This is why I clear cookies and history when the browser closes, disable saved passwords/logins, and I close my browser frequently, generally between sites or at least sessions of use.
Lots of companies do this. I've seen it on HN even. We probably should consider it an attack, but there's no way regulators will go for it. There are counter measures against it though, but I doubt anything is foolproof
Or, use a web browser that doesn’t support any cross site state, at all.
I’d love to have such a browser, and to disable the browser that came with my phone, but does not have this property.
(Things like firefox focus or the duck duck go browser for iOS try to do this; I’m not sure if they succeed, but they should protect against the attack described in the article, at least.)
Removing noise is difficult if not impossible. The best someone could probably do is find a sensor whose noise characteristics are a superposition of their cameras and another additive distribution. There are simple ways to defeat this, but it's best not to share them, as I think the only people ruñning from this kind of tracking would be sketchy criminals.
Completely removing noise is difficult-to-impossible. Attenuating the noise enough to impart a new noise pattern is much easier, though (not saying it's easy, just easier).
I did this sort of thing decades ago as part of larger system used for research.
This. Sure all three letter agencies need avenues to shuffle large somes of grey and black market cash around, art is convenient for that... Music and movies too. An extra plus for hiding messaging and all that... But I wouldn't view these operators to be as all encompassing as stories like these make them out to be... The next step is crap like "Leonardo da Vinci was actually a cia spy recruited by the freemasons", and once you go that far you're one cardboard sign and a roll of tinfoil away from an institution.
Yup. Defense is mostly technical nuance. Attacks outside of academia often rely on the weakest links, distracted or scared humans. Chatgpt and LLMs like it can easily mass phish or otherwise thousands of targets in a matter of seconds. Can also be used for OSINT on human targets... Combine the two and ransomware will be a true cottage industry ran by script kiddies.
That said there are things they could do to prevent this. They won't do them, it'd be costly research... But they could.
This. Once a bias is known it must be corrected. Allowing it to stand is basically saying "we don't care about black consumers, they can't use this feature, and we will continue to insult them on accident". Which it's no longer an accident, it's a known racially discriminative software feature...
It's like hiring someone to do plumbing. A few customers invite them into their home and report that the new plumber said racist stuff. As a business owner you do what after this?
Great point - a good threat model usually targets all companies first, such as FAANG, since they are the worst aggressors, and are well known to be leaky (data dumps of personal info are leaked almost daily now), whereas the government tends to be seemingly less leaky and have more narrow data interests, i.e. less interested in the wide array of data that companies extract from people.
It's strange how often the government is the main entity discussed in privacy concerns while completely ignoring the much larger problem of corporations in that area.
You may not realize this but, every cellphones gps is tracked and bought and sold to various companies every day. Every minute of your physical location and identity. Every ad you see, your search interests, also for sale by the petabyte. Your browsing habits, your purchases, even your social media data has likely been bought and sold. Your ISP also sells your data, likely to advertisers.
The FBI actually recently purchased a bunch of this kind of data because the governments restrictions would t allow for it any other way.
Much of the big events of lately are more related to mass surveillance, censorship, and election interference. Check out the Twitter Files, Russiagate, and final Durham report on Racket.news. Congress has been holding a special investigation on the weaponization of the federal government related to this but more broadly. Recently FBI admitted to having many operatives in the capitol on January 6. Then you had the recent revelation that the FBI violated rules ~280,000 times by accessing private information without a warrant. There is so much more, but whatever large centralized internet services or data brokers can gather is potentially available to government agencies.
Are there other trust worthy distros for older not Google android devices? I remember checking out the space half a decade ago and it was dismal. IE, may brick your device, may be malware, may have worse security issues, etc.
The problem with older hardware is that all the phone kernels are such piles of kludges, and once the manufacturer stops maintaining the kernel fork and/or binary driver blobs, you get no security updates for wifi/bluetooth/baseband bugs.
Firefox containers and good browser hygiene can, but if you slip up...