The how and why of sneaky ultrasonic ad tracking
Tuesday, November 17, 2015
Dan Goodin reports over at Ars Technica on the development of technology which can use inaudible frequencies to tie together multiple unconnected devices. He explains:
The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can't be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product.
Goodin cites a letter from the Center for Democracy and Technology to the Federal Trade Commission [PDF] describing the technical aspects of the practice and the privacy implications. I won’t repeat what Goodin or CDT have already explained with clarity. Instead, I wanted to talk about the inability of users like us to opt out of cross-device tracking.
Why don’t the companies developing and using these tracking technologies just tell us what they’re doing and give us the option to opt out? Obviously, requiring us to opt in would be the most honorable and least user-hostile approach. But I’ll concede that as being firmly in the “never gonna happen” column.
I am open to the possibility that I set up a straw man in the next section of this article, so feel free to point it out to me if that’s what you think. Just be constructive.
Concerns about using a straw man aside, the only logic I can see undergirding the failure to offer an opt-out mechanism is a concern that a large number of users would in fact opt out. That would obviously reduce or, in a worst-case scenario for tracking companies, eliminate the population of tracked individuals.
The only problem with that is that it’s bullshit.
We opt in to terms of service and privacy policy all over the web every day without reading a word of them. Projects like ToS;DR and TOSback aim to make us better informed about what we’re agreeing to and how those agreements change over time. They are fascinating and important projects but primarily the domain of geeks like me (and, since you’re reading this, possibly you, as well).
The truth is the overwhelming majority of people click “Yes” or “Agree” or “Continue” or whatever other button or link gets them to the web content or software they want to use. Here’s a quote from an AdWeek article published in May 2015, citing a survey done by photography website ScoopShot:
More than 30 percent of the 1,270 survey respondents said they never read the ToS when signing up to a social network. 49.53 percent only read the ToS ‘sometimes,’ and only 17.56 percent of people ‘always’ read the ToS.
Yes, that’s only one study, and yes, it was conducted on SurveyMonkey, but it’s a decent sample size. And can you honestly tell me that you or anyone else you know read the terms and policies of the sites and software you use? Probably not.
Is there any other reason, then, that creepy advertising tracking technology doesn’t offer an opt-out, just like the ones we never actually make use of throughout the rest of the web? Yes, I think there is.
Most websites have terms of service and privacy policies, although they are usually relegated to miniscule links at the very bottom of the website’s footer section. The European Union requires cookie notifications. But when is the last time you decided not to use a website like Facebook or the BBC website because you read their policies and didn’t consent to them? I’ll answer for the overwhelming majority of us: never, ever.
It’s their ubiquity coupled with the dominant user response of wildly clicking “Yes” until you get what you came for that makes website policies such a compelling topic of discussion. The companies building the technology that uses inaudible sound to tell advertisers that your phone, computer, television and tablet all belong to the same person can minimize conversation about their products by refusing to present you with an opt-out mechanism.
It’s that desire to remain invisible and as uncontroversial as possible for as long as possible that motivates them to be so sneaky. One commenter on Goodin’s Ars article puts it very well:
that advertisers keep basing their technological "progress" off of malware research and techniques is very telling.
It sure is. The reality is that I am one of those weirdos who doesn’t care if I’m tracked, but I do care when I’m not asked to consent to it. I propose that some privacy-minded geeks more intelligent than I develop some sort of ultrasonic ad-cancelling noise generation software for us to use in our homes and offices to thwart secret ultrasonic cross-device ad tracking. You have to take that one and run with it, I’m just an ideas man.