Beware of ads that use inaudible sound to link your phone, TV, tablet, and PC

[Batu69]

Privacy advocates warn feds about surreptitious cross-device tracking

1939, back when ads used to be safe.

Privacy advocates are warning federal authorities of a new threat that uses inaudible, high-frequency sounds to surreptitiously track a person's online behavior across a range of devices, including phones, TVs, tablets, and computers.

The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can't be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product.

Cross-device tracking raises important privacy concerns, the Center for Democracy and Technology wrote in recently filed comments to the Federal Trade Commission. The FTC has scheduled a workshop on Monday to discuss the technology. Often, people use as many as five connected devices throughout a given day—a phone, computer, tablet, wearable health device, and an RFID-enabled access fob. Until now, there hasn't been an easy way to track activity on one and tie it to another.

"As a person goes about her business, her activity on each device generates different data streams about her preferences and behavior that are siloed in these devices and services that mediate them," CDT officials wrote. "Cross-device tracking allows marketers to combine these streams by linking them to the same individual, enhancing the granularity of what they know about that person."

The officials said that companies with names including SilverPush, Drawbridge, and Flurry are working on ways to pair a given user to specific devices. Adobe is developing similar technologies. Without a doubt, the most concerning of the companies the CDT mentioned is San Francisco-based SilverPush.

CDT officials wrote:

Cross-device tracking can also be performed through the use of ultrasonic inaudible sound beacons. Compared to probabilistic tracking through browser fingerprinting, the use of audio beacons is a more accurate way to track users across devices. The industry leader of cross-device tracking using audio beacons is SilverPush. When a user encounters a SilverPush advertiser on the web, the advertiser drops a cookie on the computer while also playing an ultrasonic audio through the use of the speakers on the computer or device. The inaudible code is recognized and received on the other smart device by the software development kit installed on it. SilverPush also embeds audio beacon signals into TV commercials which are "picked up silently by an app installed on a [device] (unknown to the user)." The audio beacon enables companies like SilverPush to know which ads the user saw, how long the user watched the ad before changing the channel, which kind of smart devices the individual uses, along with other information that adds to the profile of each user that is linked across devices.

The user is unaware of the audio beacon, but if a smart device has an app on it that uses the SilverPush software development kit, the software on the app will be listening for the audio beacon and once the beacon is detected, devices are immediately recognized as being used by the same individual. SilverPush states that the company is not listening in the background to all of the noises occurring in proximity to the device. The only factor that hinders the receipt of an audio beacon by a device is distance and there is no way for the user to opt-out of this form of cross-device tracking. SilverPush’s company policy is to not "divulge the names of the apps the technology is embedded," meaning that users have no knowledge of which apps are using this technology and no way to opt-out of this practice. As of April of 2015, SilverPush’s software is used by 67 apps and the company monitors 18 million smartphones.

SilverPush's ultrasonic cross-device tracking was publicly reported as long ago as July 2014. More recently, the company received a new round of publicity when it obtained $1.25 million in venture capital. The CDT letter appears to be the first time the privacy-invading potential of the company's product has been discussed in detail. SilverPush officials didn't respond to e-mail seeking comment for this article.

Cross-device tracking already in use

The CDT letter went on to cite articles reporting that cross-device tracking has been put to use by more than a dozen marketing companies. The technology, which is typically not disclosed and can't be opted out of, makes it possible for marketers to assemble a shockingly detailed snapshot of the person being tracked.

"For example, a company could see that a user searched for sexually transmitted disease (STD) symptoms on her personal computer, looked up directions to a Planned Parenthood on her phone, visits a pharmacy, then returned to her apartment," the letter stated. "While previously the various components of this journey would be scattered among several services, cross-device tracking allows companies to infer that the user received treatment for an STD. The combination of information across devices not only creates serious privacy concerns, but also allows for companies to make incorrect and possibly harmful assumptions about individuals."

Use of ultrasonic sounds to track users has some resemblance to badBIOS, a piece of malware that a security researcher said used inaudible sounds to bridge air-gapped computers. No one has ever proven badBIOS exists, but the use of the high-frequency sounds to track users underscores the viability of the concept.

Now that SilverPush and others are using the technology, it's probably inevitable that it will remain in use in some form. But right now, there are no easy ways for average people to know if they're being tracked by it and to opt out if they object. Federal officials should strongly consider changing that.

News source

[CODYQX4]

If you have to resort to such trickery and malware like behavior, obviously you've gone too far and your industry deserves to collapse.

You should be able to put your ads on your site without consuming my entire screen, autoplaying anything, using 99% CPU, or resorting to evil methods or 007 grade spying tech.

If you can't you deserve to go bankrupt. Don't try to call me immoral for refusing to consent to your invasion of my privacy to try and sell me some shit I don't want. If I wanted your product I would have looked for it, and just exactly how are your ads that dupe people into clicking making money? Does anyone go full on conversion from being duped? No, they smash the back button. I've seen ads that consume a 27 inch monitor. They have no shame and deserve to fail.

At this point, an average user without an adblocker may as well use XP SP0 online with no security whatsoever. Most web hacks I'm seeing now are piggybacking off of dodgy ads.

You can know, and the solution is to unceremoniously block every last one of these parasites off your computer once and for all.

[Cereberus]

Ads Using Inaudible Sound To Link Your Phone, TV, Tablet, And PC

Some of this reads like it came straight out of a conspiracist’s notebook. Thanks to those who sent this in.

…ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can't be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product.

and people say i'm paranoid about ads. but then you get this :rolleyes:

[straycat19]

In order for the devices to 'hear' the microphone has to be turned on and I have it disabled on all my devices so there is no threat. Inaudible signals have been used in the TV and Radio industries for many years to trigger changes in programming, automatically start commercials, etc, so this isn't surprising that it is being used to collect device data.

[OrioNeXus]

mother of adware this is the future technology they are evolving to track us :angry:

[Reefa]

In the never-ending quest to track audiences, advertising companies have developed an even creepier technology to monitor your behavior. High-frequency sounds that are inaudible to users — also called audio beacons — are broadcast from TVs and browsers, and then give advertisers the power to track nearby smartphones, tablets, computers and various other electronic devices under a single identity.

These cross-device tracking audio beacons are being developed by companies like SilverPush, according to a filing by the Center for Democracy and Technology (CDT), a Washington D.C.-based non-profit organization. The audio beacons only work, though, if the smartphones and other devices in a household have apps installed that contain SilverPush’s — or one of their competitor's — technology.

The CDT reports that apps containing SilverPush's software can report “which ads the user saw, how long the user watched the ad before changing the channel, which kind of smart devices the individual uses, along with other information that adds to the profile of each user that is linked across devices.”

This process is seen as more valuable to advertisers than the cookie files that track user activities. The CDT says that the audio beacons create "supercookies," which are locally stored files that can’t be removed as easily as users can clear cookies.

According to the CDT, Adobe is also considering getting into this market with a cross-device identification system, which would "deterministically track users across devices in the form of a data-sharing cooperative among users." Adobe would be sharing this data, supposedly in a hashed, anonymized form, with partners, in a way that would "better connect the dots between its consumers/prospects and their devices."

In anticipation of a Federal Trade Commission workshop today (Nov. 16), the CDT has expressed that “increased transparency and a robust and meaningful opt-out system” are required for responsible use of this technology.

tomsguide.com