Startup uses ultrasound chirps to covertly link and track all your devices

[Read the post]


Currently some people will cover their laptop’s webcam in the case someone maliciously activates it. I can conceivably imagine a phone case that covers your microphones and camera, which you can manually uncover when you want to make a call or take a pic. It’d be kind of a hassle but if this practice becomes more widespread this is something i would absolutely consider in order to safeguard my privacy.


I don’t believe in property, but do people ever assert ownership of data about themselves, and charge marketers and governments for its use?


sooo is there a list of the 67 apps?


I’d like a list of the devices which secretly emit the chirps.

Any device that plays advertisements.


If it’s totally covert, and there’s no opt-out, what’s the fig leaf keeping this from being an industrial-scale CFAA violation?

Don’t hold you’re breath. Doctrow is still claiming that Windows 10 has secret keylogger software built into it, despite the fact that no one can actually find it, and it’s been roundly debunked. So take any of his conspiracy stories with a grain of salt, with a big carton of salt as a chaser.

Meh, crenquis pointed out the emissions aren’t device specific and Corey is from my generation. We grew up with people still debating Kennedy and our first president was impeached for a good reason. We tend to be fairly conspiracy minded. It doesn’t help that so many we were told were kooky turned out to be true.


It’s perfectly possible that they are overselling their capabilities, it’d hardly be the first time that some .com turned out to be little more than a pump and dump; but the ‘conspiracy story’ is basically just a summary of their product page.

This isn’t one of those where They are being cagey about their capabilities and you need to decide who is realistic and who is paranoid in their assessment of exactly what they are up to. They aren’t going into too much detail about the exact limitations of their fancy ‘proprietary’ method; but their ad copy promises cross-device identification attacks using an ultrasonic side channel. Taking them at their word doesn’t seem excessively paranoid to me.


EULAs. Lots and lots of them.


While overblown with the word “spying”, the fact that there really is no way to completely stop the OS from logging usage info is a real thing.

On a related note, i wonder if these OS logging functions can be exploited by 3rd parties. These days anything is possible it seems like, which is why i understand the concern.


It’s the complete lack of critical thinking that bothers me. Google’s Chomecast already has the ability to pair devices ultrasonicly, but it barely works, and they aren’t even trying to do it covertly. And just what exactly is gained by this? Most apps have access to their device identifiers, and to the internet. It seems like a complicated way to do something that’s already being done far more reliably by existing technology.


From reading their ad copy and the coverage of their venture round; it looks like the objective is not to identify the mobile device(as noted, if they have their app on it, you’ve already lost that one); but allowing correlation of user activity across a mobile device with the app installed and one or more other devices(whether dumb TVs, computers, other mobile devices) that play back an ad or any other audio that has been fingerprinted with their fancy proprietary fingerprinting sauce.

Pretty much the same thing that the ill-fated idiots behind the CueCat were proposing to do(though this half of their plan died even faster and far more quietly than their barcode-based nonsense), actually, use audio-encoded data in TV broadcasts to trigger ‘contextual’ behavior in a nearby computer. Dumb ideas die hard, I guess.

1 Like

The take-away from that article:

“In the cases where we’ve not provided options, we feel that those things have to do with the health of the system,” he said. “In the case of knowing that our system that we’ve created is crashing, or is having serious performance problems, we view that as so helpful to the ecosystem and so not an issue of personal privacy, that today we collect that data so that we make that experience better for everyone.”

This article has some more information, including other companies working on similar ideas, like Drawbridge and Tapad…


Wouldn’t it be much more helpful if it included some outline of what is, and isn’t, included in ‘things having to do with the health of the system’.

I’d assume that bandwidth constraints preclude sending kernel mode complete memory dumps on crash; but there are a variety of more and less verbose and selective sets of diagnostic information, some that reveal a great deal more about what the user was doing at the time of the failure than others; and they don’t specify which.

At this point, I’m a trifle surprised that they won’t, just to make the story go away. If it’s really a bunch of boring esoteric driver spew that only people raised by wild WinDbg processes would care about; why not just say so?

1 Like

Why wouldn’t this count as wire-tapping? How on earth can it be legal?

Computers with microphones, cameras, and radio antennas, what could go wrong?

Remember the telephone? When the handset was down the microphone’s circuit was disconnected. No one could listen if the phone was hung up. This is what we need today, analog switches to disable and deactivate devices. There is no other alternative. We must be able to control the computers that we own completely. This is a human right.

(An don’t for a moment come up with the argument that we do not own our devices. If you pay money for a product and it’s in your custody, you own it.)

Analog devices can just as easily be defeated compared to digital ones unless consumers start pulling apart their devices and understanding circuitry. Digital ones are more complex, perhaps, but there’s nothing preventing an analog device from being compromised in a way that the phone companies/etc could use.