Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/20/2012
02:39 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple Gets Patent For Polluting Electronic Profiles

Apple patent describes how privacy can be protected by disseminating fake data.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
Apple goes to great lengths to ensure that it isn't polluting the environment, but it doesn't appear to be as concerned about polluting databases.

On Tuesday, Apple was awarded a patent that describes a way to pollute online data to promote privacy. The patent, "Techniques to pollute electronic profiling," was first issued in 2007 and initially was assigned to Novell.

Apple acquired a number of Novell patents in February, following approval from the U.S. Department of Justice. The company did not respond to a request to confirm that this patent was among those acquired from Novell and to comment on whether it sought specifically to acquire this patent.

[ Another tech fight is underway. Read Google Battles YouTube-To-MP3 Conversion Website. ]

The patent covers a method for enhancing privacy by generating fake online identities to confound personal profiling efforts. It describes how concerns about "Big Brother" government surveillance have been supplanted by worries about "Little Brothers," automated programs that monitor people's Internet activities.

Apple hasn't been much concerned with fighting Big Brother since its highly regarded "1984" commercial. But since then, it has found, as Microsoft has, that supporting user privacy can advance its competitive interests and enhance its standing among regulators.

Since Google became Apple's primary competitor, Apple has taken steps to support privacy initiatives that limit the ability of third-parties to collect data useful for advertising. For example, Apple last year added support for the do-not-track browser header in OS X Lion. Its Safari browser also defaults to blocking cookies from third-party websites, a feature Google bypassed (and got in trouble for) as a way to resolve conflicting user preferences.

Apple has also had its privacy proclivities reinforced as a result of the controversy over its storage of unprotected location data on the iPhone and of iOS developers' use of the UID identifier as the key to data profiles of iPhone users.

Apple's profile pollution patent, written in 2005 by or on behalf of inventor Stephen R. Carter for Novell, describes how computer users are taking counter-measures to combat data gathering. "In fact, users are becoming so concerned about dataveillance that a booming industry has arisen that attempts to thwart the data collection. Some examples include 'anonymizers' and 'spyware killers.'"

The patent suggests resistance is futile, as the persistence of concerns about data gathering over seven years suggests. "In a sense if the user engages in any Internet activity, information may be successfully collected about that user," it states. "Thus, even the most cautious Internet users are still being profiled over the Internet via dataveillance techniques from automated [Little] Brothers."

The patent document actually says "Litter Brothers" rather than "Little Brothers" in this one sentence. The typo that turns out to be an apt name for what the patent contemplates: "Techniques to pollute electronic profiling" proposes a way to attack invasive data collection by creating a fake identity, or clone.

The patent describes the "clone" as "another identity that is associated with a principal and appears to be the principal to others that interact [with] or monitor the clone over the network."

The clone performs activities in an assigned field of interest, which would typically not reflect the actual interests of the user. Its purpose is to deceive data gatherers.

"Any network eavesdroppers, which are performing dataveillance on a principal, are polluted by the transactions that are in fact divergent from the true principal's areas of interest," the patent says. "In this manner, data collection is not prevented; rather, it is intentionally polluted so as to make any data collection about a principal less valuable and less reliable."

Apple may not ever implement this patent in any of its products, but the impulse to defend oneself against invasive tracking is likely to sustain the development of countermeasures for the foreseeable future.

Don't worry though: Litter Brother will cover your tracks.

Black Hat USA Las Vegas, the premiere conference on information security, features four days of deep technical training followed by two days of presentations from speakers discussing their latest research around a broad range of security topics. At Caesars Palace in Las Vegas, July 21-26. Register today.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
6/24/2012 | 12:19:47 AM
re: Apple Gets Patent For Polluting Electronic Profiles
Apple is going through great lengths to not pollute the environment? That statement already makes me not want to read the rest of the article. The new Apple products are deemed the least repairable and millions of iProducts are sent to landfills, because the next shiny thing is for sale.
jmercado295
50%
50%
jmercado295,
User Rank: Apprentice
6/22/2012 | 6:33:56 PM
re: Apple Gets Patent For Polluting Electronic Profiles
Wow. Apple got a patent for something I've been doing for years. I've been able to enter 1895 for a year of birth. Once I determine that I like the site, I re-register correctly. Sue me Apple!
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.