One thing I’m concerned about is recording equipment leaving identifiable information without us knowing about it.
Photos taken by digital cameras are also trackable in a similar way as prints taken from a printer. I recall reading they were trying to identify the device after a Harry Potter book was leaked by someone taking digital photographs.
Youre talking about img metadata right? With the right tool you can strip images out of them
That’s the obvious one. But you can also add data to images by adding tiny values to the pixels, it’ll still look the same to us (same as printer tiny dots).
I don’t know if phones actually do this. Just saying it’s possible.
But many uploading sites optimize the images, so it’ll be gone on reshare, but they could get it on first upload.
That’s steganography.
Any image editing tool like mspaint or similar. Just copy paste the pixels into a new image file. Though, the program youre using will probably still add it’s own metadata to the new file, but all the original metadata from the camera won’t be there.
To be clear, this is not about EXIF data (which is its own problem).
Digital cameras can be fingerprinted from the images they produce, due to variations between pixels in any given sensor. If you’re concerned about an image being traced back to your camera, you might consider some post-processing before distributing it.
Exif data. It can be removed with various apps but its in photos by default on most devices
Even without EXIF data I would bet the actual encoding of the image will be identifiable to a specific instance of the camera software.
Similar to how websites fingerprint your browser by rendering something in the canvas or webgl and sending back the rendered image. The exact same rendering procedure will produce slightly different images for each browser instance. I suspect browsers are fully aware and complicit in this because why the actual fuck would they not make the rendering engines deterministic to their inputs?!
or just the individual characteristics and flaws of the lens/sensor/postprocessing software, some of which can be unique per device, and potentially comparable to other photos made with it.
In that case, looks like they didn’t remove the EXIF data.
There was a post not long ago about fingerprinting lense aberrations as a unique id. Idk how practical it is though?
EXIF data?
Apparently! Just looked it up and reports presently say that the Serial Number of device was found to be 560151117 from EXIF data. Camera make : Canon Rebel 350 (also known as the Canon EOS 350D or Canon Digital Rebel XT);
Was it just EXIF information or was it something embedded in the pixels? If it’s just EXIF that’s something you can scrub from the file easily.
The Harry Potter thing was EXIF https://www.eff.org/deeplinks/2007/07/harry-potter-and-digital-fingerprints
But pictures can also be traced back to a camera based on irregularities in the camera sensor https://www.scientificamerican.com/article/tracing-photos-back-to-the-camera-that-snapped-them/
Unlike with the printers, there is probably no database of the CMOS sensor irregularities of all cameras ever made. But if you upload pictures under your government name and the take pictures with the same camera and share them anonymously, this could be traced back to you in theory.
sensor pattern noise is recognizable to an extent with pros, but usually its paired with highlight rolloff and other similar qualities. For instance, when I watch a movie, I can figure, okay, this was probably one of the arri’s rather than a RED, etc. Sometimes, especially with a bit of knowledge on how/where they shot this, you can get an even better idea, close to a specific model. Of course if you’re watching an actual movie, this is all after color correction so its more obvious if you have the raw files.
anyway, my point is, people who work with the cameras and files can definitely have at least a good idea of what camera something was shot with, but you’d really need a huge database and computers to do the work to match it exactly. I have colleagues that will show me something they worked on, with cameras they don’t own and between the group of us, someone can immediately spot what camera it was shot on. but! like you said, if you post pictures on the internet, and then more pictures/videos with the same camera elsewhere, yeah it should be theoretically possible to match them with sensor noise pattern. they could at least prove its the same model. i’m not sure how much it differentiates between same camera models, but i can recognize my camera models dnp easy peasy. i have not had any caffeine yet so this is likely a jumbled mess of a thought and i apologize.
And they can do that based on the way your write text posts too, so probably not worth worrying about camera sensor fingerprinting too much.
Just don’t post about your insurrection plans on public forums in general, with or without photos.
Cameras generally have barely noticeable, but uniquely identifiable, defects that will consistently affect pictures. So if you post a photo on your personal Social Media, and then you post a photo from the same camera on Hexbear, those two things could be connected. Just because it can happen doesn’t mean it’s practical, though.
I have no idea if this is what’s been used with the Harry Potter thing.
There is a new web fingerprinting technique that uses your GPU’s individual idiosyncratic performance characteristics to enable/boost efficacy of web fingerprinting: https://www.bleepingcomputer.com/news/security/researchers-use-gpu-fingerprinting-to-track-users-online/
A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people’s GPUs to create unique fingerprints and use them for persistent web tracking. The results of their large-scale experiment involving 2,550 devices with 1,605 distinct CPU configurations show that their technique, named ‘DrawnApart,’ can boost the median tracking duration to 67% compared to current state-of-the-art methods.
Are there any other examples of these privacy violations that aren’t common knowledge?
Here you go :)
_
Any proof of this just sounds like BS. Even your source doesn’t proof what you are saying. Echo devices ring doorbells nothing about fire tvs.
No where does it state that customer data is being sent to Amazon. And neither that the technology is implemented in Amazon TVs.
Thanks for giving false info or inaccurate source.
At launch (in 2021) the FireTV was not on the list of Sidewalk-enabled products, but given the fact that Sidewalk was enabled without user consent on many existing devices (and has been found to re-enable itself after being disabled) combined with the fact that FireTV devices all have at least the necessary bluetooth radio (even if not the LoRA part, Sidewalk can use both/either) and thus could become sidewalk-enabled by a software update in the future… I would still say that Sidewalk is a reason (among many) to boycott FireTV along with the rest of Amazon’s products.
The takeaway that Amazon built their own mesh network so that their products in neighboring homes can exfiltrate data via eachother whenever any one of them can get online is not false.
I see. Although none of that was listed in the Wikipedia article
For audio recordings, there is usually a trace of electric hum in the background that has enough randomness to yield info on when (and sometimes where) the recording took place.
It’s not as much of a privacy violation as a privacy vulnerability, but it’s still relevant.
Tons of websites record your mouse, keyboard, and scroll activity, and can play back exactly what you saw on your browser window from its backend dashboard as a video. This is called session replay. There are pre-made libraries for this you can import so it’s super common, I believe Mouseflow is one of the biggest providers.
When a mobile app, Windows app, or even website crashes nowadays, it automatically sends the crash dump to the app developer/OS vendor (the OS often does this whether the app requests it or not because the OS developer themselves are interested in what apps crash and in what ways). We’re talking full memory dump, so whatever private data was in the app’s memory when it crashed gets uploaded to a server somewhere without your consent, and almost certainly kept forever. God help you if the OS itself crashes because your entire computer’s state is getting reported to the devs.
Your phone’s gyroscope can record what you say by sensing vibrations in the air. It may or may not be something humans will recognize as speech if played back because the frequency range is too limited, but it’s been shown that there’s enough information for a speech recognition AI to decode. Good chance the accelerometer and other sensors can be used in the same way, and using them together will increase the fidelity making it easier to decode. Oh did I mention no device has ever implemented permission controls for sensors so any app or even website can access them without your consent or knowledge?
Correction: GrapheneOS has implemented permission controls for sensors. It also has sandboxing and permission scopes to prevent many of those leaks.
However, Graphene is not available to everyone, and it’s still problematic due to bystanders/passerby.
nah only the minidump is reported back which only contains the memory the crashing stack is using. Sending the full dump would requires uploading gigabytes of data which would cripple any home internet as they mostly have very limited upstream bandwidth.
Though iirc a system crash report can include a kernel dump, which can contain things like private keys.
Though realistically, Microsoft controls your OS. They could easily add code to allow them to grab whatever they want from your system without any logging (by your system anyways).
That actually makes me wonder if there are any apps that run on both a system and the router that system is connected to to determine if the internet traffic as reported by the system (to the user) is the same as what the router sees as a way to detect anything using network resources but bypassing the normal network stack.
you certainly can just run wireshark on your PC and your router, then compare them in the end of the day (with your router’s file filtered your PC’s source address)
Though realistically, Microsoft controls your OS
They most certainly do not.
Yeah, sorry, I meant for anyone worried about windows crash reports.
Microsoft controls your windows OS.
A lot of stores track your movement through the store with the WiFi or bluetooth your phone sends out, unless you have that turned off. Since it’s “anonymous” not even stuff like the GDPR requires to notify anyone of this.
This can also be done via the security cameras mounted in the ceiling.
They also use a heap of cameras with facial recognition to track you.
Ah, shops where I go are not even able to tell whether the beer I’m drinking while shopping is mine or I stole from the shop. Though, they do annoy me when they say I should have left it outside. They do annoy me a lot.
Same with our kindergarten, they have no chill.
What if you have randomized MAC address for wifi? Will that solve it completely ?
Not really. It doesn’t really rely on MAC adresses, it relies on your phone to constantly blast out “IS ANYONE HERE $HOME_NETWORK_NAME?” (or bluetoothely named “DYPROSIUMS AIRPODS!???”) and it just catches that and then uses classic triangulating to see where you are. They all do that to quickly connect to WiFi without you having to actually type in the SSID because that shits for nerds.
Would or is also a really good way to sniff WiFi passwords. If anybody says “Well yes, I am indeed $HOME_NETWORK_NAME” your phone just hands them the password. It’s probably wrong for THAT network but it does mean you can just collect a whole ass batch of home wifi passwords.
Especially given how many people don’t change shit about their ISP-provided network if you just cyle $common_standard_wifi_names you’re off to a good start to be able to easily infilitrate half your cities WiFi.
Would or is also a really good way to sniff WiFi passwords. If anybody says “Well yes, I am indeed $HOME_NETWORK_NAME” your phone just hands them the password.
okay that’s very untrue… wifi passwords aren’t really passwords; more accurately they’re pre-shared keys… they are used to generate the encryption parameters used to talk to the AP. the password is never sent over the air, and there’s a 4-way handshake
Is it also untrue that phones broadcast their home wifi SSIDs when out and about?
i’m fairly sure it’s untrue yes but didn’t want to comment that because i don’t know for sure, and honestly it’s a little null and void because they definitely do broadcast all kinds of bluetooth stuff which is equally trackable (though i guess with all the wifi location data you can correlate someone in the store to where they live pretty much perfectly accurately where bluetooth info is less useful in that regard)
i’m 99% sure your phone scans for available wifi networks, sees one it knows and then connects, but i could see a situation where it’s 2s faster to just keep trying so for a “good user experience” some shit company decided to start doing it… but i’m pretty sure for apple pr google that’d result in a CVE
Well just recently learned that some printers exfiltrate data from air gapped networks through ink cartridges.
Ive never noticed this or heard that printers do that.Is this maybe specific to the USA?Edit: TIL, thank you!
It’s not specific to USA… They do it everywhere - with color-printers. Don’t know if they do it with B/W printers.
They claim it’s to track people who try to print money, but if it were, then they wouldn’t really do it on laser printers too…
If you print a photo on a regular paper, and then shine an UV-light on it, you can see it. It’s mostly small yellow dots.
There is software you can use that adds all the other dot patterns to essentially anonymize your printer.
I know - but it’s good that you added that to what I wrote. :-)
They use yellow ink for that in colour printers.
I just occured to me that could be the reason for when a color printer wont even let you print, say, pure black text, even though it only has emptied some of the colored ink, but still has plenty of black ink left to do the job…
Did I not write that?
You wrote more, much; but left this to inference.
I highlighted one bit: yellow.
deleted by creator
Most modern cars are SIM-enabled and are constantly sending data back to the mothership. But even those that aren’t will still collect data locally and that data will be collected when you send the car to an “official/licenced/authorized” repair shop.
I hate this.
I’m still driving a '99 vehicle and the most advanced thing about it are the power windows. I dread upgrading to a vehicle that can break in so many new ways. I hate that everything has touch screens and the software on many is awful and if it breaks, surprise, you have no music in your car now.
Those still have an ECU that stores most of the same data. It knows you speed, it knows how hard you brake, etc. anything with an OBD will store data. And that’s carssince the 70s
deleted by creator
You’ll be surprised, they take snapshots at certain points. In a collision all vehicles will store last 5 or so seconds of data, speed, see if brakes are engaged, stuff like that, it’s all used in collision investigations. There’s not a single car I think that’s doesn’t do this. As I said, it’s in some form, but your vehicle does know if you’ve sped if it has an obd on it.
What do you think basic OBD stuff is? It’s all that information and that’s used to see if anything’s wrong with the vehicle.
deleted by creator
No, even ODB from the 70s records you max reached speed, if you’ve hit the governer/rev limiter and how many times.
It’s nothing modern, modern just does it more frequent, more situations, more information, more data points, and mandatory black boxes.
And many vehicles from 2000 onwards have dedicated EDR boxes, what make and model and trim is your 2012?
So sounds like you don’t quite know what’s going on under your hood there ;)
or any repair show that uses the brand specific diagnostic software, pirated or not
Earlier this year during the CCC security conference it was revealed that the tracking info of 800k Volkswagen cars was publicly accessible…
The talk is available in English as well I believe: https://media.ccc.de/v/38c3-wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen
So where’s the directory of where to find the transmitter/SIM in specific vehicles?
You can look this up for your model. When I was looking this, there was a youtube video showing how to physically renove chevy’s onstar thing in the car
I have heard firsthand that investigators just go for the car instead of the phone since it is way easier to get data from the car.
Isn’t it common knowledge? I’ve known about it for at least two decades…
BTW - you can easily work around it. Get someone else to buy your printer for you, or trade with someone who has the same printer… Now, they will still be able to match it to the printer, if they find it at your home, but other that that, you are free…
PS. Don’t use your printer to blackmail FBI or CIA. ;-)
Pro tip: If you use a pen and paper to blackmail the FBI and CIA, they can’t trace it back to you using invisible yellow dots.
They’ll still identify you by your wax seals. /s
It’d be uncouth to send blackmail without your family’s seal
Forgery of your family seal better be punishable by penalty of death as punishment.
There is no connection from a random printer you buy somewhere anonymous to you. They can “only” verify something was (not) printed with that printer.
As I said - but there could be a connection. Did you use cash or a card? Some places you have a membership, or they ask if you want the receipt on your mail…
There is still no connection. How should there be one?
Feel free to believe that. 🙃 Far be it for me, to educate you…
So you just want to say things you believe and not tell others why you believe them and even dislike being asked?
Removed by mod
No you don’t get it, if you swap paper with your cousin before printing the feds won’t have a fucking clue.
No, I don’t think that’s how it works. Regardless of what paper you feed it, the printer will stamp it with its unique yellow dots pattern.
Are you serious dude? 3 days late just for you to bite on some joke response?
Some of us don’t live online, friend. And if that was a joke, count me oblivious lol
It’s made to trace counterfeit money back.
That’s essentially what I wrote…?!?
https://www.technologyreview.com/2024/02/27/1088154/wifi-sensing-tracking-movements/
WiFi-based human motion detection through barriers
Social graph connections can be automatically inferred from location data. This has been done by governments (example) for a long time and is also done by private companies (sorry I can’t find a link at the moment).
deleted by creator
Are they in laser as well? This is way older than laser.
Doubt. Laser printers were invented in the early 1970s and were common by the mid 1980s. I don’t think this tracking started until inkjets and scanners got good enough that the government got concerned about them being used for counterfeiting, I’d guess mid to late 90s at the earliest.
