If you’re already worried about ads tracking your online whereabouts, here’s a new thing to freak out over: cross-device tracking that communicates using high-pitched audio frequencies.
As reported by Ars Technica, the Center for Democracy & Technology, a digital rights advocacy group, recently submitted a letter to the United Stated Federal Trade Commission, expressing its concerns over such hidden online behavior-tracking technology.
According to the CDT’s letter, using high-frequency audio signals that are too high-pitched for humans to hear “is a more accurate way to track users across devices” as compared to so-called “probabilistic tracking” techniques like browser fingerprinting—a method of tracking you without using cookies.
A company named SilverPush is one firm that’s leading the charge toward such “ultrasonic audio” tracking, the CDT’s letter states. According to the CDT’s letter, SilverPush’s technology works between computers and “smart devices”—as well as with your TV.
The letter states in part:
“When a user encounters a SilverPush advertiser on the web, the advertiser drops a cookie on the computer while also playing an ultrasonic audio through the use of the speakers on the computer or device. The inaudible code is recognized and received on the other smart device by the software development kit installed on it. SilverPush also embeds audio beacon signals into TV commercials which are “picked up silently by an app installed on a [device] (unknown to the user).” The audio beacon enables companies like SilverPush to know which ads the user saw, how long the user watched the ad before changing the channel, which kind of smart devices the individual uses, along with other information that adds to the profile of each user that is linked across devices.”
Sneaky.
The CDT’s letter claims that SilverPush’s technology has already made its way into several apps and 18 million smartphones as of April 2015. According to the CDT, SilverPush’s technology only listens for certain audio signals—as opposed to all sound it a device’s vicinity—but you can’t opt out of the tracking technology.
It sounds a little like science fiction, but as Ars Technica notes, it isn’t the first time researchers and advocacy groups have raised concerns about devices communicating with each other using high-frequency audio for questionable purposes. In late 2013, a security researcher named Dragos Ruiu claimed to have found a piece of malware called badBIOS that communicates with other infected devices using ultrasonic audio signals.
At that time, there wasn’t any clear evidence that badBIOS was an actual threat, but ultrasonic cross-device tracking lends credence to Ruiu’s claim.
The privacy implications of ultrasonic tracking techniques are significant, because while only a handful of apps may use it today, it may be a harbinger of even more questionable and invasive tracking techniques in the years to come.