W3C home > Mailing lists > Public > public-media-capture@w3.org > June 2016

Re: Privacy issue with media capture and fingerprinting room acoustics

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 27 Jun 2016 12:20:11 +1000
Message-ID: <CABkgnnVkV1y1t0gB-QSUjB3Wv-NjddNOsTT-ayBEU6JYHuFpRg@mail.gmail.com>
To: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
Cc: "public-media-capture@w3.org" <public-media-capture@w3.org>
Is there any point in using a low-pass filter?  (On either the mic,
speaker, or both.)  Or are the downsides of that too severe?  Or is it
ineffective at actual stopping these sorts of things?

I imagine that audible sound can be used for these purposes, but it
would be harder to mount the attack surreptitiously.  Although, the
thought of a unique "ringtone" occurs, some of those sound pretty
strange.

I can imagine a case where a "trusted" site could use the microphone
without a low-pass filter.  (And before people say that this is hard
to put in UX, we probably wouldn't, though there are other ways
browsers might make that determination.)

On 26 June 2016 at 08:48, Cullen Jennings (fluffy) <fluffy@cisco.com> wrote:
>
> We have noticed in testing that it is possible to fingerprint which room a user is in at a fairly high degree of accuracy if the user has granted permission to the microphone.  You use the browser to play an optimally designed short sound which can be ultrasonic so that user does not hear it, and at the same time record the response of how that sound echos in that room using getusermedia. Thought echo cancelation does remove the primary echos, there is still plenty of residual information to fingerprint the room. By  looking at the fingerprint it seems it is often uniquely identify the room the user is in. This will reveal the location of the user  even if location is turned off if some previous user and correlated the acoustic fingerprint of this room with the location of the room.
>
> I think this is worth mentioning in the draft. It also seem worth in the draft issue other have raised such as
>
> Playing an ultrasonic unique ID encoding in some way on one browser and recording it on another reveals two people are in the same room
>
> Playing an ultrasonic unique ID over say a TV advertisement then recording using a browser on some page like say Facebook might be usable to figure out what TV shows people were watching while if Facebook did this and the user had a Facebook web page open while watching TV.
>
>
>
>
>
>
>
>
>
Received on Monday, 27 June 2016 02:21:15 UTC

This archive was generated by hypermail 2.3.1 : Monday, 27 June 2016 02:21:15 UTC