- From: Greg Norcie <gnorcie@cdt.org>
- Date: Tue, 31 May 2016 17:45:29 -0400
- To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-ID: <CAMJgV7bYqsBBTrxvdNTRygVQrC3e42JUOJg-VPax+03LQ9nMBQ@mail.gmail.com>
Hi all, In order to engender better understanding of the threat of fingerprinting, I would like to share some recent research Nikita Borisov's group - a small but significant (1% of the Alexa top 100,000) are using motion sensor fingerprinting. Borisov et al's research concludes that "Motion sensor fingerprinting is a realistic threat to mobile users’ privacy" Motherbord has a great overview up: https://motherboard.vice.com/read/advertisers-might-already-be-using-your-phones-hardware-to-track-you-device-fingerprinting Interestingly, they were able to find some cool ways to inject noise into motion sensor data without impacting usability. Section 6 details the countermeasures and the user study which verified this. There's an ArXiv pre-print up if anyone wants full details (PDF warning!): https://arxiv.org/pdf/1605.08763.pdf As the Center for Democracy & Technology previously noted in our Comments on Cross Device Tracking to the US Federal Trade Commission[1], we believe that informed consent and opt out consent are minimum baselines for tracking technologies. However, in the meantime, we hope to reduce the threat of fingerprinting as much as possible when creating new standards, since these tracking technologies do not seem to offer meaningful opt outs nor notice that fingerprinting is occurring. [1] https://cdt.org/insight/comments-on-cross-device-tracking-to-the-ftc/ /********************************************/ Greg Norcie (norcie@cdt.org) Staff Technologist Center for Democracy & Technology District of Columbia office (p) 202-637-9800 PGP: http://norcie.com/pgp.txt /*******************************************/
Received on Tuesday, 31 May 2016 21:46:20 UTC