Data leakage
Our devices and activity are constantly leaking data into the digital ether. What we choose to watch is recorded and reported to a remote server somewhere, along with the make and model of device we are using, the version of firmware it is running, and it’s IP address.
When we shop our loyalty cards and apps record our purchases as does the method of payment. Our modern cars record telematics and track our location via GPS. The in-car entertainment system tracks what we listen to and watch.
Web browsers profile our surfing habits, smartphones track our social and communication history. Smart meters track our utilities and can even tell when no one is home.
All of our smart devices connect to their manufacturer’s command and control center reporting telematics, performance, and usage data.
The photos and videos we take and upload contain metadata that shows where we took the image or video and on what device. We can be tracked via our smartphones right now and going back in time.
All this data leakage is valuable to someone. How much data are you leaking right now?
Tag: tracking
Vehicle tracking
I grew up in an area where car crime was rife. I even had my own car stolen once. Friends with nice cars would purchase GPS trackers so that if their car was stolen they would hopefully be able to find it. Assuming the thief hadn’t removed the tracker that is.
I wasn’t sure how today’s car trackers worked. The technology has probably moved on a bit so I started doing some light reading.
Essentially they make use of GPS to track their current location, utilising storage to record their location against time. Some devices can store additional information such as engine start and stop times, speed, electronics operation such as lights, windows, radio, etc. This data can then be accessed when a car returns to base or by being transmitted via a communication method such as via a wireless network when near a specific base station or other cellular communications. The devices may be self-powered via a battery or hook into the vehicle’s electrics in order to receive power from the car battery. Some may use their own battery when the car is turned off and charge from the car battery when the car is operational.
The vehicle owner can access the data from the tracker in near real time via a web site or app. Depending on the device and features offered it can report nothing more than current location to location, speed, and car telematics.
Vehicle tracking is popular among vehicle rental companies, fleet management, and security vehicle companies such as those offering to transport money, valuables or people.
Trackers that feature GPS and recording only are referred to as passive devices. They need to be accessed physically in order to access the recorded data. Active devices can transmit data using cellular or satellite communications and do not require physical access.
Commercial trackers come in various shapes and sizes and range from cheap passive models that connect to the car battery, to those that try to disguise themselves as part of the car and utilise active technology to broadcast their position and other data in near real time or whenever they have a strong enough signal. They tend to be waterproof and dust proof, may be made of a heat-proof material, especially if residing in the engine compartment, and may have no discernable markings to identify themselves as a tracking device.
Other types of tracker may also be used such as an asset tracker. These can be in the form of adhesive stickers that can be stuck to a car’s windshield, or tiles that can be left in the glove box or other storage area of the vehicle. These are relatively cheap and are harder for a potential thief to locate.
Pet chipping
I decided to look into pet microchipping after reading an article about a modern detective who tracked down a married couple who committed fraud then left their home country to avoid the authorities. The detective succeeded where others failed in tracking them down after learning that their expensive dog was chipped. The dog had a unique medical condition requiring specific drugs. He tracked the pet initially via its medical requirements to a veterinary clinic in another county and then upon learning of the pets next visit – with a carer not the owners – they then accessed the animals microchip and were able to ascertain the owners new address leading to arrest.
How does the technology work?
Essentially a microchip the size of a grain of rice coated in a protective layer is injected under the skin of the animal at the back of the neck. Utilising passive radio-frequency identification (RFID) technology that conforms to international standards, the chip can be read by a hand-held scanner generating the power required by the chip to send back a unique 15-digit number. This number can then be fed into various pet databases to access the owner’s details. The start of the number usually indicates the country of origin followed by the microchip manufacturer.
Since the 6th of April 2016, all dogs in the UK must be microchipped, and from the 10th of June 2024 all cats in the UK must also be microchipped. Dogs and cats in the UK found without a chip can lead to a fine for the registered owner.
Those with access to the databases such as vets are not permitted to divulge information about the owner to anyone but the registered owner.
Scanners can be purchased freely as the microchips only store the unique ID number. The real data is stored in the pet databases and generally consist of the pet’s name, the owner’s name, address, and contact details.
Products such as automated dog and cat flaps can contain scanners that can read the microchips as the pet approaches so that only authorised pets may enter or leave the property.
Fingerprinting and profiling
I’ve been thinking a lot recently about digital fingerprinting and profiling, how bad it’s getting, all of us becoming easily tracked, digitally.
You could be emailing a friend about going camping and the next minute your phone apps are serving you adverts about camping equipment and camp sites in your area. Or maybe you are considering a holiday to Greece and you look at a few travel sites. Then every web site you seem to visit afterwards is serving you Greece-related getaway adverts.
It’s getting out of control. Not quite Minority Report, but not far off. Web sites are able to capture data about your device via user agent strings, cookies, through third-party arrangements, and other methods, and they can knit-together your surfing history to build a picture of your habits and interests to better target you with product and service advertisements.
We are being tracked, fingerprinted, and profiled digitally without our explicit consent. And it’s getting worse. Smart TVs and devices listen and buffer your conversations waiting for you to provide instructions. Are they recording what we say? How come when I spoke about maybe going to buy a new car with my wife in the comfort of our own home, that when I checked my web mail on my mobile later I was served car adverts? Or how come when I bought some beer, chicken, and BBQ sauce at the local supermarket where I used my loyalty card with cash, the adverts on my phone and PC are now trying to sell me BBQs? A coincidence? Or am I being digitally tracked across multiple devices and accounts?
Am I being paranoid or are we being digitally tracked, fingerprinted and profiled?
Avatar tracking
People are attached to images, especially the ones they use to represent themselves online. Even if it’s not a photo of themselves, it will usually mean something to them and can be unique on a pixel-level.
With services like Gravatar it’s easier to track someone by their avatar. Grab a copy of their avatar and paste it into reverse image search engines and you could find where that image has been used across the net. You could find the email addresses and accounts associated with that individual. You could build a map of their haunts online.
Your avatar is like a fingerprint. It allows you to be tracked almost as much as an email address. So take care when creating yours.