
Quiet.js – Transmit and receive data in the browser at 44.1kHz - jonbaer
https://quiet.github.io/quiet-js/
======
eigenvalue
This seems like a good way of doing data exfiltration from a secured/monitored
computer. Just get the source from git and run it locally in the browser, then
take whatever file you want to extract, zip it, and then encode it in base64,
using this to copy it to your personal phone. I bet the Goldman Sachs
programmer who went to prison for uploading his trading code to an FTP server
wishes he had been more clever like this.

~~~
nine_k
Personal electronics are off limits in environments where exfiltration is a
concern. You put your personal devices into a metal cell at the entrance, and
walk through a metal scanner, airport-style.

I've experienced this in a couple of factories that build consumer-grade
devices; I can imagine this to be even stricter on places where stakes are
higher.

~~~
eigenvalue
Maybe for military bases and such, but I was thinking more in the world of
finance, where computers are pretty locked down to prevent people from taking
valuable code for predicting stock prices or high frequency trading. In those
cases, people most certainly have their phones with them, but the workstations
have USB disabled, the network is closely monitored (with nearly all file
sharing sites blocked completely), and anything suspicious will show up in
logs.

~~~
GhettoMaestro
Friends of mine who work in high-security finance have told me about some
fairly exotic things. Desoldering USB ports. Epoxying cable connectors into
their sockets (to prevent easy removal - without chance of significant
cable/device damage leading to investigation of issue).

I can only imagine the stuff that goes on at places like the NSA and CIA where
the stakes are extremely high.

~~~
jandrese
Imagine being the guy who has to fix those computers when they break and
finding only solutions like "just plug in this USB stick and boot from it to
run this fix utility..." or the everpresent assumption that the machine is
connected to the Internet 24/7.

~~~
odorousrex
You don't fix them.

You bring in an entirely new machine, and the old one is securely destroyed.

~~~
jandrese
Oh yeah, like getting a new machine through purchasing and certified for the
SCIF is a walk in the park...

~~~
nine_k
You have a stock of prepared, vetted replacement machines.

You can replenish it slowly after you have just handed over a replacement.

------
jermaustin1
When I was 12 or 13 I wrote a program that transmitted data over speaker and
microphone. It would generate a 90ms tone for each byte and a 10ms silence.

It wasn't elegant, and most of the code was stolen from Planet Source Code,
but it worked mostly.

~~~
widdershins
What did it sound like?

~~~
jermaustin1
For the most part like a less dynamic modem. Less EEEE-OOOO-SCRSHHHH and more
EEE-EEE-EEE it had a base tone of something middle-c like (can't recall, it
was 20 years ago now) add just added the byte value with a modifier on top of
the base. So for long stretches of it it was just to my ear pretty much the
same sound, especially when transmitting ascii text.

------
est31
On a related note, even if the user has disabled speakers or muted the
website, you can still make it generate noises:
[https://thume.ca/screentunes/](https://thume.ca/screentunes/)

~~~
Santosh83
Is that page supposed to produce a speaker noise? It doesn't produce anything
audible here (standard Firefox on Windows 10)...

~~~
Rychard
> On some LCD monitors this page will cause the screen to emit a tone that
> varies in pitch with the bar height. Maximize window for best results.

Looks like any noise is the by-product of the electronics within the device,
rather than anything playing through the speakers. Coil whine (or something to
that effect), I imagine.

~~~
Jnr
Yes, it works on my monitor.

------
emi420
I'm working in a project for my local fire station to receive GPS data via VHF
radio (widely used by emergency services in my country). We are trying with
DTMF, this seems interesting.

~~~
paulie_a
Don't they already do this? I hear them all the time on my scanner? Hell they
use a four digit unencrypted code to activate the emergency sirens.

~~~
copperx
I thought that fire trucks had a switch to activate the sirens by the drivers;
I had no idea they were activated remotely by radio.

~~~
paulie_a
I was referring to the standalone towers in the Midwest. Maybe elsewhere. When
I was a kid i would wake up on Saturdays at noon due to the siren. My dad also
had a police scanner I could hear. One summer I put 1 and 1 together

All you need is a dtmf decoder and a small transmitter to set the off those
large sirens on high poles throughout that sprinkle the country in small towns
and probably large cities

------
lecarore
This worked to transmit "hello world" between my desktop (firefox) and mobile
(firefox). Great project :) Of course you need a relatively silent room. This
could have many nice applications

------
kreetx
Share your results if you tested this! :)

(I have no relation to the library)

~~~
callesgg
I like the idea but I think it would be more useful it it was more reliable.
Ignore all types of speed requirements and make it super reliable then it
could actually be useful in special circumstances.

Receiving the audible sound did not work at all in any browser.

Receiving the ultrasonic (that is not very ultrasonic at all clearly hearable)
did work in chrome and firefox.

Sometimes it figured out that there had been a message but not what it was.
(saying missing packets)

Sending worked from all browsers.

~~~
ChicagoBoy11
When I lowered my mba volume to just two bars it still worked but I could no
longer hear anything

------
egorfine
So, a modem?

~~~
IggleSniggle
A modem _implemented in a browser_ for any device with a microphone and
speaker (and browser), yes.

I'm really enjoying trying to think of good use cases for this, tbh

~~~
slowenough
A PWA that picks up and beacons that emit local area "off-internet" websites
wherever you go?

~~~
IggleSniggle
I was thinking along similar lines. A neighborhood sneaker-net backed by
something like gun
[https://github.com/amark/gun](https://github.com/amark/gun)

~~~
marknadal
THIS WOULD BE SO COOL!!!!!! please email me :D :D :D

------
fookyong
Reminds me of Clinkle:
[https://en.wikipedia.org/wiki/Clinkle](https://en.wikipedia.org/wiki/Clinkle)

------
tiku
It works, but I can even hear the ultrasonic variant. I guess it's more like
vibrations from the surrounding case than the speaker sound itself.

~~~
userbinator
I suspect that's more due to aliasing or some other DSP that's happening (most
audio designs have bandpass filters, because anything outside the usual range
is not considered a valid signal.)

~~~
IggleSniggle
While this is true, 19k is _also_ hearable to most young people (maybe under
25 or so). We use 44k _because_ it is right above double the cutoff of human
hearing.

~~~
copperx
Only exotic, multi-thousand dollar speakers will reproduce 44k, and for that
you need a 96k sampling rate. By using a sample rate of 44k you can
theoretically only reproduce up to 22k.

~~~
IggleSniggle
You may have misunderstood my comment. 19k/20k is right at the limit of human
perception for people with extremely good ears. Thus, "we use 44k because it
is right above double the cutoff," ie 22k.

As an aside, you _will_ see 96k used (or more commonly 48k), but mostly for
production work where the extra information could have value (comparable to
using RAW for images, even though humans can't perceive all the information
"natively").

------
adamredwoods
I used to have a 300 baud modem, which was used to connect computers over the
phone (BBSs). It was fun to listen to and when I upped it to 1200 baud, it was
fun to hear the difference from white noise to the more distinct beeps in the
300 baud.

I think it's neat to experience data in different forms, audible, tangible,
and maybe aromatic (smell-o-vision) data?

------
fsiefken
I wonder what the bandwidth limit would be if you took 44.1kHz audio
transmission to the extreme. Something like 56k6 modems?

~~~
mattkrause
Probably quite a bit higher: POTS was band-limited to something like 300-3000
Hz, which covers speech pretty well but not much else (hence the tinny hold
music).

~~~
fsiefken
If this is true, then a brief 30s audio signal would yield more then a A4
photo capture of high density visual encoding, like microsoft hccb barcodes,
interesting

~~~
mattkrause
Raw audio files are pretty massive.

A .wav file is 16 bits/sample x 44,100 samples/sec ≈ 700 kbps. Thirty seconds
of that is about 2.5 Mb, which is a reasonable size for a photo. However, you
wouldn't be able to send nearly that much data, since you'll be limited by
various kinds of noise.

------
imvetri
This is a good example of attacking digital machine without user knowing.

A keylogger in ultrasonic range.

Silent and effective.

This technique works at OS level and browser level.

And nobody can protect from these kind of attacks. Unless staying away from
digital machines.

Just an example of why digital growth is bad unless and until humanity live in
harmony.

------
thomasfl
This cool hack deserves the name AirDrop much more than the AirDrop feature
created by Apple. No bluetooth or other radio transmitted standard used, and
no infrared used either. Hey, I see lots of supercool social datings apps
using this hack.

~~~
andromeduck
A smart display stuff like Chromecast and probably airplay use this.

------
sdan
I remember Google had an extension that did something similar like 5-10 years
ago... not sure what happened to that (obviously probably Killed By Google).

Otherwise, this is definitely cool! Could be used like airdop.

~~~
pgeorgi
I believe that extension would be
[https://chrome.google.com/webstore/detail/google-
tone/nnckeh...](https://chrome.google.com/webstore/detail/google-
tone/nnckehldicaciogcbchegobnafnjkcne) (last updated 3 years ago). Not sure if
that was ever something official or just an experiment.

There's also (the non-Google) chirp.io that started around the same time.

------
manx
Nice! What about implementing tcp/ip on top of that and running decentralized
protocols like ipfs? Lots use cases. But the bandwidth is probably too
limited.

------
tomxor
Has anyone figured out the throughput of this yet?

~~~
cpinto
At max 44kilobits per second, or 5.5KB/second.

~~~
copperx
The signal isn't 44kbps because it isn't 44kHz. No speaker can reproduce
44kHz.

------
rbirkby
Could do with a dog frightener sample. Some people in our wework are allergic
to dogs, so this would help them.

------
plq
Would this work even with crappy laptop speakers or would you need some proper
hardware?

~~~
dessant
This transmission method should work with most speakers, chirp.io has tested
it with greeting card speakers.

[https://www.reddit.com/r/programming/comments/9zp0v0/sending...](https://www.reddit.com/r/programming/comments/9zp0v0/sending_emoji_or_anything_else_through_sound_via/eajf2bh/)

~~~
userbinator
That's because "greeting card speakers" are piezos, and have a much higher
frequency response curve than even normal tweeters. On the other hand, they
also have no bass.

------
savingGrace
What are some real applications for this?

~~~
royal_ts
Google uses this kind of Authentication for Chromecast when a User isn't
connected to the same Network as the Chromecast is. This way you can still
send Videos. It's called Guest Mode or something and is Opt-in

------
FpUser
I loved it, very cool

