It tells when the user is online. This is useful for sending spam, because being on top of the inbox makes it more likely your message will be read.

To be fair, I doubt anyone’s implemented this specifically for ICMP. Instead I’d expect tracking that watches for any IP traffic whatsoever, and that happens to include ICMP.

ICMP reveals your IP address, which is easily correlated with other traffic…

And IntelliSync, so you could have the same contacts in your PC and your Palm Pilot.

I still wouldn’t trust it because of homograph attacks.

Yeah. The huge legal distinctions between different ways of unlocking a device seem absurd. Comprehensive privacy legislation would help.

Authorities with a warrant can drill into a safe to get to its contents. That’s legally distinct from forcing someone to unlock the safe by entering the combination. It takes some mental effort to enter a combination, so it counts as “testimony”, and in the USA people can’t be forced to testify against themselves.

The parallel in US law is that people can be forced to unlock a phone using biometrics, but they can’t be forced to unlock a phone by entering a passcode. The absurd part here is that the actions have the same effect, but one of them can be compelled and the other cannot.