We all know online behavior can be tracked via web browser. But now technology is being used to "jump the air gap" between your computer and a nearby device, like your tablet or smartphone—even if it's not connected, and all without your knowledge. "[This type of] tracking is generally invisible to consumers," the Federal Trade Commission reports, "and, unlike tracking through cookies, the consumer has no ability to control it."
The way this sneaky "cross-device tracking," as practiced by companies like San-Francisco-based SilverPush, works is downright creepy:
The company can embed ultrasonic sounds, totally inaudible to the user, into videos and television commercials. You're watching the Superbowl on TV, or you click on a funny video on your computer, and while you're busy cheering or giggling, you've got no idea that the sound is coming out of your speakers.
As the sound travels—reportedly up to 65 feet—your nearby device "hears" it, because unbeknownst to you, one of the apps on that device surreptitiously contains a software development kit that's "listening" for the sound. According to the New York Times, mobile analytics firm Flurry has embedded their tracking software into some 350,000 apps already installed on 1.2 billion devices.
When your device "hears" the sound, the behavior of that device starts being monitored, and that data is routed back to whatever party paid to have access to it. The data collectors now know that you've seen a particular commercial on your TV or clicked a particular video on your computer; what did you do next? Did you call somebody? Use your phone as a remote to change the channel? Do a web search on your phone, and if so, what for? Did you open your mapping app and travel somewhere?
The Washington-D.C. based nonprofit Center for Democracy and Technology explains why this technology is potentially harmful:
…When a company combines the information from the different devices, an extremely detailed picture emerges. For example, a company could see that a user searched for sexually transmitted disease (STD) symptoms on her personal computer, looked up directions to a Planned Parenthood on her phone, visits a pharmacy, then returned to her apartment.
While previously the various components of this journey would be scattered among several services, cross-device tracking allows companies to infer that the user received treatment for an STD. The combination of information across devices not only creates serious privacy concerns, but also allows for companies to make incorrect and possibly harmful assumptions about individuals.
The problem is worrying enough that earlier this week, the FTC held a workshop on cross-device tracking. At press time there were not yet any updates on their website revealing what conclusions they drew or actions they plan to take.
Marketers having access to this air-gap-jumping technology is bad enough. But what's even more concerning is that the technology can be used for malware, as Ars Technica reports. "That means that engineers in military organizations, nuclear power plants, and other truly high-security environments," they wrote, "should no longer assume that computers isolated from an Ethernet or Wi-Fi connection are off limits."
Ars Technica wrote that piece in 2013, based on a research paper called "On Covert Acoustical Mesh Networks in Air" released that same year. Yet we believe the practice has still not become common knowledge. So maybe the paranoid tin-foil-hat-wearers have it right, and should now be wearing an additional piece of headgear: Headphones, to keep those ultrasonic beacons from reaching out.
- Center for Democracy and Technology's "Re: Comments for November 2015 Workshop on Cross-Device Tracking" [PDF]
Create a Core77 Account
Already have an account? Sign In
By creating a Core77 account you confirm that you accept the Terms of Use
Please enter your email and we will send an email to reset your password.
Comments
The good news take-away I'm getting from this is that my cheapness and laziness may have finally paid off: my computer speakers died a long time ago, and I've been using headphones ever since. Also, I've been too cheap to upgrade to a powerful laptop with built-in speakers. And I'm on a Windows Phone, and nobody writes apps for that!