W3C home > Mailing lists > Public > public-media-capture@w3.org > June 2016

Re: Privacy issue with media capture and fingerprinting room acoustics

From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 27 Jun 2016 20:45:44 -0700
Message-ID: <CABcZeBMvHcvfn9WS50qBqOH2jkddbbmXQbtmUCS+QGEAMrxYBQ@mail.gmail.com>
To: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
Cc: "public-media-capture@w3.org" <public-media-capture@w3.org>
A related issue I have heard suggested (due to Hovav Shacham) is
fingerprinting machines due to
natural variation/defects in the camera/dust on the lens, etc.. I don't
know of a demonstration that this is possible but it
seems like it's at least plausible that it might be be.


On Sat, Jun 25, 2016 at 3:48 PM, Cullen Jennings (fluffy) <fluffy@cisco.com>

> We have noticed in testing that it is possible to fingerprint which room a
> user is in at a fairly high degree of accuracy if the user has granted
> permission to the microphone.  You use the browser to play an optimally
> designed short sound which can be ultrasonic so that user does not hear it,
> and at the same time record the response of how that sound echos in that
> room using getusermedia. Thought echo cancelation does remove the primary
> echos, there is still plenty of residual information to fingerprint the
> room. By  looking at the fingerprint it seems it is often uniquely identify
> the room the user is in. This will reveal the location of the user  even if
> location is turned off if some previous user and correlated the acoustic
> fingerprint of this room with the location of the room.
> I think this is worth mentioning in the draft. It also seem worth in the
> draft issue other have raised such as
> Playing an ultrasonic unique ID encoding in some way on one browser and
> recording it on another reveals two people are in the same room
> Playing an ultrasonic unique ID over say a TV advertisement then recording
> using a browser on some page like say Facebook might be usable to figure
> out what TV shows people were watching while if Facebook did this and the
> user had a Facebook web page open while watching TV.
Received on Tuesday, 28 June 2016 03:46:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 28 June 2016 03:46:53 UTC