Slashdot Mirror
You Are What You Click
Ksop writes: "Predictive Networks Inc. sells a product that can identify users by recognizing their input patterns. The way you use the mouse and keyboard may be used to track you. Story
here. That scares me a little. But its also a cool idea."
For instance: schizophrenics track moving objects differently with their eyes. The eye makes many small overcorrections (James Gleik, 'Chaos'). Supposing other motor actions are affected- schizophrenics might use the mouse differently- in a way that can be distinguished.
An insurance company could pay for this data in order to determine who not to sell insurance to. At some future time, this information could be mined to determine what people should be culled from society- or what people are within a certain statistical deviation of schizophrenia and therefore barred from public office.
Hiding any kind of marketing spyware in a product is bad PR when it is discovered. Microsoft isn't that stupid.
Although, the whole "charging people once wasn't enough, let's charge them as many times as possible" thing does make me wonder about the collective intelligence over there at MSFT...
This is an interesting offshoot of general biometrics research.
Fortunately, in order for it to work, the user needs to be running the tracking software on their computer. Most users will be leary of programs which spy on their input, so the probability of them installing the spyware is very small.
However, there is the possibility that this could be snuck into programs that have other uses and spy on users without their knowledge. (Didn't Comet Cursor do this?) Of course someone will discover it eventually, publicize it, and then be sued by the company for violation of the DMCA. So we're all screwed.
Welcome to the new dark ages. Have a nice day.
How the heck is that supposed to work? gl_texturemode simply sets the mipmapping mode for textured polygons. Unless there's a universal bug in OpenGL implementations (seems unlikely to me), simply switching mipmapping modes isn't going to make polygons transparent or turn wireframe. At best, it'll increase your frame rate slightly, depending on your graphics card (GL_LINEAR_MIPMAP_NEAREST reads texels from only one mip level, which saves you a read cycle over GL_LINEAR_MIPMAP_LINEAR, which reads from two mip levels).
What's really going on here?
Schwab
Editor, A1-AAA AmeriCaptions
A brash young programmer kid who thought that user=l03er got nailed when he fell into a honeypot and sold industrial secrets to some japanese company.
The kid was identified by software developped by an "old geezer" who saw the human side of things; the software identified him by his typing timing pattern.
Anyway, the honeypot gave him pr0n pictures (then, a novel concept) instead of the industrial secrets. When the japanese got wind of being shafted, they grabbed the kid and left him alone with a sumo wrestler...
--
Will they be able to tell I am typing with only one hand?
-josh
I still have an article from an old magazine (80's) with a basic program which accepts a password, and times the interval between keypresses. When a different user types in the same password it was able to determine that it was not the same person, while still accepting the original user.
Long live Basic!
-Adam
This sig 80% recycled bits, 20% post user.
Mmm-hmm. Please check http://www.tuxedo.org/~esr/jargon/html/entry/DWIM. html for an example of where this leads.
And since you have to log in to a remote machine to use this service, you're doing the hard work for them--they already know that user XYZ is sitting down at 111.222.222.111. No company in the world would pass up the opportunity to sell this info once they realized, "Hey, we have a userbase, and we know which IPs they're using 75% of the time." And what happens if you're in the back of the beyond, far from even a 14.4 dialup? "Sorry, I need to access the Net, otherwise I type really slow." No thanks!
Give a monkey a brain and he'll swear he's the center of the universe.
For us, sure. But what about those who don't know what they're buying? For those who don't even get the chance to opt out?
The scariest moment I had last year was when I went and helped fix a co-worker's Dell machine. "It crashes when we read our email".
Out-of-the-box, it had "built-in" Internet through AT&T. I don't know what it used for a browser, but it wasn't IE or Nutscrape. It was this little goofy window with big buttons and, of course, constantly-refreshing banners. If I hadn't known better, I'd have sworn it was AllAdvantage or some other free-if-you-look-at-the-ads thing. Nope - they swore up and down that "this is how it came, this is how they told us to read our email", and showed me their monthly bill for internet access.
(The reason they couldn't read their mail was that one of the *advertising* partners had spammed them - with gobs of HTML - and the retarded email client blew up on a buffer overflow when it tried to render the HTML in the Subject: header. As if I didn't need any other excuse to tell them that privacy-invasion is the default, not the exception.
I never thought I'd say that I felt good about seeing someone run Outbreak Excess and IE5. But after a couple of hours of patches, they were at least able to read mail using the client they were used to using at work, and browse the web without being tracked any more than normal.
It was a real wake-up call for me. I'd recommend any /.er walk over to a Gateway Country booth or talk to a clueless-newbie friend (you may have to ask your friends to introduce you to their friends to find one! ;-) who just got a new Dell "with all the goodies already set up".
Would I need Xanax if something like Predictive's technology comes pre-installed on WinXP? (Well, I suppose not, because I'd rather eat a pound of broken glass, shit it all out, and roll in the resulting mess until I bled to death than run XP.)
But when someone says "it doesn't hurt children", they usually mean because I'm trying to distract you from the fact that it was designed to hurt you.
Well, then, I guess if it's designed not to harm the pwecious chylllldrun, it's OK!
Way to go, Mr. Hosea! You're a really swell guy! I mean, now that you've told me you won't use it to hurt chillllldrun, I think it's really awesome that you can can monitor my mouse-gesture and record my every keystroke! After all, isn't any privacy invasion justified as long as the invader promises that not a single chyuld is harmed?
(Yeah, Hosea, and the rest of his scumbag marketroids, I've got a fuckin' gesture for you, and it's got nothin' to do with my mouse.)
Deutsche Bank has something they use which is similar for security purposes. I don't know what exactly the name is, but I saw a briefer on it while on a contracting assignment. The program supposedly lays in the background over a period of time, and analyzes the user's input, keystroke methods, wpm's, amounts of typos, mouse movements, and creates a profile for the user, so should they leave and forget to log off their terminals, it'll lock anyone out should they sit down and not match the credos.
Shit I wish I knew the name of it exactly since it was developed as part of a Bell Labs project from way back, but I can't think of it =[
Want Root?
I'd be rather easy to identify - I've found that I have a sort of nervous tic with my mouse. One of Windows 9x's more annoying bugs is that it will, every once in a while, become absolutely convinced that the user is clicking the right button when she is, in fact, clicking the left button. The way to end this is simple enough: right-click on something. Everything becomes happy once more.
But I have found that I have a tendency to right-click everything, often before I left-click it - the desktop, window bars, web page bodies... soemtimes I play with it, clicking closer to or further from the screen's edge to get the context-menu to behave differently. It's a nervous habit. It rarely causes problems (well, it certainly causes them in PuTTY), and it generally staves off the right-click bug. It is, I suppose, harmless.
Oh, and I can't do it on a Mac. Cursèd Macs.
-J
Karma: T-rexcellent.
think twice before clicking on the link?
--
andy j.
Stupid Cheap Guitars
My system is always on and my cat likes to walk all over the keyboard.
- -------
Lets see what their profiling says of THAT!
------------------------------------------
Don't worry, bro. Quicktime still hasn't made a viewer for Solaris or Linux, or BSD. I bet if you dont' have WinBlows, this tracking software isn't written for your OS anyways. :P- ----
---------------------------------------------
This can't be determined from key patterns, since it's entirely pre-entered configuration data, so to do this from the server would mean creating a challenge/response for the key/aliases table (which is easily faked). Doing this from the client inside the engine would require an ugly hack which would be worked around almost immediately; and since games can't be updated too frequently, that's as good as not working at all. Doing it from any sort of TSR outside the game's thread would require cross-program memory reading, which is disgusting hackish and non-portable at best.
But, it doesn't let server admins know who's cheating. Any cheat which can be detected by the server is a cheat that doesn't work properly; there's absolutely nothing which can prevent clients from spoofing responses.
This is getting back on topic now. The difference with this is that it monitors keyboard/mouse usage patterns to distinguish between multiple users of the same system.
------------------
A picture is worth 500 DWORDS.
"Rub her feet." -- L.L.
Not that I'm going to sign up or anything...I just don't see this as a big deal in the overall privacy picture.
"Rub her feet." -- L.L.
<karma_whore>
...instead of that glorified task switcher and collection of drivers called Windows. Then they could distinguish family members by login.
</karma_whore>
"Rub her feet." -- L.L.
Does that make me one ? ;)
Rapid Nirvana
Predictive's new "biometric" tool would solve that problem by creating user silhouettes based on the distinct patterns a person makes when using a keyboard, mouse or remote control.
Of course, they'd do well to also keep track of the time of day... as one's motor skills have been known to diminish as one consumes more beer. :)
But seriously, I'd think it would be kind of neat to make a screensaver that only deactivated upon the press of a key, but made, ummm, "interesting" series of mouse movements to spoof this "bionmetric" tool. Choose different settings: impaired, slow 'n precise, 3l33t hax0r! Send enough bogus data down the pipe and they'll never figure out what is real!
if you use your left hand.
-----------
- - - - - - - - - - -
I am a programmer. I am paid to produce syntax not grammar. Deal with it.
So there IS a reason to sniff somebody's Logitech trackball. I got myself I new patent, for a fingerprint like technology using mice. I'll call it Mouseprint.
But consider some good things we can do with this technology, like improving security. Instead of just knowing someone's userid is zaphodb and password is P4nG4l4ct1cG4rgl3Bl4st3r, you have to get the timing of the keystrokes within tolerances built up for that person's profile! Even an "escrowed" password, or one given up under duress, would be worthless if not entered with the right rhythm. And I know my rhythm is going to be messed up with armed thugs watching me....
A friend and I were hammering out how this would work at a LUG meeting a month or two ago. You need hooks in SSH to transmit keystroke timings along with the userid/password, so that this can be done for remote access. Most likely, when the timing is the only thing wrong, an additional challenge would be raised (rather like logging in as mere_user and su'ing to root) with the hidden option to enter a special duress code that would lock the system down tighter or even melt it down entirely, while it gives every indication on the surface that a successful login had occurred.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
I just finished reading the Logitech Mouse/Keyoard Wireless fiasco down the page a bit. It contained a comment written by Cardhore saying
Mouse data is useful.
Your double-click speed, combined with mouse acceleration, velocity, and number of buttons is practically a DNA fingerprint of your computer! I laughed at the time.
This comment was also posted 10s of hours ago as well.
Now hows that for a coincidence! Find the comment here.
IRC Addict.
We can use this product to find out who has been posting those damn goatse.cx links.
Ewige Blumenkraft!
Ewige Blumenkraft!
=-=-=-=-=
=-=-=-=-=-=-=-=-=
Oh bother.
OK, something new can be used to identify your usage patterns. Big freakin' deal. Every time a poster mentions a cool idea like this, some sort of neat ID method which doesn't require cards or passwords, somebody mentions how "scary" it is. Why? Your skin, fingerprints, vocal patterns, mannerisms, the way you move and talk all identify who you are. The way you post on slashdot identifies who you are -- in fact, a cool but probably impossible feature to slashcode would be a symantic login system, which guesses your ID based on your input speed, cadence, number of spelling mistakes and which words you don't correct properly, your vocabulary and your tendancy to resort to FP. My point is, that identification in and of itself means nothing -- unless the system knows something about you besides that. It's once a system like this is combined with some insidious hack (notice I didn't mention "advertising" -- personalized advertising is a much more preferrable to today's "you have one message waiting but your connection isn't optimized so shock the damn monkey" ads) to track web viewership that the concept leaves simple coolness factors and enters into a whole realm of dangerous big brothering. Of course, technically you could acheive the same thing with a massive log linkage system...
And of course, your ultimate reparation to this paranoia? Switch to a Dvorak keyboard and Trackpad when you want to be sneaky...you usage patterns will instantly change with an unfamiliar key setup and shortened track field. Hell, it wouldn't take much to defeat this system entirely...a randomized keyboard -- where keys change to different positions across the pad and are identified with slick LEDs on the keys themselves -- would change your usage patterns per session.
Hey freaks: now you're ju
That's a lot more useful to advertisers.
I do wonder how they're going to get access to all that information unless the browser program itself provides it, though. Maybe with a plug-in that nominally performs some other function while secretly monitoring the keyboard & mouse? Of course, it's a lot easier in the interactive TV application - presumably, they just get the box manufacturer to release a "software update"...
Next thing ya know, someone will develop a program for CounterStrike servers that can track players' movement, aiming, and keystrokes, that can tell the server admins if they're using binds to things like:
"gl_texturemode GL_LINEAR_MIPMAP_LINEAR;bind r gl_texturemode GL_LINEAR_MIPMAP_NEAREST;"
In case you're curious, that's the switch command necessary for the OpenGL wallhack that's freely available.
On the bright side, though, that would be rather neat. The server admins would once and for all know who was and who wasn't cheating on their servers, though I figure all the privacy advocates would go apeshit over it.
As for this technology, however, it's not like this is anything new. Didn't DoubleClick.net have something like this going that would track what sorts of banners you would click on as well as what sites you visit such that they can tailor their ads to your preferences to attempt to get you to click on them?