Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/20/2012
02:39 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple Gets Patent For Polluting Electronic Profiles

Apple patent describes how privacy can be protected by disseminating fake data.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
Apple goes to great lengths to ensure that it isn't polluting the environment, but it doesn't appear to be as concerned about polluting databases.

On Tuesday, Apple was awarded a patent that describes a way to pollute online data to promote privacy. The patent, "Techniques to pollute electronic profiling," was first issued in 2007 and initially was assigned to Novell.

Apple acquired a number of Novell patents in February, following approval from the U.S. Department of Justice. The company did not respond to a request to confirm that this patent was among those acquired from Novell and to comment on whether it sought specifically to acquire this patent.

[ Another tech fight is underway. Read Google Battles YouTube-To-MP3 Conversion Website. ]

The patent covers a method for enhancing privacy by generating fake online identities to confound personal profiling efforts. It describes how concerns about "Big Brother" government surveillance have been supplanted by worries about "Little Brothers," automated programs that monitor people's Internet activities.

Apple hasn't been much concerned with fighting Big Brother since its highly regarded "1984" commercial. But since then, it has found, as Microsoft has, that supporting user privacy can advance its competitive interests and enhance its standing among regulators.

Since Google became Apple's primary competitor, Apple has taken steps to support privacy initiatives that limit the ability of third-parties to collect data useful for advertising. For example, Apple last year added support for the do-not-track browser header in OS X Lion. Its Safari browser also defaults to blocking cookies from third-party websites, a feature Google bypassed (and got in trouble for) as a way to resolve conflicting user preferences.

Apple has also had its privacy proclivities reinforced as a result of the controversy over its storage of unprotected location data on the iPhone and of iOS developers' use of the UID identifier as the key to data profiles of iPhone users.

Apple's profile pollution patent, written in 2005 by or on behalf of inventor Stephen R. Carter for Novell, describes how computer users are taking counter-measures to combat data gathering. "In fact, users are becoming so concerned about dataveillance that a booming industry has arisen that attempts to thwart the data collection. Some examples include 'anonymizers' and 'spyware killers.'"

The patent suggests resistance is futile, as the persistence of concerns about data gathering over seven years suggests. "In a sense if the user engages in any Internet activity, information may be successfully collected about that user," it states. "Thus, even the most cautious Internet users are still being profiled over the Internet via dataveillance techniques from automated [Little] Brothers."

The patent document actually says "Litter Brothers" rather than "Little Brothers" in this one sentence. The typo that turns out to be an apt name for what the patent contemplates: "Techniques to pollute electronic profiling" proposes a way to attack invasive data collection by creating a fake identity, or clone.

The patent describes the "clone" as "another identity that is associated with a principal and appears to be the principal to others that interact [with] or monitor the clone over the network."

The clone performs activities in an assigned field of interest, which would typically not reflect the actual interests of the user. Its purpose is to deceive data gatherers.

"Any network eavesdroppers, which are performing dataveillance on a principal, are polluted by the transactions that are in fact divergent from the true principal's areas of interest," the patent says. "In this manner, data collection is not prevented; rather, it is intentionally polluted so as to make any data collection about a principal less valuable and less reliable."

Apple may not ever implement this patent in any of its products, but the impulse to defend oneself against invasive tracking is likely to sustain the development of countermeasures for the foreseeable future.

Don't worry though: Litter Brother will cover your tracks.

Black Hat USA Las Vegas, the premiere conference on information security, features four days of deep technical training followed by two days of presentations from speakers discussing their latest research around a broad range of security topics. At Caesars Palace in Las Vegas, July 21-26. Register today.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
6/24/2012 | 12:19:47 AM
re: Apple Gets Patent For Polluting Electronic Profiles
Apple is going through great lengths to not pollute the environment? That statement already makes me not want to read the rest of the article. The new Apple products are deemed the least repairable and millions of iProducts are sent to landfills, because the next shiny thing is for sale.
jmercado295
50%
50%
jmercado295,
User Rank: Apprentice
6/22/2012 | 6:33:56 PM
re: Apple Gets Patent For Polluting Electronic Profiles
Wow. Apple got a patent for something I've been doing for years. I've been able to enter 1895 for a year of birth. Once I determine that I like the site, I re-register correctly. Sue me Apple!
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...