Re: Tracking with ultrasound beacons. Web Audio API privacy considerations need updating? from Joe Berkovitz on 2015-11-12 (public-audio@w3.org from October to December 2015)

From: Joe Berkovitz <joe@noteflight.com>
Date: Thu, 12 Nov 2015 16:34:08 -0500
To: "Lukasz Olejnik (W3C)" <lukasz.w3c@gmail.com>
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>, Audio Working Group <public-audio@w3.org>
Message-ID: <CA+ojG-b32Yh447-tSvGUKiDNOx6_m7U0LiYH+k_fQSRkLVkBEA@mail.gmail.com>

Hi Lukasz,

Thanks for raising this point. We are very concerned about privacy.

At the same time, sound is, along with sight, a fundamental sensory
modality that is not an "add-on" to a user's web experience: it is an
integral part of it.

Let me ask a question that would help to bring some clarity to the issue,
at least for me. Is it not possible that mobile apps might use the camera
to glimpse the screen of another device, and determine what is displayed
there, e.g. a QR code of some kind? Would we then ask whether the browser's
display area be subject to permissions? Or that the browser detect visual
codes and somehow suppress them?

Without in any way minimizing this issue, I suppose that I am looking for a
sense of where we should draw the line in terms of privacy risks. An
ongoing race to discover and suppress the latest beacon technology could be
hard to win.

I look forward to further discussion.

...Joe

.            .       .    .  . ...Joe

*Joe Berkovitz*
President

*Noteflight LLC*
49R Day Street / Somerville, MA 02144 / USA
phone: +1 978 314 6271
www.noteflight.com
"Your music, everywhere"

On Thu, Nov 12, 2015 at 4:18 PM, Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com>
wrote:

> Dear all,
>
> I would like to raise the current issue of tracking using ultrasound audio
> beacons/markers.
>
> SilverPush PRISM [1] is a program/method enabling cross-device tracking.
> In short, it is the association of users of desktops/laptops with devices
> such as smartphones.  The intention is to enhance tracking and profiling,
> so users can experience more rich Web content, of course.
>
> It supposedly uses ultrasound beacons via speakers, emitted by scripts on
> websites. These can then be detected by smartphone apps.
>
> It is, however, bringing some transparency issues. Users are unaware of
> this, can't provide consent, and can't configure their browsers according
> to their expectations.
>
> The current privacy considerations of Web Audio API [4] are not addressing
> these concerns. Possibly we should ask for an update?
>
> We might consider investigating, and deciding -  if possible -  should Web
> Audio:
> - be subject of permissions
> - limit the output to filter out infra/ultrasound, if possible (?)
> - have an additional note
>
> Thanks and regards
> Lukasz
>
> Ps. This is addressed to PING and  Audio Working Group.
> Pps. As a side note - [3] - TV advertisements can emit ultrasound beacons
> as well.
>
>
> [1] http://www.silverpush.co/?_escaped_fragment_=/prism#!/prism
> [2]
> http://www.steamfeed.com/silverpush-launches-cross-device-ad-targeting-with-unique-audio-beacon-technology/
> [3] http://thetechportal.in/2015/09/23/silverpush-funding/
> [4] http://www.w3.org/TR/webaudio/#PrivacyConsiderations
>

Received on Thursday, 12 November 2015 21:34:40 UTC