Can the thread to our privacy that is posed by the rise of biometric data, be grasped more easily through the means of a tool for self tracking?



//intro

Biometric data is increasingly collected and adopted as a form of authentication; it’s not data we choose to create, like uploading a photo to Instagram, but rather data that is us. The outlook of such data to be shared and traded across private and public platforms - as is the case with content and metadata - threatens to make mass surveillance and the tracking of individuals significantly more efficient.

The real capabilities of algorithms and the implications of our data being collected are often hard to grasp. Through my project, I aim to both create a better understanding of the concept of biometric data as well as give a demonstration of the dangers that come with its increasing collection. [thesis] is a Chrome extension that collects your own biometric data while you are browsing; it then processes it and presents it to you in an understandable way, breaking down your behaviour on different websites. [thesis] is a framework for self-tracking and analysis.



image by Christoph Niemann



//bigger picture

The types of data we mostly talk about when discussing issues around (digital) privacy, are content and meta information. These are used heavily to make assumptions about the kind of person we are and the things we are interested in. This project is, very decidedly, not about any of the two, but deals with biometric data instead. Biometrics describe both behavioural and physical characteristics of individuals. It’s not data we decide to create, but rather data that is us. Behavioural characteristics describe our movements and habits, physical characteristics describe our physical and biological make-up.

Biometrics are praised as a new form of authentication. There is great arguments: no need to choose and remember a password, but using unique, highly accurate and personal characteristics instead. Sounds good, but comes with enormous risks. Surveillance systems aim to locate and track, and do so by processing vast amounts of data. The more efficient surveillance becomes, the more chilling its effect on artistic and scientific inventiveness as well as on political expression. Bringing biometrics into this equation is threatening precisely because they promise extremely high accuracy and also because, by definition, one cannot detach from such data as its bound to our physical bodies and intuitive behaviour.

>> read more about the potential risks of biometric identity systems.
>> another interesting article about the use of keystroke patterns for tracking individuals is here.



//what

[thesis] is a Chrome Extension for biometric self tracking. It allows the user to collect data about his own online behaviour. [thesis] then visualises and presents this data in a way that the concept of biometrics becomes more graspable and both the power and the risks it brings more apparent.

It is designed for frequent users of the web. Some of them, I imagine, are curious about “surveillance and privacy things” beforehand. It’s bot built for experts, but for the broader public, hoping to get more people involved into the discourse.



typing behaviour /source: gsstech.in



//how

After downloading, the user chooses a password. The extension never communicates data to any remote server; the sensitive information collected is only ever stored on the user’s machine. The password simply provides additional encryption.



In theory, [thesis] tracks a variety of behavioural characteristics on whichever website the user chooses to visit. However all settings are off by default and require the user to opt in. He can decide to only self-track on specific domains and equally opt to only collect specific data points.

Examples:

mouse behaviour “What patterns follows the user’s typical mouse movement on www.nytimes.com?”
scrolling “How far and how fast does he scroll on Facebook?”
typing frequency and pattern “What’s the ratio of reading/typing on gmail.com and when typing, what’s the typical rhythm of the keystrokes?”

mouse behaviour


All data collected can be seen visualised and animated in the [thesis] Dashboard.

On top of that, [thesis] offers an experimental feature that will work better with some behavioural data points than with others: While browsing, [thesis] will constantly compare current behaviour against the ones in the records. From that, a confidence score is calculated representing the likelihood of the person browsing to be in fact the real user. When, for example a friend takes over the computer and enters a short text, the typing pattern will not match, giving a low confidence score. This feature is not a security mechanism, but yet another way to highlight the efficiency for such methods for distinguishing an individual from a crowd.



previous project: keystroke rhythm visualisation tool "Keyprints"




//technology and process

All visualisation work for the extension’s Dashboard will most likely be done using d3js or p5js. Regarding the development schedule I will follow a feature-by-feature approach. That means to build a prototype that is fully working, but only tracking one feature; I will start with typing behaviour. Then, as time allows, I’ll be adding more features one by one. This approach makes sense as, also in the future, methods can be added and updated.



//past work and inspiration

I have been interested in privacy issues in general, but also in biometric data and specifically keystroke dynamics for almost two years.

In my first Semster at ITP I started experimenting with (OS-level) keystroke tracking and using it for recognition of individuals. Under the mentorship of Adam Harvey I have developed a keystroke pattern visualistion tool (“Keyprints”) using p5.js and a physical board (“Deceit Board”) that allows to anonymise keystroke patterns before they reach the computer.

The thesis will build on that research, but concentrate specifically on the browser and on making the methods available to a broader public.

previous project: keystroke rhythm anonymisation tool "Deceit Board"



Other projects that have been very influential for my idea are dataselfie.it, a Chrome extension that tracks which content you enagage with on Facebook, and then presents you an analysis based on that. My project, in contrast, will solely concentrate on behavioural data and its use for tracking - and not content data and its use for personality analysis.
A second project is clickclickclick.click, a website that gives an insight into the detail to which browsing behaviour can be tracked. It does so in a humorous way and is confined to its own website rather than dealing with geneal browsing behaviour.

On top of that, I have a long list of ongoing research experiments that I continue as time allows. These include a keystroke pattern spoofing method, a machine learning approach to guessing the content of something typed from only knowing the pattern and general OS-level key and mouse logging experiments.



//close

Everyone is affected by the ways in which technology is constructed, yet not everyone has the desire to be a programmer and to understand the details - nor does everybody have to! I happen to have this desire, and I can communicate concepts and make them understandable to people around me; that’s my aspiration anyway. I want to critically discuss the technological progress and its impact on society at large and communicate my findings in ways understandable to the people that are actually affected.