Silverdog: a sound firewall for Chrome
Silverdog is a free browser extension for Google Chrome -- it should work in other Chromium-based browsers as well, and maybe even Firefox (not tested) -- that acts as an ultrasound firewall in the browser.
In Talking Behind Your Back, security researchers Vasilios Mavroudis and Federico Maggi describe attacks and countermeasures of ultrasonic cross-device tracking.
Ultrasonic tracking is a relatively new form of user tracking that uses inaudible sounds for that. A basic example is a TV ad that contains ultrasonic sounds that get picked up by an application running on the user's smartphone. It could then push the same ad on the smartphone, or monitor user behavior to find out whether a product website is visited.
Another example is the so-called proximity marketing. This too works with an application that the user carries, and relies on ultrasound emitters placed in the store. Companies may use the information to study user behavior in the store, and provide real-time notifications for products in proximity of the user.
The main issues with ultrasound beacons -- high-frequency audio tags -- is that they are inaudible by humans, and that most speakers and microphones have no problems capturing or emitting them.
The spectrum is usually in the 18000Hz to 20000Hz range, but there is no one standard that companies follow. While you do need at least two devices for this to work -- one that sends the signal, another that captures it -- it is fair to say that the practice has become more common in recent time and is on the rise.
Silverdog
Silverdog is a sound firewall for Chrome that blocks ultrasound frequencies in the browser. This prevents ultrasound tracking when you use it, but does nothing when other devices do it.
The extension works fine out of the box. It is set to a frequency of 18000Hz by default and a certain filter type, gain and Q. You may want to read up on the various filters that it supports, as the extension itself offers no explanation on the differences between those filters.
The Chrome extensions works automatically once you have configured it. You can turn the firewall on or off with a click on the extension icon in the Chrome address bar.
One limitation of Silverdog is that it won't work with Flash, but only with HTML5 content. The researchers have created a patch for Android's permission system which gives users more control over the audio channel.
Both the Chrome extension and the AOSP patches can be downloaded from the developer website.
Note: The extension is only available as source code. You can still use it in Chrome, and here is how:
- Go to the project's GitHub page and click on "clone or download". Select the download option.
- Extract the zip archive to a permanent location on your system.
- Open Chrome's extensions page: chrome://extensions/
- Enable Developer Mode.
- Select Load unpacked, and navigate to the folder the extension is stored in. Select the folder.
Chrome should have picked up the extension automatically.
The slides of the presentation are available on this site, and there is also a video recording of the presentation available here, and also embedded below.
Now You: What's your take on the tracking method?
Malicious use of this technology is not being taken seriously by doctors, and politicians. Most haven’t a clue about where we are in today’s tech capabilities. Trolling by a single troll with tech know how, or by a state, can basically ruin a person’s mental state. With the film #TheGreatHack getting some attention now, it’s also time to the medical proffession to start taking complaints seriously, when talking about *Human Brain-to-Machine Intefaces*. This is happening. This is real. PAY ATTENTION.
Ok,. I’m the target of this bunch of people who live directly behind me, I initially thought they were using some kind of electricity to “ZAP” me with for months and months, only to stumble onto the words ULTRASONIC and INFRASONIC, after reading thru, NOW it’s actually worse, because the police don’t believe me, my family don’t believe me I need help,. I feel im hostage they control my phone, my car has a tracker or something because they always find me when I leave every night to find somewhere to park and sleep in my car because I can’t scream all night in my mobile home because the pain is that intense, they have complet control over my life and body,. They literally control when I eat if they let me. I don’t know who they are or where they are hiding because I can’t call the police they have control over my phone and I can’t call 911 They intercept and redirect to some restaurant. Please please please help me why don’t the police believe this, but this is Tucson az
Silverdog doesn’t exist in the Chrome Webstore anymore,
Thanks. You can still load the unpacked extension in Chrome. I have updated the review to provide instructions on how to do that.
With this extension you can read comments while watching video on YouTube. Take a look at it : )
https://chrome.google.com/webstore/detail/myoutube-youtube-extensio/nojdofjkkahhdklccleaaeinfklmlaga
Any idea why chrome blocks the installation of silverdog? I’ve tried from the site and manually from the downloaded file but it gets blocked every time. I have –enable-easy-off-store-extension-install in the shortcut but even that doesnt help.
Not yet, only for Chrome (or Chrome bases browsers) atm. And with Chromium latest Dev builds it crashes a lot. :(
thanks CHEF-KOCH
how can I install it in Firefox ? thanks.
As far as working in Firefox, you will have to be running Firefox 48+ and install https://addons.mozilla.org/en-us/firefox/addon/chrome-store-foxified/, but even then, it may or may not work because webextensions support for Firefox is in the early stages. See this previous ghacks article here: https://www.ghacks.net/2016/05/23/install-google-chrome-extensions-firefox/. (;
NoScript allows you to block Audio and enable it per site. It’s a little cumbersome to allow but since you rarely need audio in the first place, I find it okay.
uMatrix allows you to block Audio through “Other”, per site. A lot more comfortable to use than NoScript once you understand the concept, which is easy enough.
Essentially, NoScript is better for security and uMatrix for usability, but both can counter audio tracking equally well.
uBlock Origin may be able to block audio as well through custom rules but allowing it per site is going to be cumbersome. There may be other extensions that do the trick. You can’t install Chrome extensions in Firefox “as is” (yet ?), someone has to import it in the Mozilla add-on repository for review which if you ask me isn’t a luxury.
thanks Tseng.
LOL. You better be trolling! :D
Thanks Martin. I installed Silverdog in Vivaldi, Vivaldi Snapshot and Opera developer.
Huh this article mentions ultrasonic tracking from a smartphone perspective
http://arstechnica.com/security/2016/11/how-to-block-the-ultrasonic-signals-you-didnt-know-were-tracking-you/
chrome keeps removing this.everytime browser restarts has to be reinstalled? kinda a pain,interesting topic here and as always great tips,articals and reviews martin,been visiting this site daily for few years now.
Is there any point in having this extension if you have an adblocker with an integrated or separate track blocker?
Yes, unless your ad-blocker blocks these type of tracking as well, which, to my knowledge, none do.
@ Moron
“IoT are stupid gadgets at the moment”. You hit the nail right on the head.
Read this article to see why:
http://www.newstatesman.com/science-tech/technology/2017/01/160-smart-hairbrush-symbolises-big-problem-internet-things.
Click on the links in the article to read more IoT fails.
What a waste of technology and money. Kim Kardashian will probably buy 10. :)
Yeah the danger is on mobile. Browsers can be efficiently protected, the issue is regular apps, especially those you WANT to connect to the web such as instant messengers. Consumer grade traffic filtering is only awesome in browsers. Device wide it kind of sucks.
IoT are stupid gadgets at the moment, no problem living without them. Once they become unavoidable they will be a huge privacy concern indeed, which is why Mozilla is trying to build something to have them communicate with one another LOCALLY, rather than through the web. They know they won’t curve the industry’s trajectory but I think the goal is just to have a working alternative lying around for people or IoT companies to pick up. (I don’t know the details, that just seems to be the most plausible explanation for their IoT project)
But the ultimate aim for these tracking sounds is to present the “victim” with an ad, as I understand it from your description above. And if that is the case then ultimately the adblocker will block the ad that the advertiser wants to present.
So, the adblocker cannot block the audio tracking, but can block the ad. Therefore, if you are not bothered by audio tracking, an adblocker is sufficient. Right?
Not if the ad is displayed on another device or in another program. The main advantage of this form of tracking is that it works cross-devices and programs. All you need is one audio source that plays the sound (that you don’t hear), and another listening. This can be anything in theory, but seems limited to smartphones mostly right now.
But there is no technical reason why your toaster, fridge, or IoT brush could not pick up the sounds as well, or emit it.
If the ad is blocked, it can’t emit or receive ultrasounds. Am I missing something ?
Also, wouldn’t blocking WebAudio work ? NoScript can do that and I guess there are some add-ons that allow the enabling and disabling of WebAudio more conveniently for normal users.
Also, poor dogs.
And kids. Can’t they hear up to 20000Hz ?
This technique is downright evil. I wonder if anyone not involved in advertising would think it’s fine.
Well the issue is that this is not necessarily an ad that is emitting the sound. Can be a tag on a site that ad blockers don’t identify as ads. Also, can be in a video that you are watching.
Blocking Web Audio should work I guess.