Re: Privacy issue with media capture and fingerprinting room acoustics

A related issue I have heard suggested (due to Hovav Shacham) is
fingerprinting machines due to
natural variation/defects in the camera/dust on the lens, etc.. I don't
know of a demonstration that this is possible but it
seems like it's at least plausible that it might be be.

-Ekr


On Sat, Jun 25, 2016 at 3:48 PM, Cullen Jennings (fluffy) <fluffy@cisco.com>
wrote:

>
> We have noticed in testing that it is possible to fingerprint which room a
> user is in at a fairly high degree of accuracy if the user has granted
> permission to the microphone.  You use the browser to play an optimally
> designed short sound which can be ultrasonic so that user does not hear it,
> and at the same time record the response of how that sound echos in that
> room using getusermedia. Thought echo cancelation does remove the primary
> echos, there is still plenty of residual information to fingerprint the
> room. By  looking at the fingerprint it seems it is often uniquely identify
> the room the user is in. This will reveal the location of the user  even if
> location is turned off if some previous user and correlated the acoustic
> fingerprint of this room with the location of the room.
>
> I think this is worth mentioning in the draft. It also seem worth in the
> draft issue other have raised such as
>
> Playing an ultrasonic unique ID encoding in some way on one browser and
> recording it on another reveals two people are in the same room
>
> Playing an ultrasonic unique ID over say a TV advertisement then recording
> using a browser on some page like say Facebook might be usable to figure
> out what TV shows people were watching while if Facebook did this and the
> user had a Facebook web page open while watching TV.
>
>
>
>
>
>
>
>
>
>