W3C home > Mailing lists > Public > public-audio@w3.org > October to December 2015

Re: Tracking with ultrasound beacons. Web Audio API privacy considerations need updating?

From: Robert O'Callahan <robert@ocallahan.org>
Date: Sat, 14 Nov 2015 11:00:18 +1300
Message-ID: <CAOp6jLaPSYngj_4dUo2OZ3g0qTL2k3VtgqpmLKPpWj7XXN-7VQ@mail.gmail.com>
To: Joseph Lorenzo Hall <joe@cdt.org>
Cc: "Lukasz Olejnik (W3C)" <lukasz.w3c@gmail.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>, "public-audio@w3.org" <public-audio@w3.org>
On Fri, Nov 13, 2015 at 10:29 AM, Joseph Lorenzo Hall <joe@cdt.org> wrote:

> In some senses, platforms can help. E.g., just like there are small
> indicators present when an app is accessing location or the microphone to
> give users notice that something is using those resources, maybe a sound
> icon could be used? Chrome I think does this with tabs so that you can
> quickly identify which of dozens of tabs is the one playing annoying audio.
>

Firefox does this too.

Since this attack works for native apps as well, it's probably best blocked
by filtering out inaudible frequencies at the platform level.

Also I imagine that if this gets used much in the wild, the scripts
involved will be added the blacklist used by Firefox's tracking protection.

Rob
-- 
lbir ye,ea yer.tnietoehr  rdn rdsme,anea lurpr  edna e hnysnenh hhe uresyf
toD
selthor  stor  edna  siewaoeodm  or v sstvr  esBa  kbvted,t
rdsme,aoreseoouoto
o l euetiuruewFa  kbn e hnystoivateweh uresyf tulsa rehr  rdm  or rnea
lurpr
.a war hsrer holsa rodvted,t  nenh hneireseoouot.tniesiewaoeivatewt sstvr
esn
Received on Friday, 13 November 2015 22:00:48 UTC

This archive was generated by hypermail 2.3.1 : Friday, 18 December 2015 09:00:35 UTC