call information
  • read phone status and identity
Other
  • view network connections
  • create accounts and set passwords
  • full network access
  • run at startup
  • control vibration
  • prevent device from sleeping
  • set an alarm
  • install shortcuts
  • uninstall shortcuts
Inline images 2
MySafaricom:-

Version 1.1.1.0 can access:
Device & app history
  • retrieve running apps
Contacts
  • read your contacts
Location
  • approximate location (network-based)
  • precise location (GPS and network-based)
SMS
  • read your text messages (SMS or MMS)
  • receive text messages (SMS)
Phone
  • read call log
  • read phone status and identity
Photos/Media/Files
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
Storage
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
Wi-Fi connection information
  • view Wi-Fi connections
Device ID & call information
  • read phone status and identity
Other
  • receive data from Internet
  • view network connections
  • full network access
  • run at startup
  • control vibration
  • prevent device from sleeping
  • install shortcuts
  • read Google service configuration
​Kevin

On 23 March 2017 at 21:01, Mwendwa Kivuva via skunkworks <skunkworks@lists.my.co.ke> wrote:

At the expense of digressing such an important thread, I will ask Thuo, who claims to not have anything to hide to share the following information on this list
1. National ID card details
2. High school results slip, and university transcripts
3. Payslip
4. Bank statement
5. Health status, and medical records
6. Name of past and current girl friends, wife, and kids
7. The name of your kids, age, where they go to school, and class
8. Listers can add more mundane data here

The point is, the mundane information about us belongs only to us, and those we have entrusted the information. In the wrong hands, this information may be potent

On Mar 23, 2017 2:56 PM, "Thuo Wilson via skunkworks" <skunkworks@lists.my.co.ke> wrote:

On 23 March 2017 at 09:52, Odhiambo Washington via skunkworks <skunkworks@lists.my.co.ke> wrote:
In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.

​i always wonder, what do people hide? Safcom and telcos of the world can sniff on my data all they want [so long as they dont tamper with my bank account]- if you have nothing to hide what's fear for?​


Kind Regards,
Wilson./

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke