Another day, another story about online privacy not being a realistic expectation anymore. This one has to do with A siphoning data or their own use and then sharing with B to gain further insight from the usage signature of the person. The author sketches out a scenario in his essay:
Google Analytics has a “User Explorer” tool, in which you can zoom in on the activity of a specific user. Suppose that someone at Wacom “fingerprints” a target person that they knew in real life by seeing that this person uses a very particular combination of applications. The Wacom employee then uses this fingerprint to find the person in the “User Explorer” tool. Finally the Wacom employee sees that their target also uses “LivingWith: Cancer Support”.
Remember, this information is coming from a device that is essentially a mouse.
This example is admittedly a little contrived, but it’s also an illustration that, even though this data doesn’t come with a name and social security number attached, it is neither benign nor inert.
While that specific example maybe a bit contrived, the general framework is valid. Learn the signature of use based on mouse clicks, typical sequence of applications used/opened. Then augment that data with other facts known about the user to create a fairly unique profile.
While there is nothing new about this process itself, the use of the mouse to harvest our data seems particularly outrageous. This is one of those where you can run but cannot hide from data harvesters. Reading such stories, makes even this very speculative hacking strategy for an air-gapped computer seem within the realm.
Google Analytics has a “User Explorer” tool, in which you can zoom in on the activity of a specific user. Suppose that someone at Wacom “fingerprints” a target person that they knew in real life by seeing that this person uses a very particular combination of applications. The Wacom employee then uses this fingerprint to find the person in the “User Explorer” tool. Finally the Wacom employee sees that their target also uses “LivingWith: Cancer Support”.
Remember, this information is coming from a device that is essentially a mouse.
This example is admittedly a little contrived, but it’s also an illustration that, even though this data doesn’t come with a name and social security number attached, it is neither benign nor inert.
While that specific example maybe a bit contrived, the general framework is valid. Learn the signature of use based on mouse clicks, typical sequence of applications used/opened. Then augment that data with other facts known about the user to create a fairly unique profile.
While there is nothing new about this process itself, the use of the mouse to harvest our data seems particularly outrageous. This is one of those where you can run but cannot hide from data harvesters. Reading such stories, makes even this very speculative hacking strategy for an air-gapped computer seem within the realm.
Comments