One thing I’m concerned about is recording equipment leaving identifiable information without us knowing about it.
There is a new web fingerprinting technique that uses your GPU’s individual idiosyncratic performance characteristics to enable/boost efficacy of web fingerprinting: https://www.bleepingcomputer.com/news/security/researchers-use-gpu-fingerprinting-to-track-users-online/
A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people’s GPUs to create unique fingerprints and use them for persistent web tracking. The results of their large-scale experiment involving 2,550 devices with 1,605 distinct CPU configurations show that their technique, named ‘DrawnApart,’ can boost the median tracking duration to 67% compared to current state-of-the-art methods.
Are there any other examples of these privacy violations that aren’t common knowledge?
Here you go :)
The worst thing about that printer tracking is that we only learned about it around 20 years after they started implementing it. It’s been another 20 years, imagine what they’re doing now.
Photos taken by digital cameras are also trackable in a similar way as prints taken from a printer. I recall reading they were trying to identify the device after a Harry Potter book was leaked by someone taking digital photographs.
Was it just EXIF information or was it something embedded in the pixels? If it’s just EXIF that’s something you can scrub from the file easily.
The Harry Potter thing was EXIF https://www.eff.org/deeplinks/2007/07/harry-potter-and-digital-fingerprints
But pictures can also be traced back to a camera based on irregularities in the camera sensor https://www.scientificamerican.com/article/tracing-photos-back-to-the-camera-that-snapped-them/
Unlike with the printers, there is probably no database of the CMOS sensor irregularities of all cameras ever made. But if you upload pictures under your government name and the take pictures with the same camera and share them anonymously, this could be traced back to you in theory.
Tons of websites record your mouse, keyboard, and scroll activity, and can play back exactly what you saw on your browser window from its backend dashboard as a video. This is called session replay. There are pre-made libraries for this you can import so it’s super common, I believe Mouseflow is one of the biggest providers.
When a mobile app, Windows app, or even website crashes nowadays, it automatically sends the crash dump to the app developer/OS vendor (the OS often does this whether the app requests it or not because the OS developer themselves are interested in what apps crash and in what ways). We’re talking full memory dump, so whatever private data was in the app’s memory when it crashed gets uploaded to a server somewhere without your consent, and almost certainly kept forever. God help you if the OS itself crashes because your entire computer’s state is getting reported to the devs.
Your phone’s gyroscope can record what you say by sensing vibrations in the air. It may or may not be something humans will recognize as speech if played back because the frequency range is too limited, but it’s been shown that there’s enough information for a speech recognition AI to decode. Good chance the accelerometer and other sensors can be used in the same way, and using them together will increase the fidelity making it easier to decode. Oh did I mention no device has ever implemented permission controls for sensors so any app or even website can access them without your consent or knowledge?
nah only the minidump is reported back which only contains the memory the crashing stack is using. Sending the full dump would requires uploading gigabytes of data which would cripple any home internet as they mostly have very limited upstream bandwidth.
Social graph connections can be automatically inferred from location data. This has been done by governments (example) for a long time and is also done by private companies (sorry I can’t find a link at the moment).
Maybe this. Most smartphones have a modem inside, this modem has a separate closed-sourced operating system and it usually has the main priority in controlling the smartphone relative to the processor running the main operating system, such as Android. Sometimes the modem has access to the microphone or memory, even bypassing the CPU. Although maybe everyone already knows that.
Snowden gave us this info, right?
Isn’t it common knowledge? I’ve known about it for at least two decades…
BTW - you can easily work around it. Get someone else to buy your printer for you, or trade with someone who has the same printer… Now, they will still be able to match it to the printer, if they find it at your home, but other that that, you are free…
PS. Don’t use your printer to blackmail FBI or CIA. ;-)
There is no connection from a random printer you buy somewhere anonymous to you. They can “only” verify something was (not) printed with that printer.
No you don’t get it, if you swap paper with your cousin before printing the feds won’t have a fucking clue.
No, I don’t think that’s how it works. Regardless of what paper you feed it, the printer will stamp it with its unique yellow dots pattern.
Are you serious dude? 3 days late just for you to bite on some joke response?
Some of us don’t live online, friend. And if that was a joke, count me oblivious lol
