One thing I’m concerned about is recording equipment leaving identifiable information without us knowing about it.
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 113 users / day
- 519 users / week
- 1.44K users / month
- 4.49K users / 6 months
- 1 subscriber
- 4.32K Posts
- 109K Comments
- Modlog
Tons of websites record your mouse, keyboard, and scroll activity, and can play back exactly what you saw on your browser window from its backend dashboard as a video. This is called session replay. There are pre-made libraries for this you can import so it’s super common, I believe Mouseflow is one of the biggest providers.
When a mobile app, Windows app, or even website crashes nowadays, it automatically sends the crash dump to the app developer/OS vendor (the OS often does this whether the app requests it or not because the OS developer themselves are interested in what apps crash and in what ways). We’re talking full memory dump, so whatever private data was in the app’s memory when it crashed gets uploaded to a server somewhere without your consent, and almost certainly kept forever. God help you if the OS itself crashes because your entire computer’s state is getting reported to the devs.
Your phone’s gyroscope can record what you say by sensing vibrations in the air. It may or may not be something humans will recognize as speech if played back because the frequency range is too limited, but it’s been shown that there’s enough information for a speech recognition AI to decode. Good chance the accelerometer and other sensors can be used in the same way, and using them together will increase the fidelity making it easier to decode. Oh did I mention no device has ever implemented permission controls for sensors so any app or even website can access them without your consent or knowledge?
nah only the minidump is reported back which only contains the memory the crashing stack is using. Sending the full dump would requires uploading gigabytes of data which would cripple any home internet as they mostly have very limited upstream bandwidth.
Maybe this. Most smartphones have a modem inside, this modem has a separate closed-sourced operating system and it usually has the main priority in controlling the smartphone relative to the processor running the main operating system, such as Android. Sometimes the modem has access to the microphone or memory, even bypassing the CPU. Although maybe everyone already knows that.
Most modern cars are SIM-enabled and are constantly sending data back to the mothership. But even those that aren’t will still collect data locally and that data will be collected when you send the car to an “official/licenced/authorized” repair shop.
I hate this.
I’m still driving a '99 vehicle and the most advanced thing about it are the power windows. I dread upgrading to a vehicle that can break in so many new ways. I hate that everything has touch screens and the software on many is awful and if it breaks, surprise, you have no music in your car now.
Those still have an ECU that stores most of the same data. It knows you speed, it knows how hard you brake, etc. anything with an OBD will store data. And that’s carssince the 70s
Depends on the car. Most older cars are concerned with basic OBD stuff, faults, and engine management. I have a 2012 and it doesn’t record anything interesting at all. Just engine data. You are right though, a few do save data, I just don’t know which ones, what year they start, and the depth of data recorded. The ‘70’s still had most cars running a regular analog mechanical system or maybe an electronic ignition controlled by an ECU. The ECUs most similar to today’s started becoming more common in the ‘80s.
You’ll be surprised, they take snapshots at certain points. In a collision all vehicles will store last 5 or so seconds of data, speed, see if brakes are engaged, stuff like that, it’s all used in collision investigations. There’s not a single car I think that’s doesn’t do this. As I said, it’s in some form, but your vehicle does know if you’ve sped if it has an obd on it.
What do you think basic OBD stuff is? It’s all that information and that’s used to see if anything’s wrong with the vehicle.
I’m pretty familiar. I think you’re more referring to modern CAN bus systems that record everything under the sun. Basic ECUs from back in the 80s just didn’t do as much. Even my ‘12 only has OBD2 and the data collection is limited. I have so e fairly advanced diagnostic equipment to read all this stuff. The only thing I can’t do is program it, but I’ll be doing that soon enough.
or any repair show that uses the brand specific diagnostic software, pirated or not
If you don’t connect your Fire TV or other Amazon device to the internet it will talk to your next door neighbors Echo or whatever to send your data back to Amazon.
Any proof of this just sounds like BS. Even your source doesn’t proof what you are saying. Echo devices ring doorbells nothing about fire tvs.
No where does it state that customer data is being sent to Amazon. And neither that the technology is implemented in Amazon TVs.
Thanks for giving false info or inaccurate source.
At launch (in 2021) the FireTV was not on the list of Sidewalk-enabled products, but given the fact that Sidewalk was enabled without user consent on many existing devices (and has been found to re-enable itself after being disabled) combined with the fact that FireTV devices all have at least the necessary bluetooth radio (even if not the LoRA part, Sidewalk can use both/either) and thus could become sidewalk-enabled by a software update in the future… I would still say that Sidewalk is a reason (among many) to boycott FireTV along with the rest of Amazon’s products.
The takeaway that Amazon built their own mesh network so that their products in neighboring homes can exfiltrate data via eachother whenever any one of them can get online is not false.
I see. Although none of that was listed in the Wikipedia article
Social graph connections can be automatically inferred from location data. This has been done by governments (example) for a long time and is also done by private companies (sorry I can’t find a link at the moment).
The worst thing about that printer tracking is that we only learned about it around 20 years after they started implementing it. It’s been another 20 years, imagine what they’re doing now.
Photos taken by digital cameras are also trackable in a similar way as prints taken from a printer. I recall reading they were trying to identify the device after a Harry Potter book was leaked by someone taking digital photographs.
There was a post not long ago about fingerprinting lense aberrations as a unique id. Idk how practical it is though?
Exif data. It can be removed with various apps but its in photos by default on most devices
Even without EXIF data I would bet the actual encoding of the image will be identifiable to a specific instance of the camera software.
Similar to how websites fingerprint your browser by rendering something in the canvas or webgl and sending back the rendered image. The exact same rendering procedure will produce slightly different images for each browser instance. I suspect browsers are fully aware and complicit in this because why the actual fuck would they not make the rendering engines deterministic to their inputs?!
or just the individual characteristics and flaws of the lens/sensor/postprocessing software, some of which can be unique per device, and potentially comparable to other photos made with it.
EXIF data?
https://en.wikipedia.org/wiki/Exif
Was it just EXIF information or was it something embedded in the pixels? If it’s just EXIF that’s something you can scrub from the file easily.
The Harry Potter thing was EXIF https://www.eff.org/deeplinks/2007/07/harry-potter-and-digital-fingerprints
But pictures can also be traced back to a camera based on irregularities in the camera sensor https://www.scientificamerican.com/article/tracing-photos-back-to-the-camera-that-snapped-them/
Unlike with the printers, there is probably no database of the CMOS sensor irregularities of all cameras ever made. But if you upload pictures under your government name and the take pictures with the same camera and share them anonymously, this could be traced back to you in theory.
sensor pattern noise is recognizable to an extent with pros, but usually its paired with highlight rolloff and other similar qualities. For instance, when I watch a movie, I can figure, okay, this was probably one of the arri’s rather than a RED, etc. Sometimes, especially with a bit of knowledge on how/where they shot this, you can get an even better idea, close to a specific model. Of course if you’re watching an actual movie, this is all after color correction so its more obvious if you have the raw files.
anyway, my point is, people who work with the cameras and files can definitely have at least a good idea of what camera something was shot with, but you’d really need a huge database and computers to do the work to match it exactly. I have colleagues that will show me something they worked on, with cameras they don’t own and between the group of us, someone can immediately spot what camera it was shot on. but! like you said, if you post pictures on the internet, and then more pictures/videos with the same camera elsewhere, yeah it should be theoretically possible to match them with sensor noise pattern. they could at least prove its the same model. i’m not sure how much it differentiates between same camera models, but i can recognize my camera models dnp easy peasy. i have not had any caffeine yet so this is likely a jumbled mess of a thought and i apologize.
And they can do that based on the way your write text posts too, so probably not worth worrying about camera sensor fingerprinting too much.
Just don’t post about your insurrection plans on public forums in general, with or without photos.
Cameras generally have barely noticeable, but uniquely identifiable, defects that will consistently affect pictures. So if you post a photo on your personal Social Media, and then you post a photo from the same camera on Hexbear, those two things could be connected. Just because it can happen doesn’t mean it’s practical, though.
I have no idea if this is what’s been used with the Harry Potter thing.
Youre talking about img metadata right? With the right tool you can strip images out of them
Any image editing tool like mspaint or similar. Just copy paste the pixels into a new image file. Though, the program youre using will probably still add it’s own metadata to the new file, but all the original metadata from the camera won’t be there.
That’s the obvious one. But you can also add data to images by adding tiny values to the pixels, it’ll still look the same to us (same as printer tiny dots).
I don’t know if phones actually do this. Just saying it’s possible.
But many uploading sites optimize the images, so it’ll be gone on reshare, but they could get it on first upload.
That’s steganography.
Well just recently learned that some printers exfiltrate data from air gapped networks through ink cartridges.
https://lemmy.world/post/37486114
No… But i’ve thought about how easy it would be to implement in ebooks and pdfs (e.g. my daily newspaper i can download as pdf). I’ve thought about this when sailing the high seas.
Is it a thing?
Most ebooks I bought recently come with a warning that the buyer’s data is embedded in the file to deter from sharing it online. TBF it cannot be hard to remove it but I didn’t bother to check how it’s implemented.
It’s prevalent among pdfs downloaded from academic publishers (text listing the receiving IP address and/or institution running down the margins). I wouldn’t be surprised if it’s also done with hidden white text or in the metadata.
Watermarking is definitely a thing. Whistle-blower have to think about that as well.
Yeah - was motivated to do a search :) https://www.lemonink.co/home#start-using
Isn’t it common knowledge? I’ve known about it for at least two decades…
BTW - you can easily work around it. Get someone else to buy your printer for you, or trade with someone who has the same printer… Now, they will still be able to match it to the printer, if they find it at your home, but other that that, you are free…
PS. Don’t use your printer to blackmail FBI or CIA. ;-)
Pro tip: If you use a pen and paper to blackmail the FBI and CIA, they can’t trace it back to you using invisible yellow dots.
They’ll still identify you by your wax seals. /s
It’d be uncouth to send blackmail without your family’s seal
It’s made to trace counterfeit money back.
That’s essentially what I wrote…?!?
There is no connection from a random printer you buy somewhere anonymous to you. They can “only” verify something was (not) printed with that printer.
As I said - but there could be a connection. Did you use cash or a card? Some places you have a membership, or they ask if you want the receipt on your mail…
There is still no connection. How should there be one?
Feel free to believe that. 🙃 Far be it for me, to educate you…
So you just want to say things you believe and not tell others why you believe them and even dislike being asked?
If you don’t know how your credit cars ties you to a printer with a serial number, sold by a store that saves it all - then I don’t want to help you. It’s not a belief, it’s fact. I like being asked, I don’t like ignorant morons, that says stupid things and either want to pick a fight, or are truly clueless. You can decide for yourself, which category you are in… Now go troll someone else.
No you don’t get it, if you swap paper with your cousin before printing the feds won’t have a fucking clue.
That ATM cash tracking thing comes to mind
What is it?
Banks can track each banknotes serial number when you receive them from the ATM and when they are returned from the store you spent them at. This data could then be used to create a complete profile of your spending habits.
https://www.heise.de/en/news/Bill-tracking-Increasing-cash-tracking-worries-data-protectionists-10481696.html
Doesn’t work very well if you buy something directly from someone. Or if your cash is given out as change. Seems like it would make a wildly inaccurate profile.
Lots of stores also gives bills back out, the system makes zero sense, it can’t track anything at all. Like maybe 5% of bills are used once and then returned to the bank.
They don’t give $100 bills back out.
For cashback? Why wouldn’t they. That’s also why this system makes no sense, avoid the atm, use cashback. Fuck everyone’s metrics up.
Most places don’t do cash back, and the ones that do tend to have a limit of like $40. Wal Mart is a bit of an exception, as they’ll do $100, but you aren’t getting a $100 bill from them through their self checkout. You’ll only get 20’s.
So if you go to Wal Mart, and you go to one of the few real people to check you out, and you ask for it back in a $100 bill, and the teller happens to have gotten a $100 in since they had started that day, and the front lead hadn’t already cashed out the register since they received that $100 bill, then yes. In that case you’ll get a $100 bill and will slightly fuzz up the tracking metrics they could theoretically do.
Exactly.
Given a large enough time frame this can be treated as random noise which is easily filtered out, and this data isn’t necessarily meant to track your supermarket shopping. For example, you can use it to figure out where somebody went who has gone into hiding. They might have cleared out their bank accounts before leaving and with that data you can see where these banknotes are now showing up. Just wait at the store they apparently visit every Tuesday.
That’s completely made up. Most bills are given out to other customers once used in a store, the amount of bills that are used once and returned to the bank would be well under 5%.
Fantastic fabricated story though. Money laundering which has been done for decades would defeat this, it’s a scary story to share that has zero basis on reality.
Netzpolitik recently did an article about that. I consider them a credible source. How often bills are used before there are returned to the bank heavily depends on the denomination. Larger bills don’t circulate as much and at least in my country most stores return their cash income to the bank on a daily basis. People also tend to spend their money around the area where they live, so even if you couldn’t figure out which exact store a targeted person spends their money at due to circulation (which I doubt), you can still quickly find the general area in which they are staying.
Without some type of visual confirmation, it’s all noise.
On my way home from work, I grab $600 from the atm, $300 for my wife’s tattoo, $200 for me, and $100 for wife spending money.
After the appt the tattoos artists wife takes $200 and flys across country that night. I spend my $200 at the peelers, all those go to a dozen different girls and servers. My wife the next day goes shopping at an outlet mall and spends her $100 at 4 stores. The tattoo artist spends his $100 on beer.
We live on the same block and I pulled the money out across town. Who’s is the original takers purchases….?
It’s 95% noise, it’s useless unless you’re an investigator and have boots on the ground.
Again, it’s a fun story to share around the campfire though. Is it possible, yes, can it be done in actual practice, absolutely not. Not without some other information.
ATMs give out $20 bills. In order to get one back as change you’d have to pay with a bill larger than $20. I don’t remember the last time I carried something larger than a 20.
Bank ATMs can give out any denomination.
It’s like a machine that behaves as a bank teller, kind of automatically.
You’re kidding, Shirley.
Don’t call me surely.
Ive never noticed this or heard that printers do that.Is this maybe specific to the USA?Edit: TIL, thank you!
Printer Tracking Dots
It’s not specific to USA… They do it everywhere - with color-printers. Don’t know if they do it with B/W printers.
They claim it’s to track people who try to print money, but if it were, then they wouldn’t really do it on laser printers too…
If you print a photo on a regular paper, and then shine an UV-light on it, you can see it. It’s mostly small yellow dots.
There is software you can use that adds all the other dot patterns to essentially anonymize your printer.
I know - but it’s good that you added that to what I wrote. :-)
They use yellow ink for that in colour printers.
I just occured to me that could be the reason for when a color printer wont even let you print, say, pure black text, even though it only has emptied some of the colored ink, but still has plenty of black ink left to do the job…
Did I not write that?
Its called MIC. Or Machine ident. Code , its all around,
_
Aren’t these only produced by laser printers?
Are they in laser as well? This is way older than laser.
Doubt. Laser printers were invented in the early 1970s and were common by the mid 1980s. I don’t think this tracking started until inkjets and scanners got good enough that the government got concerned about them being used for counterfeiting, I’d guess mid to late 90s at the earliest.