Re: Privacy issue with media capture and fingerprinting room acoustics


> On Jun 27, 2016, at 5:20 AM, Martin Thomson <martin.thomson@gmail.com> wrote:
> 
> Is there any point in using a low-pass filter?  (On either the mic,
> speaker, or both.)  Or are the downsides of that too severe?  Or is it
> ineffective at actual stopping these sorts of things?

I don’t think that would help much. The range of hearing on different people changes so much it would be hard to pick the value for the lowpass that was low enough to cut out stuff people could not hear and high enough not to impact people with better hearing. And it is very easy if other sound is playing to insert market tones that are in the audible frequency range that humans do not hear as they are masked by other sounds. It’s also very nice to be able to do ultrasonic stuff. I wrote an JS apps that can transfer data between two air gapped computers. 

When you enable an app to listen to your mic that has location privacy issues.. If the app hear “Flight 123 to NYC boarding now” it more or less knows where you are. I suspect this is an area we just need to warn folks on what can happened but not change how the system works. 


> 
> I imagine that audible sound can be used for these purposes, but it
> would be harder to mount the attack surreptitiously.  Although, the
> thought of a unique "ringtone" occurs, some of those sound pretty
> strange.
> 
> I can imagine a case where a "trusted" site could use the microphone
> without a low-pass filter.  (And before people say that this is hard
> to put in UX, we probably wouldn't, though there are other ways
> browsers might make that determination.)
> 
> On 26 June 2016 at 08:48, Cullen Jennings (fluffy) <fluffy@cisco.com> wrote:
>> 
>> We have noticed in testing that it is possible to fingerprint which room a user is in at a fairly high degree of accuracy if the user has granted permission to the microphone.  You use the browser to play an optimally designed short sound which can be ultrasonic so that user does not hear it, and at the same time record the response of how that sound echos in that room using getusermedia. Thought echo cancelation does remove the primary echos, there is still plenty of residual information to fingerprint the room. By  looking at the fingerprint it seems it is often uniquely identify the room the user is in. This will reveal the location of the user  even if location is turned off if some previous user and correlated the acoustic fingerprint of this room with the location of the room.
>> 
>> I think this is worth mentioning in the draft. It also seem worth in the draft issue other have raised such as
>> 
>> Playing an ultrasonic unique ID encoding in some way on one browser and recording it on another reveals two people are in the same room
>> 
>> Playing an ultrasonic unique ID over say a TV advertisement then recording using a browser on some page like say Facebook might be usable to figure out what TV shows people were watching while if Facebook did this and the user had a Facebook web page open while watching TV.
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
> 

Received on Tuesday, 28 June 2016 14:00:51 UTC