Cross-device tracking
Cross-Device Tracking , also known as Ultrasound Cross-Device Tracking (uXDT) , is a process with which the simultaneous use of different electronic devices by the same person is recorded using high-frequency sound signals (“audio beacons”) and evaluated for economic purposes, for example.
technology
The pitch used is between 18 and 20 kHz, which is usually inaudible to humans, but can still be transmitted or picked up by the loudspeakers and microphones of commercially available devices such as television, radio, tablet PC and smartphone . The signals are embedded in advertising broadcasts , for example, and recorded by the device within range (“cross-device, xD”). The uXDT function of the program (“app”) installed in the device reports the receipt of the sound signals and other data that uniquely identify the device, such as the MAC address or International Mobile Subscriber Identity , to interested third parties via the Internet.
purpose
The evaluation of the reactions to the uXDT signals makes it possible, for example, to record the consumer behavior of the user with regard to location, time and duration as well as the type of advertising broadcast received. In addition, the uXDT technology can even be used to read the IP address of the end device, even if the device user actually wants to prevent this through anonymization and pseudonymization ( e.g. VPN and Tor ). Users who have switched on more than one device with uXDT function can also be identified. If it has been recorded that you have received the uXDT signal in the advertisement for a certain product on the radio or television, you can for example be sent further advertisements for this purpose on your smartphone. The US advertising company SilverPush was one of the first companies to implement uXDT functions in applications. In 2014, its co-founder and executive board member described the process in an interview.
criticism
Until now, this technology has usually been used without the knowledge of the device user and without the possibility of deactivating this unwanted partial function if necessary (opt-out). The danger to data protection was soon pointed out, and the US “Center for Democracy and Technology” described in detail the type and importance of uXDT tracking in a letter to the US regulatory authority FTC and recommended the authority to issue suitable guidelines enact and investigate the phenomenon further.
State regulation
In 2016, the FTC warned twelve application developers that used the SilverPush code that they would be acting illegally if they did not inform consumers of the presence of uXDT functions in the respective software. In Germany, the Interstate Broadcasting Treaty stipulates in Section 7 (3) that "no techniques of subliminal influencing may be used in advertising or teleshopping". Even “when new advertising techniques are used, advertising and teleshopping must be appropriately separated from other parts of the program by optical or acoustic means or clearly spatially for the medium”.
distribution
Despite government regulations, the number of uXDT-enabled applications has not decreased recently: even after the legal warning from the FTC, researchers from the University of Santa Barbara, in collaboration with a company specializing in Internet security, found that there are still numerous mobile devices in use Application with uXDT functions existed without the device users knowing about it or even having consented to it. The uXDT functions could be blocked by additional software (add-on, plug-in ) in the browser, but the use of such add-ons is not widespread among the average device user.
A group at the Technical University of Braunschweig also examined the occurrence of uXDT technology. In 2016, it found uXDT functions in more than 230 of around 1.3 million applications for the Android operating system , in particular from Shopkick, Lisnr and Silverpush. These companies then transfer the data obtained without the knowledge and consent of the device users to advertisers and retail chains. In the previous year, however, only six such apps were identified. The researchers did not find any EU television broadcasters that broadcast uXDT signals. But the authors warn that even if this tracking technology is not yet actively used on television, its use in many mobile applications has already been prepared and could therefore pose a serious threat to privacy in the near future. As a rule, device users cannot determine whether an application uses uXDT technology. Experts therefore advise being careful with any application that requires access to a microphone (or camera) for no apparent reason. Unfortunately, however, many users tended to grant permissions to an application without first checking them.
variants
A technology similar to that via the Internet is also used in shops: the uXDT signals are emitted via loudspeakers, which also emit music or announcements, which means that the uXDT signals can be recorded and passed on by the customers' electronic devices without them are perceptible to most customers themselves. For example, customers can be recognized via their devices and / or their movements in the store can be determined. In a small sample of 35 shops in two European cities, four such shops with uXDT technology were found.
Individual evidence
- ↑ https://www.golem.de/news/anonymitaet-ultraschall-tracking-kann-tor-nutzer-deanonymisiert-1701-125434.html
- ↑ a b John Leyden: Anti-ultrasound tech aims to foil the dog-whistle marketeers: Researchers are finding ways to protect users from cross-device tracking , in: The Register (Great Britain), online November 4, 2016
- ↑ a b Hauke Gierow: TV advertising: 230 Android apps support tracking by ultrasound , in: Golem.de - IT News für Profis, online May 5, 2017
- ↑ Anthony Ha: SilverPush Says It's Using “Audio Beacons” For An Unusual Approach To Cross-Device Ad Targeting , interview with Hitesh Chawla in TechCrunch, online July 24, 2014
- ^ Dan Goodin: Law & Disorder - Beware of ads that use inaudible sound to link your phone, TV, tablet, and PC. Privacy advocates warn feds about surreptitious cross-device tracking , in: Ars Technica, online November 13, 2015
- ↑ Center for Democracy and Technology: Comments for November 2015 Workshop on Cross-Device Tracking , Washington, October 16, 2015 pdf 245 kB [1]
- ↑ FTC Issues Warning Letters to App Developers Using 'Silverpush' Code. Letters Warn Companies of Privacy Risks In Audio Monitoring Technology
- ↑ Interstate broadcasting treaty in the consolidated version (as of January 1, 2016) pdf [2]
- ↑ For legal reasons, the publication does not contain the names of the applications
- ^ Daniel Arp, Erwin Quiring, Christian Wressnegger and Konrad Rieck: Privacy Threats through Ultrasonic Side Channels on Mobile Devices . Technical University of Braunschweig, 2016 pdf (4.7 MB) [3]
- ↑ Apps bypass data locks - if the mobile phone still picks up in: Tagesschau.de, online May 5, 2017
literature
- Center for Democracy and Technology : Comments for November 2015 Workshop on Cross-Device Tracking , Washington, October 16, 2015, ( pdf; 245 kB )