Ultrasonic cross-device tracking sounds like technology that only exists in science fiction movies.
In reality, advertising agencies have made it a part of everyone’s day-to-day lives, quickly and quietly.
Prior to a recent report exposing 234 applications that collect sensitive data from smartphones without our consent, very few people were aware their privacy was being invaded right in front of them.
New Technology Can Unmask Tor, Bitcoin Users
Harmless as it may seem, using ultrasonic tones to keep track of what people view on the internet poses a major threat to personal privacy.
It tracks all sorts of data ranging from where people go to eat to what stores they shop at.
This data is a potential treasure trove for advertisers who use personal information to build highly accurate and personalized profiles for millions of people.
But this practice can easily become a gateway for crimes, such as identity theft, if the technology should fall into the wrong hands.
Ultrasonic cross-device tracking, despite still being in its nascent stages, can be used to de-anonymize Tor users and even trace back bitcoin transactions to real user identities—a very worrying prospect for privacy advocates.
How the Technology Works
Ultrasonic cross-device tracking allows ad agencies to keep track of their consumers across multiple devices by installing high-frequency beacons in billboards, storefronts, the webpages of online stores and even sports stadiums.
The applications installed on mobile devices act as receivers by discreetly activating the device’s microphone to pick up high-frequency emissions that are completely imperceptible to the human ear.
The collected data is then used to create highly specific user profiles that highlight the places frequented, the websites visited and the advertisements passed.
Researchers discovered that four out of the 35 stores they visited in Germany had installed ultrasonic beacons at their storefronts.
Two other unnamed cities in Europe were also found to have stores with ultrasonic beacons.
Some of the applications with this privacy-threatening capability have already been downloaded a million times over, and they include the McDonald’s app and Krispy Kreme.
As of yet, no one understands how exactly these companies use the data that’s collected through the apps.
Personal Privacy is at Risk
The implications of this technology, especially to the privacy of an individual, can be severe.
The collected data is not just a record of consumer habits and shopping preferences. The applications are capable of collecting data that virtually breaks every privacy barrier, since it can be used to link people to sensitive information such as their political documentations and even what adult websites they visit in their own private time.
What’s more, the ever-present location tag adds a negative twist to the whole scenario, especially to people who treasure their online anonymity and privacy.
As mentioned, this technology is capable of unraveling several layers of privacy tools relied on by Tor users, leaving them exposed to their adversaries.
It can also be used to de-anonymize bitcoin owners—a terrifying power to have on the currency that dominates the digital world and is largely based on privacy.
AlienVault security advocate Javvad Malik believes that the worst is yet to come.
According to him, the advent of smarter smartphones and better technology will only serve to increase the risk to the privacy of individuals.
Technologies that can be used to extract sensitive information from mobile devices without the owner’s knowledge are a serious breach of privacy, but there is a chance that the situation could deteriorate in the near future.
Privacy Starts with You
Even with the evolution of such technology, Malik also blames consumers for putting their own privacy at risk.
These applications, ingenuous as they may be, still require their permissions to gain access to core components such as the device’s microphone, text messages, camera and speaker.
He advocates for the use of common sense when installing applications and encourages users to be very keen on the type of permissions every application requests before installation.
Failure to observe these simple precautionary steps is what allows ad agencies to manipulate mobile devices to the disadvantage of user privacy.