Thursday, December 21, 2023

Are You Listening



Android phones sold to customers in China found to be loaded with apps that send user data to third parties
Feb 2023, phys.org

No way though:
Riddled with software that continuously sends user data to third parties without the permission or even knowledge of the phone's users.

The research team found that the phones were rife with applications sending user data to a variety of third parties, all without permission. During testing, they set phones to opt out of sending any sort of data to providers or any other third parties, and did not connect to cloud applications. Still, applications sent data to the makers of the phone, network operators and also to the makers of apps. Data included physical information such as the user's phone number, its MAC address and ongoing geolocation data. It also included more personal data, such as contact lists and text metadata.

Text metadata (to, from, time, length, location), sent straight to the phone-makers and app-makers.
via University of Edinburgh and Trinity College: Haoyu Liu et al, Android OS Privacy Under the Loupe—A Tale from the East, arXiv (2023). [a "loupe" is like a magnifying glass, typically seen used with jewelery] DOI: 10.48550/arxiv.2302.01890



Smartphone study reveals that bodily rhythm affects behavior
Apr 2023, phys.org

He literally says it out loud: 
"If people think they just live their lives, deciding their behavior for themselves, and that there is no overarching structure, they've got it wrong," says researcher Arko Ghosh.
  • the body has rhythms ranging between seven and 52 days
  • these cycles influence how we behave
  • everyone has these rhythms (young, old, men, women)
  • impact on psychological and neurological research -- "Are the cycles we see here caused by the illness, or are they 'normal' cycles that become more apparent as a result of the illness?"
  • 400 subjects aged 16 to 80 had an app installed that allowed the researchers to track usage data
  • "We only looked at the times when people were actively using their phones and were swiping or typing"
  • We distinguished 2,500 different types of smartphone use.
  • Some mannerisms had a pattern that repeated every 25 days such as a long pause between touches.
  • Others had a pattern that repeated every 19 days such as a short pause between touches. 
"We might then be able to predict particular behavior on the basis of a person's cycle. This might in turn lead to a completely new definition of what is normal behavior and what is behavior that is related to a neurological or psychological condition."
via Leiden University: Enea Ceolini et al, Common multi-day rhythms in smartphone behavior, npj Digital Medicine (2023). DOI: 10.1038/s41746-023-00799-7


Wearable devices may be able to capture well-being through effortless data collection using AI
May 2023, phys.org

"Passive data collection" sounds so benign. 
The findings support wearable devices as a way to monitor and assess psychological states remotely without requiring the completion of mental health questionnaires.
This would sound like the most dystopian thing ever if it weren't coming from a hospital:
"Wearables provide a means to continually collect information about an individual's physical state. Our results provide insight into the feasibility of assessing psychological characteristics from this passively collected data."

"A better understanding of who is at psychological risk and an improved means of tracking the impact of psychological interventions is needed. The growth of digital technology presents an opportunity to improve access to mental health services for all people."
The data: 
They the Warrior Watch Study, a digital observational study of 329 health care workers enrolled at seven hospitals in New York City, measuring heart rate variability and resting heart rate throughout the follow-up period using a smart watch. The metrics collected were found to be predictive in identifying resilience or well-being states. 

via the Icahn School of Medicine at Mount Sinai Hospital: A machine learning approach to determine resilience utilizing wearable device data: analysis of an observational cohort, JAMIA Open (2023). DOI: 10.1093/jamiaopen/ooad029

https://dx.doi.org/10.1093/jamiaopen/ooad029



Majority of consumers care what kind of data they share with retailers and service providers, new study finds
May 2023, phys.org

Just preferences -- 
96% of individuals were willing to pay to avoid sharing their personal data in at least one of the data sharing environments. Banking transactions was the data type people considered the most important to protect, with over 

95% for banking data
79% for medical records
72% for GPS
43% for online browsing history
40% for social media data
via University of Bristol: Anya Skatova et al, Unpacking privacy: Valuation of personal data protection, PLOS ONE (2023). DOI: 10.1371/journal.pone.0284581


AI Art - Body Cam - 2023

Swiss researchers use typing, mouse clicks to detect office stress
Apr 2023, phys.org

The way people type and use their computer mouse can be better stress indicators than their heart rate.

"People who are stressed move the mouse pointer more often and less precisely and cover longer distances on the screen," Nagelin said.

People who feel stressed in the office make more mistakes when typing and tend to write in fits and starts, with many brief pauses.

Relaxed people by contrast take fewer but longer pauses when typing.
via Swiss Federal Institute of Technology in Zurich


Wearable monitor detects stress hormone levels across a full 24-hour day
Jun 2023, phys.org

We can already do it for entire groups by measuring isoprene in the air, and now it can be done on the individual level -- 
Until now scientists haven't been able to define what normal rhythmicity looks like in healthy daily life. ... The device is worn around the waist and painlessly and automatically samples from beneath the skin every 20 minutes, without the need to collect blood. Importantly, the method allows sampling during sleep, work, and other daily life activities for up to 72 hours in a single session. Mathematicians then used these data to develop a new class of dynamic markers to better understand how a healthy hormonal profile should look like depending on an individual's sex, age, body mass index, as well as other characteristics.
via University of Birmingham: Thomas Upton, High resolution daily profiles of tissue adrenal steroids by portable automated collection, Science Translational Medicine (2023). DOI: 10.1126/scitranslmed.adg8464.


Attackers can break voice authentication with up to 99% success within six tries
Jun 2023, phys.org

Please stop -- 
Computer scientists at the University of Waterloo have discovered a method of attack that can successfully bypass voice authentication security systems with up to a 99% success rate after only six tries.

No Wells Fargo, company that literally created fake bank accounts using existing customer data, nobody wants you to record their voice. Nobody wants this, only you want this.

via University of Waterloo: Breaking Security-Critical Voice Authentication, 2023 IEEE Symposium on Security and Privacy (SP). DOI: 10.1109/SP46215.2023.00139


Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away
Jun 2023, Ars Technica

Side channels -- a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation, like using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on.
By carefully monitoring characteristics such as power consumption, sound, electromagnetic emissions, or the amount of time it takes for an operation to occur, attackers can assemble enough information to recover secret keys that underpin the security and confidentiality of a cryptographic algorithm.

Computer security experts offer advice to freeze out risk of thermal attacks
Aug 2023, phys.org

Sometimes you just need to be reminded that this is a thing --
Thermal attacks use heat-sensitive cameras to read the traces of fingerprints left on surfaces like smartphone screens, computer keyboards and PIN pads.

Hackers can use the relative intensity of heat traces across recently-touched surfaces to reconstruct users' passwords. [follow the above link to see the heat map video]

The team identified 15 different approaches described in previous papers on computer security which could reduce the risk of thermal attacks:
  • wearing gloves or rubber thimbles
  • touching something cold before typing
  • pressing hands against surfaces or breathing on them
  • a heating element behind surfaces could erase traces of finger heat
  • surfaces could be made from materials which dissipate heat more rapidly
  • a physical shield which covers keys until heat has dissipated
  • eye-tracking inputs or biometric security could reduce risk of thermal attack
  • manufacturers of thermal cameras could integrate software to prevent thermal cameras from taking pictures of surfaces like PIN pads on bank machines.
via University of Glasgow: In the Quest to Protect Users from Side-Channel Attacks—A User-Centred Design Space to Mitigate Thermal Attacks on Public Payment Terminals.


Research hack reveals call security risk in smartphones
Aug 2023, phys.org

The researchers' malware, called EarSpy, used machine learning algorithms to filter a surprising amount of caller information from ear speaker vibration data recorded by an Android smartphone's own motion sensors

via Texas A&M University College of Engineering: Ahmed Tanvir Mahdad et al, EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers, arXiv (2022). DOI: 10.48550/arxiv.2212.12151


AI Art - Cables and Wires - 2023


Extracting blood-induced color changes on the face for non-contact heart rate estimation
Aug 2023, phys.org

Blood volume pulse (BVP) that causes slight temporal changes in facial skin color can be captured in videos, but complex lighting conditions make any change in color difficult to measure. These scientists have devised a way to use dynamic mode decomposition (DMD), a technique that analyzes spatio-temporal structures in multi-dimensional time-series signals.

via Tokyo University: Kosuke Kurihara et al, Spatio-Temporal Structure Extraction of Blood Volume Pulse Using Dynamic Mode Decomposition for Heart Rate Estimation, IEEE Access (2023). DOI: 10.1109/ACCESS.2023.3284465


Reddit forces personalized ads, starts X-like user payment program
Sep 2023, Ars Technica

Other privacy policy changes announced Wednesday include allowing users to choose to see "fewer" ads regarding alcohol, dating, gambling, pregnancy and parenting, and weight loss. 

Now you know where the value lies -- these are the most problematic because these are the most effective:
  • alcohol
  • dating
  • gambling
  • pregnancy
  • parenting


AI and 10 seconds of voice can screen for diabetes, new study reveals
Oct 2023, phys.org
Scientists used six to 10 seconds of people's voice, along with basic health data, including age, sex, height, and weight, to create an AI model that can distinguish whether that individual has type 2 diabetes. The model has 89% accuracy for women and 86% for men. 267 people (diagnosed as either non- or type 2 diabetic) to record a phrase into their smartphone six times daily for two weeks. From more than 18,000 recordings, scientists analyzed 14 acoustic features for differences between non-diabetic and type 2 diabetic individuals.
via private company Klick Labs: Jaycee M. Kaufman et al, Acoustic Analysis and Prediction of Type 2 Diabetes Mellitus Using Smartphone-Recorded Voice Segments, Mayo Clinic Proceedings: Digital Health (2023). DOI: 10.1016/j.mcpdig.2023.08.005


Your smart speaker data is used in ways you might not expect
Oct 2023, phys.org

It's so important to note that "we all knew this was a thing" like 10 years ago when they first came out, and yet, not until today do we have a legit university study, publicly funded, rigorously tested study, to prove what "we already knew", and even government agencies are only now paying attention. It takes years for this to happen:
The research team built an auditing framework to measure the collection, usage and sharing of Amazon Echo interaction data by creating several personas with interests in specific categories, and one control persona, and whereby each persona interacted with a different Echo device.

Then the researchers measured data collection by intercepting network traffic and inferred data usage by observing ads targeted to each persona on the web and on Echo devices.

The team reported that as many as 41 advertisers sync or share their cookies with Amazon, and then those advertisers further sync their cookies with 247 other third parties, including advertising services.
"Unfortunately, surveillance is the business model of the internet" 
-Umar Iqbal, assistant professor of computer science and engineering at the McKelvey School of Engineering at Washington University in St. Louis.
via Washington University in St. Louis: Umar Iqbal et al, Tracking, Profiling, and Ad Targeting in the Alexa Echo Smart Speaker Ecosystem, Proceedings of the 2023 ACM on Internet Measurement Conference (2023). DOI: 10.1145/3618257.3624803


AI Art - Cables and Wires 2 - 2023

A robot that can detect subtle noises in its surroundings and use them to localize nearby humans
Oct 2023, phys.org

Hidden information:
"Our group has recently been interested in exploring a high-level theme of research regarding what types of 'hidden' information are freely available that we can train models on. ... We wanted to see if the subtle and incidental sounds that humans inadvertently produce as they move can be that 'free' signal." 

The Robot Kidnapper Dataset: 14 hours of high-quality four-channel audio recordings paired with 360 RGB camera footage, collected during experimental trials where people were asked to move around a robot at various levels of 'sneakiness' (e.g., walking quietly, walking normally, etc.).

The researchers trained their model to ignore external and irrelevant noises, such as those originating from heating, ventilation, and air conditioning systems, as well as sounds produced by the robot itself. 

"Robots commonly use cameras or lidar to navigate around people, but should those sensors fail or become unavailable (low-lit environments, occlusions, etc.), our method allows robots to fall back solely onto audio, which is usually already available in most hardware setups. Moreover, when interacting with robots, people should not be expected to intentionally create extra sounds, which is what previous works rely on." 
via Georgia Institute of Technology: Mengyu Yang et al, The Un-Kidnappable Robot: Acoustic Localization of Sneaking People, arXiv (2023). DOI: 10.48550/arxiv.2310.03743

Post Script: I am (only slightly) disturbed by the choice here in calling this the "un-kidnappable robot" which implies that, in the course of their study, they were trying to "kidnap" it. Isn't there another word for kidnap that doesn't have "kid" in it? (The Un-Abductable Robot?)


Five big carmakers beat lawsuits alleging infotainment systems invade privacy
Nov 2023, Ars Technica
The class-action "complaint alleges that the vehicle's system downloads all text messages and call logs from Plaintiffs' cellphones as soon as they are connected," the Ford ruling said. "The complaint also alleges that the infotainment system permanently stores the private communications without Plaintiffs' knowledge or consent." The complaint's allegations refer to Ford cars made in 2014 and after.

Plaintiffs alleged that there is no way to delete the text messages and call logs from the car system. "If text messages or call logs are deleted from a cellphone, the vehicle nevertheless retains the communications on the vehicle's on-board memory, even after the cellphone is disconnected. Vehicle owners cannot access or delete their personal information once it has been stored," the ruling's summary of the complaint said.

Why on Earth would you ever be able to access your own personal information that has been saved on this product which you purchased and thus ostensibly own? 

Because you don't own it. You don't own the product and you don't own your personal data. The Davos 2016 premonition -- it already happened -- You own nothing, and you like it. 


Study warns restrictions to application programming interfaces by social media platforms threaten research
Nov 2023, phys.org

Data is so valuable.
"Numerous social media platforms made substantial changes to their APIs -- drastically reducing access or increasing charges for access, which the researchers say will in many cases make research harder."

What research?
"The changes are adversely affecting academics who want to study the impact of social media on mental health, on misinformation, political views and so on."

In order for social media platforms to make money, in fact the only way they can possibly make any money at all, is by selling the intimate personal data about its own users. (Something that might be referred to as predatory in other contexts.)

It's like a cross between a digital Skinner Box and a roach motel where every person that touches it has their unspeakably minute, mostly invisible, and definitely private behavioral attributes catalogued, collated, and consigned to the greater data market where it will be used to fuel the consumer economy, where we stopped selling actual products to people a long time ago.

Now we just sell them ideas; actually, first we steal those ideas directly from the people themselves, via things like social media platforms, and then sell them right back, in a quasi-material form, where the actual physical part is mostly shitty made-in-China garbage, but the important part, which is the picture of you using said shitty product, quasi-physical since it's just a picture, has been acquired and used to manipulate another person into buying said product, and the circle of consumption complete. 

via University of Bath's School of Management: Platform-controlled social media APIs threaten open science, Nature Human Behaviour (2023). DOI: 10.1038/s41562-023-01750-2

Posted by at
Labels: , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)