Ad Networks Using Inaudible Sound To Link Phones, Tablets and Other Devices (arstechnica.com)

← Back to Stories (view on slashdot.org)

Ad Networks Using Inaudible Sound To Link Phones, Tablets and Other Devices (arstechnica.com)

Posted by timothy on Friday November 13, 2015 @06:33PM from the high-keening-wail dept.

ourlovecanlastforeve writes with a link to Ars Technica's report of a new way for ads to narrow in on their target: high-pitched sounds that can make ad tracking cross devices and contexts. From the article: The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can't be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product.

37 of 223 comments (clear)

Min score:

Reason:

Sort:

Microphone access. by Noah+Haders · 2015-11-13 18:37 · Score: 5, Insightful

And why can a rogue website or app access the microphone? Oh yeah cuz android.
1. Re:Microphone access. by Chris+Mattern · 2015-11-13 18:51 · Score: 5, Informative
  
  Oh yeah cuz android.
  And cuz iPhone. It works on both.
  
  It works on both iOS and Androidd
2. Re:Microphone access. by Solandri · 2015-11-13 19:02 · Score: 3, Insightful
  
  Starting with Marshmallow, you can disable microphone access on an app-by-app basis.
3. Re:Microphone access. by cfalcon · 2015-11-13 20:05 · Score: 4, Informative
  
  If an app wants microphone access in ios, it has to explicitly request it. You get a popup and have to ok it. If you don't, it doesn't have access. It can refuse to work, if it wants, but fuck them.
  Does that happen in Android? I feel it does not, and you probably can, in the latest version, explicitly disable mic access or something? An android user can correct me.
  I will say that questions like this:
  http://stackoverflow.com/quest...
  SO question:
  "
  1- I want to record.
  2- User disallowed.
  3- I want to record again.
  4- I call requestRecordPermission:
  5- It simply returns granted=NO (without prompting for permission)
  Can I prompt the permission Alert to user somehow?
  "
  Make me VERY happy to see answers like: "There's no way to do this"
  "I want to spam the user with access requests that are full screen OS level stuff until he says ok. How can I do this?" -> "Nnnnnnope!"
  Anyway, if Android doesn't do this, that's sad, and hopefully they will soon. If Android and Ios both do this, I don't see how most programs will be able to get mic access at all in the first place.
4. Re:Microphone access. by cfalcon · 2015-11-13 20:07 · Score: 2
  
  Ios just disallows until you allow access explicitly, with a prompt. Does Android just grant permission by default?
  Either way, it sounds like there's a workaround on Android, and that this will have a very low success rate in ios.
  Also, just to be clear- "pairing" computer with phone, against my permission, with ultrasonic, is pig disgusting. There's absolutely no way that either Apple or Google should allow shit like this on their respective stores. This is vile spyware for certain.
5. Re:Microphone access. by pixelpusher220 · 2015-11-13 20:48 · Score: 4, Interesting
  
  the question is why does a phone intended for *human* consumption even allow frequencies beyond human hearing?
  
  --
  People in cars cause accidents....accidents in cars cause people :-D
6. Re:Microphone access. by greenfruitsalad · 2015-11-13 20:53 · Score: 4, Interesting
  
  Google do this all the time. EVERY EFFING TIME you install an application from non google-play source, it asks whether you'd like google to scan your applications for potential threats. there's no "Decline forever" option. google treat themselves differently.
7. Re: Microphone access. by greenfruitsalad · 2015-11-13 21:44 · Score: 5, Interesting
  
  i gave up on gapps (apps for google services). i run cyanogenmod without gapps with f-droid and amazon as my two package sources. if i need something from play store, i download it manually using RACCOON and install the apk. i use caldav-sync and carddav-sync to sync with google contacts and calendars.
  It is a radical improvement to my life. No google tracking, longer battery life, fast bootup, longer battery life, phone uses less memory and i have a longer battery life.
8. Re: Microphone access. by Anonymous Coward · 2015-11-13 22:17 · Score: 4, Funny
  
  But does it improve your battery life?
9. Re:Microphone access. by Anonymous Coward · 2015-11-13 22:22 · Score: 5, Insightful
  
  Phones and speakers cover frequencies beyond human hearing because they're physical objects. Making something that can record 16kHz with good fidelity but won't record 20kHz at all would actually be quite difficult. Did you know that some lossy audio codecs apply a 16kHz low pass filter to the audio signal? No? If that cutoff removed frequencies which many people can hear, everybody would know about it. Youtube does that, btw. In practice there are few people beyond their teenage years who can hear tones above 16kHz unless they're very loud, and even most teenagers can not hear 19kHz or higher. But the microphones in phones and tablets have no trouble picking that up.
10. Re:Microphone access. by jrumney · 2015-11-13 22:41 · Score: 2
  
  Marshmallow does this in the same granular, on demand way as Apple. Earlier versions of Android present all the permissions at install time, and make it an all or nothing choice.
11. Re:Microphone access. by aix+tom · 2015-11-13 23:29 · Score: 2
  
  I'm not sure, but in my opinion the "no, never" would not make much sense from a security standpoint.
  Let's look at a "non-malicious" use case first:
  If for example you have an app that has a "find the next gas station" button, and the prompt is triggered by that.
  Would a "no, never" make sense in that context? After all, when I don't want the App to know where I am, why would I press the "find the next gas station" button in the first place?
  Then lets look at a "malicious" app case:
  If the App randomly wants access to your location for no apparent reason, my personal opinion is that the "never" button will just hide the fact that the malicious app is trying to access his location all the time. If the user gets the popup every 5 minutes he will probably decide "this App is crap" and uninstall it. If the malicious location-lookup is just silently ignored then the user might keep using the app, and who knows what other malicious tricks it's also trying.
  My personal "favourite" solution would be to just have the yes/no option in the simple OS prompt, and have the "yes, all the time" "no, never" options only in the OS administration interface for the app, but there with additional options to log/analyse the request that are made. So that the user isn't tempted to just klick "yes, all the time" for every app that is installed.
12. Re:Microphone access. by thegarbz · 2015-11-14 00:05 · Score: 3, Informative
  
  No it doesn't. Going high in frequencies is simple. REALLY simple, and can be done even with the cheapest off the shelf small speakers.
  Covering a wider range of octaves towards the low end is the difficult part.
13. Re: Microphone access. by greenfruitsalad · 2015-11-14 00:48 · Score: 2
  
  i don't have amazon's claws in my phone. i have one app from them - app store.
14. Re: Microphone access. by chihowa · 2015-11-14 04:03 · Score: 3, Informative
  
  Amazon's app store doesn't run as a system application and can't do much of anything without explicit user permission. Google's app store is tied in with Google Play Services and runs as a system application that can do whatever it wants on your phone whenever it wants.
  
  --
  If you want a vision of the future, imagine a youtube comments section scrolling - forever.
15. Re:Microphone access. by Noah+Haders · 2015-11-14 04:56 · Score: 2
  
  If he gets the pop up over and over again then at some point he will likely either goof and hit ok or give up and hit ok. Especially if they are not savvy about this. Will the app ask again later, do you want to keep giving the app your location? Umm no. Did you know that iOS does this at the system level, with occasional pop ups saying that an app has continued to access your app in the background, do you want it to keep doing that? Also iOS has three location options, no/yes when the app is open in the foreground/yes all the time. And they are pushing apps away from the third option.
16. Re:Microphone access. by antdude · 2015-11-14 15:02 · Score: 2
  
  And noth Windows phones?
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
But they say adblock is bad by geekd · 2015-11-13 18:38 · Score: 5, Informative

They pull crap like this and then have the gall to say adblock users are evil?
1. Re:But they say adblock is bad by xushi · 2015-11-13 19:48 · Score: 2, Interesting
  
  They're half right.
  *Adblock* is evil ("acceptable" ads, the sale of Adblock, etc).
  I've uninstalled it from any/all browsers for the whole family, and replaced that with uBlock (and uMatrix / Ghostery / Privacy Badger)
Exempt from wire-tapping laws? by dmomo · 2015-11-13 18:41 · Score: 4, Interesting

IANAL, but I was wondering if this would be illegal under wire-tapping laws. A quick glance over the code (18 - US 2511) actually specified "oral" not "audio" communication. Would this then be exempt?
I suppose any app that takes advantage of this would have a disclosure about the recording buried deep in its legalese.
1. Re:Exempt from wire-tapping laws? by ljw1004 · 2015-11-13 19:11 · Score: 2
  
  I suppose any app that takes advantage of this would have a disclosure about the recording buried deep in its legalese.
  More likely the app author has no clue what's going on, and merely uses a 3rd-party library to provide advertising, and the 3rd-party library is doing these shenanigans secretly for its own benefit.
First... BULLSHIT by Anonymous Coward · 2015-11-13 18:51 · Score: 3, Insightful

1. Mics don't pick up ultrasonic
2. Speakers don't reproduce ultrasonic
3. And even if these somehow did, Nyquist already limits it all
Look at a high-end mic's response curve. Most barely get above 16 kHz, after which they drop off very fast. Compare that to any system that may be attached to a computer. Same for a loudspeaker. High-freqs are directional, meaning if you get off-axis even a little, even more drop-off. All BULLSHIT. The internet at play and the eager ignorants ready to believe anything it proclaims.
1. Re:First... BULLSHIT by Mystic+Pixel · 2015-11-13 19:40 · Score: 4, Informative
  
  So your mic has a -3db point at 16k? OK, so all that means is your signal is attenuated.
  Solution: BPF and amplify. Nothing of interest in that range, so collateral (spectral) damage is unimportant. Add a dash of modern DSP and blizzow!
  Please retake Signals & Systems and then try again, thanks.
2. Re:First... BULLSHIT by Anonymous Coward · 2015-11-13 19:57 · Score: 4, Informative
  
  Fifty years ago you would have been quite right but unfortunately the tech has been getting better. (Did I just write that?) Nowadays, speakers can easily reproduce sounds that are inaudible to the majority of the population and microphones can pick them up. Not with the fidelity of audible sound, but they aren't interested in recording hifi audio anyway. To make matters worse, we've gotten a lot better at performing mathematical tricks in software to make signals more robust against distortion. You say it cannot be done, but companies are in fact already doing this and these things are already out there, I'm sorry to say.
3. Re:First... BULLSHIT by Anonymous Coward · 2015-11-14 03:03 · Score: 2, Informative
  
  Or you could run a spectrum analyzer and not have to feed and care for it for 10-15 years.
4. Re:First... BULLSHIT by Khyber · 2015-11-14 04:05 · Score: 2
  
  "1. Mics don't pick up ultrasonic"
  Mine most certainly do Webcameras are susceptible to this. Turn on a fluorescent T5 lamp next to a webcam with a microphone. You won't hear that ballast, but your microphone most certainly will and can create beat frequency oscillations that become audible to the rest of your listeners.
  "2. Speakers don't reproduce ultrasonic"
  Yes, they do. Piezo-electric speakers do wonderfully at this, in fact, which is why they're used in ultrasonic pest repellent devices.
  "3. And even if these somehow did, Nyquist already limits it all"
  Not even close. Please retry when you understand more basic physics and signalling.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Ultrasonic jammer by CaptQuark · 2015-11-13 18:57 · Score: 3, Interesting

Sounds like it might be time for an Ultrasonic Jammer in my house. They have them to supposedly keep pests away. I'm sure it would blanket the area and disrupt any ultrasonic tracking. Hopefully they won't bother the family pets too much. http://amzn.to/20SJgu6

--
1. Re:Ultrasonic jammer by Anonymous Coward · 2015-11-13 23:04 · Score: 2, Funny
  
  Well you do kinda bug me.
  Thanks folks I will be here all week.
2. Re:Ultrasonic jammer by rtb61 · 2015-11-14 13:29 · Score: 2
  
  I am kind of suspect about the whole thing being a marketing scam targeted at investors. Nearly everyone carries electronic devices, hence you create a massively contaminated data base, with false links created from device to device. Sure for spy vs spy crap, tracking a device and it's contacts with other devices but even then how brief and how often ie catch public transport with a long route and end up with hundreds even thousands of connections to people with no association (over a year hundreds of thousands of connections). To task associate means basically doing the M$ windows 10 thing and spy on everything the devices they control are doing with direct hard wired links into the OS for all those devices, key loggers, application controls, microphone, camera, motion sensors, network interactions, basically monitoring every possible interaction with the device they own and control, that you only pretend to own and control.
  
  --
  Chaos - everything, everywhere, everywhen
Again, RTFA... by Y.A.A.P. · 2015-11-13 20:07 · Score: 5, Informative

If you RTFA, you'll note that no one actually says this is happening yet.
This is about a complaint filed with the FCC to prevent the use of this technology. One company, SilverPush, is cited as having developed the technology and details about it are in the public view, but that's the only case where there's even anything to cite about this form of intrusive technology.
You can let your hackles go back to their normal position now.
What is all that data good for? by grumbel · 2015-11-13 21:57 · Score: 2

News about ad networks doing evil tracking and such comes up all the time, but I have to wonder what all that data is any good for? I don't use ad block and yet all the ads I see tend to be either be pretty unimpressive and untargeted. They might know that I am male and they might be clever enough to show video games advertisement on a video game site, but that's about it. In a lot of ways the targeting makes the ads actually worse, as they end up covering a far narrower range of products and lead to a lot of repetition. Youtube can be notoriously bad at this, showing you the same ad 20 times in a row. There are also some ads that are extremely personalized, but they are unimpressive in the other direction, Amazon ads for example will just show me products that I just watched on their site. So won't show me anything new, just stuff I am already familiar with.
Never seen ads that actually extrapolate my behavior and interest and end up recommending me a product that I would actually be interested in buying. I found good old untargeted advertisement on TV or magazines far more useful for that, as that showed a lot of products that I didn't even know existed.
It's also rather hard to believe it would work by Sycraft-fu · 2015-11-13 23:28 · Score: 5, Insightful

Ultrasonic response is not something most devices are good at. We, unsurprisingly, tend to design your sound systems around what we can hear. Particularly when you are talking cheaper equipment the high frequency response of speakers and microphones is often not very impressive. There's also the issue that the digital audio compression we use for things, like TV broadcasts, deemphasizes high frequencies.
So for this to work they need:
1) A TV broadcast with sufficient audio bitrate to get their high frequency signal encoded (the AC-3 streams usually used in ATSC broadcasts can be any bitrate from 64kbps to 448kbps).
2) Encoded in such a way by the broadcaster that the high frequencies are preserved to a sufficient amount that their signal isn't distorted.
3) Reproduced by speakers good enough to produce their signal, but to do it at a sufficient level to be picked up (speakers roll off at more extreme frequencies).
4) Picked up by a microphone with sufficient range to be able to receive such a signal and isn't being occluded too much be being in a pocket or something.
5) Processed by a program running on the device, that has control of the microphone at the time the signal is playing.
Ya... While that isn't impossible, that is not likely to work any real amount of time. To have any good chance of working you'd probably have to push the signal down in to the audible range, which would of course piss people off to hear spurious high frequency noise. Likewise for it to be of any use the user would need to have an app on their device that is running. The mic doesn't magically record everything that comes in and store it for anything to access. A program has to be running and take control of the microphone to be able to get any input from it.
This sounds like an advertiser pipe dream, not something that has been tried with real technology in realistic settings.
People seem to think that ultrasonic communication is some kind of magic. It isn't. I mean it can be done, no question, you can encode information in sound, and you can do it in sound frequencies above human hearing. However that doesn't mean you can do it with any arbitrary device, or under arbitrary conditions.
Super Duper Boy Scout Best Behavior by TheRealHocusLocus · 2015-11-14 00:09 · Score: 5, Interesting

there's no "Decline forever" option.
Yes there is. It is called death and is a part of nature.
Well people --- you're just in a pickle because you've let 'em abandon THE SWITCH. How was grandpa sure he could get some shut-eye without the vacuum cleaner going round in circles? How'd we know that when we flicked on that AM radio, the batteries in it would be just as good as we left it? When we put down the phone how'd we know the gub'mint wasn't listening? We had honest to God switches, little bits of metal with springs that snapped 'em so far apart those electrons would just stay put.
Now all you have are little copper titty-buttons on the sides of things, and you've got chipsets to manage the buttons, see? And everything is really connected all the time to these chips, and it's all programmable. It's all flashable. It's all exploitable. There was a time when people liked switches on things because they liked control. You could actually beat your competition if your thing had more switches than your competition's thing, even if some of them were silly. But something changed, and now consumer focus groups and product design engineers try to eliminate as many controls as they can. When we started seeing switches disappear from things we thought engineers were stupid. Turns out engineers were doing it because they thought people were stupid.
If you think you have a Power button that's an actual Power button --- well you don't really. There's probably a timer in there somewhere I could exploit to tell your thing to turn on again. And why would I bother? I could just take control of your thing and make it sing and beep like it's shutting off and once you see that dark screen you'd be none the wiser.
Sometimes I used to send a WAKE-on-LAN packet to my buddy's computer the moment he sat down at his desk in the morning, just as he was reaching for the power button. He'd hear the computer beep and withdraw his finger, puzzled. Took him a while to figure out what was happening.
We now worship the Golden Calf of the Software Sandbox... and we expect our devices to be on their Super Duper Boy Scout Best Behavior. Hope that works out for everyone, but I don't want to hear any whining when shit happens. Google offering a 'Decline Forever' button,
Shoo Google, don't bother me,
Shoo Yahoo, don't bother me,
Shoo Amazon, don't bother me,
Nothin' ever turns off
and I ain't gonna pay
gimmie everything for free.
I'm going to thwack off the MONSTER FRANKENSTEIN KNIFE SWITCH that I have all my modern tech wired to, and get some serious shut-eye.
NO CARRIER

--
<blink>down the rabbit hole</blink>
1. Re:Super Duper Boy Scout Best Behavior by nukenerd · 2015-11-14 01:19 · Score: 4, Insightful
  
  And even when the button is actually a switch with an air gap, the push-on push-off type, you cannot see if it is on or off. With old-time toggle switches (and rocker switches, though less obviously) you could see at a glance if it were on or off.
  
  Last night I wasted ten minutes trying to connect my laptop to my WiFi before realising that its "Kill" button was in the "Kill" state. It does have a light in the button to show if connected, but that is not the same as being un-killed - ie the light stays off if the problem is at the wireless hub or you are out of range.
  
  Designers (ie the art graduate types) prefer buttons because they believe their design to be the absolute optimum aesthetic. They therefore do not want the visual distubance that would result from a toggle or rocker switch being moved into a different position. That is the way they think.
NEED LAW NOW by JimSadler · 2015-11-14 01:21 · Score: 2

This practice of spying on people should be made illegal and with severe penalties for any company that uses this type of method either directly or through a third party.
Ultra-sound. by DrYak · 2015-11-14 03:42 · Score: 2

1. Mics don't pick up ultrasonic
Actually they do, on purpose.
It's simpler and cheaper to pick-up a wider range and filter afterward.
Than managing to produce a "perfect" microphone that has I high response on the whole range of human hearing, and drops sharply outside without causing any harmonic distortion.
Mics that pick up ultrasonics + software filter is cheaper than high quality mic + high quality hardware filter.
So most mics can pick up ultrasonics and do. (all it takes is one rogue software NOT to filter them).

2. Speakers don't reproduce ultrasonic
You subwofer might not, indeed.
But the cheapo piezo that is most small electronics device and used as a tweeters in speaker systems can produce them without any problem.
So overall lots of devices could produce them without you knowing (or with only your dog knowing).

3. And even if these somehow did, Nyquist already limits it all
Yup Nyquist. Nyquist predicts that the max frequency will be at half the max sampling rate.
Most audio pipe-line work at CD quality (44 ksamples) or higher (48 ksamples).
That makes a max of 22-24Khz. Well above the typical 10Khz that most people tend to hear.
And that's without taking into account the tendencies of some audiophile on insisting to run everything at 192Khz 24bits.
It's completely useless for humans, but that would help a bit this whole story.

Look at a high-end mic's response curve.
Which is high-end, and thus tries to mimick human range (plus some headroom to avoid distortion).
Low quality cheap microphone might accidentally have weirder response curve. (Specially piezo-based one. They would suck at the low range, the would have abnormal high ultrasound drop off, and they are dead cheap).

Most barely get above 16 kHz, after which they drop off very fast.
...which is well enough above the typical 10Khz limit that most human hear.

High-freqs are directional, meaning if you get off-axis even a little, even more drop-off.

so what? the point of advertisers isn't to generate some ultra-high bandwidth transmission techniques that can carry 1Gbps data over 10km.
The point is only to get some very basic presence/absence (some ad is playing on some TV nearby the phone) and maybe a few bits worth of data (enough to transmit a tag, so the server might be able to know that AD n xyz that got sent to device #A was heard by device #B and thus both device probably belong to the same person).
And that doesn't need to be a constant flow of information. If the ad presence/absence works a couple of time per day, that's already enough data for marketeers.
If the tagging works well enough to match device a couple of time per months, its already enough for marketeers to wet their pants and/or order an extra round of blow.

All BULLSHIT.
bullshit that has already been demoed in conferences.
the news isn't that you can do communication over ultra-sonics using of-the-shelf parts. that has been known for years.
the news is that some advertisers are interested to actually do it in the wild.

The internet at play and the eager ignorants ready to believe anything it proclaims.
That's Ars. They tend to have a little bit less dummy content than your garden variety of "internet-crackpot-theory-cesspool".

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
think about the children ! by swell · 2015-11-14 03:55 · Score: 2

Yes, what about the poor children with their sensitive hearing, and dogs, cats, chickens and cockroaches ... An advertiser who elects to disrupt their lives with horrible noises should be ashamed (and sued).
Hey, don't pretend that you haven't any chickens in your house. We can hear them via the microphone installed in your thermostat, we can see them from your television and we can smell them via your smoke detector.

--
...omphaloskepsis often...