Re: Vibration API privacy considerations from David Singer on 2016-02-17 (public-privacy@w3.org from January to March 2016)

From: David Singer <singer@apple.com>
Date: Wed, 17 Feb 2016 09:13:12 -0800
To: norcie@cdt.org
Cc: Joseph Lorenzo Hall <joe@cdt.org>, Chaals McCathie Nevile <chaals@yandex-team.ru>, W3C Privacy IG <public-privacy@w3.org>
Message-id: <0299CAFE-A7B3-44F1-A792-906143BE2394@apple.com>
> On Feb 16, 2016, at 17:40 , Greg Norcie <gnorcie@cdt.org> wrote:
> 
> Would they be too faint? IIRC tempest attacks have picked up keystroke noises:
> 
> https://www.schneier.com/blog/archives/2005/09/snooping_on_tex.html
> 
> Couldn't a microphone also pick up vibration noises? 

yes, we should probably include this in the audio beaconing; I guess we could do some tests, but I would expect that under some circumstances a microphone will hear the vibration of another device.

whether you could do it without the user noticing, I don’t know (whereas ultrasonic audio is fairly easy).

but as the ‘Bump’ app showed, you can do a lot if you have synchronized clocks.

> 
> 
> 
> /********************************************/
> Greg Norcie (norcie@cdt.org)
> Staff Technologist
> Center for Democracy & Technology
> District of Columbia office
> (p) 202-637-9800
> PGP: http://norcie.com/pgp.txt
> 
> CDT's Annual Dinner (Tech Prom) is 
> April 6, 2016.  Don't miss out!
> learn more at https://cdt.org/annual-dinner
> /*******************************************/
> 
> On Tue, Feb 16, 2016 at 8:06 PM, David (Standards) Singer <singer@apple.com> wrote:
> yes, an obvious question is ‘beaconing’ using vibration.
> 
> I guess this becomes more of a question for users with more than one device — especially a second device that has motion sensing. But the two devices would have to be awfully close for vibration to transfer.
> 
> 
> 
> > On Feb 16, 2016, at 12:30 , Joseph Lorenzo Hall <joe@cdt.org> wrote:
> >
> > Are those two things or just one? That is, is this section claiming:
> > 1) it is possible to fingerprint a device through the Vibration API by
> > requesting information that could be used to uniquely identify a
> > device by characterizing "tiny imperfections during their
> > manufacturing"; and 2) it is possible for an external observer to
> > identify someone close to them in physical reality ("meat space") by
> > causing the user to visit a specific web page that then uses the
> > Vibration API to vibrate the device (and the external observer
> > observes this and connects a particular web session with a particular
> > device)?
> >
> > Looking at the spec, it just accepts a list of integers and vibrates
> > the device or not. So, I don't see a way to fingerprint devices using
> > this spec by taking advantage of "tiny imperfections during their
> > manufacturing" (of accelerometers and gyroscopes). Maybe it's in
> > conjunction with another API that that becomes revelant? (e.g., if you
> > were recording audio, I bet vibrating the phone with a little training
> > could allow you to characterize the surface it's on and possibly the
> > type of phone and if it's in a case)
> >
> > I think maybe drop the first fingerprinting concern (maybe I don't
> > understand it) but keep the second concern that it allows an external
> > observer in physical proximity to associate a device with a web
> > session by causing the device to vibrate using the API. (A possible
> > mitigation to allowing for highly unique vibration patterns would be
> > to make only simple vibrations possible.)
> >
> > If you've read this far, know that at some point we'll probably have
> > to deal with eavesdropping via mobile gyroscopes... so not
> > fingerprinting but full on identification of speaker information and
> > parsing speech:
> >
> > https://crypto.stanford.edu/gyrophone/files/gyromic.pdf
> >
> > On Tue, Feb 16, 2016 at 10:39 AM, Chaals McCathie Nevile
> > <chaals@yandex-team.ru> wrote:
> >> Hi,
> >>
> >> the Device API group are considering proposing a revision of the Vibration
> >> API, and one of the things they propose adding is a section on Security and
> >> Privacy.
> >>
> >> The current proposal is
> >> <https://github.com/anssiko/vibration/commit/48489c54e0b7ed80900e0906fa79803c8fa77069>
> >>
> >> The two things identified are that vibration can be picked up with e.g.
> >> motion sensors in the same device for fingerprinting, and that a vibrating
> >> device can be physicall observed externally.
> >>
> >> Wondering if anyone has further input.
> >>
> >> Cheers
> >>
> >> --
> >> Charles McCathie Nevile - web standards - CTO Office, Yandex
> >> chaals@yandex-team.ru - - - Find more at http://yandex.com
> >>
> >
> >
> >
> > --
> > Joseph Lorenzo Hall
> > Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
> > e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
> > Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
> >
> > CDT's annual dinner, Tech Prom, is April 6, 2016! https://cdt.org/annual-dinner
> >
> 
> David Singer
> Manager, Software Standards, Apple Inc.
> 
> 
> 

David Singer
Manager, Software Standards, Apple Inc.
Received on Wednesday, 17 February 2016 17:13:44 UTC