One thing I’m concerned about is recording equipment leaving identifiable information without us knowing about it.
Tons of websites record your mouse, keyboard, and scroll activity, and can play back exactly what you saw on your browser window from its backend dashboard as a video. This is called session replay. There are pre-made libraries for this you can import so it’s super common, I believe Mouseflow is one of the biggest providers.
When a mobile app, Windows app, or even website crashes nowadays, it automatically sends the crash dump to the app developer/OS vendor (the OS often does this whether the app requests it or not because the OS developer themselves are interested in what apps crash and in what ways). We’re talking full memory dump, so whatever private data was in the app’s memory when it crashed gets uploaded to a server somewhere without your consent, and almost certainly kept forever. God help you if the OS itself crashes because your entire computer’s state is getting reported to the devs.
Your phone’s gyroscope can record what you say by sensing vibrations in the air. It may or may not be something humans will recognize as speech if played back because the frequency range is too limited, but it’s been shown that there’s enough information for a speech recognition AI to decode. Good chance the accelerometer and other sensors can be used in the same way, and using them together will increase the fidelity making it easier to decode. Oh did I mention no device has ever implemented permission controls for sensors so any app or even website can access them without your consent or knowledge?
nah only the minidump is reported back which only contains the memory the crashing stack is using. Sending the full dump would requires uploading gigabytes of data which would cripple any home internet as they mostly have very limited upstream bandwidth.
Though iirc a system crash report can include a kernel dump, which can contain things like private keys.
Though realistically, Microsoft controls your OS. They could easily add code to allow them to grab whatever they want from your system without any logging (by your system anyways).
That actually makes me wonder if there are any apps that run on both a system and the router that system is connected to to determine if the internet traffic as reported by the system (to the user) is the same as what the router sees as a way to detect anything using network resources but bypassing the normal network stack.
Though realistically, Microsoft controls your OS
They most certainly do not.
Maybe this. Most smartphones have a modem inside, this modem has a separate closed-sourced operating system and it usually has the main priority in controlling the smartphone relative to the processor running the main operating system, such as Android. Sometimes the modem has access to the microphone or memory, even bypassing the CPU. Although maybe everyone already knows that.
Snowden gave us this info, right?
I’ve wondered for a while if something like this is why Google allowed their bootloaders to be unlocked, because they can get at everything anyways.
And I bet that if that was the case, they’ve backed off that for future phones because of those stories about law enforcement seeing having those phones as suspicious, which could hurt sales, since I bet the majority of pixel users don’t switch operating systems.
Most modern cars are SIM-enabled and are constantly sending data back to the mothership. But even those that aren’t will still collect data locally and that data will be collected when you send the car to an “official/licenced/authorized” repair shop.
I hate this.
I’m still driving a '99 vehicle and the most advanced thing about it are the power windows. I dread upgrading to a vehicle that can break in so many new ways. I hate that everything has touch screens and the software on many is awful and if it breaks, surprise, you have no music in your car now.
Those still have an ECU that stores most of the same data. It knows you speed, it knows how hard you brake, etc. anything with an OBD will store data. And that’s carssince the 70s
deleted by creator
You’ll be surprised, they take snapshots at certain points. In a collision all vehicles will store last 5 or so seconds of data, speed, see if brakes are engaged, stuff like that, it’s all used in collision investigations. There’s not a single car I think that’s doesn’t do this. As I said, it’s in some form, but your vehicle does know if you’ve sped if it has an obd on it.
What do you think basic OBD stuff is? It’s all that information and that’s used to see if anything’s wrong with the vehicle.
deleted by creator
No, even ODB from the 70s records you max reached speed, if you’ve hit the governer/rev limiter and how many times.
It’s nothing modern, modern just does it more frequent, more situations, more information, more data points, and mandatory black boxes.
And many vehicles from 2000 onwards have dedicated EDR boxes, what make and model and trim is your 2012?
So sounds like you don’t quite know what’s going on under your hood there ;)
or any repair show that uses the brand specific diagnostic software, pirated or not
Any proof of this just sounds like BS. Even your source doesn’t proof what you are saying. Echo devices ring doorbells nothing about fire tvs.
No where does it state that customer data is being sent to Amazon. And neither that the technology is implemented in Amazon TVs.
Thanks for giving false info or inaccurate source.
At launch (in 2021) the FireTV was not on the list of Sidewalk-enabled products, but given the fact that Sidewalk was enabled without user consent on many existing devices (and has been found to re-enable itself after being disabled) combined with the fact that FireTV devices all have at least the necessary bluetooth radio (even if not the LoRA part, Sidewalk can use both/either) and thus could become sidewalk-enabled by a software update in the future… I would still say that Sidewalk is a reason (among many) to boycott FireTV along with the rest of Amazon’s products.
The takeaway that Amazon built their own mesh network so that their products in neighboring homes can exfiltrate data via eachother whenever any one of them can get online is not false.
I see. Although none of that was listed in the Wikipedia article
Social graph connections can be automatically inferred from location data. This has been done by governments (example) for a long time and is also done by private companies (sorry I can’t find a link at the moment).
Photos taken by digital cameras are also trackable in a similar way as prints taken from a printer. I recall reading they were trying to identify the device after a Harry Potter book was leaked by someone taking digital photographs.
There was a post not long ago about fingerprinting lense aberrations as a unique id. Idk how practical it is though?
Exif data. It can be removed with various apps but its in photos by default on most devices
or just the individual characteristics and flaws of the lens/sensor/postprocessing software, some of which can be unique per device, and potentially comparable to other photos made with it.
Even without EXIF data I would bet the actual encoding of the image will be identifiable to a specific instance of the camera software.
Similar to how websites fingerprint your browser by rendering something in the canvas or webgl and sending back the rendered image. The exact same rendering procedure will produce slightly different images for each browser instance. I suspect browsers are fully aware and complicit in this because why the actual fuck would they not make the rendering engines deterministic to their inputs?!
EXIF data?
Youre talking about img metadata right? With the right tool you can strip images out of them
That’s the obvious one. But you can also add data to images by adding tiny values to the pixels, it’ll still look the same to us (same as printer tiny dots).
I don’t know if phones actually do this. Just saying it’s possible.
But many uploading sites optimize the images, so it’ll be gone on reshare, but they could get it on first upload.
That’s steganography.
Any image editing tool like mspaint or similar. Just copy paste the pixels into a new image file. Though, the program youre using will probably still add it’s own metadata to the new file, but all the original metadata from the camera won’t be there.
Well just recently learned that some printers exfiltrate data from air gapped networks through ink cartridges.
No… But i’ve thought about how easy it would be to implement in ebooks and pdfs (e.g. my daily newspaper i can download as pdf). I’ve thought about this when sailing the high seas.
Is it a thing?
Most ebooks I bought recently come with a warning that the buyer’s data is embedded in the file to deter from sharing it online. TBF it cannot be hard to remove it but I didn’t bother to check how it’s implemented.
It’s prevalent among pdfs downloaded from academic publishers (text listing the receiving IP address and/or institution running down the margins). I wouldn’t be surprised if it’s also done with hidden white text or in the metadata.
Watermarking is definitely a thing. Whistle-blower have to think about that as well.
Yeah - was motivated to do a search :) https://www.lemonink.co/home#start-using
That ATM cash tracking thing comes to mind
What is it?
Banks can track each banknotes serial number when you receive them from the ATM and when they are returned from the store you spent them at. This data could then be used to create a complete profile of your spending habits.
Doesn’t work very well if you buy something directly from someone. Or if your cash is given out as change. Seems like it would make a wildly inaccurate profile.
Lots of stores also gives bills back out, the system makes zero sense, it can’t track anything at all. Like maybe 5% of bills are used once and then returned to the bank.
Exactly.
They don’t give $100 bills back out.
For cashback? Why wouldn’t they. That’s also why this system makes no sense, avoid the atm, use cashback. Fuck everyone’s metrics up.
Most places don’t do cash back, and the ones that do tend to have a limit of like $40. Wal Mart is a bit of an exception, as they’ll do $100, but you aren’t getting a $100 bill from them through their self checkout. You’ll only get 20’s.
So if you go to Wal Mart, and you go to one of the few real people to check you out, and you ask for it back in a $100 bill, and the teller happens to have gotten a $100 in since they had started that day, and the front lead hadn’t already cashed out the register since they received that $100 bill, then yes. In that case you’ll get a $100 bill and will slightly fuzz up the tracking metrics they could theoretically do.
ATMs give out $20 bills. In order to get one back as change you’d have to pay with a bill larger than $20. I don’t remember the last time I carried something larger than a 20.
They give out $100’s if you aren’t a poor people.
But seriously though. A lot of ATM’s will do 100’s, anymore.
Bank ATMs can give out any denomination.
Given a large enough time frame this can be treated as random noise which is easily filtered out, and this data isn’t necessarily meant to track your supermarket shopping. For example, you can use it to figure out where somebody went who has gone into hiding. They might have cleared out their bank accounts before leaving and with that data you can see where these banknotes are now showing up. Just wait at the store they apparently visit every Tuesday.
That’s completely made up. Most bills are given out to other customers once used in a store, the amount of bills that are used once and returned to the bank would be well under 5%.
Fantastic fabricated story though. Money laundering which has been done for decades would defeat this, it’s a scary story to share that has zero basis on reality.
Netzpolitik recently did an article about that. I consider them a credible source. How often bills are used before there are returned to the bank heavily depends on the denomination. Larger bills don’t circulate as much and at least in my country most stores return their cash income to the bank on a daily basis. People also tend to spend their money around the area where they live, so even if you couldn’t figure out which exact store a targeted person spends their money at due to circulation (which I doubt), you can still quickly find the general area in which they are staying.
Without some type of visual confirmation, it’s all noise.
On my way home from work, I grab $600 from the atm, $300 for my wife’s tattoo, $200 for me, and $100 for wife spending money.
After the appt the tattoos artists wife takes $200 and flys across country that night. I spend my $200 at the peelers, all those go to a dozen different girls and servers. My wife the next day goes shopping at an outlet mall and spends her $100 at 4 stores. The tattoo artist spends his $100 on beer.
We live on the same block and I pulled the money out across town. Who’s is the original takers purchases….?
It’s 95% noise, it’s useless unless you’re an investigator and have boots on the ground.
Again, it’s a fun story to share around the campfire though. Is it possible, yes, can it be done in actual practice, absolutely not. Not without some other information.
It’s like a machine that behaves as a bank teller, kind of automatically.
You’re kidding, Shirley.
Don’t call me surely.
Isn’t it common knowledge? I’ve known about it for at least two decades…
BTW - you can easily work around it. Get someone else to buy your printer for you, or trade with someone who has the same printer… Now, they will still be able to match it to the printer, if they find it at your home, but other that that, you are free…
PS. Don’t use your printer to blackmail FBI or CIA. ;-)
Pro tip: If you use a pen and paper to blackmail the FBI and CIA, they can’t trace it back to you using invisible yellow dots.
They’ll still identify you by your wax seals. /s
It’d be uncouth to send blackmail without your family’s seal
It’s made to trace counterfeit money back.
That’s essentially what I wrote…?!?
There is no connection from a random printer you buy somewhere anonymous to you. They can “only” verify something was (not) printed with that printer.
No you don’t get it, if you swap paper with your cousin before printing the feds won’t have a fucking clue.
As I said - but there could be a connection. Did you use cash or a card? Some places you have a membership, or they ask if you want the receipt on your mail…
There is still no connection. How should there be one?
Feel free to believe that. 🙃 Far be it for me, to educate you…
So you just want to say things you believe and not tell others why you believe them and even dislike being asked?
If you don’t know how your credit cars ties you to a printer with a serial number, sold by a store that saves it all - then I don’t want to help you. It’s not a belief, it’s fact. I like being asked, I don’t like ignorant morons, that says stupid things and either want to pick a fight, or are truly clueless. You can decide for yourself, which category you are in… Now go troll someone else.
Ive never noticed this or heard that printers do that.Is this maybe specific to the USA?Edit: TIL, thank you!
It’s not specific to USA… They do it everywhere - with color-printers. Don’t know if they do it with B/W printers.
They claim it’s to track people who try to print money, but if it were, then they wouldn’t really do it on laser printers too…
If you print a photo on a regular paper, and then shine an UV-light on it, you can see it. It’s mostly small yellow dots.
There is software you can use that adds all the other dot patterns to essentially anonymize your printer.
I know - but it’s good that you added that to what I wrote. :-)
They use yellow ink for that in colour printers.
I just occured to me that could be the reason for when a color printer wont even let you print, say, pure black text, even though it only has emptied some of the colored ink, but still has plenty of black ink left to do the job…
Did I not write that?
Its called MIC. Or Machine ident. Code , its all around,
deleted by creator
Aren’t these only produced by laser printers?
Are they in laser as well? This is way older than laser.
Doubt. Laser printers were invented in the early 1970s and were common by the mid 1980s. I don’t think this tracking started until inkjets and scanners got good enough that the government got concerned about them being used for counterfeiting, I’d guess mid to late 90s at the earliest.
