Risk
6/20/2012
02:39 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple Gets Patent For Polluting Electronic Profiles

Apple patent describes how privacy can be protected by disseminating fake data.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
Apple goes to great lengths to ensure that it isn't polluting the environment, but it doesn't appear to be as concerned about polluting databases.

On Tuesday, Apple was awarded a patent that describes a way to pollute online data to promote privacy. The patent, "Techniques to pollute electronic profiling," was first issued in 2007 and initially was assigned to Novell.

Apple acquired a number of Novell patents in February, following approval from the U.S. Department of Justice. The company did not respond to a request to confirm that this patent was among those acquired from Novell and to comment on whether it sought specifically to acquire this patent.

[ Another tech fight is underway. Read Google Battles YouTube-To-MP3 Conversion Website. ]

The patent covers a method for enhancing privacy by generating fake online identities to confound personal profiling efforts. It describes how concerns about "Big Brother" government surveillance have been supplanted by worries about "Little Brothers," automated programs that monitor people's Internet activities.

Apple hasn't been much concerned with fighting Big Brother since its highly regarded "1984" commercial. But since then, it has found, as Microsoft has, that supporting user privacy can advance its competitive interests and enhance its standing among regulators.

Since Google became Apple's primary competitor, Apple has taken steps to support privacy initiatives that limit the ability of third-parties to collect data useful for advertising. For example, Apple last year added support for the do-not-track browser header in OS X Lion. Its Safari browser also defaults to blocking cookies from third-party websites, a feature Google bypassed (and got in trouble for) as a way to resolve conflicting user preferences.

Apple has also had its privacy proclivities reinforced as a result of the controversy over its storage of unprotected location data on the iPhone and of iOS developers' use of the UID identifier as the key to data profiles of iPhone users.

Apple's profile pollution patent, written in 2005 by or on behalf of inventor Stephen R. Carter for Novell, describes how computer users are taking counter-measures to combat data gathering. "In fact, users are becoming so concerned about dataveillance that a booming industry has arisen that attempts to thwart the data collection. Some examples include 'anonymizers' and 'spyware killers.'"

The patent suggests resistance is futile, as the persistence of concerns about data gathering over seven years suggests. "In a sense if the user engages in any Internet activity, information may be successfully collected about that user," it states. "Thus, even the most cautious Internet users are still being profiled over the Internet via dataveillance techniques from automated [Little] Brothers."

The patent document actually says "Litter Brothers" rather than "Little Brothers" in this one sentence. The typo that turns out to be an apt name for what the patent contemplates: "Techniques to pollute electronic profiling" proposes a way to attack invasive data collection by creating a fake identity, or clone.

The patent describes the "clone" as "another identity that is associated with a principal and appears to be the principal to others that interact [with] or monitor the clone over the network."

The clone performs activities in an assigned field of interest, which would typically not reflect the actual interests of the user. Its purpose is to deceive data gatherers.

"Any network eavesdroppers, which are performing dataveillance on a principal, are polluted by the transactions that are in fact divergent from the true principal's areas of interest," the patent says. "In this manner, data collection is not prevented; rather, it is intentionally polluted so as to make any data collection about a principal less valuable and less reliable."

Apple may not ever implement this patent in any of its products, but the impulse to defend oneself against invasive tracking is likely to sustain the development of countermeasures for the foreseeable future.

Don't worry though: Litter Brother will cover your tracks.

Black Hat USA Las Vegas, the premiere conference on information security, features four days of deep technical training followed by two days of presentations from speakers discussing their latest research around a broad range of security topics. At Caesars Palace in Las Vegas, July 21-26. Register today.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
6/24/2012 | 12:19:47 AM
re: Apple Gets Patent For Polluting Electronic Profiles
Apple is going through great lengths to not pollute the environment? That statement already makes me not want to read the rest of the article. The new Apple products are deemed the least repairable and millions of iProducts are sent to landfills, because the next shiny thing is for sale.
jmercado295
50%
50%
jmercado295,
User Rank: Apprentice
6/22/2012 | 6:33:56 PM
re: Apple Gets Patent For Polluting Electronic Profiles
Wow. Apple got a patent for something I've been doing for years. I've been able to enter 1895 for a year of birth. Once I determine that I like the site, I re-register correctly. Sue me Apple!
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.