DOCSLIB.ORG

Cross-Device Tracking: Measurement and Disclosures

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cross-Device Tracking: Measurement and Disclosures Proceedings on Privacy Enhancing Technologies ; 2017 (2):113–128 Justin Brookman, Phoebe Rouge, Aaron Alva, and Christina Yeung Cross-Device Tracking: Measurement and Disclosures Abstract: Internet advertising and analytics technology share common attributes — such as the same lo- companies are increasingly trying to find ways to link cal network and IP address — those services may behavior across the various devices consumers own. This be able to correlate user activity across devices. In cross-device tracking can provide a more complete view visiting 100 sites on two virtual devices, we con- into a consumer’s behavior and can be valuable for a nected to 861 different third party domains on both range of purposes, including ad targeting, research, and devices, including domains operated by dedicated conversion attribution. However, consumers may not be cross-device tracking companies. aware of how and how often their behavior is tracked – 96 out of 100 of the sites we tested allowed con- across different devices. We designed this study to try sumers to submit a username or email address that to assess what information about cross-device tracking could be shared to correlate users across devices. (including data flows and policy disclosures) is observ- – Six companies that collect login information as a able from the perspective of the end user. Our paper first party also collect extensive behavioral data as demonstrates how data that is routinely collected and a third party on other websites. shared online could be used by online third parties to – 16 out of 100 sites shared personally identifying in- track consumers across devices. formation with third parties, either in raw or hashed form. Keywords: privacy, cross-device, tracking, transparency – Dozens of third party services sync unique cookie ID DOI 10.1515/popets-2017-0017 values, which could facilitate the sharing of cross- Received 2016-08-31; revised 2016-09-30; accepted 2016-10-01. device graph information. These findings demonstrate that a broad range of com- 1 INTRODUCTION panies possess the capacity to correlate user behavior across different devices that the users own. However, al- Concerns about cross-device tracking often center on the though the data practices summarized above could be unknown: who is performing this tracking, when does it used for cross-device linkage, we could not definitively occur, and how is it performed? To help shine some light determine that the data was used by a company for that on this topic, we conducted a review of 100 popular web- purpose in any particular instance. From the perspective sites to determine which sites transmit data or otherwise of the consumer, it is challenging to know when cross- perform actions known to facilitate cross-device track- device tracking occurs, since companies can make de- ing. We observed the following data collection practices terminations of device correlation on their own servers, that could be used by tracking companies to make in- unobservable to end users (we did not detect compa- ferences about linkages among devices: nies using the same cookie IDs across devices to identify – We detected connections to the same third party linked devices). The data transmissions observed could services on different devices. When those devices be for purposes other than cross-device tracking, though a user may be unable to rule out the possibility based on the data alone. Because the purposes for which the data transmit- Justin Brookman: Federal Trade Commission, Office of ted was often ambiguous, we also looked at the pri- Technology Research and Investigation, E-mail: jbrook- vacy disclosures of these 100 websites in order to see [email protected] Phoebe Rouge: Federal Trade Commission, Office of Tech- if they made information available about cross-device nology Research and Investigation, E-mail: [email protected] tracking. Most of the policies we reviewed reserve broad Aaron Alva: Federal Trade Commission, Office of Technology rights to allow third parties to collect and use pseudony- Research and Investigation, E-mail: [email protected] mous browser data such as IP address and unique cookie Christina Yeung: Federal Trade Commission, Office of Tech- identifiers. However, the website privacy policies we re- nology Research and Investigation, E-mail: [email protected] viewed contained little explicit discussion of cross-device Cross-Device Tracking 114 tracking specifically, or whether consumers had the abil- ing, but also for research, security, and purchase attri- ity to turn off cross-device linkages. bution purposes (e.g., if an ad on one device resulted in a sale on another). The commercial benefits from cross-device tracking could potentially be passed on to 2 BACKGROUND consumers in the form of lower prices, though we have not analyzed that issue here. This paper does not seek to weigh the potential benefits of cross-device track- Since the late 1990s, the Federal Trade Commission ing with any privacy risks or interests; instead, it ex- (FTC)1 has sought to bring greater transparency and plores what information concerning cross-device track- user control to the issue of online behavioral data col- ing is discoverable by consumers — through disclosures lection as part of its work to protect and promote con- made to consumers in privacy policies, and through ob- sumer privacy.2 In 2007, Commission staff held a two- servable behavior of websites in browsers. day workshop3 focused specifically on behavioral target- Staff of the Office of Technology Research and In- ing. In 2009, staff published “Self-Regulatory Principles vestigation conducted this research in conjunction with for Online Advertising” [2] to encourage the adoption of the FTC staff’s November 16, 2015 workshop on Cross- more transparent practices. Behavioral advertising was Device Tracking. At that event, stakeholders from in- also a significant focus of the 2012 Report “Protecting dustry, academia, and civil society gathered to explore Consumer Privacy in an Era of Rapid Change: Recom- the unique privacy issues associated with the practice.4 mendations for Businesses and Policymakers” [3]. The This paper will initially describe some of the current Commission has also brought numerous enforcement ac- models that companies use to compile “device graphs” tions to stop unfair and deceptive practice related to for consumers — that is, lists of device identifiers that online behavioral advertising [4–6]. the company imputes to a particular individual. We Despite the progress to date addressing these issues, then describe the methodology for the study we ran on consumers continue to have concerns about online pri- 100 popular websites to observe the collection of data vacy and tracking. According to a 2016 TRUSTe sur- that could be used for cross-device tracking purposes. vey, [7] 92% of consumers worry about their privacy on- We then present the full findings of the study which line. With regard to online behavioral data collection, were briefly summarized in the abstract: we describe the a recent Pew survey [8] shows that over three quarters numerous cases in which data is transmitted that could of internet users are not confident that online advertis- be used to facilitate cross-device tracking. Next, we de- ers will maintain the privacy and security of their web scribe the results of our review of the privacy policies of browsing data. And, while most expressed an interest those 100 websites. Finally, we discuss the limitations in controlling the collection of their online data, few felt of our study, and conclude with suggestions for possible empowered to do so [8]. future research. Originally, online behavioral data collection was While several previous studies [9–12] have consid- limited to connecting users across multiples websites ered data collection online, including third-party data on one device. Today, advertising technology companies collection, we are unaware of any prior studies that are finding ways to track users across devices as well. considered such collection in the context of cross-device Consumers interact with more devices — and smarter tracking across such a large number of sites. Other work devices — than ever before, including computers, smart- [13–16] has focused on third-party data collection across phones, smart TVs and Blu-Ray players, gaming plat- mobile applicatons (as opposed to web browsers); while forms, and Internet of Things devices. Connecting this we do not measure leakage of information through apps, data can be valuable to companies not just for ad target- many of the same privacy interests are implicated. A number of papers [17, 18] have also looked specifically at the efficacy and completeness of disclosures in privacy 1 This research has been prepared by staff members of the Office policies though, again, without regard to cross-device of Technology Research and Investigation of the Federal Trade tracking. Finally, some researchers have looked at non- Commission. The views expressed do not necessarily reflect the cookies tracking mechanisms such as Flash Cookies [19] views of the Commission or any individual Commissioner. 2 See https://www.ftc.gov/news-events/events-calendar/1999/ 11/online-profiling-public-workshop and [1] 3 https://www.ftc.gov/news-events/events-calendar/2007/11/ 4 https://www.ftc.gov/news-events/events-calendar/2015/11/ ehavioral-advertising-tracking-targeting-technology cross-device-tracking Cross-Device Tracking 115 or digital fingerprinting [21]. Our paper focuses primar- Fig. 1. Probabilistic Matching ily on how often sites connect to third-party services; we do not analyze in detail what methods companies might use to keep state on user activity. We do look at how cookie syncing could be used to share device graphs among third-party services building off of previous re- search [20] into methods of detecting such syncing. 3 DESCRIPTION OF CROSS-DEVICE TRACKING MODELS Below we summarize some of the primary models that are in use today to link behavior across multiple devices.
Load more

Recommended publications
  • Data Privacy: the Current Legal Landscape February 2016
    DATA PRIVACY: THE CURRENT LEGAL LANDSCAPE FEBRUARY 2016 By Mark C. Mao, Ronald Raether, Ashley Taylor, Sheila Pham, Sofia Jeong, Reade Jacob, Ryan Lewis, Julie Hoffmeister, and Jessica Lohr troutmansanders.com TROUTMAN SANDERS LLP DATA PRIVACY: THE CURRENT LEGAL LANDSCAPE • FEBRUARY 2016 I. Introduction P. 3 A. An Overview of Privacy Law In The United States B. Trends In 2015 Continue Into 2016 II. New U.S. Legislation, Amendments, And Updates P. 5 A. USA Freedom Act B. Cyber Information Security Act C. Other Significant Legislative Developments 1. Driverless And “Smart” Cars 2. Power Grids 3. Education Privacy 4. California III. Evolving Case Law P. 8 A. Data Breach Litigation 1. Motions to Dismiss: Standing And Damages 2. New Trends & Arguments: a. Defending On The Standard of Care b. Derivative Liability c. Business to Business Litigation B. Impermissible “Tracking” Cases 1. Expanding The Definition of “PII” 2. Persistent Identifiers, URL Tracking, And “Content Scanning” 3. Cross-Device Tracking 4. The Video Privacy Protection Act (VPPA) And The Use of Pseudonyms 5. Consumer Profiling IV. Developments In Regulatory Enforcement P.12 A. The Federal Trade Commission B. The Federal Communications Commission C. HIPAA Enforcement D. State Attorneys General E. Other Administrative Enforcement Efforts V. Notable International Developments P.17 A. The “Privacy Shield” for Transatlantic Data Protection Framework B. General Data Protection Regulation (GDPR) C. The Network Information Security (NIS) Directive D. The Trans-Pacific Partnership (TPP) Agreement VI. Conclusion P.20 Page 2 TROUTMAN SANDERS LLP DATA PRIVACY: THE CURRENT LEGAL LANDSCAPE • FEBRUARY 2016 I. INTRODUCTION 1 A. An Overview of Privacy Law In The United States Privacy law in the United States is generally viewed as Telecommunication entities such as “(telecommunication) following a “sectoral model.” Unlike the European Union (EU) carriers,” cable television, and “video tape service providers” are and Canada, the US does not have comprehensive national also subject to federal legislation.
    [Show full text]
  • Privacy and Data Security Update 2016
    Privacy & Data Security Update: 2016 Federal Trade Commission January 2016 - December 2016 The Federal Trade Commission (FTC or Commission) is an independent U.S. law enforcement agency charged with protecting consumers and enhancing competition across broad sectors of the economy. The FTC’s primary legal authority comes from Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive practices in the marketplace. The FTC also has authority to enforce a variety of sector specific laws, including the Truth in Lending Act, the CAN-SPAM Act, the Children’s Online Privacy Protection Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act. This broad authority allows the Commission to address a wide array of practices affecting consumers, including those that emerge with the development of new technologies and business models. How Does the FTC Protect Consumer Privacy and Ensure Data Security? The FTC uses a variety of tools to protect consumers’ privacy and personal information. The FTC’s principal tool is to bring enforcement actions to stop law violations and require companies to take affirmative steps to remediate the unlawful behavior. This includes, when appropriate, implementation of comprehensive privacy and security programs, biennial assessments by independent experts, monetary redress to consumers, disgorgement of ill-gotten gains, deletion of illegally obtained consumer information, and provision of robust transparency and choice mechanisms to consumers. If a company violates an FTC order, the FTC can seek civil monetary penalties for the violations. The FTC can also obtain civil monetary penalties for violations of certain privacy statutes and rules, including the Children’s Online Privacy Protection Act, the Fair Credit Reporting Act, and the Telemarketing Sales Rule.
    [Show full text]
  • Ultrasound-Based Cross-Device Tracking
    Vasilios Mavroudis*, Shuang Hao, Yanick Fratantonio, Federico Maggi, Christopher Kruegel, and Giovanni Vigna On the Privacy and Security of the Ultrasound Ecosystem Abstract: Nowadays users often possess a variety of elec- Keywords: Ultrasounds, Deanonymization, tronic devices for communication and entertainment. In Privacy Violation, Cross-device Linking. particular, smartphones are playing an increasingly central role in users’ lives: Users carry them everywhere they go and often use them to control other devices. This trend pro- vides incentives for the industry to tackle new challenges, 1 Introduction such as cross-device authentication, and to develop new monetization schemes. A new technology based on ultra- Modern users have been increasingly relying on multi- sounds has recently emerged to meet these demands. Ul- ple devices and frequently switch between them in their trasound technology has a number of desirable features: it daily lives: Browsing the Internet from computers, playing is easy to deploy, flexible, and inaudible by humans. This mobile games on tablets, or watching shows on televi- technology is already utilized in a number of different real- sions. A recent survey has shown that a single user carries world applications, such as device pairing, proximity detec- 2.9 electronic devices on average [44]. Among the others, tion, and cross-device tracking. smartphones play a prominent role since users carry them This paper examines the different facets of ultrasound- everywhere they go, and they are often used to control based technology. Initially, we discuss how it is already used other devices. The trend of engaging with multiple digital in the real world, and subsequently examine this emerging platforms brought to the demand for new technologies to technology from the privacy and security perspectives.
    [Show full text]
  • Zero-Permission Acoustic Cross-Device Tracking
    Zero-Permission Acoustic Cross-Device Tracking Nikolay Matyunin Jakub Szefer Stefan Katzenbeisser Technical University of Darmstadt, CYSEC Yale University Technical University of Darmstadt, CYSEC Darmstadt, Germany New Haven, CT, USA Darmstadt, Germany [email protected] [email protected] [email protected] Abstract—Adversaries today can embed tracking identifiers and detect them in a mobile application to show location- into ultrasonic sound and covertly transmit them between de- relevant content. The company Silverpush developed means of vices without users realizing that this is happening. To prevent embedding tracking identifiers into TV streams. Meanwhile, such emerging privacy risks, mobile applications now require a request for an explicit user permission, at run-time, to get researchers [4] demonstrated how the uXDT technology can access to a device’s microphone. In this paper, however, we be used for web-tracking purposes, e.g., for transmitting a show that current defenses are not enough. We introduce a tracking ID from the Tor browser to an application on the novel approach to acoustic cross-device tracking, which does not user’s smartphone in order to de-anonymize the web session. require microphone access, but instead exploits the susceptibility Due to privacy concerns, uXDT technology raised the atten- of MEMS gyroscopes to acoustic vibrations at specific (ultrasonic) frequencies. Currently, no permissions are needed to access the tion of public media [5] and the security community [4], [6]. gyroscope’s data, and the gyroscope can be accessed from apps or In response, the Federal Trade Commission issued warning even from a web browser.
    [Show full text]
  • September 2015 M&A and Investment Summary Table of Contents
    September 2015 M&A and Investment Summary Table of Contents 1 About Petsky Prunier 3 2 Overview of Monthly M&A and Investment Activity 6 3 Monthly M&A and Investment Activity by Industry Segment 12 4 Additional Monthly M&A and Investment Activity Data 42 Securities offered through Petsky Prunier Securities, LLC, member of FINRA. This M&A and Investment Summary has been prepared by and is being distributed in the United States by Petsky Prunier, a broker dealer registered with the U.S. SEC and a member of FINRA. Petsky Prunier is not affiliated with Altium Capital Ltd, but has partnered with Altium to expand its international presence. Altium has not prepared or verified the information in this Summary. Persons in the United States should contact Petsky Prunier for further information or services. This M&A and Investment Summary is not being distributed by Altium Capital Ltd in the United States and Altium Capital Ltd is not offering any services to persons in the United States. 2 | M&A and Investment Summary September 2015 Petsky Prunier: Maximizing Shareholder Value . Top-ranked, global investment bank dedicated to digital advertising and marketing, eCommerce, digital media, technology, information, business services, and healthcare services industries . Extensive sell-side M&A and capital raise expertise, with a transaction closing rate unmatched at our level of deal volume . Founded in 1999 . More than 50 focused professionals; growth of 40% since 2011 . New York, Palo Alto, Las Vegas, Chicago, Boston, Tampa . Deep relationships across a broad spectrum of strategic buyers, as well as private equity, growth equity, and VC groups and lenders .
    [Show full text]
  • Cross-Device Tracking: Measurement and Disclosures
    Proceedings on Privacy Enhancing Technologies ; 2017 (2):133–148 Justin Brookman, Phoebe Rouge, Aaron Alva, and Christina Yeung Cross-Device Tracking: Measurement and Disclosures Abstract: Internet advertising and analytics technology share common attributes — such as the same lo- companies are increasingly trying to find ways to link cal network and IP address — those services may behavior across the various devices consumers own. This be able to correlate user activity across devices. In cross-device tracking can provide a more complete view visiting 100 sites on two virtual devices, we con- into a consumer’s behavior and can be valuable for a nected to 861 different third party domains on both range of purposes, including ad targeting, research, and devices, including domains operated by dedicated conversion attribution. However, consumers may not be cross-device tracking companies. aware of how and how often their behavior is tracked – 96 out of 100 of the sites we tested allowed con- across different devices. We designed this study to try sumers to submit a username or email address that to assess what information about cross-device tracking could be shared to correlate users across devices. (including data flows and policy disclosures) is observ- – Six companies that collect login information as a able from the perspective of the end user. Our paper first party also collect extensive behavioral data as demonstrates how data that is routinely collected and a third party on other websites. shared online could be used by online third parties to – 16 out of 100 sites shared personally identifying in- track consumers across devices.
    [Show full text]
  • Annual Deal Tracker
    Annual Deal List February 2020 Contents Section Page M&A 04 Domestic 05 Mergers and internal restructuring 16 M&A: Inbound 17 M&A: Outbound 21 Private equity 25 IPO 62 QIP 64 Disclaimer This document captures the list of deals announced based on information available in the public domain and based on public announcements. Grant Thornton India LLP does not take any responsibility for the information, any errors or any decision by the reader based on this information. This document should not be relied upon as a substitute for detailed advice and hence, we do not accept responsibility for any loss as a result of relying on the material contained herein. Further, our analysis of the deal values is based on publicly available information and based on appropriate assumptions (wherever necessary). Hence, if different assumptions were to be applied, the outcomes and results would be different. This document contains the deals announced and closed as of 20 December 2019. 02 Industry 4.0: Transforming the manufacturing landscape Annual Deal List 2019 0 3 M&A 04 Annual Deal List 2019 I. Domestic Acquirer Target Sector USDm % Stake Reliance Strategic Business Asteria Aerospace Pvt. Ltd. Aerospace and defence 3.30 52% Ventures Limited Ashok Leyland Ltd. Ashley Aviation Ltd. Aerospace and defence 0.08 27% PI Industries Ltd. Isagro (Asia) Agrochemicals Private Limited Agriculture and forestry 49.00 100% Luxmi Tea Co. Pvt. Ltd. Mcleod Russel India Ltd. - Specified assets of Agriculture and forestry 21.43 100% Addabarie Tea Estate, Mahakali Tea Estate and Dirai Tea Estate Mahindra CIE Automotive Ltd.
    [Show full text]
  • Mobile Threat Report What’S on the Horizon for 2016 Table of Contents
    Mobile Threat Report What’s on the Horizon for 2016 Table of Contents This Threat Report Introduction . 3 was written by: Stagefright: Setting the Stage for Increased Security . 4 Bruce Snell Is Your Phone Monitoring What You Watch on TV? .. 6 Cybersecurity and Privacy Director SMiShing Continues to Evolve . 7 Intel Security Dangers on the App Stores . 8 Mobile Malware Grows Up . 10 Looking Ahead: IoT and Wearables . 12 Play It Safe . 12 Mobile Threat Report: What’s on the Horizon for 2016 2 We find the mobile threat landscape continues to grow and evolve with several factors contributing. The increasing speed, power and storage space on mobile devices has led to more people using their devices in more places for online shopping, managing their finances and paying their bills. This leads to mobile becoming a much more valuable target for cybercriminals. This past year, we’ve seen how major vulnerabilities in the Android OS changed how Google looks at security updates. We also saw aggressive adware spying on your TV and radio habits. Additionally, we saw an increase in more advanced malware that brings threats we’ve been dealing with for years on PC’s into the mobile world. Rule of three—top three Ransomware, bank fraud and remote access tools (RATs) all have an increased threats facing mobile users: presence on mobile devices. 1. Android moved to monthly security updates, How are these new threats getting to your mobile devices? In our last report, but each manufacturer is responsible for rolling we detailed the ways in which apps overshare your information; now we take out the updates, often leading to delays a look at the large numbers of infected apps that make it past the screening 2.
    [Show full text]
  • Official Submission Kit Asia Pacific Edition 2020
    Official Submission Kit Asia Pacific Edition 2020 The Celebration of Mobile Talent To enter, visit mmaglobal.com/smarties/awards/programs/apac. Deadline is September 15, 2020 Mobile Marketing Mobile has disrupted the way people engage with brands. It is the foundation of a connected marketing strategy and marketing leaders must embrace this reality. Wendy Clark, CEO of DDB Worldwide says “If our plans don’t include mobile, your plans are not finished.” According to Salesforce, 71% marketers say that mobile marketing is core to their business, while 68% brands have integrated mobile marketing into their overall marketing strategy. It’s no longer a question of whether mobile marketing is important -- we know it is -- it’s now the case of understanding how consumers behave on mobile devices. Introducing SMARTIES What are the SMARTIES? The first and only annual competition honoring outstanding innovation and creativity resulting in significant business impact. An annual ‘Innovation’ Showcase recognizing significant achievement in the modern communications world where mobile is at the heart of consumer engagement and action. We know what kind of hours you’ve put into the work. We know the sleepless nights, the countless drafts, and the head-scratching dilemmas that come from bringing an idea into execution. It’s an All-Star Game for marketers. It’s the World Championship of innovation. It’s an underground tournament of known and unknown professionals, wrapped in the sparkle and allure of an award’s ceremony. SMARTIES identifies recipients as a major force driving marketing innovations of strategy, creativity, effectiveness, and most importantly, the execution of ideas.
    [Show full text]
  • 32:3 Berkeley Technology Law Journal
    32:3 BERKELEY TECHNOLOGY LAW JOURNAL 2017 Pages 1027 to 1300 Berkeley Technology Law Journal Volume 32, Number 3 Production: Produced by members of the Berkeley Technology Law Journal. All editing and layout done using Microsoft Word. Printer: Joe Christensen, Inc., Lincoln, Nebraska. Printed in the U.S.A. The paper used in this publication meets the minimum requirements of American National Standard for Information Sciences—Permanence of Paper for Library Materials, ANSI Z39.48—1984. Copyright © 2017 Regents of the University of California. All Rights Reserved. Berkeley Technology Law Journal University of California School of Law 3 Boalt Hall Berkeley, California 94720-7200 [email protected] http://www.btlj.org BERKELEY TECHNOLOGY LAW JOURNAL VOLUME 32 NUMBER 3 2017 TABLE OF CONTENTS ARTICLES FTC 2.0: KEEPING PACE WITH ONLINE PLATFORMS ....................................... 1027 Terrell McSweeny PLATFORM MARKET POWER ............................................................................ 1051 Kenneth A. Bamberger & Orly Lobel DETERRING CYBERCRIME: FOCUS ON INTERMEDIARIES .................................. 1093 Aniket Kesari, Chris Hoofnagle & Damon McCoy PLATFORM LAW AND THE BRAND ENTERPRISE ............................................... 1135 Sonia K. Katyal & Leah Chan Grinvald DESIGNING AGAINST DISCRIMINATION IN ONLINE MARKETS ......................... 1183 Karen Levy & Solon Barocas HOW DIGITAL ASSISTANTS CAN HARM OUR ECONOMY, PRIVACY, AND DEMOCRACY..................................................................................................... 1239 Maurice E. Stucke & Ariel Ezrachi SUBSCRIBER INFORMATION The Berkeley Technology Law Journal (ISSN1086-3818), a continuation of the High Technology Law Journal effective Volume 11, is edited by the students of the University of California, Berkeley, School of Law (Boalt Hall) and is published in print three times each year (March, September, December), with a fourth issue published online only (July), by the Regents of the University of California, Berkeley.
    [Show full text]
  • D53d0ae6fa776b682c5f58f65ac
    ERROR the Art of Imperfection Edited by Gerfried Stocker / Christine Schöpf / Hannes Leopoldseder Ars Electronica 2018 Festival for Art, Technology, and Society September 6—10, 2018 Ars Electronica, Linz Editors: Hannes Leopoldseder, Christine Schöpf, Gerfried Stocker Editing: Katia Kreuzhuber, Alexander Wöran Translations: German–English, all texts (unless otherwise indicated): Mel Greenwald English–German: Ingrid Fischer-Schreiber Copyediting: Laura Freeburn Graphic design and production: Cornelia Prokop, Lunart Werbeagentur Minion Typeface: Klavika PEFC Certified This product is from Printed by: Gutenberg-Werbering Gesellschaft m.b.H, Linz sustainably managed forests and controlled Paper: Magno Volume 1,1 Vol., 115 g/m2, 300 g/m2 sources EN www.pefc.org PEFC Certified © 2018 Ars Electronica PEFC Certified PEFC Certified © 2018 for the reproduced works by the artists,This product or is their legalThis product is This product is PEFC Certified from sustainably from sustainably from sustainably This product is from successors managed forests managed forests managed forests sustainably managed and controlled and controlled and controlled forests and controlled sources Published by sources sources sources Hatje Cantz Verlag GmbH www.pefc.org www.pefc.org www.pefc.org www.pefc.org Mommsenstrasse 27 10629 Berlin PEFC Certified Germany This product is from Tel. +49 30 3464678-00 sustainably managed Fax +49 30 3464678-29 forests and controlled www.hatjecantz.com sources A Ganske Publishing Group company www.pefc.org Hatje Cantz books are available
    [Show full text]
  • Privacy Threats Through Ultrasonic Side Channels on Mobile Devices
    Privacy Threats through Ultrasonic Side Channels on Mobile Devices Daniel Arp, Erwin Quiring, Christian Wressnegger and Konrad Rieck Technische Universitat¨ Braunschweig Brunswick, Germany Abstract—Device tracking is a serious threat to the privacy of user walked into a store. Furthermore, mobile applications users, as it enables spying on their habits and activities. A like Lisnr and Signal360 present location-specific content recent practice embeds ultrasonic beacons in audio and tracks on mobile devices such as vouchers for festivals and sport them using the microphone of mobile devices. This side channel events via ultrasonic beacons. Once the user has installed allows an adversary to identify a user’s current location, spy these applications on her phone, she neither knows when on her TV viewing habits or link together her different mobile the microphone is activated nor is she able to see which devices. In this paper, we explore the capabilities, the current information is sent to the company servers. prevalence and technical limitations of this new tracking tech- Finally, the developers of Silverpush filed a patent which nique based on three commercial tracking solutions. To this recently raised attention in the media [23] due to its privacy end, we develop detection approaches for ultrasonic beacons threat: The patent proposes to mark TV commercials using and Android applications capable of processing these. Our ultrasonic beacons, thus allowing them to precisely track a findings confirm our privacy concerns: We spot ultrasonic user’s viewing habits. In contrast to other tracking products, beacons in various web media content and detect signals in however, the number and the names of the mobile applica- 4 of 35 stores in two European cities that are used for location tions carrying this functionality are unknown.
    [Show full text]