Feeds

Ratings volunteers to be spied on by mobiles

Blowers to rat out guineapigs 24-7

Providing a secure and efficient Helpdesk

You know how you can volunteer to be a TV ratings guinea pig? And then they - Nielsen or whoever - attach kit to your telly so that they can tell everything you and all your thousands of fellow guineapigs watch, and so the ratings get compiled.

Well, that system is flawed. It can't measure the telly you watch at the pub, the radio you hear at work etc etc. It doesn't usually know if you're actually there; the box could be blaring away to an empty room. It is often confused by PVRs or other timeshifting tech.

Now, however, a Californian company called IMMI (Integrated Media Measurement Inc.) has decided to change all that. Most people are now aware that mobile phones can be used to locate their users; and the reasonably well-informed are aware that they can also be used as remote bugging devices, even when apparently switched off. (Some people have a struggle believing this; but it's not exactly aliens-at-Roswell stuff. This is a small computer with a microphone and a data radio. Who says the display has to light up for it to be working? Seriously: your phone can be used as a bug, though the necessary skills aren't common outside government agencies. Yet.)

When you become an IMMI ratings person, the company gives you a mobile phone with special software in it. Every thirty seconds or so, the phone - without intervention from you - records a ten-second audio clip. Sending that off to IMMI via GPRS, EDGE, UMTS or whatever would be a tad expensive - not to mention having fearful privacy implications - so the phone processor boils the clip down to a 1.5kB "fingerprint." Every quarter-hour or so the phone datalinks to the IMMI servers and sends off all the fingerprints, time-slugged.

Meanwhile, the IMMI servers are doing this with all the broadcast media the company is interested in. When your fingerprints come in, they are compared with the server data, and matches are recorded. The servers can look back a couple of weeks into the past, too, so TiVo or whatever isn't an issue.

Voila! IMMI knows what you watch and listen to, while saving bandwidth and dumping what it considers "noise" - your conversations and so on. Or so they say, anyway.

Amanda Welsh, IMMI's COO, was keen to emphasise that their phones are not bugs as such. She told MIT Tech Review:

"If you're carrying our phone and you're planning a bank robbery while listening to a radio, all we know is what radio station you're listening to."

IMMI is adamant that the "fingerprints" can't be turned back into useful audio.

Similarly, though the company admits it would like to use GPS or mobile-network location tech to know where its guineapigs are when they hear things, it currently doesn't. Rather, you plug in a Bluetooth beacon in your home, and the phone knows if you're in or out; but, for now, that's all.

"Although he would like to use GPS, [IMMI CTO] Al Alcorn says that it's currently cost prohibitive to buy this information from the cell-phone companies, which control it," according to Tech Review.

Presumably what's meant by this is that IMMI can't afford mobile-mast location data; obviously cell networks have diddly to do with GPS satnav as such. Handsets with actual GPS receivers - which could send the location data to IMMI - are still rather expensive at the moment; often need cell-tower data to help them out; and they don't like it inside buildings, either.

A cell phone is well adapted to IMMI's needs anyway. On top of that, the company reckon the fact that it's useful to the guineapig will mean it stays within reach.

"The question is, 'If you forgot to take [the tracking device] with you when you went to work, would you go back and get it?'" according to Alcorn.

"If it was your cell phone, you would. If it was just a passive brick that didn't do anything [else], you wouldn't."

Clever stuff. But there still seem to be some gaps. Phones get left around the house, not necessarily within earshot (mike-shot?) of what their users are listening to.

And several possibilities for abuse spring to mind. If this audio fingerprinting is as good and reliable as its cracked up to be, it surely wouldn't be hard to make up some unique, task-specific fingerprints and so monitor an IMMI subject using the company data.

For instance, you could perhaps fingerprint the automated announcements on the London Underground trains, and thus know wherever your target went on the Tube. Or you might record a person of interest saying a commonly-used phrase such as "Hello darling," and thus, perhaps, be tipped off whenever someone met up with their illicit lover.

And so on. If one weary Vulture can think of that much in five minutes on a Monday morning, it seems fair to say that the thing's riddled with loopholes. Still, you can't expect to be a guineapig and not suffer some horrible invasive experiments.

The Tech Review piece is here

Security for virtualized datacentres

More from The Register

next story
TEEN RAMPAGE: Kids in iPhone 6 'Will it bend' YouTube 'prank'
iPhones bent in Norwich? As if the place wasn't weird enough
Consumers agree to give up first-born child for free Wi-Fi – survey
This Herod network's ace – but crap reception in bullrushes
Crouching tiger, FAST ASLEEP dragon: Smugglers can't shift iPhone 6s
China's grey market reports 'sluggish' sales of Apple mobe
Sea-Me-We 5 construction starts
New sub cable to go live 2016
New EU digi-commish struggles with concepts of net neutrality
Oettinger all about the infrastructure – but not big on substance
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
EE coughs to BROKEN data usage metrics BLUNDER that short-changes customers
Carrier apologises for 'inflated' measurements cockup
Comcast: Help, help, FCC. Netflix and pals are EXTORTIONISTS
The others guys are being mean so therefore ... monopoly all good, yeah?
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.