January 20, 2019

389 words 2 mins read

KrauseFx/user.activity

KrauseFx/user.activity

Raising awareness of what you can do with a smartphones gyro sensors in web browsers
repo name KrauseFx/user.activity
repo link https://github.com/KrauseFx/user.activity
homepage https://krausefx.github.io/user.activity
language HTML
size (curr.) 265 kB
stars (curr.) 738
created 2017-09-04
license MIT License

What’s the user doing

Twitter: @KrauseFx License

Modern web browsers give the user more control over what data they’re sharing with websites, for example location services and access to the camera.

However I recently noticed a gap of how websites can determine the activity of the user based on the acceleration and gyro sensor built into modern smartphones, including the iPhone and Android phones.

Using that data, any website can determine if the user is using their phone while

  • sitting
  • standing
  • walking
  • running
  • driving
  • taking a picture
  • lying in bed
  • laying the phone on a table

and probably more, including guesses if the user is actively using their phone at this moment, or even if they’re impaired by alcohol.

This project

This was a 1h Sunday night hack project, where I wanted to see how easy it is to guess what the user is doing based on the data, without using any JS libraries, artificial intelligence or even any kind of pattern recognition.

Open the web-app on your mobile device

All source code can be found in a single file: index.html

./assets/photo.jpg

Take action

This project was by no means designed to be used to track the user, but instead make people aware of how easy it is to use that data, and get Apple to add a permission prompt of acceleration sensors for websites and mobile apps.

You can dupe the radar rdar://34234813 👍

Evil companies can afford to spend more resources on writing an excellent detection algorithm to (ab)use the sensor data to detect what the user is doing without getting their permission.

On the other hand, this could be used for positive things also, imagine a (web)app not showing a certain popup because it notices that you’re busy driving a car or walking on a street.

License

This project is licensed under the terms of the MIT license. See the LICENSE file.

This project is in no way affiliated with Apple Inc or Google Inc. This project is open source under the MIT license, which means you have full access to the source code and can modify it to fit your own needs.

html
comments powered by Disqus
igoradamenko/awsm.css

igoradamenko/awsm.css

October 26, 2018

Simple CSS library for semantic HTML markup
ryanflorence/render-markdown-javascript

ryanflorence/render-markdown-javascript

January 18, 2019

Renders markdown files to HTML with highlighted code blocks BUT ALSO RENDERS THE JAVASCRIPT ONES.
JockDaRock/Time2Code

JockDaRock/Time2Code

January 6, 2019

Portable Scalable web code editor to integrate into your sites and learning experiences
stackblitz/core

stackblitz/core

January 6, 2019

Online IDE powered by Visual Studio Code
sruda/steroidesign

sruda/steroidesign

January 2, 2019

Themes based on the biggest StartUps (buttons, color palette, components, etc.) ready to use in your own projects.
ConsenSys/smart-contract-best-practices

ConsenSys/smart-contract-best-practices

December 30, 2018

A guide to smart contract security best practices
Spandan-Madan/DeepLearningProject

Spandan-Madan/DeepLearningProject

December 28, 2018

An in-depth machine learning tutorial introducing readers to a whole machine learning pipeline from scratch.
sdras/svg-workshop

sdras/svg-workshop

December 27, 2018

Materials for SVG Essentials & Animation Course
roman01la/html-to-react-components

roman01la/html-to-react-components

December 25, 2018

Converts HTML pages into React components