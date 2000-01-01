Hacker News new | comments | show | ask | jobs | submit login
Ultrasound Tracking Could Be Used to Deanonymize Tor Users (bleepingcomputer.com)
22 points by anshumanf 55 minutes ago | hide | past | web | 6 comments | favorite





Wait what? How can a webpage play a sound if my speakers are muted? How do they bypass the little sound notification on my tabs?

>If the Tor user has his phone somewhere nearby and if certain types of apps are on his phone, then his mobile device will ping back one or more advertisers with details about his device, so the advertiser can build an advertising profile on the user, linking his computer with his phone.

This is pretty contrived...

> How can a webpage play a sound if my speakers are muted?

Well it can't obviously, but lots of people (although maybe not the types of people who use tor) browse the internet with their speakers on and active. Most people don't unmute their speakers just before they're about to listen to something.

> How do they bypass the little sound notification on my tabs?

Admittedly they probably can't, but are you sure you're going to notice a flicker as a short sound is played and then stops?

I think the most contrived part is your mobile being always-on/always listening, given that you're likely to notice this due to reduced battery life. But given that certain hardware now has support for always-on keyword detection, you can see a future when this could happen.

Are you sure? I would guess that a huge amount of perfectly mainstream and popular apps have a ton of advertising SDKs bundled with them, and you never know what the fuck those SDKs are going to be doing half the time.

A bit of an edge case this. I know for me I mute my speakers permanently when using TOR in-case I encounter a shock page like Lemon Party or Goatse

[1]: https://en.wikipedia.org/wiki/Shock_site

I read about a lot of you security people talking about the difference between a physical switch turning off your wifi vs a software switch, does anything like that apply to this?

A physical switch is for surety and peace of mind, whereas a software switch you have to be careful, because I don't trust my machine's OS to keep the speakers muted, no matter how much the chain of trust has not been compromised, there's always a weak link somewhere. Physical switches or death.

