>If the Tor user has his phone somewhere nearby and if certain types of apps are on his phone, then his mobile device will ping back one or more advertisers with details about his device, so the advertiser can build an advertising profile on the user, linking his computer with his phone.
This is pretty contrived...
Well it can't obviously, but lots of people (although maybe not the types of people who use tor) browse the internet with their speakers on and active. Most people don't unmute their speakers just before they're about to listen to something.
> How do they bypass the little sound notification on my tabs?
Admittedly they probably can't, but are you sure you're going to notice a flicker as a short sound is played and then stops?
I think the most contrived part is your mobile being always-on/always listening, given that you're likely to notice this due to reduced battery life. But given that certain hardware now has support for always-on keyword detection, you can see a future when this could happen.
Even if it was the case, I can't imagine such apps would give granular enough information to be enormously useful. You'd get one, maybe two people to actually get their computers to play the audio and have it picked up by a device that's actually listening for it. What then? How many advertising companies with legitimate marketing businesses actually sell the user identities? You'd get what, a UUID, maybe some aggregate demographic information, and a rough location. It seems unlikely that such a platform would actually give out specific PII for individuals.
It would not need to be constantly listening for it to be useful. If the point is identification, why would you leave it on after you have reasonably identified the person?
Surely the user would have had to approve microphone access for the app first, and it'd better have a good excuse.
Even then, does e.g. iOS allow backgrounded apps to listen in on the microphone ? Pretty sure only Siri has that level of privilege.
Has this whole ultrasound beacon thing taken off in the ad world ? Seems to (thankfully) require quite active user involvement to be able to work.
Does it? Aren't people generally in the habit of signing off on any access if they want what an app offers?
It's IE-specific, though, so won't work in a Tor browser.
[1]: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/bg...
The first thing one should do after installing the Tor Browser Bundle is open up about:config, search for javascript.enabled, and set it to false.
If an onion site doesn't work without JS, you probably don't want to be on it anyway.
On the other hand there might be legitimate uses for such tech so maybe better to have it as a security option to send and receive ultrasound per individual, i.e. if I can't hear above 10khz maybe I can set my audio to not send or receive above that without app specific permission
https://github.com/MAVProxyUser/SilverPushUnmasked/commit/bc...
Theoretically, there's no reason to trust a physical switch more than a software switch, unless you've opened the computer and verified that the physical switch breaks all circuits to all wifi radios. The physical switch could merely control software, or it might control one connection to one radio but not others.
In what world is that ever a sane thing to do?
I've got scuba-diving computers that need special cables to sync with my PC: if they could sync with nothing more than a webpage and speakers, that would be pretty neat.
Been using it for a few months now and have found it invaluable.
If there's any monkey business going on with my audio, I want it in the range where I can hear it!
https://addons.mozilla.org/en-us/firefox/addon/mute-tab/
All tabs default to muted, and you can selectively un-mute tabs or whitelist sites as needed.
I've certainly appreciated the default state of pages being muted.
For background, a HN submission a year ago about these kinds of ads linking to phones, from Ars Technica [1], which some choice comments being one naming such an ad company [2] while a different subthread explores another [3][4].
Prior art in this space includes the work of Boris Smus [5], who then went on to develop the guest pairing mode for Chromecast using this technique. There have been other efforts over the years, some before, but certainly after, and of course the use of sound to transmit digital information is an old trick that makes modems possible, but in those days the lines didn't have the bandwidth to carry ultrasound.
[1] https://news.ycombinator.com/item?id=10562207 [2] https://news.ycombinator.com/item?id=10563384 [3] https://news.ycombinator.com/item?id=10563369 [4] https://news.ycombinator.com/item?id=10563031 [5] https://news.ycombinator.com/item?id=10562787
This generally doesn't work in mobile, though, or at least reception doean't. Also, neither desktop nor mobile Safari can do mic access, and firefox's mic won't pick up ultrasonic. So try desktop Chrome :)
Enhance your products by integrating with Chirp™
- the world’s most trusted data-over-audio technology
used by the leading brands in more than 90 countries