Beware of ads that use inaudible sound to link phone, TV, tablet, and PC
November 17, 2015 10:48 AM   Subscribe

The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can't be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product. Dan Goodin reports for Ars Technica on cross-device tracking software already in use today.

"For example, a company could see that a user searched for sexually transmitted disease (STD) symptoms on her personal computer, looked up directions to a Planned Parenthood on her phone, visits a pharmacy, then returned to her apartment," the letter stated. "While previously the various components of this journey would be scattered among several services, cross-device tracking allows companies to infer that the user received treatment for an STD. The combination of information across devices not only creates serious privacy concerns, but also allows for companies to make incorrect and possibly harmful assumptions about individuals."
posted by hippybear (89 comments total) 48 users marked this as a favorite
 


Ugh.

So how does this work, exactly? At least in iOS, an app must request access to the microphone, and the user must approve it.

So it would seem that the user would have to (1) launch an app which "uses the SilverPush software development kit", (2) give it access to the microphone, and (3) leave it running while the audio-tagged commercial plays nearby.

What's the incentive for app makers to include this malware in their apps? Or am I totally misunderstanding?
posted by escape from the potato planet at 10:55 AM on November 17, 2015 [2 favorites]


Man I *hope* these brave job-creating capitalists have hardened their systems against bad signal:noise interference.

I mean, what kind of anarchist scum could buy an ultrasonic mic, ultrasonic noise generator, an arduino, sit around sampling the emission of these systems, do a bit of programming and algorithmically return said sample emissions......and randomly distribute these arduino-mic units them in common places? That would simply RUIN their business plan.

Good job they have buy-in from society and those conformist programmers and hackers!
posted by lalochezia at 10:55 AM on November 17, 2015 [24 favorites]


So it would seem that the user would have to (1) launch an app which "uses the SilverPush software development kit", (2) give it access to the microphone, and (3) leave it running while the audio-tagged commercial plays nearby.

Well, I dunno about your iOS device, but on my iPad, I can launch, say, Skype, and then be done using it and do a four-finger upswipe and "quit" the program, but then still be receiving notifications about new chat within Skype... So what does "quit" actually mean in that case? The only way I can truly get my iPad to fully log me out of Skype once I've launched it there is to reboot the device.

Also, you only have to hit "yes" to the microphone once, maybe by accident, and then the app has access until you go in and change it on the system level.

What's the incentive for app makers to include this malware in their apps? Or am I totally misunderstanding?

I'm guessing money is being exchanged on some level. The linked article states that 67 apps use it and that 18 million smartphones are being tracked by this method.
posted by hippybear at 11:01 AM on November 17, 2015 [2 favorites]


The Advertising Bubble
posted by gwint at 11:02 AM on November 17, 2015 [20 favorites]


2015 is the year that "My computer is whispering my secrets to my smartphone, no seriously, listen, there it is again" transitioned abruptly from ridiculously unbelievable to ridiculously predictable, with absolutely nothing in between.
posted by Phyltre at 11:04 AM on November 17, 2015 [84 favorites]


I have found many ways to fight back against ads, tracking coolies, etc., but in the long run this takes effort, slows computers, etc. and so I simply ignore and make sure not to buy anything unless I truly want the item...
posted by Postroad at 11:06 AM on November 17, 2015 [3 favorites]


ah man, TFA talks about the bios virus that spread via microphone and speaker. I'd wondered what happened with that bit of malware, and am sad that it was never found to exist.
posted by k5.user at 11:15 AM on November 17, 2015


Someone ought to look at the demo app and see if they can reverse-engineer it.

So much fun could be had.
posted by clvrmnky at 11:15 AM on November 17, 2015 [1 favorite]


All it takes is one app which you have granted audio permissions on. Also some apps like Shazam, Google Voice and Siri have the ability to record audio at any time while the app is in the background.
posted by humanfont at 11:18 AM on November 17, 2015


Maybe we should stop developing all this great tracking technology until we get the whole NSA thing in check.
posted by shenkerism at 11:18 AM on November 17, 2015 [2 favorites]


okay, who's going to tell Admiral Adama that the damn computers have figured out a new way to network themselves?
posted by You Can't Tip a Buick at 11:19 AM on November 17, 2015 [24 favorites]


The link at the bottom of the ArsTechnica story, to a story about a rootkit that can self-repair by communicating between infected machines using similar ultrasonic "whispering" (!!!!) is also something to behold. If this turns out to be an actual working attack vector, then your iPhone surreptitiously communicating with your laptop to report back to ad networks is going to be the least of your concerns. By all appearances, this is an actual thing that actual security researchers are concerned with, and it's a terrifying concept to contemplate.
posted by Mayor West at 11:20 AM on November 17, 2015 [9 favorites]


The modern ad industry is such a disgusting cesspool of opportunistic parasites. Absolutely nothing is too invasive, it seems, as long as it's profitable.

Someone ought to look at the demo app and see if they can reverse-engineer it.

Ultimately, it presumably just sends a beacon to some kind of API. That API probably expects a valid person ID from a tracking cookie, a valid commercial ID. So it shouldn't be too difficult to write a script that just collects tracking cookies and commercial IDs, and then floods the API with bogus beacons—effectively just stuffing the thing's maw full of garbage. Get that script running on enough devices, and...
posted by escape from the potato planet at 11:21 AM on November 17, 2015 [11 favorites]


I've been curious about the frequencies involved. I'd naively assumed the software and hardware was all designed to only work in human hearing range. Now there's a lot of people who can't hear anywhere near as high frequencies as the 20,000Hz, but I have to imagine they're worried about not annoying teenagers and dogs with their privacy violating tracking beacons.

Here's SilverPush's own product page. And here's a patent application for US20150215668 A1. That patent makes a reference specifically to 17-20 KHz in one of the subclaims, so maybe that's my answer for the frequency being used. Poor Fido.

As is the way of things, the patent is overreaching and claims to patent all ultra and infra sound applications. I imagine that October 2013 badBIOS article might be interesting prior art. I tried following up on badBIOS, btw, and have found nothing since that Oct 2013 article that indicates it actually exists. A lot of folks think all the technologies described are plausible, but it's not clear it was actually built.
posted by Nelson at 11:23 AM on November 17, 2015 [3 favorites]


Dear Kids:

Sorry about the panopticon ; the Internet seemed like a good idea at the time. Enjoy your surveillance state.

Sincerely,
Your Elders

PS: We're also sorry about the whole global-warming thing.
posted by entropicamericana at 11:23 AM on November 17, 2015 [53 favorites]


mmmm
posted by growabrain at 11:24 AM on November 17, 2015 [5 favorites]


Well, I dunno about your iOS device, but on my iPad, I can launch, say, Skype, and then be done using it and do a four-finger upswipe and "quit" the program, but then still be receiving notifications about new chat within Skype... So what does "quit" actually mean in that case? The only way I can truly get my iPad to fully log me out of Skype once I've launched it there is to reboot the device.

Notifications in iOS are independent of whether the app is actually running. "Signed in" in this case is a server-side thing, not a client-side. (ie, it's the Skype-cloud saying "hey, you have a chat update;" your local copy of Skype doesn't actually know this happened until you swipe on the notification to launch it and it gets updated.)
posted by Tomorrowful at 11:25 AM on November 17, 2015 [9 favorites]


Google and Facebook can already identify what TV shows you're watching without tracking signals, just based on audio fingerprint. Although I guess the novelty here is that one device could seem completely silent.

That said, it's hard for me to think of any way this is more privacy-violating than having any other random adware on your phone.
posted by miyabo at 11:27 AM on November 17, 2015 [2 favorites]


I meant to say: a valid person ID from a tracking cookie, and a valid commercial ID.
posted by escape from the potato planet at 11:27 AM on November 17, 2015


All it takes is one app which you have granted audio permissions on. Also some apps like Shazam, Google Voice and Siri have the ability to record audio at any time while the app is in the background.

With a giant pulsating red bar saying just exactly what they're doing.
posted by Talez at 11:28 AM on November 17, 2015 [4 favorites]


Ban computation.
posted by brennen at 11:28 AM on November 17, 2015 [5 favorites]


This is why I don't just air-gap my machines, I vacuum-gap them inside faraday cages.
posted by blue_beetle at 11:35 AM on November 17, 2015 [7 favorites]


(Spoilers for Metal Gear Solid V)

Crap, the Vocal Cord Parasite exists for Technology already? Thanks Kojima.
posted by Twain Device at 11:38 AM on November 17, 2015 [1 favorite]


> As is the way of things, the patent is overreaching and claims to patent all ultra and infra sound applications

If it's too general and covers "do a thing if you hear X", Motorola PL from the mid-1950s and radio teleswitch systems (1970s) seem to have that covered.
posted by scruss at 11:41 AM on November 17, 2015 [1 favorite]


Let's see now, where's my OC Bible...
posted by nzero at 11:42 AM on November 17, 2015 [15 favorites]


We need consumer standards which state that all microphones and cameras need a working, hardware-based off switch which is not bypassable by software. Actually, just getting somebody to float such a proposal in congress then watching who starts dumping money against it would be informative.
posted by benzenedream at 11:48 AM on November 17, 2015 [43 favorites]


This is making me appreciate headphones even more.
posted by Foosnark at 11:50 AM on November 17, 2015


hmmmmmm.
I work in advertising, on the technical side - I am very often the person who goes to sound mixes, applies those sound mixes to finished picture, kicks out the final files and uploads them. I've never even heard of this, much less been asked to integrate ultrasonic frequencies into a mix.
I have a lot of technical questions about when these tones would be integrated into ads - if anywhere, I'm assuming they'd have to be placed on ads by the network serving ads after the spots themselves have been transcoded into proxies - and how they would survive being played through TV speakers.
posted by 235w103 at 11:53 AM on November 17, 2015 [7 favorites]


Here's the way I see this working. Your Vizio smart tv (which is always monitoring and reporting your viewing habits a la Sorenson Spark) is playing in the background. You pop open an app that uses this SDK and it hears the embedded audio code in the Vizio output, thus linking your smartphone ID with your TV ID. Now you have an advertising profile that concatenates your TV habits with your smartphone use. Use Twitter during a show to talk about the show? It'll know if you paid attention during the commercials. Now your tweet platform can get in on the fun! It's all about making those initial profile connections.

It doesn't need to constantly be listening. It just takes the one instance of "hey I see you" and now your profile is enhanced. Same goes for an inobtrusive web flash ad that plays ultrasonic audio. Now your computer knows your iPad knows your phone knows your TV.
posted by msbutah at 11:53 AM on November 17, 2015 [10 favorites]


Other than rootkit, I'm not seeing any evidence that apps are running this API. Do we have any? Is this why Evernote wanted permission to use my microphone? Is Siri listening in? Or is this all just theoretical?
posted by anotherpanacea at 11:56 AM on November 17, 2015


Nelson: "And here's a patent application for US20150215668 A1. ... As is the way of things, the patent is overreaching ..."

If you go to the USPTO Public PAIR website you can search the publication number and see that the patent application (not a patent per se) stands rejected by the patent examiner over prior art. You might need Java installed to make the crusty patent office website work.
posted by exogenous at 11:58 AM on November 17, 2015


You'd be hard pushed to find an ad from either streaming or broadcast services that isn't playing compressed audio, so how do they ensure that their audio beacon remains part of the signal? Even if they're blasting audio signals between 17-20kHz, the compressed audio will not reproduce those frequencies. So that would limit them to browser based ads that use uncompressed PCM. If they're blasting uncompressed high frequencies at high levels, that could also cause physical discomfort, fatigue and headaches (not that most ads don't cause that anyway)

Also 17-20kHz isn't technically ultrasonic, even if it's generally inaudible to adults. I'm pretty sure it's usually defined as greater than 20kHz and I imagine most children would agree.
posted by TwoWordReview at 11:59 AM on November 17, 2015 [3 favorites]


And from the depths of your closet where it has sat for years, forgotten but dreaming, Furby's dead eyes flick open.
posted by robocop is bleeding at 12:07 PM on November 17, 2015 [106 favorites]


some apps like Shazam, Google Voice and Siri have the ability to record audio at any time while the app is in the background

A few days ago, I was watching an Elvis Costello interview on YouTube on the computer, with my iPhone sitting on the desk in front of me. All of the sudden, Siri wakes up and tries to start Skyping with someone named "History of Tomatoes" or something. Huh? I unlock my phone and check things out, nothing seems out of the ordinary but I briefly get a bit paranoid, like what kind of weird hacker shit is going on...until I think wait a minute and back up the YouTube video a few minutes and then it happened again. I replicated it, over and over, and with some variations in her understanding, every time Elvis said "his story," Siri thought it was me saying "hey, Siri."
posted by chococat at 12:07 PM on November 17, 2015 [39 favorites]


If you go to the USPTO Public PAIR website you can search the publication number and see that the patent application (not a patent per se) stands rejected by the patent examiner over prior art.

Holy shit, did the USPTO actually reject a ridiculous patent for once? I feel very disproportionately happy that they just did their damn job for a change.
posted by axiom at 12:07 PM on November 17, 2015 [1 favorite]


the compressed audio will not reproduce those frequencies

Yeah, this pretty much sounds like bullshit for a lot of reasons, this one first among them. Add in that the typical TV speaker isn't going to reproduce these frequencies very well even if they did make it there, and that your smartphone mic probably won't pick them up, and it sounds pretty doubtful.

Can you watermark audio such that it's hard to hear but easy to decode? Probably, but not with high-frequency audio.
posted by uncleozzy at 12:09 PM on November 17, 2015 [2 favorites]


What's the incentive for app makers to include this malware in their apps? Or am I totally misunderstanding?

Money! I have no idea how much, but back in the previous bubble I was making some freely downloadable software and we turned down an offer for something north of a dollar for each user we could get to install Gator (an early adware/malware thing). That's a ton of money for any reasonably popular app!

Is Siri listening in?

If the OS vendor were complicit in this, there would be no need for this to involve any Apps at all. Also, Apple is one of the most privacy-friendly big corporations I can think of.
posted by aubilenon at 12:10 PM on November 17, 2015 [1 favorite]


Wrap it up and be safe!
posted by bukvich at 12:10 PM on November 17, 2015


Thanks for noting the patent application is currently rejected. Presumably there will be a second round? The product website claims it is "a patented technology", but they could just be lying.
posted by Nelson at 12:11 PM on November 17, 2015


I absolutely agree computer cameras and microphones need a hardware off switch. I don't have a solution for microphones, but for cameras the EFF stickers work pretty well. They're removable (and reusable). It's a shame, the old SGI webcams had a hardware physical cover. I wish those still existed. Particularly on my iPhone and iPad.
posted by Nelson at 12:12 PM on November 17, 2015 [2 favorites]


I used to work in the for-profit advertising and marketing sector, and I tend to look at "marketers have found a new, Godlike way to ruin everything forever" stories with the same eye that I look at "new super-narcotic is sweeping the nation and soon all our children will be slaves to Krokodil/Bath Salts/Ultra-Strain Mary Jane" stories with: possible, sure, and with a grounding in some sort of fact, but not super probable.
posted by Shepherd at 12:12 PM on November 17, 2015 [8 favorites]


There is no way for this to work in secret, legitimatly, in iOS. A giant red bar is visible every time an app uses the mic in the background. The reverse, background app playing sound, is also very visible.

Any illegitimate way, if they every existed, would have caused every app using the SDK to be immediatly banned from the ITunes Store.

The only way for this to ever happen would be for the user to purposefully run the app the foreground. Even then, I have a feeling we'd reject it.
posted by sideshow at 12:12 PM on November 17, 2015 [4 favorites]


I replicated it, over and over, and with some variations in her understanding, every time Elvis said "his story," Siri thought it was me saying "hey, Siri."

With iOS 9, you can train Siri to to your voice. Now I can no longer set ridiculous alarms for my girlfriend from across the room 😔.

I watched this year's WWDC keynote in a room with a bunch of us Apple engineers, and about 15 of our phones responded when Craig did something on stage with Siri. Next time, that won't happen.
posted by sideshow at 12:17 PM on November 17, 2015 [3 favorites]


I'm not even sure the cheap built in mics on most smartphones have a frequency response that can reliably capture those frequencies, although new ones might be much better than they used to be.
posted by TwoWordReview at 12:18 PM on November 17, 2015


With iOS 9, you can train Siri to to your voice

I DID THAT. That's why it freaked me out so much.
posted by chococat at 12:21 PM on November 17, 2015


This is old news. This is how "second screen" applications work, like how that Game of Thrones app knows to have the Greyjoy biographies handy when they are onscreen.

Nielsen has used acoustic watermarking for a while now.
posted by butterstick at 12:24 PM on November 17, 2015 [2 favorites]


Google/Alphabet/whichever is one of the biggest advertising companies in the world. They also run Gmail. Given that most users inevitably check their email on various devices, getting cross-device ownership by them is trivial, especially when there's an app on all platforms (Chrome for desktop).

Facebook has a similar ability, and they also run a large advertising network.

Wide area modulation and demodulator is interesting from a technical perspective but more work than necessary in many cases.
posted by fragmede at 12:27 PM on November 17, 2015 [2 favorites]


There is no way for this to work in secret, legitimatly, in iOS. A giant red bar is visible every time an app uses the mic in the background.

Snowden has revealed the NSA's ability to exploit the microphones of iPhones that have been switched off, and commonly available RATs have allowed attackers to exploit older MacBook cameras without activating their lights in the past (a 2013 proof-of-concept attack suggests vulnerabilities in more recent Apple cams as well).

As odinsdream noted above, the gloves are off - if it can be done, it probably will, at least barring a successful legal challenge. I wouldn't trust that that light being off means it is actually off.
posted by ryanshepard at 12:28 PM on November 17, 2015 [10 favorites]


I absolutely agree computer cameras and microphones need a hardware off switch. I don't have a solution for microphones, but for cameras the EFF stickers work pretty well. They're removable (and reusable). It's a shame, the old SGI webcams had a hardware physical cover. I wish those still existed. Particularly on my iPhone and iPad.

Every time I get a new laptop from work, out comes my handy black electrical tape. Rarely, I am asked to videoconference in situations where I only have a laptop; I tend to just say "can't get it to work." Not just for privacy reasons (I was seriously skeeved by that school that spied on its students with cameras in the laptop) but because there is no less flattering camera angle than Laptop Camera from Below and also, videoconferencing is stupid.

I also hate the sound-sensitive rotating cameras in the videoconference rooms that ZOOM IN if you speak up during meetings, thereby guaranteeing that some people just won't talk at all. I tend to schedule one particular room that has a blind spot the cameras can't rotate to, and always sit there.

To tie that back into the discussion, we were all pulled into a meeting and warned not to take personal calls in empty videoconference rooms, because sometimes people trying to connect to a meeting will connect to your room and accidentally see/hear you w/out your knowledge and if you're arguing with your credit card company or horrible ex, that's embarrassing.

I hate having cameras and mics everywhere. Really really do.
posted by emjaybee at 12:29 PM on November 17, 2015 [15 favorites]


put me down as another person who can't imagine how cheap speakers and compressed audio could reproduce ultrasonic signals reliably
posted by pyramid termite at 12:30 PM on November 17, 2015


Nielsen has used acoustic watermarking for a while now.

And yet performing rights organizations -- who collect royalties for the composers and publishers of the wall-to-goddamn-wall music you hear on TV -- are dragging their feet on audio fingerprinting to detect performances, instead relying only on production company-submitted cue sheets that are often wrong and sometimes just never show up.
posted by uncleozzy at 12:31 PM on November 17, 2015


I DID THAT. That's why it freaked me out so much.

Here's the really freaky part: YOU'RE Elvis Costello
posted by bitteroldman at 12:36 PM on November 17, 2015 [12 favorites]


> all microphones and cameras need a working, hardware-based off switch

Not mandated yet, but they are available

I wish ifixit would publish un-repair guides to disable wireless, camera & mic on cheap Chromebooks to make them better "burner" laptops.
posted by morganw at 12:48 PM on November 17, 2015


axiom: "Holy shit, did the USPTO actually reject a ridiculous patent for once? I feel very disproportionately happy that they just did their damn job for a change."

Media coverage of "ridiculous patents" notwithstanding, the patent office makes a lot of rejections of perfectly valid claims. As best as I can understand, individuals patent examiners can get in trouble for allowing borderline cases to issue as patents but face no repercussions for making horrible rejections that have no basis in law or fact. I see dozens of garbage rejections every year.

Nelson: "Thanks for noting the patent application is currently rejected. Presumably there will be a second round? "

Yes, they will have at least a chance or two to try and convince the patent examiner that the invention is patentable, by using arguments and/or by amending the claims. More chances if they spend more money and time. The process can take years.

Nelson: "The product website claims it is "a patented technology", but they could just be lying."

Could be, or maybe rather than a bold lie they simply misunderstand and intend to mean "patent pending", or maybe they have a separate issued patent.
posted by exogenous at 12:54 PM on November 17, 2015


It should be mentioned that the Sorenson Spark platform I talked about above does use an audio fingerprinting algorithm similar to Nielsen, using human friendly audio ranges (not ultrasonic ones). They've got a box in plant that is fingerprinting audio channels back to their servers before broadcast, and then the same platform in the smart TV runs the same fingerprinting again to compare to their stockpiled sources. Then they know that TV X was watching program Y for this much time, and even better if they can tie in your home IP or local device ID. While this pertains to communication in the ultrasonic range, it's not even necessary to obfuscate it.
posted by msbutah at 12:56 PM on November 17, 2015


Great, so my solution of turning down the commercial volume is no longer sufficient, now I must keep the volume cranked but put a high pass filter on while the commercial runs.
posted by Nanukthedog at 12:57 PM on November 17, 2015


Instructions to turn off that tracking on your VIZIO smart TV. My TVs already know my phone because the first thing I did was screencast youtube videos to them when I got each one. Also, they all use the same wireless modem, which is probably not that hard to track.
posted by soelo at 1:03 PM on November 17, 2015 [1 favorite]


I'm not even sure the cheap built in mics on most smartphones have a frequency response that can reliably capture those frequencies, although new ones might be much better than they used to be.

Here's a plot of frequency response curves for some older iOS devices.

put me down as another person who can't imagine how cheap speakers and compressed audio could reproduce ultrasonic signals reliably

High end isn't usually a problem for small speakers. Compression may be more of an issue, but it's not implausible to me (who used to work in that space) that one could come up with something robust against many lossy formats. This is especially true if the ultrasonic stuff is all there is. And if you had control over the encoding, it would be technically straightforward to ensure the stuff you want is preserved.
posted by aubilenon at 1:03 PM on November 17, 2015 [1 favorite]


So until recently I worked in mobile advertising, for a few years. Linking devices is currently the goal of a lot of advertisers. This microphone thing is simultaneously really clever and really sleazy. The real question is how Apple and Google will react to it. I tend to suspect (or at least hope) that Apple will ban apps from its app store that have this SDK installed. Earlier versions of iOS provided a way for apps to access a unique identifier called, appropriately enough, a UDID. It also provided a way to access the MAC address of the device's ethernet card. It was possible to do a hard reset of the UDID by reinstalling iOS but who wants to do that, and I'm pretty sure there was no way to reset the MAC address. So advertisers loved the UDID because it functioned as a cookie except even stronger, because every app shared the same cookie, and people typically weren't going to reset theirs.

Earlier versions of android also provided an "android ID" (similar to an iOS UDID) and a "device ID" which was typically assigned by phone carriers. Each was unique to the device.

About 4 years ago Apple decided to strengthen its support of app users' privacy and started providing a thing called an IDFA which was like a UDID except that you (the user) can reset it by going to Settings -> Privacy -> Advertising and tapping the "Reset Advertising Identifier..." button. You can also enable "Limit Ad Tracking" on that same screen, but I believe that field isn't super useful because it just provides a yes/no field to advertisers, who are then supposed to honor the user's wishes that they not be tracked. They still get the IDFA if the app asks for it. So "Limit Ad Tracking" probably isn't that useful. But resetting your IDFA is like simultaneously clearing all browser cookies, except for apps. If you care about your privacy, you probably want to do that on a regular basis. This would break the link established when the sound playing from the ad is recognized, at least, because the device's IDFA is almost certainly what is used to group it together with other devices.

About 3 years ago Apple started rejecting apps that still read the UDID and later versions of iOS (I believe starting with version 7?) stopped providing access to the UDID and MAC address entirely. Android followed suit and also only lets advertisers track people using IDFAs now. This was a fairly strong message that they don't want advertisers keeping permanent records on people who demonstrate that they care about it, ie those who reset their IDFAs.

Of course there are still ways for advertisers to get around these things. The obvious one is to grab your IP address. The way to get around that is to ensure you're using a router that has more than say 10 users whenever you're doing something you want privacy for, since there's too much noise associated with that router's IP address. You could use just a cell tower connection, but given that Verizon tried out "super cookies" earlier this year, your level of trust may vary.

So my point is that Apple and to a lesser extent Android seem to care about helping users to limit how much they're tracked. Assuming they shut apps with the microphone SDK out of their app stores, the only question I would have is whether Safari (or the Android web browser) has access to the microphone. I suspect not but I can't say for sure. I know that I use Safari while I'm watching TV sometimes, so it's a legitimate worry.

And as others have noted upthread, Google has some incentive to track its users. If you care about privacy and you need a smartphone, either go with something running iOS or pick something made by the also-rans, like a Windows phone or something. Unfortunately, in today's world, protecting your privacy means making tradeoffs.
posted by A dead Quaker at 1:21 PM on November 17, 2015 [7 favorites]


I seem to remember a plot point in Max Headroom involved people who had an illegal off switch for their TV.

Twenty minutes into the future...
posted by fifteen schnitzengruben is my limit at 1:46 PM on November 17, 2015 [1 favorite]


First thing you do when you buy something new, you fry it like Robocop doing a hard reboot...
posted by mikelieman at 1:46 PM on November 17, 2015


Google has some incentive to track its users.

And here it is. The 1% thank you for your cooperation.
posted by three blind mice at 1:48 PM on November 17, 2015


I'd say that it is certainly interesting that the iPhone 4 microphone sensitivity is boosted +20dB at 21kHz. You can do a lot of stuff with that sort of frequency selectivity.
posted by ikalliom at 1:51 PM on November 17, 2015 [1 favorite]


A friend of mine came over the other night and we got to talking about the worsening scenario around Syria and we decided it'd be interesting to see what the Russian state media has to say on current events. My friend is more of a party and electronic music type of guy, whereas I'm more of the international policy and law type of person.

So anyhow, as we're sitting there talking over RT's reportage of the recent attacks in France, my friend starts doing the Facebook thing on his phone. After a couple minutes, he expresses dismay and surprise: the advertising landscape on Facebook has changed for him from centering on electronic music and car stereos to "Latest Stories from RT" material. He said he'd never seen an ad for RT in his life before, and asked if it was really possible that they heard the television -- almost certaintly, I said.

When it comes to uber-ubiquitous applications like Facebook and the associated desire to remain connected and feel normal, most people will sign over everything to them without a thought.

These days, if you aren't willing to sign that access over, you have opted out of mainstream socialization and being considered normal (in my socioeconomic environment at least).

I wish we would wake up from this nightmare.
posted by Matt Oneiros at 1:57 PM on November 17, 2015 [11 favorites]


put me down as another person who can't imagine how cheap speakers and compressed audio could reproduce ultrasonic signals reliably

Try this: Take a high-res picture of a $20 bill. Try to print it on an ordinary cheap inkjet printer. It won't work, because the printer identifies a watermark in the bill and will refuse to counterfeit it.

Now distort the image as much as you want. Crop it. Draw smiley faces over it. Black out half of it. Black out the other half. Draw over everything that seems like a recognizable feature. Blur it. Invert all the colors. It doesn't matter, the printer will still identify it as money. The only way you can get it to print is by cropping it to roughly the size of a quarter -- and even then the watermark detection sometimes works.

And they're able to do this in an inkjet printer, which is basically given away for free.

Signal processing is really cool, and it turns out there are all kinds of ways to encode a low-bandwidth signal in a high-bandwidth signal so that it is very easy to find and very difficult to ever get rid of.
posted by miyabo at 2:04 PM on November 17, 2015 [8 favorites]


The EURion constellation is imprinted all over American bills which is why cropping it doesn't defeat anti-copying measures. And it's not exactly subtle which the sound tracking would need to be. If you could hear the sound tracking codes the way you can see the EURion constellations no one would put up with it. In other words the EURion constellation works great for money but would be a shitty way of copy protecting images.

Though now I wonder if auto camouflaging ever incorporates EURion.
posted by Mitheral at 2:21 PM on November 17, 2015 [1 favorite]


There's a much more subtle spectrum-based watermark in addition to the EURion symbol. You can completely delete it and printers and scanners will still recognize money. Try it!
posted by miyabo at 2:25 PM on November 17, 2015 [2 favorites]


a thing called an IDFA which was like a UDID except that you (the user) can reset it by going to Settings -> Privacy -> Advertising and tapping the "Reset Advertising Identifier..." button.

Thank you very much. Had never heard of that. Just reset mine now.
posted by dnash at 2:30 PM on November 17, 2015 [1 favorite]


"Ban computation."

And here we thought it was called the Butlerian Jihad because it was incited by an overreach by AskJeeves.
posted by Eideteker at 2:38 PM on November 17, 2015 [5 favorites]


Add in that the typical TV speaker isn't going to reproduce these frequencies very well even if they did make it there, and that your smartphone mic probably won't pick them up, and it sounds pretty doubtful.

...

put me down as another person who can't imagine how cheap speakers and compressed audio could reproduce ultrasonic signals reliably


A few years back (OK, wow, a decade back), in cricket season, there were beer promos where you'd get a little talking doll, and they'd trigger the particular phrases by embedding commands in the TV audio. That part is not interesting. The interesting thing here is adding the network as a backchannel and, of course, the correlations of the different sources of data.
posted by pompomtom at 2:47 PM on November 17, 2015


So this is why my big Epson Printer which can be networked, but never has been; comes on from powered off, every so often, and does its warm up routine? I figured it was just my stalker saying, "Hey, remember me babe?"

But you think it is it how they figured out about Charlie Sheen, eh?
posted by Oyéah at 2:51 PM on November 17, 2015


So anyhow, as we're sitting there talking over RT's reportage of the recent attacks in France, my friend starts doing the Facebook thing on his phone. After a couple minutes, he expresses dismay and surprise: the advertising landscape on Facebook has changed for him from centering on electronic music and car stereos to "Latest Stories from RT" material. He said he'd never seen an ad for RT in his life before, and asked if it was really possible that they heard the television -- almost certaintly, I said.

I am...skeptical. As noted already, iOS and Android both require you to explicitly grant access to the microphone. Fundamentally, some ad network somewhere decided that your friend's phone, and the device you were using to view the RT stream, represented the same user—but that could have happened through any combination of factors (matching IP addresses if your friend's phone was connected to your Wi-Fi; because your friend had logged into Facebook or some other account on your computer; simple geographical proximity; etc.).
posted by escape from the potato planet at 2:52 PM on November 17, 2015 [2 favorites]


You Can't Tip a Buick: "okay, who's going to tell Admiral Adama that the damn computers have figured out a new way to network themselves?"

FUUUUUUUCK THIS IS WHY I CAN'T WATCH THAT SHOW THE COMPUTERS TAKING OVER THE SPACESHIPS IS TOO SCARY AND NOW YOU'VE RUINED LIFE FOR ME.

robocop is bleeding: "And from the depths of your closet where it has sat for years, forgotten but dreaming, Furby's dead eyes flick open."

STAAAAAAAAAAAHP.
posted by Eyebrows McGee at 2:53 PM on November 17, 2015 [2 favorites]


I am...skeptical. As noted already, iOS and Android both require you to explicitly grant access to the microphone

My phone is running Cyanogen which lets me see whether apps have requested the microphone individually. Facebook has microphone permission, but has never used it. You do need microphone permission to record video with audio, so that makes sense I guess. But on Android, there is absolutely no warning. I don't think Facebook is secretly tracking you with audio yet.
posted by miyabo at 3:07 PM on November 17, 2015


escape from the potato planet: "I am...skeptical. As noted already, iOS and Android both require you to explicitly grant access to the microphone."

My cellular provider (I'm on pay as you go) provides an android app that amongst other things allows me to deposit money to my account, check account activity, check balance, add and remove features, that sort of thing. Or I should say it used to allow that because they rolled out a new version and have ceased support for the old version. And I won't upgrade because the new version of the app requires access to the microphone for who knows what reason. But lots of people aren't going to notice that or are just going to click thru yes because the need to use facebook/candy crush/instagram/dropbox etc and you can't just say ok to these things but not to that or the app won't install.
posted by Mitheral at 3:14 PM on November 17, 2015 [1 favorite]


Ooh, just looking at the Cyanogen permissions screen, Facebook is regularly requesting my location even when I haven't used it in days.
posted by miyabo at 3:16 PM on November 17, 2015


put me down as another person who can't imagine how cheap speakers and compressed audio could reproduce ultrasonic signals reliably

compressing audio really has nothing to do with frequency response. audio compression limits dynamic range, affecting the perceived loudness. and the cheaper and smaller a speaker is, the more likely it is able to produce high frequency signals.
posted by quonsar II: smock fishpants and the temple of foon at 3:19 PM on November 17, 2015 [1 favorite]


Maybe there's an upside to this? I think the current cell phone regime where people routinely give every app they download complete access to their entire phone is insane. If the security risks of that get higher and more obvious, maybe some of that will change?

In the mean time, I only use Facebook and similar services on my phone through an (adblocked) web browser instead of downloading their apps. Interfaces usually suck, though.
posted by straight at 3:23 PM on November 17, 2015


I replicated it, over and over, and with some variations in her understanding, every time Elvis said "his story," Siri thought it was me saying "hey, Siri."

It does this with audiobooks, too.
posted by winna at 3:38 PM on November 17, 2015


compressing audio really has nothing to do with frequency response. audio compression limits dynamic range

This isn't about dynamic range compression, he was talking about lossy compression (data reduction, as in MP3, Vorbis, etc) which does feature a low-pass filter at 16-18 kHz most of the time.
posted by Bangaioh at 3:52 PM on November 17, 2015


There was a lot of buzz about Facebook listening in and using what it learns to target ads earlier this year. At first it seemed ridiculously unlikely to me, coming from some oddball sources, but as more and more respectable type started chiming in on it, I began to wonder.

The ultrasonic trick seems to be, in many ways, easier than this.
posted by rokusan at 3:59 PM on November 17, 2015


Just don't run closed source software guys. Need Facebook? facebookcorewwwi.onion works fine in TorBrowser. Although m.facebook.com performs better.
posted by jeffburdges at 3:59 PM on November 17, 2015 [1 favorite]


escape from the potato planet: I am...skeptical. As noted already, iOS and Android both require you to explicitly grant access to the microphone.

I didn't say it was the infrasound -- I have no great way to be sure of how they did it short of an engineer from Facebook or RT telling me (or embarking on a time consuming research project) -- I have ideas and I think you're on the right track but as your myriad of other ways to get the same result show the concept of "facebook knowing you are watching RT" is quite possible to implement. He wasn't on my network, he didn't use any of my computers.

Infrasound or no, comparable levels of targeting appear to be possible today.
posted by Matt Oneiros at 4:17 PM on November 17, 2015


Companies are starting to realize they can actually do whatever the fuck they want to do with very little chance of punishment.

if it can be done, it probably will, at least barring a successful legal challenge.


"It's a knockout
If looks could kill they probably will
In games without frontiers. "
 
posted by Herodios at 5:24 PM on November 17, 2015


Google's Nearby API includes support for ultrasound communications.
posted by humanfont at 7:10 PM on November 17, 2015 [2 favorites]


compressing audio really has nothing to do with frequency response.

Not intrinsically, but as it stands lossy compression formats preferentially discard information where it will make the least difference to human perception. MP3 encoders, for example, do take into account human frequency-sensitivity curves when they decide where to spend their bits, and they can be pretty merciless on the very high end where the lost information will be inaudible.

I don't know much (read: basically anything) about compressed video so I poked around to see if this was also true for the audio compression used with video. AAC is the standard for this, but it looks like it gives encoders enough choices that if someone wanted to compress audio but keep 15kHz+ faithful they could without much of a problem.
posted by Jpfed at 9:01 PM on November 17, 2015


ikalliom: "I'd say that it is certainly interesting that the iPhone 4 microphone sensitivity is boosted +20dB at 21kHz. You can do a lot of stuff with that sort of frequency selectivity."

Pretty standard for MEMS microphones; I've fiddled with a few playing with bat & insect detection. They tend to have a rising, if peaky, sensitivity with rising frequency due to their physical construction.

IIRC, the iPhone 4 (maybe the 3GS?) was the first to use a MEMS microphone.
posted by Pinback at 10:27 PM on November 17, 2015 [2 favorites]


I have found many ways to fight back against ads, tracking coolies, etc., but in the long run this takes effort, slows computers, etc.

In my experience, the single most effective measure it's possible to take to make web browsing faster is installing Adblock Plus and subscribing it to a comprehensive set of filter lists.
posted by flabdablet at 3:58 PM on November 19, 2015


« Older but why   |   There's a font for every broken heart on Broadway Newer »


This thread has been archived and is closed to new comments