FunnyMonkey


Bill Fitzgerald

Bill Fitzgerald

Tracking We Can't Hear

4 min read

The Center for Democracy and Technology recently filed comments to the FTC on cross device tracking. Their report is a good summary of current practices in cross device tracking, and worth a read. In this report, however, they highlight the use of high frequency tones embedded in television and online video ads to connect people to devices in order to allow marketers to connect a single individual to multiple devices. Because each device holds information about how a person interacts online, the ability to combine these separate views into a single profile allows marketers to develop more comprehensive (and more invasive) profiles of people. Ars Technica has a solid writeup that summarizes these points. The FTC is holding an event dedicated to cross device tracking tomorrow (on November 16, 2015).

As noted in the Ars writeup and the CDT document, multiple companies use high frequency pitches to track users. In September, 2015, one of these companies announced additional VC funding - while the quotations below are specifically about this one company, they are generally accurate about this tracking practice.

With such data related to TV commercials, companies can come up with targeted mobile ads. The technology essentially consists of an audio beacon signal embedded into tv commercials which are picked up silently by an app installed on a user phone (unknown to a user).

A rough profile of user (sic) is then created, containing information about where the ad was watched, for how long did the user watch that commercial before changing the channel, which kind of mobile device is user using and so on.

Just to highlight: the app that picks up the audio signal that cannot be detected by human hearing needs to be installed on a person's phone. That would seem to be a pretty significant barrier, as very few people would willingly install software on their phone for the expressed purpose of tracking them.

However, affiliate deals sidestep this barrier:

The company reportedly has agreements with about 6-7 apps to incorporate this technology in their app to catch signals from TV and claims to have data of 18 million smartphones already. It has already created mobile ads for over 50 brands in six countries including Google, Dominos, Samsung, Candy Crush, Airtel, P&G, Kabam and Myntra.

Based on this report, it sounds like the tracking technology is embedded within other apps. So, when you download an app from the Play Store of the Apple Store, it could have this tracking software silently embedded in it, with no notice to end users. Both Google and Apple could play a positive role here by requiring apps that embedded this tracking software to display a prominent notice to end users on their app pages.

It's also worth noting that, while the stated use is for advertisers to connect multiple devices to a single user, this technology could also be used to track multiple people to a single location. For example, high frequency pitches could be sent out in a mall (tracking people through a store), at a concert, or via any televised display. This would allow a specific device (and the person carrying it) to be tracked to a precise location, even if that person has their location services fully disabled on their phone. This technology would also allow marketers or observers to identify people who were in the same place at the same time.

Intrusive practices like this move marketing solidly into the realm of profiling and surveillance. Technologies like this also make the case for requiring a hardware switch on mobile devices to disable microphones and cameras. At the very least, these intrusive practices by marketers show us that browsing the web with the volume turned off, and muting the television when any commercials play, are best practice. It also highlights how privacy weaknesses in the Internet of Things (most recently seen in Vizio's sloppy business and privacy practice) can be compounded into greater intrusions into our privacy. These intrusions - committed by marketers in their self-described mission to deliver more relevant content - cross the line from marketing research into tracking and surveillance. Many of these practices are invisible, and offer no option to opt out, let alone to review or correct the full profiles amassed on us.

Now, it turns out that in addition to being invisible, the tracking is inaudible as well.

1 star 0 comments 2

Privacy Now! liked this post

Nov 15 2015 on twitter.com

Privacy Camp reshared this post

Nov 15 2015 on twitter.com

Privacy Now! reshared this post

Nov 15 2015 on twitter.com