Tuesday, November 17, 2015

Techy Tuesday - Yet Another Smartphone Privacy Threat

Ars Technica reports on a new smartphone privacy threat that bares thinking about: it uses inaudible, ultrasonic sounds to surreptitiously track a person's online behavior across a range of devices, including phones, TVs, tablets, and computers.  These sounds, above the range of human hearing, are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser.  While you can't hear the sound, nearby tablets and smartphones can detect it.  When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product.  Of course, they also know the location of all those appliances, too.  The Center for Democracy and Technology (CDT) raised the privacy concerns with the Federal Trade Commission (pdf warning) for a meeting yesterday (Monday, the 16th). 
Often, people use as many as five connected devices throughout a given day—a phone, computer, tablet, wearable health device, and an RFID-enabled access fob. Until now, there hasn't been an easy way to track activity on one and tie it to another.

"As a person goes about her business, her activity on each device generates different data streams about her preferences and behavior that are siloed in these devices and services that mediate them," CDT officials wrote. "Cross-device tracking allows marketers to combine these streams by linking them to the same individual, enhancing the granularity of what they know about that person."
It turns out this not only isn't forbidden or illegal in any way, although it seems awfully virus-like to me, one of the companies that writes and sells the software that manages this, SilverPush, reported news that it received $1.25 million in venture capital.  Apparently tracking "everything you think, do, or say" is a growth industry.  The Indian news source in that link says:
At present, SilverPush is growing at a rate of 50 per cent quarter on quarter. In the last fiscal year, the startup had earned a revenue of USD 1.25 million. And for 2015-16, it is expected to touch USD five million.
The CDT reports "As of April of 2015, SilverPush’s software is used by 67 apps and the company monitors 18 million smartphones."  SilverPush is aware that some of us will find their approach ... unappealing. 
I pointed out that this could be pretty creepy, since it sounds like there’s an app listening in the background on your phone or tablet. Chawla acknowledged that there’s a risk of negative public perception, but he said that SilverPush isn’t receiving any actual audio data — once a match has been made, the only thing that gets sent back to the company is the identification code linking the devices. Chawla also said he’s working with the Mobile Marketing Association to develop guidelines around using this technology in a way that respects users’ privacy.
I don't know about you, but I don't find the fact that "the only thing that gets sent back to the company is the identification code linking the devices" particularly helps.  I don't like the idea of being watched, listened to or tracked at all, and I don't particularly like the idea of ads being shoved in my face all the time.  It reminds me of that scene in Minority Report where Tom Cruise's character is walking into a store and the ads are calling him by name - everything targeted at him.  That move is increasingly prophetic.  I don't see any mention of how to avoid it or turn it off, except possibly by putting something over the microphone so that phone can't hear the TV (or vice versa).  
(Jimmy Margulies)


  1. Yep, Pandora's box is open, the cat is out of the bag - however one wishes to frame it.
    Privacy, for all intents and purposes, is DEAD!


  2. Covering the microphone wont do any good. The entire structure/case of the phone IS the microphone. Vibrations and sound waves which hit the phone are processed whether it is in "mute" or not. Telling a device to "mute" is only changing the icon on the screen, you dont actually think it disconnects the hardware from the "dark OS" in the background???

    And what about passive Bluetooth tags that are scattered all over the place, so that when you walk by them the software in the background picks up the id/geo-tag and "calls home" your location, with and audio and video sample of what you're doing.

    If you didn't build the hardware, and you didn't write the software that runs on it, you cant trust it. Period.

    The Amish are on to something...

  3. The hardware and software is designed for others. That is YOU pay for it be it a phone or a computer but the software was written at the request of the business person to allow them to force you to see ads and to collect information about what you do. Then to, of course, the government has insisted that quietly the software and hardware of new technology have a back door that bypasses security and is transparent to the users. Recently a software developer of a successful ad bypass software had to apologize to business people and is now going to take his product off the market. Some sites that I go to have so many 'apps' going on in the background to force me to see an ad that the site takes 30 seconds to load and sometimes locks up or flashes the screen and must be terminated manually to get back control of the computer. Another trick are the video ads that run even without clicking on them. A new wrinkle for these videos is the screen automatically pages down to the ad and won't allow you to page up or down until the ad finishes. But it gets worse because after the ad finishes and you try to read what is on the site the video starts again.

  4. Open source. And make sure you can remove the battery from your cell phone.

    Yeah, they may be able to stick something into open source. Like those fools who took the NSA suggestions on how to do their encryption. But someone WILL find the corruption and announce it to the world. And then whoever put it in will NEVER be allowed admin access to open source ever again.

    And phones are simply not able to transmit for any reasonable length of time with the battery removed. Transmit requires more power than the manufacturers are able to credibly store in internal capacitors.


  5. Sounds like there might be a market for Faraday cage purses and wallets that would insulate your gear unless you were using it. I know with the new chipped cards I'm thinking about a foil lined card case for mine.

  6. Or brew yer own, Old Surfer:

  7. It's getting to the point where, If you are one of the few who find a way out, you end up really sticking out.

  8. You can buy Faraday "cages" (containers and carrying cases) for various devices. No need to make them.

  9. But making yer own, Malatrope, WORRIES them more. And it clearly ain't that hard.