One thing I’m concerned about is recording equipment leaving identifiable information without us knowing about it.
https://www.technologyreview.com/2024/02/27/1088154/wifi-sensing-tracking-movements/
WiFi-based human motion detection through barriers
Tons of websites record your mouse, keyboard, and scroll activity, and can play back exactly what you saw on your browser window from its backend dashboard as a video. This is called session replay. There are pre-made libraries for this you can import so it’s super common, I believe Mouseflow is one of the biggest providers.
When a mobile app, Windows app, or even website crashes nowadays, it automatically sends the crash dump to the app developer/OS vendor (the OS often does this whether the app requests it or not because the OS developer themselves are interested in what apps crash and in what ways). We’re talking full memory dump, so whatever private data was in the app’s memory when it crashed gets uploaded to a server somewhere without your consent, and almost certainly kept forever. God help you if the OS itself crashes because your entire computer’s state is getting reported to the devs.
Your phone’s gyroscope can record what you say by sensing vibrations in the air. It may or may not be something humans will recognize as speech if played back because the frequency range is too limited, but it’s been shown that there’s enough information for a speech recognition AI to decode. Good chance the accelerometer and other sensors can be used in the same way, and using them together will increase the fidelity making it easier to decode. Oh did I mention no device has ever implemented permission controls for sensors so any app or even website can access them without your consent or knowledge?
nah only the minidump is reported back which only contains the memory the crashing stack is using. Sending the full dump would requires uploading gigabytes of data which would cripple any home internet as they mostly have very limited upstream bandwidth.
For audio recordings, there is usually a trace of electric hum in the background that has enough randomness to yield info on when (and sometimes where) the recording took place.
It’s not as much of a privacy violation as a privacy vulnerability, but it’s still relevant.
Most modern cars are SIM-enabled and are constantly sending data back to the mothership. But even those that aren’t will still collect data locally and that data will be collected when you send the car to an “official/licenced/authorized” repair shop.
or any repair show that uses the brand specific diagnostic software, pirated or not
Maybe this. Most smartphones have a modem inside, this modem has a separate closed-sourced operating system and it usually has the main priority in controlling the smartphone relative to the processor running the main operating system, such as Android. Sometimes the modem has access to the microphone or memory, even bypassing the CPU. Although maybe everyone already knows that.
The worst thing about that printer tracking is that we only learned about it around 20 years after they started implementing it. It’s been another 20 years, imagine what they’re doing now.
Photos taken by digital cameras are also trackable in a similar way as prints taken from a printer. I recall reading they were trying to identify the device after a Harry Potter book was leaked by someone taking digital photographs.
Was it just EXIF information or was it something embedded in the pixels? If it’s just EXIF that’s something you can scrub from the file easily.
The Harry Potter thing was EXIF https://www.eff.org/deeplinks/2007/07/harry-potter-and-digital-fingerprints
But pictures can also be traced back to a camera based on irregularities in the camera sensor https://www.scientificamerican.com/article/tracing-photos-back-to-the-camera-that-snapped-them/
Unlike with the printers, there is probably no database of the CMOS sensor irregularities of all cameras ever made. But if you upload pictures under your government name and the take pictures with the same camera and share them anonymously, this could be traced back to you in theory.
sensor pattern noise is recognizable to an extent with pros, but usually its paired with highlight rolloff and other similar qualities. For instance, when I watch a movie, I can figure, okay, this was probably one of the arri’s rather than a RED, etc. Sometimes, especially with a bit of knowledge on how/where they shot this, you can get an even better idea, close to a specific model. Of course if you’re watching an actual movie, this is all after color correction so its more obvious if you have the raw files.
anyway, my point is, people who work with the cameras and files can definitely have at least a good idea of what camera something was shot with, but you’d really need a huge database and computers to do the work to match it exactly. I have colleagues that will show me something they worked on, with cameras they don’t own and between the group of us, someone can immediately spot what camera it was shot on. but! like you said, if you post pictures on the internet, and then more pictures/videos with the same camera elsewhere, yeah it should be theoretically possible to match them with sensor noise pattern. they could at least prove its the same model. i’m not sure how much it differentiates between same camera models, but i can recognize my camera models dnp easy peasy. i have not had any caffeine yet so this is likely a jumbled mess of a thought and i apologize.
And they can do that based on the way your write text posts too, so probably not worth worrying about camera sensor fingerprinting too much.
Just don’t post about your insurrection plans on public forums in general, with or without photos.
Cameras generally have barely noticeable, but uniquely identifiable, defects that will consistently affect pictures. So if you post a photo on your personal Social Media, and then you post a photo from the same camera on Hexbear, those two things could be connected. Just because it can happen doesn’t mean it’s practical, though.
I have no idea if this is what’s been used with the Harry Potter thing.
Exif data. It can be removed with various apps but its in photos by default on most devices
In that case, looks like they didn’t remove the EXIF data.
Even without EXIF data I would bet the actual encoding of the image will be identifiable to a specific instance of the camera software.
Similar to how websites fingerprint your browser by rendering something in the canvas or webgl and sending back the rendered image. The exact same rendering procedure will produce slightly different images for each browser instance. I suspect browsers are fully aware and complicit in this because why the actual fuck would they not make the rendering engines deterministic to their inputs?!
or just the individual characteristics and flaws of the lens/sensor/postprocessing software, some of which can be unique per device, and potentially comparable to other photos made with it.
Social graph connections can be automatically inferred from location data. This has been done by governments (example) for a long time and is also done by private companies (sorry I can’t find a link at the moment).
A lot of stores track your movement through the store with the WiFi or bluetooth your phone sends out, unless you have that turned off. Since it’s “anonymous” not even stuff like the GDPR requires to notify anyone of this.
They also use a heap of cameras with facial recognition to track you.
Ah, shops where I go are not even able to tell whether the beer I’m drinking while shopping is mine or I stole from the shop. Though, they do annoy me when they say I should have left it outside. They do annoy me a lot.
What if you have randomized MAC address for wifi? Will that solve it completely ?
Not really. It doesn’t really rely on MAC adresses, it relies on your phone to constantly blast out “IS ANYONE HERE $HOME_NETWORK_NAME?” (or bluetoothely named “DYPROSIUMS AIRPODS!???”) and it just catches that and then uses classic triangulating to see where you are. They all do that to quickly connect to WiFi without you having to actually type in the SSID because that shits for nerds.
Would or is also a really good way to sniff WiFi passwords. If anybody says “Well yes, I am indeed $HOME_NETWORK_NAME” your phone just hands them the password. It’s probably wrong for THAT network but it does mean you can just collect a whole ass batch of home wifi passwords.
Especially given how many people don’t change shit about their ISP-provided network if you just cyle $common_standard_wifi_names you’re off to a good start to be able to easily infilitrate half your cities WiFi.
Isn’t it common knowledge? I’ve known about it for at least two decades…
BTW - you can easily work around it. Get someone else to buy your printer for you, or trade with someone who has the same printer… Now, they will still be able to match it to the printer, if they find it at your home, but other that that, you are free…
PS. Don’t use your printer to blackmail FBI or CIA. ;-)
No… But i’ve thought about how easy it would be to implement in ebooks and pdfs (e.g. my daily newspaper i can download as pdf). I’ve thought about this when sailing the high seas.
Is it a thing?
Yes, ebooks too. If you’re going to share those, learn how remove any identifying metadata. There are plugins for Calibre for this purpose.
Most ebooks I bought recently come with a warning that the buyer’s data is embedded in the file to deter from sharing it online. TBF it cannot be hard to remove it but I didn’t bother to check how it’s implemented.
It’s prevalent among pdfs downloaded from academic publishers (text listing the receiving IP address and/or institution running down the margins). I wouldn’t be surprised if it’s also done with hidden white text or in the metadata.
Ive never noticed this or heard that printers do that.Is this maybe specific to the USA?Edit: TIL, thank you!
It’s not specific to USA… They do it everywhere - with color-printers. Don’t know if they do it with B/W printers.
They claim it’s to track people who try to print money, but if it were, then they wouldn’t really do it on laser printers too…
If you print a photo on a regular paper, and then shine an UV-light on it, you can see it. It’s mostly small yellow dots.
They use yellow ink for that in colour printers.
Did I not write that?
You wrote more, much; but left this to inference.
I highlighted one bit: yellow.
