Forgot your password?
typodupeerror
Privacy Cellphones Security Your Rights Online

Mobile Phone Use Patterns Identify Individuals Better Than Fingerprints 88

Posted by Soulskill
from the but-not-conveniently-etched-on-your-thumb dept.
chicksdaddy writes "Mobile phone use may be a more accurate identifier of individuals than even their own fingerprints, according to research published on the web site of the scientific journal Nature. Scientists at MIT and the Université catholique de Louvain in Belgium analyzed 15 months of mobility data for 1.5 million individuals who the same mobile carrier. Their analysis, 'Unique in the Crowd: the privacy bounds of human mobility' showed that data from just four, randomly chosen 'spatio-temporal points' (for example, mobile device pings to carrier antennas) was enough to uniquely identify 95% of the individuals, based on their pattern of movement. Even with just two randomly chosen points, the researchers say they could uniquely characterize around half of the 1.5 million mobile phone users. The research has profound implications for privacy, suggesting that the use of mobile devices makes it impossible to remain anonymous – even without the use of tracking software."
This discussion has been archived. No new comments can be posted.

Mobile Phone Use Patterns Identify Individuals Better Than Fingerprints

Comments Filter:
  • by Taco Cowboy (5327) on Wednesday March 27, 2013 @08:25AM (#43290339) Journal

    I learn something very useful today !!

    It really sends chills up my spine reading TFA --- it IS that easy to identify and track and predict the location of any individual based on what TFA has outlined !!

    Man ... I think I gotta get more cellphones with different phone companies, that way I can rotate the use of the phones to cut down of the chance of being identified

    • by Anonymous Coward

      Man ... I think I gotta get more cellphones with different phone companies, that way I can rotate the use of the phones to cut down of the chance of being identified

      I just give mine to my toddler for eight hours a day.

    • The VERY SAME result -- within margin of error anyway -- was found like 10 or 12 years ago. There is absolutely nothing new here.

      All this tells us is that law enforcement and other 3rd parties should not be allowed to get their hands on your cell phone location data without a warrant.
    • by Anonymous Coward

      Man ... I think I gotta get more cellphones with different phone companies, that way I can rotate the use of the phones to cut down of the chance of being identified

      How would that help? The same math also applies to cameras and face recognition.

      Take some images of you walking down street A, shopping at supermarket B, getting coffee at store C, and walking past bank D, all captured at different times on different days. That is enough to establish a mobility fingerprint that uniquely identifies you.

      The real

  • by puddingebola (2036796) on Wednesday March 27, 2013 @08:32AM (#43290399) Journal
    And there I was, seriously considering running out and buying a dumbphone and a pay as you go plan, and then more news of the Orwellian nightmare we are all dilegently constructing. Isn't there some wisdom in smashing your computer with a hammer and throwing your cell phone in the toilet?
    • by Seumas (6865)

      It's called "being unemployed", which is the result most Slashdotters would face if they threw away their phones and computers that they, you know, do their job on.

    • by Anonymous Coward

      Sure there is some wisdom in that but it will only help to save you. And with the millions of rodents using privacy destroying services like for example Failbook and Ogle, soon you will stand out clearly as an outcast and cannot even take a shit without an account. So while intuitive, this is a wrong solution. The actual solution is to keep everybody safe so Big Brother will not get a beachhead. We must affect dramatic legal changes and demand our civil rights. The predatory corporations must be stopped.

      htt [eff.org]

    • by alen (225700)

      smash the old style phone as well because a combination of your address and calling patterns can identify you just as well

  • by Anonymous Coward

    A use pattern is NOT comparable to a unique and unchanging physical characteristic as an identification method.

    • Re:+5 Bullshit (Score:4, Interesting)

      by SJHillman (1966756) on Wednesday March 27, 2013 @08:35AM (#43290427)

      For many people, changing their fingerprints is easier than changing their cell phone habits.

  • by openfrog (897716) on Wednesday March 27, 2013 @08:35AM (#43290433)

    Profound implications for privacy... The analogies are perplexing. Should I also worry about the fact that I have ten fingers with ten fingerprints at the end of them (not mentioning toes) means that it is impossible for me to have privacy? Recent research on 1.5 Million users shows that phone numbers uniquely identify subjects 100% of the time. That does not sound like this has profound implications for privacy, does it? Now admittedly, they talk about randomly chosen "spatio-temporal points", meaning, if you think of it, that you have a good chance at any time, of being either at home or at your place of work. But since your phone number already identifies you, the profound implications for privacy referred to in the article somehow escape me...

    • by gmclapp (2834681)
      Well said. Consider this hypothetical: You're looking for a specific person, the only information you have about them is their phone number. So, to identify them, you pick two random cell phone towers that their phone linked to and try to determine who they are.... But you already know who they are... I feel pretty safe knowing that people with that level of common sense are chasing me...
    • Druglords (Score:5, Insightful)

      by spectrokid (660550) on Wednesday March 27, 2013 @08:55AM (#43290567) Homepage
      The one use I can see here is tracking criminals who use throw-away phones. Unless the "spatio-temporal points" are dependent on your phone model of course. (No I did't read the article...)
    • by foniksonik (573572) on Wednesday March 27, 2013 @09:12AM (#43290733) Homepage Journal

      Here's what it does mean.

      With access to this data (even if its through an abstraction API), I could match back a profile created based on one device (using a device ID) with a new device owned by the same person.

      So lets say I'm a retailer and I want to track your visits to my stores based on your device ID. That works and is anonymous assuming that I'm not allowed to access your PI directly (as is the case). I can of course ask you to identify yourself through an app or whatnot to attach a name/email to you and match that to my CRM system.

      Now the problem is that when you change devices, pow, I'm out of luck for the anonymous tracking (the app would transition easily enough and could be cross platform, assuming you have an incentive to get it again).

      However with this abstracted "fingerprint" API I could conceivably request a match back for your new device against the database and get your old device ID in response, voila - anonymous transition of the profile to your new device. I can now continue tracking you with no lost history.

      • by openfrog (897716)

        Here's what it does mean.

        With access to this data (even if its through an abstraction API), I could match back a profile created based on one device (using a device ID) with a new device owned by the same person.

        So lets say I'm a retailer and I want to track your visits to my stores based on your device ID... with this abstracted "fingerprint" API I could conceivably request a match back for your new device against the database and get your old device ID in response, voila - anonymous transition of the profile to your new device. I can now continue tracking you with no lost history.

        Mmmmh! You begin with the proviso: "With access to this data"...

        Well if you have access to this data, you will not be a retailer...

      • by Artraze (600366)

        So, am I to understand that the point of your post is that they can connect the ID from your old phone to the ID of your new phone?
        Still a total non issue.

        Consider:
        > I can of course ask you to identify yourself through an app or whatnot to attach a name/email to you and match that to my CRM system.

        Well, wouldn't the new device offer the the same app and attachment? Why worry about the fingerprint when the person put their id/email into an app and sent it to you?

        I'm still with the OP: this identification

    • by Anonymous Coward

      Profound implications for privacy... The analogies are perplexing.

      And again, RMS has predicted it twenty years in advance. But people just never learn...

    • by silanea (1241518) on Wednesday March 27, 2013 @09:41AM (#43290969)

      The issue is not that they can tell which phone number you use, obviously. As I see it there are three problems with this kind of tracking technology:

      Firstly they could potentially track you across devices based on your behaviour. Think "disposable" phones. Sure, here in the Western world those are mostly used by criminals, so being able to track them may appear to be a good thing. But such technology usually ends up in the hands of repressive regimes.

      Secondly, mass surveillance is not just about you as an individual. By looking at where you go when and how long you stay there and correlating this with who else goes there at the same time one can make deductions about social networks within society without ever looking at one person up close. We already have a rampant practice of police doing what is in German called "Funkzellenabfrage": they request the names of every person logged into one specific radio cell at a given time. Essentially hundreds or thousands of people are made into suspects based on one point of data and consequently investigated, often to the point of harassment.

      And, even more importantly, algorithms can tell when you deviate from your regular pattern. This is the Next Big Thing in the security theatre. And I for one do enough "random" stuff to be worried that I may in the future find myself singled out by law enforcement based on what some computer says. Geo-caching alone should make my movements stand out quite a bit from the general population. Just look at the abundance of issues with existing "dumb" solutions like the US no-fly list or the European anti-terror watch lists.

      • by openfrog (897716)

        The issue is not that they can tell which phone number you use, obviously. As I see it there are three problems with this kind of tracking technology:

        Secondly, mass surveillance is not just about you as an individual. By looking at where you go when and how long you stay there and correlating this with who else goes there at the same time one can make deductions about social networks within society without ever looking at one person up close.

        I am with you on abuse from repressive regimes. But when you say "with this technology", I fail to understand. All the uses and abuses you mention are already not only possible, but routinely done by repressive regimes, and some. "This technology" adds nothing to the equation, except perhaps marginal cases where they would want to track you "across devices".

        In this regard, I can only find that the profound implications mentioned in the article are not so much profound as they are obscure.

    • But since your phone number already identifies you, the profound implications for privacy referred to in the article somehow escape me...

      Of course it does and the phone company already knows you, your #, your address, etc... That's not the point. What about mapping software? You tell google (or whomever) I am at coordinate A and need to go to coordinate B. You didn't volunteer your phone # but by mining logs you can be identified (at least as user X if nothing else). The implications is that just about any app you run has the potential to track you even if you don't sign in w/ an account or volunteer any personal information.

    • The implication isn't so much that someone can say "I'm looking for openfrog" and then find you through your cell phone habits. Law enforcement can easily just ask your cell carrier "where is openfrog" and they instantly know the last cell tower that you were on and track you in real time. This practice is akin to dusting for prints or checking last known addresses; it happens when there is a reason to look for an individual.

      The privacy implication is that data that are considered "anonymized" are valuable

    • by Bengie (1121981)
      The point isn't that they can identify who you are, but can have good reason to understand that you are the same anonymous person, entirely based on your habits. Even if your phone number was randomly generated every day, they could still track you, because you are the only person who does what you do the way that you do it.
    • by cffrost (885375)

      Recent research on 1.5 Million users shows that phone numbers uniquely identify subjects 100% of the time.

      Do you have a link to that research? It sounds incredible, due to loaning, theft, caller ID spoofing, etc.

  • by tsa (15680)

    The research has profound implications for privacy, suggesting that the use of mobile devices makes it impossible to remain anonymous – even without the use of tracking software.

    We've known that since the 1990s. Why get all upset about that now?

    • by rwise2112 (648849)
      This is a little different though. They were tracking the device before, but now if you change phones withhout your carrier's knowledge your usage on the new device still identifies you as an individual.
  • by Hentes (2461350) on Wednesday March 27, 2013 @08:51AM (#43290547)

    But now we also have scientific proof that when carriers sell our cell data claiming it has been anonymized they are lying. There's no such thing as anonymous location data.

    • This is the key point that should get action, but won't.
    • by Bengie (1121981)
      Anonymized means just that, to be anonymous. They still don't know who you are, only that you're the same person. Anonymous: "(of a person) Not identified by name; of unknown name."
      • by Hentes (2461350)

        As I said, there's no such thing as anonymous location data. Once they know where you live and where you work, all it takes is a Google search to find out who you are. What this research has shown is that breaking up the data to small timescales doesn't help either.

  • by alen (225700) on Wednesday March 27, 2013 @08:52AM (#43290553)

    all this proves is that most people do the same thing every day. wake up, go to work in the same place, hit the same cell towers and call the same people

    i bet if you start calling random numbers every day it might make it harder to identify you

    • by hrvatska (790627)
      Your normal calling pattern would still be there even with the background noise of random calls. It would take a bit more processing to tease that pattern out, but it could still be identified. Calling random numbers would be more of an inconvenience for you and the people receiving those calls than the software analyzing your call patterns.
    • by Laxori666 (748529)
      Then you'll be easily identifiable as one of the only ones that makes all those random calls.
    • all this proves is that most people do the same thing every day. wake up, go to work in the same place, hit the same cell towers and call the same people

      i bet if you start calling random numbers every day it might make it harder to identify you

      'spatio-temporal points' ... 'uniquely identify 95% of the individuals, based on their pattern of movement'. Your argument is faulty.

  • "Your honor, we are 95% sure the fingerprints we recovered from the murder scene belong to the defendant."

  • It has been known for some time that when one wants to commit a crime, one leaves their mobile at home.

  • Schedule flight mode. Schedule email and SMS checking.

    Why won't /. let me post smartass short replies? :p

  • I wonder how this research would have shifted if they'd only sampled geo-cachers and Ingress "agents" [ingress.com]
  • by DontScotty (978874) on Wednesday March 27, 2013 @12:19PM (#43293235) Homepage Journal

    regarding... "makes it impossible to remain anonymous â" even without the use of tracking software."

    Hello World -

    You are carrying a PHONE. Your PHONE is a mobile phone, and requires a radio link to the local tower to connect your call.

    Yes, this means that a system must be able to locate you to deliver your connection, and maintain your connection while you move from cellular tower to cellular tower.

    You must chose:
    1) If you want to remain anonymous, then have your radio information delivered to you by one-way-broadcasting. Turning on your car-radio allows you to receive the broadcasts, without actively revealing your location. Drawback: it's not a conversation.

    2) If you want to have a two-way conversation, then you're going to have your call routed to you, and your radio phone sending back. You will not now, nor never will be anonymous in this scenario.

    The solution: make choices based on your values. Stop waiting for a Deus ex Machina.

    If societal norm is carrying a phone, and you chose not to - then you are in sync with your values, and not society.

    Similar to a person who chooses a "car-free" lifestyle, biking 20 miles each direction for a work commute. Not typical, but not harmful to society. People might think it's odd, but will either adapt (or, stop inviting that person to breakfast meetings at the office, because they are stinking of sweat :-) )

    In conclusion: It's your life. Choose. Choose with the understanding that no two way radio phone conversation is anonymous.

  • This is very unsurprising. Most people spend the majority of their time at home or at work, so location information will give you those two data points. If I gave you my address and my employment and you told me my name, I would not be very impressed. Why is anyone surprised or impressed by the results of this research?

  • In a recent Slashdot poll, 7% of all respondents didn't have a mobile phone. I'm one of them.

    Not having a mobile phone doesn't mean you're paranoid about privacy. It could just as easily mean that you're waiting for the technology to mature. I notice that everyone seems to hate something: hardware quality, hardware cost, no signal, dropped calls, awful sound quality, basic service cost, roaming charges, long term contracts, etc. The list of complaints goes on and on.

    Why do you guys put up with that cr

A CONS is an object which cares. -- Bernie Greenberg.

Working...