
“Ultrasonic cross-device tracking” embeds inaudible tones in advertisements - Tomte
http://arstechnica.com/security/2016/11/how-to-block-the-ultrasonic-signals-you-didnt-know-were-tracking-you/
======
danbruc
This is reaching the point where the only sensible policy is to flat-out
prohibit all forms of adverting on any medium. Paying a company to lie to you
is already a pretty bizarre idea but the invasion of privacy - online or
offline - makes advertising increasingly intolerable.

~~~
ogig
Child oriented ads are especially awful. We let some greedy people massively
influence our kids just so they profit. I would ban every kind of marketing
oriented to kids and youngs.

If you have something really useful and good for the kids, sell it to their
fathers. If you want to scam their money then get out.

~~~
ksenzee
Yes. Although I think the plural you want is "parents."

~~~
ogig
You are right, thanks.

------
Cyph0n
I'm working on an app that passively picks up ultrasonic tones generated by
SilverPush and sends out garbled data.

The biggest issue with blanket interference across the entire ultrasonic band
is that there are some legitimate uses that don't involve cross-device
tracking. That's why we need to address this issue by selectively interfering
with only known tracking schemes.

~~~
rocky1138
Can you elaborate on which legitimate uses you had in mind?

~~~
kimburgess
Anything that requires the ability to detect if it's in the same physical
space as another device / item of interest.

Some common examples are:

* guest mode discovery on a Chromecast

* pairing to videoconference system (both Cisco and Polycom do this in their current gen devices), building control, wireless presentation system etc

* a means for transmitting a 2FA code from a personal device for auth / payments

* micro-location service - particularly for temporary events or spaces where BLE is not possible (e.g. embedded in FOH audio at different stages at a music festival)

* proximity based peer discovery for mobile games

You'd be surprised at how common a technique it is. I regularly face issues
with environments that have had enough different devices all attempting to use
some form of ultrasonic pairing / localisation etc that there's issues with
interference.

------
cooper12
Sorry but I found this to be very disappointing scarebait from Ars, who I
expected to have higher standards. It doesn't explain how common this is yet
the title makes it sound like it's super prevalent. (not to mention we're
already being tracked in other ways that are worth worrying about more) It
does a horrible job at explaining what's actually going on and why advertisers
might use this instead of alternatives, in fact I still don't know. (something
about every ad containing ultrasonic sounds and everyone making their app use
the microphone to constantly listen for them—I get that it's a real thing but
sounds way too contrived and complicated to be common) The title is also super
clickbait and I wouldn't characterize it as the good type of FUD. The solution
they propose is a proof-of-concept patch, so not an actual functioning
solution (and their extension is supposed to block ultrasonic frequencies, but
advertisers will just move to audible frequencies then and mask it as music).
Even if they improved the title, the article itself is flawed and is
predicated on making us scared of this, even having the gall to say "Now that
you’re sufficiently concerned". C'mon Ars... I get wanting to point out
troubling practices and increasing awareness, but at least do it in a less
knee-jerk and more informative manner.

~~~
mirimir
The key goal is cross-device tracking. Your phone vs your notebook vs your TV
vs whatever else around has audio and net uplink.

~~~
adolph
Given the advertiser benefit, I wonder if the purpose of the article is to
boost the sales of ultrasonic services to advertisers. When I say purpose,
clearly Ars' purpose is clickbait, but the purpose of wherever the information
was sourced/initiated.

Somewhere in an advertising conference dark side corridor there is a booth
advertising snake oil "ultrasonic cross device user tracking as featured by
Ars Technica."

~~~
davemel37
Most agency advertisers have known about this for well over a year. To my
knowledge, no one is particulary interested in it.

------
ljoshua
I wasn't aware (and would be surprised if) iOS apps with microphone privileges
could listen all the time, even while in the background, which is really what
would be required in this situation.

Is that really the case, or is the Ars piece suggesting I would be walking
around with the advertiser's enabled app open all the time? (And I'd guess
Android is in a similar boat.)

~~~
AlphaWeaver
On iOS there is a prominent red banner informing an app is listening if it is
listening in the background.

~~~
AlphaSite
Also, if I'm not mistaken, only 1 app can listen at a time.

~~~
JonSchneider
On iOS multiple apps can listen at one time. On Android only one app can
listen at a time.

------
mirimir
A quick search indicates that <100 dB ultrasonic is legal. So make a phone
cover that generates ~80 dB spread spectrum ultrasonic. That should be enough,
right?

~~~
jonasvp
Poor dogs...

~~~
IshKebab
And humans. These things aren't really ultrasonic because phones and computers
can't transmit ultrasound (why would they need to?).

~~~
wallacoloo
This is something I was curious about. Sure, if you're doing serious audio
editing and such, you might sample at e.g. 96 kHz, and I wouldn't be surprised
if Android also allows that. But does this really not get band-limited at any
point in the stack?

------
ethbro
I know it's Ars, but there has to be a better link with more detail than
"here's a thing some people might be doing, somewhere."

~~~
pasta
Take a look at Chirp: [http://www.chirp.io/](http://www.chirp.io/)

Edit: In Firefox it seems this website is constantly playing audio. I think it
is using a WebSocket to do this. Since I don't hear a thing I'm not sure what
is going on here.

~~~
Lagged2Death
_Since I don 't hear a thing I'm not sure what is going on here._

Click on the gem and the web page will play a "chirp," which is loud and beepy
and not ultrasonic or secret at all. It's an analog modem type system, except
probably way slower than 300 or even 110 baud. Everything old is new again, I
guess.

In any case, the point is: the Chirp system is distinct from the supposedly-
possible secret systems the Ars story is fretting over.

I've seen several articles worrying about the use and abuse of data
transmission via secret ultrasound, but I've never seen any claims that named
names or that offered a way for readers to verify or check anything.

I don't think you can count on the average laptop/phone speakers, mics, and
digital audio systems to deal with ultrasound.

If a computer's audio drivers and audio hardware are set up to play back at
standard CD/DVD sample rates (44KHz or 48KHz), then ultrasonics are not
happening there, period. The same principle applies to inputs.

Even if all the hardware and software on two devices is capable of and
configured for producing/receiving ultrasonic frequencies, it seems pretty
likely that loud ultrasonic screeches played on a 50-cent cell-phone speaker
would produce audible harmonics, and the jig would be up.

I expect secret ultrasonic data transmission over commodity systems is the
sort of thing a well funded state organization might turn to for a targeted
operation. Because it might work under exactly the right circumstances, but it
would be fiddly and terrible for general use.

~~~
Cyph0n
> If a computer's audio drivers and audio hardware are set up to play back at
> standard CD/DVD sample rates (44KHz or 48KHz), then ultrasonics are not
> happening there, period. The same principle applies to inputs.

What do you mean? All you need to do is sample the received audio at 44.1 kHz.
Android at least has a low-level API which allows you to customize sampling
rate.

~~~
macawfish
According to Nyquist's work, you need a sample rate of _2f_ to represent a
frequency _f_.

So with 44.1 kHz you could only represent audio up to 22 kHz. There are kids
who can hear at these frequencies.

~~~
Cyph0n
I am aware of the Nyquist rate. You're talking about very rare edge cases
though. I believe the cut-off for an average young human is 20 kHz.

~~~
macawfish
Yeah, I get that, just saying, if we are going to worry about people with
disabilities, I believe that we should care about the psychoacoustic wellbeing
of "edge case" humans who can hear ultrasonic tones.

~~~
Cyph0n
So you're comparing disabilities, like not being able to walk or see, to a
slightly annoying tone? Of course, it also depends on the estimated number of
"edge cases" out there.

------
amelius
Couldn't this already be done with Wifi and/or GPS?

Also, doesn't the electronics in the phone already filter out everything
outside the audible part of the spectrum, just because it is more efficient to
do so (lower sampling rate = better performance / lower power consumption)?

~~~
jcrawfordor
This use case is closed to BLE and particularly iBeacons, but with the
advantage of potentially requiring less special hardware and matching physical
delineations better than radio (e.g. won't pass through walls to a neighboring
business)

------
NoGravitas
This is interesting.

With the permissions system in Marshmallow, you can selectively disable
microphone access, which is good. Those of us stuck on Lollipop will just have
to be careful what apps we install.

~~~
aban
Alternatively, CyanogenMod has had Privacy Guard for quite a while now, so
that might be an option if your phone is one of the supported devices.

------
coldcode
I'm sorry this is completely bogus, if there was ultrasonic audio emanating
from everyone's phones dogs would go nuts. We can't hear it but they sure can.

~~~
sathackr
I disagree. I was recently in the transmitter room of a radio station and saw
an interesting device. I asked the engineer what it was, he explained it was
for ratings and worked exactly in the way the article describes. They transmit
inaudible tones on the radio, and they are picked up by certain people with a
device or the app installed. I don't recall all of the details but some
googling will probably get you going.

They use this to determine how many people are listening to their station.

~~~
mgr86
I wish I knew what those apps were. Or what signs I can look for. I generally
don't have many "garbage" apps on my phone, but I've always suspected it with
words with friends--Yes, my gf have been playing that game together since we
started dating 5 years ago. Every so often an Ad will come on and the volume
all of a sudden adjusts itself from mute to about 33%. Its distributing that
an advertisement can have that power.

edit: Hey wait, let me read the article--just poured my first morning cup of
coffee and reading HN.

~~~
sathackr
I think it's an app specifically installed for the purpose. I just asked him
what it was called, he said it was an Arbitron(now owned by Nielson) device. I
googled Arbitron device and found this:
[https://en.m.wikipedia.org/wiki/Portable_People_Meter](https://en.m.wikipedia.org/wiki/Portable_People_Meter)

~~~
maxerickson
Note that it doesn't use ultrasound, it embeds information in the normal audio
in a way that humans are not likely to perceive (psychoacoustic masking).

------
kapnobatairza
This article is complete hogwash.

"Ultrasonic" beacons are like any other beacon technology, whether audible,
inaudible, bluetooth based or otherwise.

All a beacon does is transmit an identifier or URL. It isn't and CAN'T track
you. It is just a simple one-way broadcast that is saying "X is here". You
need an application that knows to listen for beacons an knows how to translate
the identifier of the beacon.

For example, if Starbucks is using a beacon and you go near it with your
phone, your phone will do nothing with that beacon unless you have the
Starbucks app that is looking for Starbucks beacons so the app knows when you
are near a Starbucks.

There is nothing nefarious about this....

Ultrasonic is just another method to achieve the same result, although it
seems like a bad way of doing it since it is fairly obvious when your app is
"listening" on iOS.

~~~
ksenzee
The article isn't about stores transmitting beacons that our devices pick up.
It's about our devices transmitting beacons that are then picked up by anyone
who cares to listen.

~~~
kapnobatairza
It isn't?

"The technology, called ultrasonic cross-device tracking, embeds high-
frequency tones that are inaudible to humans in advertisements, web pages, and
even physical locations like retail stores."

"any device microphone—like those accessed by an app on a smartphone or
tablet—can detect the signal"

How is this any different from a bluetooth beacon being detected by a mobile
app? You are just broadcasting the identifier in a different manner.

------
briceb8e
Talking about security, wouldn't it be nice if arstechnica would enable https?

~~~
eximius
I think it is for subscribers?

------
randyrand
> all the time, even while they’re running in the background

This is FUD. iOS does not give an app this ability without it being obvious (a
banner across the top of the screen).

~~~
vaishaksuresh
Apparently 9 in 10 smartphones today are Android and that lets you do whatever
you want in the background.

~~~
randyrand
Still FUD to say its possible on iOS (which they did).

------
mSparks
anyone know of an app that can detect these signals?

Maybe decode them.

easiest way to block them is to know they are there in the first place.

i am suspicious that occasionally my laptop makes high pitch noise correlated
to mouse movements when its running windows 10.

edit:Thinking about it. seems possible that might actually be facebook. never
installed their phone app untill i had android 6 because it wants mic
permissions (disabled) and facebook and reading hn is about all i use win 10
on the laptop for.

~~~
condiment
Your MacBook microphone can detect ultrasonic frequencies above 22khz, though
I'm not sure whether my observed ceiling is an artifact of the microphone, or
of the speaker I was using to emit the tones.

In my informal tests, most people are unable to hear any tone above 20khz or
so. This is discovered, naturally, by starting with the highest pitch tone I
can generate at the loudest volume, and lowering the pitch gradually until
somebody covers their ears and starts screaming. This is usually the youngest
person in the room.

You can generate and receive audio using web audio APIs. Creating a browser
extension to detect ultrasonic comma would be fairly straightforward.

~~~
mSparks
However, most audio output (at least back in the nineties and naughties) is
not capable or creating sounds reliably above 16khz. They almost always have a
low pass filter on which cuts it out. Apparently most dell laptop speakers
cant even manage above 10khz

"You can't hear" doesn't have to be high frequencies though.

It can be more subtle like phase shifts and other "in audible range"
fingerprinting.

While I've not used it for getting on 20 years now, I did do a lot of software
audio engineering back in the day, everything from RF to DSP.

------
ungzd
Can phone speakers really make sound in ultrasonic range?

------
stcredzero
Just because ultrasonics are inaudible doesn't necessarily mean they're
harmless. Energy deposited into those little hairs in your cochlea is still
energy. What does the research say about the impact of ultrasonics on hearing?
I wouldn't be surprised if they're the same as any kind of sound, decibel per
decibel. (They're easier to block out, being at a higher frequency.)

~~~
semi-extrinsic
Well, if ultrasound was able to produce significant energy input to the
cochlear hairs (stereocilia), it would invoke motion in these hairs and thus
the perception of sound. So if that was the case, one would be able to hear
ultrasound (which one cannot).

Actually, the inability of the human ear to hear ultrasound is because the
impedance matching function (mechanical gain) of the bones in the middle ear
rolls off at high frequencies. So the energy in ultrasound is dissipated
before it reaches the inner ear.

That being said, exposure to >120 dB ultrasound can damage your hearing (I
believe this is because response functions of the ear start becoming
nonlinear). According to Wikipedia, above 150 dB ultrasound can even start
heating your flesh, and above 180 dB it can be fatal.

~~~
stcredzero
_Well, if ultrasound was able to produce significant energy input to the
cochlear hairs...one would be able to hear ultrasound (which one cannot)._

 _That being said, exposure to >120 dB ultrasound can damage your hearing (I
believe this is because response functions of the ear start becoming
nonlinear)._

Seems self contradictory on your part, unless you're saying people who
otherwise can't, can still hear ultrasound, so long as it's over 120db. So, my
top frequency for hearing is down to 14.5k from before, last time I tested it.
Are you saying that 15.5k sounds now won't damage my stereocilia? That doesn't
make sense, unless those things actually get stronger with age. Usually,
things in the body get weaker with age.

------
mafro
Perhaps a tin foil hat would also work?

~~~
eth0up
The acoustic attenuation of aluminum is good, but it would serve minimal use
as a hat. If used as a sack instead of a hat, both sonic and micro waves might
be reduced, which is probably better than wearing such stiff apparel.

~~~
DoofusOfDeath
But the more air-aluminum interfaces you can introduce, the better you'll
degrade the signal.

Experts recommend wearing a minimum of three tinfoil hats.

------
88e282102ae2e5b
Is this why Gmail requires microphone privileges? I've been looking for a
feature in the app that actually needs it and have been coming up empty.

~~~
Adverblessly
The search functionality supports voice input, so maybe that?

