- From: Joseph Lorenzo Hall <joe@cdt.org>
- Date: Thu, 12 Nov 2015 16:29:21 -0500
- To: "Lukasz Olejnik (W3C)" <lukasz.w3c@gmail.com>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>, public-audio@w3.org
- Message-ID: <CABtrr-VFVu2kryTZJd4Huw4X27HxpWz8YP_=qZw+JUCc2UVUSA@mail.gmail.com>
(I'm not on public-audio, so I don't think my mail will make it there.) This is something we've been concerned about recently here at CDT. In some senses, platforms can help. E.g., just like there are small indicators present when an app is accessing location or the microphone to give users notice that something is using those resources, maybe a sound icon could be used? Chrome I think does this with tabs so that you can quickly identify which of dozens of tabs is the one playing annoying audio. I do think that permissions to access the speaker are going to be hard to justify and more difficult to get any UAs to actually build in. It's just too common for something to want to access the speakers. Maybe permissions could be triggered for audio that is clearly outside the range of normal human hearing? A counter-move to that could be that services like SilverPush could blast audio within human hearing ranges but make it information dense (it would sound like the spread-spectrum white noise blasts that fire and police use in the US to get the attention of cars that aren't getting out of their way). I don't see an easy answer to this. Would love to hear others' thoughts. We might want to devote some time on a future PING call to this and invite interested folks from public-audio to join. best, Joe On Thu, Nov 12, 2015 at 4:18 PM, Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com> wrote: > Dear all, > > I would like to raise the current issue of tracking using ultrasound audio > beacons/markers. > > SilverPush PRISM [1] is a program/method enabling cross-device tracking. > In short, it is the association of users of desktops/laptops with devices > such as smartphones. The intention is to enhance tracking and profiling, > so users can experience more rich Web content, of course. > > It supposedly uses ultrasound beacons via speakers, emitted by scripts on > websites. These can then be detected by smartphone apps. > > It is, however, bringing some transparency issues. Users are unaware of > this, can't provide consent, and can't configure their browsers according > to their expectations. > > The current privacy considerations of Web Audio API [4] are not addressing > these concerns. Possibly we should ask for an update? > > We might consider investigating, and deciding - if possible - should Web > Audio: > - be subject of permissions > - limit the output to filter out infra/ultrasound, if possible (?) > - have an additional note > > Thanks and regards > Lukasz > > Ps. This is addressed to PING and Audio Working Group. > Pps. As a side note - [3] - TV advertisements can emit ultrasound beacons > as well. > > > [1] http://www.silverpush.co/?_escaped_fragment_=/prism#!/prism > [2] > http://www.steamfeed.com/silverpush-launches-cross-device-ad-targeting-with-unique-audio-beacon-technology/ > [3] http://thetechportal.in/2015/09/23/silverpush-funding/ > [4] http://www.w3.org/TR/webaudio/#PrivacyConsiderations > -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 joe@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
Received on Thursday, 12 November 2015 21:30:10 UTC