Slashdot Mirror

← Back to Stories (view on slashdot.org)

Race On To Fingerprint Phones, PCs

Posted by CmdrTaco on from the i-see-what-you-did-there dept.

theodp writes "Advertisers no longer want to just buy ads, reports the WSJ. They want to buy access to specific people. In response, the race is on develop digital fingerprint technology to identify how we use our computers, mobile devices and TV set-top boxes. Start-up BlueCava, an anti-piracy company spinoff, is building a 'credit bureau for devices' in which every computer or cellphone will have a 'reputation' based on its user's online behavior, shopping habits and demographics. By the end of next year, BlueCava says it expects to have cataloged one billion of the world's estimated 10 billion devices, and plans to sell this information to advertisers willing to pay top dollar for granular data about people's interests and activities. It's 'the next generation of online advertising,' said Blue Cava's David Norris. As controversy grows over intrusive online tracking, regulators are looking to rein it in — the FTC is expected to release a privacy report Wednesday calling for a 'do-not-track' tool for Web browsers."

19 of 139 comments (clear)

  1. Looks like it's time to: by phyrexianshaw.ca · · Score: 4, Interesting

    put together a company that rents out devices.

    "monthly/weekly/daily device rentals, just pay your cell phone bill on time and we'll ship you a used device every month! just hang onto your SIM/SD card and we'll default the device/let somebody else use the 'fingerprinted hardware'"

    1. Re:Looks like it's time to: by silverglade00 · · Score: 4, Insightful

      NO! That lets them know it is okay and that we have to work around it. They need to stay out of our business. This needs to be illegal immediately. This is way over the line. I never gave them permission to track me. Bluecava needs to be shut down.

    2. Re:Looks like it's time to: by camperdave · · Score: 2

      That won't help. It's not the hardware being fingerprinted. It's the user. The phone is scanning the fingerprint of the user and sending that to the advertiser. Besides, if it is the hardware, do I want to get a phone that the previous owner may have taken to every strip club, brothel, Al Qaida meeting, and presidential assassination attempt? No thanks. I get into enough trouble on my own.

      --
      When our name is on the back of your car, we're behind you all the way!
  2. can you say by ecklesweb · · Score: 2

    Anonymous proxy?

    1. Re:can you say by JustinOpinion · · Score: 2

      Yes, you can probably use an anonymous proxy and/or randomly scrambling your device's external signature (MAC address, browser string, response time, etc.) in order to make it harder to track you.

      What I wonder is if companies will start differentiating between "good consumers" and "bad consumers". Right now we have access to many services because of an implicit agreement: "I'll let you access the site but you'll see some ads". But if they have a very fine-grained way to determine what consumers respond to ads, and what consumers don't respond to ads, that might drastically change this balancing act. In particular, they would just block "bad consumers", meaning anyone who doesn't spend a lot of money in a way correlated to the ads they see. Anyone who tries to hide their behavior using proxies, randomizing their devices, or otherwise making their behavior inconsistent (e.g. swapping devices with other people) will get labeled as "bad".

      On the one hand you might say "Great! I won't have to see ads anymore!" But in reality it will mean that any "bad consumer" will just be blocked from any ad-supported site (or maybe just de-prioritized so the site is unbearably slow). Now, it would difficult to condemn such actions: companies have the right to run their site as they see fit. It might also lead to a differentiated Internet, where some people (who are willing to be tracked and who spend "enough" to satisfy advertisers) go to ad-supported sites, and other people (who are "bad consumers") simply pay for access to sites/services without ads. Maybe that would be a good thing (advertising currently hides a lot of costs).

      It's something to think about. If the advertisers have sufficiently fine-grained data, they can not only decide what ad to show you, but decide whether you're even worth the effort to give access to the site at all.

    2. Re:can you say by cant_get_a_good_nick · · Score: 2

      I agree, my guess is they're using some techniques like panopticlick https://panopticlick.eff.org/

      I have a linux desktop with a couple programming fonts added, so i'm unique on the eff site.

  3. Interesting For Computer Forensics by bc90021 · · Score: 3, Interesting

    This has VERY interesting possibilities for digital forensics as well. I get the feeling that the bluecava guys aren't even aware of that possibility yet. This would allow web interactions to be more thoroughly traced to a particular machine. Given the ability of most companies to put a particular person behind that machine (whether surveillance or electronic controls), suddenly your machine AND your interactions are subject to investigation at any time.

    --
    libertarianswag.com
    1. Re:Interesting For Computer Forensics by _Sprocket_ · · Score: 3, Insightful

      This has VERY interesting possibilities for digital forensics as well. I get the feeling that the bluecava guys aren't even aware of that possibility yet. This would allow web interactions to be more thoroughly traced to a particular machine. Given the ability of most companies to put a particular person behind that machine (whether surveillance or electronic controls), suddenly your machine AND your interactions are subject to investigation at any time.

      I would be very surprised if it hasn't dawned on them yet. From an interview:

      Businesses can also determine if devices have a history of committing fraud, so they can protect themselves.

      Note in that interview, BlueCava CEO David Norris is very careful to portray the technology as linked solely to the device and not the user. And there is a lot of effort to portray BlueCava as providing control of information to the end user. But the reality is that linking user to device is trivial (as you noted) and end users tend to not grasp implications of data security. However, the initial money is unlikely to be in forensics and for the system to work, you have to convince people to not fight it.

  4. how about by phantomfive · · Score: 2

    How about we make it a 64 bit id and call it an ip address? Having a static, routable IP address would make it worth it to me. Then when I really want privacy I can use a proxy.

    It looks like in this case they are trying to use the UserAgent and other info available to javascript, like the EFF warned about. Check that link out, you can discover how unique your browser is.

    --
    Qxe4
    1. Re:how about by DrgnDancer · · Score: 2

      You think that's weird, try it with JavaScript enabled. My browser signature is *unique*. Apparently no one in the 1.2 million or so person sample group is using the latest Firefox on WinXP with my particular combination of add-ons (yes, it could see my add-ons). Which means... Relatively more "power-users" are easily identifiable by this technology than "normal people". The more vanilla your browser set-up is, the harder you are to recognize (at least through this metric)

      --
      I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
  5. Re:Redundancy? by compro01 · · Score: 2

    No, because the MAC address isn't visible beyond the first router.

    --
    upon the advice of my lawyer, i have no sig at this time
  6. Re:Will the United States of America be renamed... by oldspewey · · Score: 2

    You know, it's easy to get inflamed about this idea since it's all about advertising, tracking, privacy, and corporate profits ... but if a similar article appeared about a system designed to counteract spam and fraud, I wonder what the reaction would be here on slashdot?

    --
    If libertarians are so opposed to effective government, why don't they all move to Somalia?
  7. Re:Will the United States of America be renamed... by LordNimon · · Score: 3, Informative

    This would be the reaction:

    Your post advocates a

    ( ) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    ( ) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    ( ) It will stop spam for two weeks and then we'll be stuck with it
    ( ) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    ( ) Requires immediate total cooperation from everybody at once
    ( ) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    ( ) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    ( ) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    ( ) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook

    and the following philosophical objections may also apply:

    ( ) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    ( ) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    ( ) Sorry dude, but I don't think it would work.
    ( ) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your
    house down!

    --
    And the men who hold high places must be the ones who start
    To mold a new reality... closer to the heart
  8. Re:Will the United States of America be renamed... by gstoddart · · Score: 3, Insightful

    Psst ... you're supposed to check the appropriate boxes or it's not funny. ;-)

    --
    Lost at C:>. Found at C.
  9. Re:I love capitalism by Johnny5000 · · Score: 2

    You have every right to track my activities and I have every right to purchase back my own privacy.

    Why should you have to purchase back something that rightfully belongs to you?

    --
    The libertarian solution to the failures of capitalism is to apply more capitalism til the failures are fixed.
  10. Terminology by HTH+NE1 · · Score: 5, Insightful

    When one person does it to another, it's called stalking. When a corporation does it to everyone it's called marketing.

    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  11. Re:Simple by Yvan256 · · Score: 2

    In Soviet USA, advertisers control YOU!

  12. Re:Will the United States of America be renamed... by mcgrew · · Score: 2

    Odd, a business can stalk you and it's "just business", but if I stalk you I'm a felon.

    --
    Free Martian Whores!
  13. Re:Fuck that! by Lumpy · · Score: 2

    http://www.mvps.org/winhelp2002/hosts.txt

    click, save as... all done. I have a batch file that does it weekly for me with the AT command.

    not a chore at all.

    --
    Do not look at laser with remaining good eye.