https://www.technologyreview.com/2024/02/27/1088154/wifi-sensing-tracking-movements/
WiFi-based human motion detection through barriers
this post was submitted on 20 Oct 2025
378 points (99.2% liked)
Privacy
42690 readers
1368 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 6 years ago
MODERATORS
For audio recordings, there is usually a trace of electric hum in the background that has enough randomness to yield info on when (and sometimes where) the recording took place.
It's not as much of a privacy violation as a privacy vulnerability, but it's still relevant.
Tons of websites record your mouse, keyboard, and scroll activity, and can play back exactly what you saw on your browser window from its backend dashboard as a video. This is called session replay. There are pre-made libraries for this you can import so it's super common, I believe Mouseflow is one of the biggest providers.
When a mobile app, Windows app, or even website crashes nowadays, it automatically sends the crash dump to the app developer/OS vendor (the OS often does this whether the app requests it or not because the OS developer themselves are interested in what apps crash and in what ways). We're talking full memory dump, so whatever private data was in the app's memory when it crashed gets uploaded to a server somewhere without your consent, and almost certainly kept forever. God help you if the OS itself crashes because your entire computer's state is getting reported to the devs.
Your phone's gyroscope can record what you say by sensing vibrations in the air. It may or may not be something humans will recognize as speech if played back because the frequency range is too limited, but it's been shown that there's enough information for a speech recognition AI to decode. Good chance the accelerometer and other sensors can be used in the same way, and using them together will increase the fidelity making it easier to decode. Oh did I mention no device has ever implemented permission controls for sensors so any app or even website can access them without your consent or knowledge?
Correction: GrapheneOS has implemented permission controls for sensors. It also has sandboxing and permission scopes to prevent many of those leaks.
However, Graphene is not available to everyone, and it's still problematic due to bystanders/passerby.
nah only the minidump is reported back which only contains the memory the crashing stack is using. Sending the full dump would requires uploading gigabytes of data which would cripple any home internet as they mostly have very limited upstream bandwidth.
load more comments
(4 replies)
Maybe this. Most smartphones have a modem inside, this modem has a separate closed-sourced operating system and it usually has the main priority in controlling the smartphone relative to the processor running the main operating system, such as Android. Sometimes the modem has access to the microphone or memory, even bypassing the CPU. Although maybe everyone already knows that.
Well if you have a better way of designing a hard RTOS I'd like to hear it.
Snowden gave us this info, right?
I've wondered for a while if something like this is why Google allowed their bootloaders to be unlocked, because they can get at everything anyways.
And I bet that if that was the case, they've backed off that for future phones because of those stories about law enforcement seeing having those phones as suspicious, which could hurt sales, since I bet the majority of pixel users don't switch operating systems.
Wouldn't that lead to a "Clipper Chip" situation where somone figured out how to isolate the issue? I think the Graphene team already did it.
load more comments
(12 replies)
Most modern cars are SIM-enabled and are constantly sending data back to the mothership. But even those that aren't will still collect data locally and that data will be collected when you send the car to an "official/licenced/authorized" repair shop.
I have heard firsthand that investigators just go for the car instead of the phone since it is way easier to get data from the car.
Earlier this year during the CCC security conference it was revealed that the tracking info of 800k Volkswagen cars was publicly accessible...
The talk is available in English as well I believe: https://media.ccc.de/v/38c3-wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen
So where's the directory of where to find the transmitter/SIM in specific vehicles?
You can look this up for your model. When I was looking this, there was a youtube video showing how to physically renove chevy's onstar thing in the car
I hate this.
I'm still driving a '99 vehicle and the most advanced thing about it are the power windows. I dread upgrading to a vehicle that can break in so many new ways. I hate that everything has touch screens and the software on many is awful and if it breaks, surprise, you have no music in your car now.
load more comments
(5 replies)
load more comments
(1 replies)
load more comments
(4 replies)
Well just recently learned that some printers exfiltrate data from air gapped networks through ink cartridges.
Photos taken by digital cameras are also trackable in a similar way as prints taken from a printer. I recall reading they were trying to identify the device after a Harry Potter book was leaked by someone taking digital photographs.
To be clear, this is not about EXIF data (which is its own problem).
Digital cameras can be fingerprinted from the images they produce, due to variations between pixels in any given sensor. If you're concerned about an image being traced back to your camera, you might consider some post-processing before distributing it.
load more comments
(16 replies)
Social graph connections can be automatically inferred from location data. This has been done by governments (example) for a long time and is also done by private companies (sorry I can't find a link at the moment).
A lot of stores track your movement through the store with the WiFi or bluetooth your phone sends out, unless you have that turned off. Since it's "anonymous" not even stuff like the GDPR requires to notify anyone of this.
This can also be done via the security cameras mounted in the ceiling.
load more comments
(8 replies)
The worst thing about that printer tracking is that we only learned about it around 20 years after they started implementing it. It's been another 20 years, imagine what they're doing now.
view more: next ›