Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ultrasound Tracking Could Be Used To Deanonymize Tor Users (bleepingcomputer.com)

Posted by BeauHD on from the nobody-is-safe dept.

New submitter x_t0ken_407 quotes a report from BleepingComputer: Ultrasounds emitted by ads or JavaScript code hidden on a page accessed through the Tor Browser can deanonymize Tor users by making nearby phones or computers send identity beacons back to advertisers, data which contains sensitive information that state-sponsored actors can easily obtain via a subpoena. This attack model was brought to light towards the end of 2016 by a team of six researchers, who presented their findings at the Black Hat Europe 2016 security conference in November and the 33rd Chaos Communication Congress held last week. Their research focuses on the science of ultrasound cross-device tracking (uXDT), a new technology that started being deployed in modern-day advertising platforms around 2014. uXDT relies on advertisers hiding ultrasounds in their ads. When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that get picked up by the microphone of nearby laptops, desktops, tablets or smartphones. These second-stage devices, who silently listen in the background, will interpret these ultrasounds, which contain hidden instructions, telling them to ping back to the advertiser's server with details about that device. Advertisers use uXDT in order to link different devices to the same person and create better advertising profiles so to deliver better-targeted ads in the future. The attack that the research team put together relies on tricking a Tor user into accessing a web page that contains ads that emit ultrasounds or accessing a page that contains hidden JavaScript code that forces the browser to emit the ultrasounds via the HTML5 Audio API.

2 of 207 comments (clear)

  1. Save us APK! by Anonymous Coward · · Score: 2, Funny

    You're our only hope :(

  2. Re:I've never got a good answer as to WHY... by Anonymous Coward · · Score: 2, Funny

    Since you receive desired content on web pages, it is your moral obligation to allow the ads to play. They play sounds and display video to capture and hold you attention long enough for the message to get into your brain for processing, and paying attention to this is your end of the social contract built around ad-supported content.

    Allowing the tracking is also obligatory on your part.

    You can protect yourself from viruses and such by running such tools as McAfee antivirus, and also by keeping your browsing focused on the web portals of professional, on the up-and-up, well-established businesses.

    This is how members of a civilized society comport themselves. If you don't like this, you are free to stay off the internet.

    Ad blocking undermines the social fabric that keeps the modern world functioning, and so it is morally tantamount to terrorism. The only reason it isn't illegal yet is because the wheels of politics turn too slowly to keep up with tech. But rest assured, reprobate criminal parasites that block ads will be getting the punishments they are due before too long.

    Better think this over. The future has no problem leaving you behind.