Risk
6/20/2012
02:39 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple Gets Patent For Polluting Electronic Profiles

Apple patent describes how privacy can be protected by disseminating fake data.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
Apple goes to great lengths to ensure that it isn't polluting the environment, but it doesn't appear to be as concerned about polluting databases.

On Tuesday, Apple was awarded a patent that describes a way to pollute online data to promote privacy. The patent, "Techniques to pollute electronic profiling," was first issued in 2007 and initially was assigned to Novell.

Apple acquired a number of Novell patents in February, following approval from the U.S. Department of Justice. The company did not respond to a request to confirm that this patent was among those acquired from Novell and to comment on whether it sought specifically to acquire this patent.

[ Another tech fight is underway. Read Google Battles YouTube-To-MP3 Conversion Website. ]

The patent covers a method for enhancing privacy by generating fake online identities to confound personal profiling efforts. It describes how concerns about "Big Brother" government surveillance have been supplanted by worries about "Little Brothers," automated programs that monitor people's Internet activities.

Apple hasn't been much concerned with fighting Big Brother since its highly regarded "1984" commercial. But since then, it has found, as Microsoft has, that supporting user privacy can advance its competitive interests and enhance its standing among regulators.

Since Google became Apple's primary competitor, Apple has taken steps to support privacy initiatives that limit the ability of third-parties to collect data useful for advertising. For example, Apple last year added support for the do-not-track browser header in OS X Lion. Its Safari browser also defaults to blocking cookies from third-party websites, a feature Google bypassed (and got in trouble for) as a way to resolve conflicting user preferences.

Apple has also had its privacy proclivities reinforced as a result of the controversy over its storage of unprotected location data on the iPhone and of iOS developers' use of the UID identifier as the key to data profiles of iPhone users.

Apple's profile pollution patent, written in 2005 by or on behalf of inventor Stephen R. Carter for Novell, describes how computer users are taking counter-measures to combat data gathering. "In fact, users are becoming so concerned about dataveillance that a booming industry has arisen that attempts to thwart the data collection. Some examples include 'anonymizers' and 'spyware killers.'"

The patent suggests resistance is futile, as the persistence of concerns about data gathering over seven years suggests. "In a sense if the user engages in any Internet activity, information may be successfully collected about that user," it states. "Thus, even the most cautious Internet users are still being profiled over the Internet via dataveillance techniques from automated [Little] Brothers."

The patent document actually says "Litter Brothers" rather than "Little Brothers" in this one sentence. The typo that turns out to be an apt name for what the patent contemplates: "Techniques to pollute electronic profiling" proposes a way to attack invasive data collection by creating a fake identity, or clone.

The patent describes the "clone" as "another identity that is associated with a principal and appears to be the principal to others that interact [with] or monitor the clone over the network."

The clone performs activities in an assigned field of interest, which would typically not reflect the actual interests of the user. Its purpose is to deceive data gatherers.

"Any network eavesdroppers, which are performing dataveillance on a principal, are polluted by the transactions that are in fact divergent from the true principal's areas of interest," the patent says. "In this manner, data collection is not prevented; rather, it is intentionally polluted so as to make any data collection about a principal less valuable and less reliable."

Apple may not ever implement this patent in any of its products, but the impulse to defend oneself against invasive tracking is likely to sustain the development of countermeasures for the foreseeable future.

Don't worry though: Litter Brother will cover your tracks.

Black Hat USA Las Vegas, the premiere conference on information security, features four days of deep technical training followed by two days of presentations from speakers discussing their latest research around a broad range of security topics. At Caesars Palace in Las Vegas, July 21-26. Register today.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
moarsauce123
50%
50%
moarsauce123,
User Rank: Apprentice
6/24/2012 | 12:19:47 AM
re: Apple Gets Patent For Polluting Electronic Profiles
Apple is going through great lengths to not pollute the environment? That statement already makes me not want to read the rest of the article. The new Apple products are deemed the least repairable and millions of iProducts are sent to landfills, because the next shiny thing is for sale.
jmercado295
50%
50%
jmercado295,
User Rank: Apprentice
6/22/2012 | 6:33:56 PM
re: Apple Gets Patent For Polluting Electronic Profiles
Wow. Apple got a patent for something I've been doing for years. I've been able to enter 1895 for a year of birth. Once I determine that I like the site, I re-register correctly. Sue me Apple!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1449
Published: 2014-12-25
The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.

CVE-2014-2217
Published: 2014-12-25
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.

CVE-2014-3971
Published: 2014-12-25
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

CVE-2014-7193
Published: 2014-12-25
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site ...

CVE-2014-7300
Published: 2014-12-25
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.