Feeds

Ratings volunteers to be spied on by mobiles

Blowers to rat out guineapigs 24-7

Designing a Defense for Mobile Applications

You know how you can volunteer to be a TV ratings guinea pig? And then they - Nielsen or whoever - attach kit to your telly so that they can tell everything you and all your thousands of fellow guineapigs watch, and so the ratings get compiled.

Well, that system is flawed. It can't measure the telly you watch at the pub, the radio you hear at work etc etc. It doesn't usually know if you're actually there; the box could be blaring away to an empty room. It is often confused by PVRs or other timeshifting tech.

Now, however, a Californian company called IMMI (Integrated Media Measurement Inc.) has decided to change all that. Most people are now aware that mobile phones can be used to locate their users; and the reasonably well-informed are aware that they can also be used as remote bugging devices, even when apparently switched off. (Some people have a struggle believing this; but it's not exactly aliens-at-Roswell stuff. This is a small computer with a microphone and a data radio. Who says the display has to light up for it to be working? Seriously: your phone can be used as a bug, though the necessary skills aren't common outside government agencies. Yet.)

When you become an IMMI ratings person, the company gives you a mobile phone with special software in it. Every thirty seconds or so, the phone - without intervention from you - records a ten-second audio clip. Sending that off to IMMI via GPRS, EDGE, UMTS or whatever would be a tad expensive - not to mention having fearful privacy implications - so the phone processor boils the clip down to a 1.5kB "fingerprint." Every quarter-hour or so the phone datalinks to the IMMI servers and sends off all the fingerprints, time-slugged.

Meanwhile, the IMMI servers are doing this with all the broadcast media the company is interested in. When your fingerprints come in, they are compared with the server data, and matches are recorded. The servers can look back a couple of weeks into the past, too, so TiVo or whatever isn't an issue.

Voila! IMMI knows what you watch and listen to, while saving bandwidth and dumping what it considers "noise" - your conversations and so on. Or so they say, anyway.

Amanda Welsh, IMMI's COO, was keen to emphasise that their phones are not bugs as such. She told MIT Tech Review:

"If you're carrying our phone and you're planning a bank robbery while listening to a radio, all we know is what radio station you're listening to."

IMMI is adamant that the "fingerprints" can't be turned back into useful audio.

Similarly, though the company admits it would like to use GPS or mobile-network location tech to know where its guineapigs are when they hear things, it currently doesn't. Rather, you plug in a Bluetooth beacon in your home, and the phone knows if you're in or out; but, for now, that's all.

"Although he would like to use GPS, [IMMI CTO] Al Alcorn says that it's currently cost prohibitive to buy this information from the cell-phone companies, which control it," according to Tech Review.

Presumably what's meant by this is that IMMI can't afford mobile-mast location data; obviously cell networks have diddly to do with GPS satnav as such. Handsets with actual GPS receivers - which could send the location data to IMMI - are still rather expensive at the moment; often need cell-tower data to help them out; and they don't like it inside buildings, either.

A cell phone is well adapted to IMMI's needs anyway. On top of that, the company reckon the fact that it's useful to the guineapig will mean it stays within reach.

"The question is, 'If you forgot to take [the tracking device] with you when you went to work, would you go back and get it?'" according to Alcorn.

"If it was your cell phone, you would. If it was just a passive brick that didn't do anything [else], you wouldn't."

Clever stuff. But there still seem to be some gaps. Phones get left around the house, not necessarily within earshot (mike-shot?) of what their users are listening to.

And several possibilities for abuse spring to mind. If this audio fingerprinting is as good and reliable as its cracked up to be, it surely wouldn't be hard to make up some unique, task-specific fingerprints and so monitor an IMMI subject using the company data.

For instance, you could perhaps fingerprint the automated announcements on the London Underground trains, and thus know wherever your target went on the Tube. Or you might record a person of interest saying a commonly-used phrase such as "Hello darling," and thus, perhaps, be tipped off whenever someone met up with their illicit lover.

And so on. If one weary Vulture can think of that much in five minutes on a Monday morning, it seems fair to say that the thing's riddled with loopholes. Still, you can't expect to be a guineapig and not suffer some horrible invasive experiments.

The Tech Review piece is here

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Bring back error correction, say Danish 'net boffins
We don't need no steenkin' TCP/IP retransmission and the congestion it causes
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
GoTenna: How does this 'magic' work?
An ideal product if you believe the Earth is flat
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Telstra to KILL 2G network by end of 2016
GSM now stands for Grave-Seeking-Mobile network
Seeking LTE expert to insert small cells into BT customers' places
Is this the first step to a FON-a-like 4G network?
What FTC lawsuit? T-Mobile US touts 10GB, $100 family-of-4 plan
Folks 'could use that money for more important things' says CEO Legere
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.