Cross-Device Tracking: a privacy invasive tracking method

Marketing companies are always on the lookout for new methods to track user activity on the Internet. These information are used to display targeted advertisement to users which have a better return than less-targeted ads.

The more a company knows about a user, the higher the return and that is the main reason why companies step up the tracking game despite public outcry about it and the rise of ad-blockers.

In fact, tracking is one of the core reasons -- the other is invasive ads -- that users install ad-blockers on their devices.

Cross-Device Tracking is yet another ingenious method to track users. As the name suggests, it has the capability to track users across devices. This is done by using high-frequency sounds that are inaudible to the human ear.

The method links devices such as web browsers, mobile devices or TVs through the use of these sounds and browser cookies resulting in a combined tracking profile of the user across devices instead of just individual devices.

The technique allows companies to track users even more, as they know for instance for how long TV ads are watched.

SilverPush, one of the companies that uses cross-device tracking, monitors 18 million smartphones already as of April 2015.

For those who are tracked, it is nearly impossible to tell if they are. These companies don't offer opt-outs and there is no software available that blocks the transmission of high-frequency audio signals. Furthermore, it is unclear which apps, ads or companies make use of the technology. The technique is limited by distance first and foremost.

It seems as well that only apps are used currently to pick up these audio signals, and that ads on the PC and TVs are merely used to push out these signals.

The CDT letter of SilverPush revealed some information, including that the company's software is used on 67 apps, and that "more than a dozen marketing companies" use cross-device tracking.

One recourse that users have is to limit microphone access on their mobile devices. The main issue here is that this is not available by default on many devices. While there are apps available that block the microphone altogether, they may cause usability issues as the microphone needs to be enabled for phone calls for instance.

It is interesting to note that Cross-Device Tracking resembles badBios, a malware discovered in 2013 that uses inaudible sounds to bridge air-gapped computer systems.