All of the conspiracy theories are real! The industry managed to keep the evidence from us for decades, but finally a marketing agency of a local newspaper chain has blown the lid off the whole thing, in a bunch of blog posts and PDFs and on a podcast.
Everyone believed that their phone was listening to them even when it wasn’t. The marketing agency of a local newspaper chain were the first group to be caught taking advantage of that widespread paranoia and use it to try and dupe people into spending money with them, despite the tech not actually working like that.
It’s a false dichotomy. This conspiracy can be real without all the others. It’s not all or nothing.
local newspaper chain
Cox? They’re a little more than that. These are the folks trying to sell me a Contour Voice Remote [1]. It’s not hard to imagine what they’re doing with the data.
I think you’re hitting the nail on the head here. I think the slides are getting crafty with language.
The power of voice (and our devices’ microphones)
They flex the reader into an ingroup mentality with “our” to think they are talking about the devices we all have in our pockets. I think the reason their active listening occurs only once they’ve targeted a very specific geographic area is because it is their devices they are listening to in that area. I suspect they partner with stores, malls, car services, etc to host always-recording microphones attached to reliable power sources, with decent acoustics (i.e. not in someone’s pocket). Then they use BTLE signals, etc that stores already use for tracking consumers around stores to know which consumers are near the microphones and thus might be the ones talking about products they are about to buy. In other words, I think this is targeting people who are in Target (for example) and wondering if Amazon has a better price for the lotion they are standing in front of.
While less paranoia-inducing, this would also be a sleazy thing to do.
Because scanning local networks to gather intelligence for targeted advertising and exposing ink levels over SNMP are not the same thing as turning on a microphone and listening to what people are saying. Completely different levels of scandal.
Seriously, I’ve now actually looked around and I’m finding nothing. I’m going to go ahead and say “that’s not true” on that one. Perhaps a flag for “needs source” would be nice lol
So a reddit post? Where someone connected a device to their network and it explicitly integrated with other devices on the network, because it is a home management device for managing devices on a network?
I’m dismissing this entire thing. I mean, I could easily justify this behavior, but I’m not going to even think about it when the evidence is a confused, non technical redditor.
I may have misremembered the source but I definitely read about it on some website, not reddit directly (even old.reddit.com doesn’t work for me anymore).
I have never owned an Alexa device, but I believe that this “integrating with other devices on the network” thing you mentioned, would make me ditch the device the moment I’d notice that it gathers intelligence to push me to towards making more purchases via Amazon.
But what’s the alleged “conspiracy”? I don’t think it takes a conspiracy to make this true
If people are saying that Facebook has a secret API in iOS and Android so they can listen to you when their app isn’t running and permissions are off, then I’d say “no that conspiracy requires too many parties to coordinate without it leaking”
If people are saying that apps that have permission overcollect data, including audio data, and that this information eventually makes it back to Facebook for ad targeting, then I’d say “that probably happens”
Why wouldn’t it happen?
The whole reason sites like Reddit have purposely let their website rot and push the app so hard is because a web browser is sandboxed in a way that a phone is not
I’m pretty sure the device ID is a huge thing for advertisers – if they didn’t have the device ID, they couldn’t join global profiles together, even when you are logged out
The way I think it works is that every there are a bazillion data streams of different apps, but you are not logged in on all the apps.
You might look like 20 or 30 different users to the advertisers
Now the trick is to find a fuzzy join key that can join most of your profiles together, because it’s shown to improve ad conversion rates
I think basically what happened over the last 10 years is that the joining got better. That’s why people noticed more things “following them around”
Hell I just got printed spam via snail mail from some company ZocDoc (who I have no relationship and never gave my mailing address or e-mail to), recommending a Dentist that lives with 3 blocks of me, because I’ve been using the web to search for dentists, and I guess all my profile data / location is leaking
There is so much damn data out there that this is sort of inevitable
Every damn company is pushing you to install their app, because when you do, it unlocks all the data from the other apps you use. They are pooling their data together, to “improve business for all”
I guess Apple noticed all this and locked it down a LITTLE, but not 100%. I’d be interested in details/corrections from people who know more
So I think that is analogous to what has happened in the ad industry. There is not necessarily an EXPLICIT secret agreement, but there is so much data sharing that it can give the EFFECT of coordinated action
i.e. an implicit “conspiracy” rather than than an explicit one
And no doubt SOME of that data is audio data, collected from phones (where the app has permission).
Also, the book “Chaos Monkeys” has some good detail on how Facebook came to join data in a way that Google doesn’t (or didn’t at the time)
As far as I remember it involved pre-Internet “offline” databases of consumer information
Right: that’s the thing. The rental price collusion among landlords is true. The way advertising companies merge data together from all sorts of different sources is also true. We need to know that those things are true so we can respond to them, because they are real threats to our privacy.
“Facebook apps listen to you through your phone’s microphone and target ads at you” is not true. Believing it’s true is a distraction from the things we should be reacting to.
Apps listen to you through your phone’s microphone and target ads at you
Is that true from the average person’s perspective? I’d argue it is
In a different comment, you said
I care. This is such a damaging conspiracy theory. It’s causing some people to stop trusting their most important piece of personal technology: their phone.
I’d say their phone is in fact untrustworthy. Why would they trust it? (honest question)
And I personally behave in a way that’s consistent with that – I have never installed a social media app on my phone ever. If I have to use social media, I use the web
I worked at Google for 11 years (not anywhere near ads), and I have only a rough idea how it all works, but I know that there is data sharing and tracking without any real consent
As the salesperson explained, your “consent” is part of the multi-page EULA
It’s also due to purposely grinding down the web experience and nagging you to death (and again I personally don’t consent by not using many apps on phones)
The average person doesn’t know what any of these things are
operating system (what does that do?)
permissions (I just click the button because I want to do the thing that they said I can do)
ad network, ad exchange
bidding
first party / third party
So again, if someone says, Apps listen to you through your phone’s microphone and target ads at you, then I’m not really going to disagree with them
Just like they can say landlords collude to fix prices – that also appears to be true, and is a new type of crime enabled by technology
On the iPhone there’s an orange circle that displays if an app has access to the microphone.
Yeah, I’ve seen variants of this argument before: phones do creepy things to target ads, but it’s not exactly “listen through your microphone” - but there’s no harm in people believing that if it helps them understand that there’s creepy stuff going on generally.
I don’t buy that. Privacy is important. People who are sufficiently engaged need to be able to understand exactly what’s going on, so they can e.g. campaign for legislators to reign in the most egregious abuses.
I think it’s harmful letting people continue to believe things about privacy that are not true, when we should instead be helping them understand the things that are true.
This discussion thread is full of technically minded, engaged people who still believe an inaccurate version of what their devices are doing. Those are the people that need to have an accurate understanding, because those are the people that can help explain it to others and can hopefully drive meaningful change.
It uses some hacked together voice recognition to turn audio into text. There is no advanced AI.
This is fed into some industry-wide service, in exchange for other joined data.
So the salesman is not lying when he says:
“Active Listening” software uses artificial intelligence to “capture real-time intent data by listening to our conversations.
Advertisers can pair this voice-data with behavioral data to target in-market consumers
Just exaggerating. From experience, these companies don’t have the kind of engineering that FB/Google do.
(e.g. Google engineers bypassed Safari protections to collect more data (and paid a settlement); I don’t think most companies do that.)
Now, this single Cox Media Group incident does NOT necessarily justify widespread consumer perception that their phones are untrustworthy, or that they are being constantly spied on via audio.
But I would ask if you can rule that out.
You can consider the CMG app an instance of “grayware”. Surely it’s not the only one that exists. The incentive is there for thousands of such apps to exist.
I am reminded of all those grayware search toolbars that were (are?) so prevalent on Windows machines (I think tens or hundreds of millions of machines). You or I would instantly notice that and remove it, but many users won’t
Did anyone ever consent to them? Weren’t they allowed by Chrome’s or IE’s app permissions? All it takes is a click to consent
Some version of this IS happening right now on phones – we just don’t know how prevalent it is. There are regular “outbreaks” in the Android ecosystem, and no doubt iOS. It’s an ongoing war. (Again the “story about Jessica”, while fictional, I think gives a flavor of how different most people’s experiences with computers, and motivations, are from “us”)
Wikipedia said there are 2.2 million iOS apps, and Android probably has more. Data collection is a huge incentive for basically all of them – otherwise they would just be websites. (It’s expensive to create both Android and iOS apps)
It’s a question of degree, not “if it happens”. Trust is also not binary, and some users have experiences that rationally lead them to trust less than others.
Create buyer personas by uploading past consumer data into the platform
Identify top performing keywords relative to your products and services by
analyzing keyword data and past ad campaigns
Ensure tracking is set up via a tracking pixel placed on your site or landing
page
Now that preparation is done:
Active listening begins in your target geo and buyer behavior is detected
across 470+ data sources […]
Our technology analyzes over 1.9 trillion behaviors daily and collects opt-in customer behavior data from hundreds of popular websites that offer top display, video platforms, social applications, and mobile marketplaces that allow laser-focused media buying.
Sources include: Google, LinkedIn, Facebook, Amazon and many more
That’s not describing anything ground-breaking or different. That’s how every targeting ad platform works: you upload a bunch of “past consumer data”, identify top keywords and setup a tracking pixel.
I think active listening is the term that the team came up with for “something that sounds fancy but really just means the way ad targeting platforms work already”. And then they got over-excited about the new metaphor and added that first couple of slides that talk about “voice data”, without really understanding how the tech works or what kind of a shitstorm that could kick off when people who DID understand technology started paying attention to their marketing.
To be fair, I mostly agree with you but this is a tricky topic. There are like multiple ‘conspiracies’ & multiple claims..
I do not believe my personal iPhone has recorded any audio that’s made it “downstream” to the ad/behavior/intent market. That is seemingly not how the sausage gets made.
However, there are lots of audio sources that I believe feed the downstream: voice control remotes, video doorbells, anything I say in a supermarket. I do not think there’s much conspiracy in saying all that audio is fair game. If all that audio is on the table, so to speak, it’s going in the sausage; they’re not leaving it on the floor.
Other sources, I’m not sure. Hey Alexa, I’m not sure (I don’t own that stuff). Voicemail speech-to-text, I’m not sure. Baby monitors, I’m not sure.
So there’s the too-far-too-specific claims like your-iPhone-is-listening-always that they can confidently deny. (without mentioning they don’t even need that, as much as they’d like it) Is it bad journalism to jump to the (likely false) conclusion? Sure. I don’t know why they do that. It muddies the topic, and gives them an out. That is not a hill I wanna argue on.
But to claim the slides are faked ?? That’s wild, to me. There’s clearly legitimate sources for this audio, and business interest, and technical capability. The sausage does get made, it would seem. (the question is: out of what?) The slides do not say that your-iPhone-is-listening-always so it’s like there are 2 conversations going on. A tricky topic.
I do not think there’s much conspiracy in saying all that audio is fair game.
There are relevant laws to consider. The US has various federal and state level wiretapping and eavesdropping laws. There are privacy laws like GDPR in the EU and CCPA in California. Illinois even passed its own “Keep Internet Devices Safe” act, albeit with lobbyist alterations that will stir up skeptics even more.
Tech companies do a lot of bad things. That’s why I care about us accurately describing the bad things they do, rather than saying “Yeah, Facebook probably advertise to you based on listening to what you say through your microphone, that’s the kind of thing they would do.”
I couldn’t agree more. The technical aspects of option 1 are usually overlooked, especially when it comes to power usage. I have some experience with audio fingerprinting with smartphones (kind of like Shazam but for TV/Radio commercials). Even turning on the mic for one second every 10 will absolutely obliterate your battery. This is not just in terms of daily consumption, expect the overall battery life to be severely reduced. Back in the days you would have to swap your battery for a new one every other month.
That is to say: people will notice if any app is sampling the microphone constantly.
Back in the day where I had a Google account and an Android phone (circa 2018), I did the experience of downloading all the data that Google had about me in their cloud. Inside, I found many audio records that appeared to be random part of every day.
I could hear myself playing with my children far from the phone. I had glimpse at several conversations with my wife.
Those were actual audio files stored on Google cloud. I had no knowledge of it. I had never asked anything to be recorded. In fact, I even had “Ok Google” disabled (because of false positives). Yet, those audio files were there and there was nothing preventing Google to analyse them.
In fact, for some snippets, I even suspected that my phone was in airplane mode while it was recorded (my phone is, by default, in airplane mode at home). So those were probably recorded and then sent afterward.
It was six years ago. At the time, I, like you, considered that phones could not listen all the time but I had to surrender to evidence : Android phones do listen all the time and send random audio excerpts of your life on Google servers. That’s a hard, indisputable fact.
How does “OK, Google” or “Hey Siri” work?
One thing is listening thru mic and another is sending it out from the device. I think simpe voice pattern matching with predefined and tailored set of keywords downloaded regularly to the device can be kept low enough to not make a notice of the additional power consumption.
supposedly, with almost no way to verify, and big co’s have used device exploits in the past for gain so I still default to zero trust with all devices, apple included.
If you want to make a ton of money effectively targeting ads at people, I think you want to know their age, gender, location and general demographics.
Snippets of conversations they had are so much less useful than that. What if they were sat in a coffee shop next to some loud talkers? What if they left the phone near the radio?
I’ll believe audio snippets from phones are valuable when they become a serious part of the conversation around selling ads (and I don’t mean the Cox team who briefly promoted this last year and then dropped all references to it).
I don’t believe Facebook is hacking anything, but in terms of using audio for targeting it’s quite doable.
Smart TVs already have ability to identify what you watch and listen to, and they’re not hiding it.
ML around sound recognition has gotten really good recently. Detecting radio or non-conversational speech is perfectly doable. It’s also possible to estimate age and gender of speakers.
Even without phone location access FB knows where its long-term users live from IPs & usage patterns + GPS clusters of photos.
Note that the data doesn’t have to be perfect, nor explicit. It’s just more features to throw into the big machine learning pile.
Smart TVs already have ability to identify what you watch and listen to, and they’re not hiding it.
I think that’s a case in point: we all know smart TVs tell the mothership what TV shows you are watching. It’s not a conspiracy theory. It’s well known. (Incidentally, now that you can’t rely on public TV ratings anymore, this data is very valuable to the streamers to know which of their competitors shows are most popular.)
How would turning on microphones be secretly burning zero days and not telling anyone and yet still raking in sufficient money to make up for it? It doesn’t make sense. If they were doing it, it wouldn’t be a secret.
Yeah. If I were in charge of avoiding mic use detection, I’d use beacons/geofencing to only listen in commercial zones, to increase the likelihood of picking up something useful. Avoid the radio draining the battery by saving to upload only when wifi is available. And minimize/skip actual processing of audio on the phone, let remote servers handle that.
I am also suspicious of these claims for the same reasons as you. However, reading through the linked slides, the time when the microphone would need to be active seems pretty narrow. They claim to only do so after you’ve paid a daily rate for a specific area and once they know the ad metadata that is best associated with your product. They could pretty easily use other data sources to eliminate most potential targets in the area and be sure to only listen to each phone once for multi-day engagements. So this would look like one of those times where you thought you had half a battery but a few hours later you’re at 10% and you can’t quite remember if you did actually have half a charge.
The other reason I’m very suspicious of these claims is that voice data just doesn’t seem that helpful. I don’t talk to anyone about most of the things I buy. The shopping conversations I have with my wife are “did the toilet paper ship yet?” (well after a purchase) and “should I grocery shop on Saturday or Sunday?” (with no content about products). Intersect that with the probability of you listening when I happen to be talking about it and we must be near $0 expected value.
For some people it’s more comforting to believe that malevolent global powers are spying on you than to accept that you’re not that unique, and that using a few fairly public signals you can be characterized and have ads targeted at you fairly accurately.
Anecdotally, I spoke on the phone with my dad about an upcoming visit to a family member several states away in GA, and later that day told my wife in person that I needed to make a dentist appointment soon. Later that day I got a YouTube ad for dentists in the town I was going to visit in GA.
This isn’t proof of anything, but it’s a hell of a lot more than “you’re just not that unique, get over yourself”
Oh interesting! There’s actually a setting on https://myactivity.google.com/activitycontrols?utm_source=my-activity for “Include voice and audio activity” which defaults to off - but the information panel about it explains that if you turn this on they use your “Hey Google…” audio snippets like this:
Google uses audio saved by this setting to develop and improve its audio recognition technologies and the Google services that use them, like Google Assistant.
You get a lot of ads for things other than dentists, and you probably don’t notice dentist ads when you’re not thinking about needing to make an appointment. As for the geographic specificity, I’d blame a web search or map lookup or a data broker buying your travel plans from an airline company or something.
I’ve worked on the audio stack for mobile devices and you really couldn’t justify the power consumption for always on recording, let alone voice recognition and uploading it to the cloud.
I’m not saying something didn’t listen to you and make targeted ads for you, but it seems odd to assume it was your cell phone.
Cell phones are battery powered and resource constrained. Much easier to use things that are always plugged in that are around you, or have someone in the middle of the communication path listen in. Where they are not as resource constrained.
It would be very interesting if you spent the time trying to figure out what if any device it might in fact be, and get network traces to prove it.
I’ve never had anything like this happen to me, but it’s also possible that it never will since I have little tech near me that could listen in and block almost all ads from reaching me anyway.
I don’t have any smart devices or assistants, so it would have been either my phone or my laptop ¯_(ツ)_/¯
I spent a good bit of time rapping my brain on what else could have brought that up but I hadn’t done any googling (already had a dentist) or maps searches (I’d been to that family members house before)
It would be really interesting to get some network traces though, I’ve considered setting something up to block ad trackers in genera
If you can come up with a reasonable explanation for why I get ads 5 minutes after talking about something that I am positive is:
Not something I’ve ever searched for directly
Not something I can even use
Not in anyway related to other interests
I’ll listen. I just spoke of a product. Going to browse the web a bit and see if I get related ads.
(Edit: To be clear, I don’t believe the mic idea. I do think that human behavior is easy to manipulate, and engineer. But have, on numerous times, wondered what the odd set of steps were that lead to being served an ad for Rice-a-Roni — the product I spoke 30 minutes ago, and am now seeing ads for. Something caused me to believe I have no connection to that item—it’s not in the stores I shop at. Not something I can even eat.—yet, here I am being targeted for it. The explanation of “conspiracy” is just obvious, right?)
Try this exercise: make a note of every time you say anything out loud within range of a microphone. Then note how often you see an ad related to the thing you said within the next five minutes. The goal here is to count how often you DON’T see an ad relating to a snippet of audio.
This exercise is deliberately absurd, because nobody would ever make notes that detailed about what they were saying… but if you did, I bet the number of times a relevant ad came up would be a fraction of a fraction of a percent.
And that’s what’s happening. We don’t notice all of the times that we say something and our devices DON’T then show us an advert - but when it does happen (purely out of coincidence, combined with our broad demographics: I see ads that a 40-something Californian male might be interested in) we instantly associate it with our recent conversations.
Are you sure it’s not more simply explained by selective memory? I frequently catch myself looking at a TV at the gym and seeing an advertisement for something that seems targeted to me, only to realize it’s impossible. I don’t tend to remember the other ads.
I think your comment is a useful corrective, but I’ve only been hearing people I know talk about hyperspecific targeted advertising that can be connected to your speech for a few years. So it wouldn’t be that the industry was doing it for decades, but that they were doing it for a few years.
…I had one of those terrible moments where I started to say “yeah, just a few years ago”, but though my felt sense of time is wrong that 2017 is just a few years ago, it’s also not decades, meaning we were both off by a bit.
And to your point, keeping it a secret for 7 years is more work than for 3.
it’s not conspiracy when it’s true. If the code is closed source and the employees sign NDAs how are people supposed to get evidence? It’s not even that crazy to think that without evidence. It happened hundreds of times to me and people I know that after mentioning something in a conversation a related ad pops up on fb. Now I might not know the technical details, but it’s definitely not a coincidence if it happens every single time to everybody.
It doesn’t happen “every single time to everybody”.
If this has been going on for the past 5-10 years enough people know about it that somebody would have leaked - NDAs are one of the reasons journalists sometimes grant anonymity to their sources.
(Conspiracy theories can be true - but this one definitely isn’t.)
I don’t know why you insist on the conspiracy theory angle. It’s e.g. no state secret that google collects data of your every movement through google maps and google play services. The average person doesn’t care as long as they can get an uber. Same thing with FB, the average person won’t care that their audio data is collected without their consent as long as they can use facebook. People are far less concerned about data when they are asked to change their habits. FB doesn’t need to hide things, but what happens to fb if this comes out with evidence? Nothing. Because at best people don’t care. And those who care are not on facebook. So what’s the great conspiracy here? Data collection is old news
I spent some time yesterday digging through the Facebook and Google tools that allow you to view and export the data that they are using for targeting ads to you.
They are actually extremely transparent: You can see exactly what kind of location data they are keeping, plus lists of companies that they have identified you as interacting with.
There is no hint of the kind of audio data what we are discussing here. The closest is Google’s defaulted to off preference that allows them to use your “hey google” audio snippets for further improvements to that model.
Why would they be transparent about all of their other creepy location data, but entirely omit the audio stuff?
I think because they are not storing audio content in the first place.
More likely, who cares? We’re focused on finding which is more profitable, and it turns out misinformation is wildly more profitable than providing a useful and reliable service. Lying to people and making society dysfunctional is a small price to pay ;)
I care. This is such a damaging conspiracy theory.
It’s causing some people to stop trusting their most important piece of personal technology: their phone.
We risk people ignoring REAL aprovecha threats because they’ve already decided to tolerate made up ones.
If people believe this and see society doing nightingale about it, that’s horrible. That leads to a cynical “nothing can be fixed, I guess we will just let bad people get away with it” attitude. People need to believe that humanity can prevent this kind of abuse from happening.
People need to believe that humanity can prevent this kind of abuse from happening.
People shouldn’t believe things the evidence keeps pointing away from. Are you aware of any instances of someone not getting away with this kind of thing in the last decade or two?
I’d say the real damage is 4. it further estranges folks from an understanding of their property, making it harder for them to control. On (1), phones shouldn’t be trusted by default, not as long as their manufacturers and carriers insist on being so undeserving of trust.
But you’ve talked to Facebook users, right? On (2), a close friend replied to learning that Facebook materially contributes to three genocides by explaining that they only use it to stay in touch with friends and family, and also Marketplace. On (3), they see anybody with phone discipline as engaging in some sort of illusory moral elitism rather than genuinely caring about health and safety. Facebook is a real threat and people invite it in anyway.
I also care and I think the right view here is that this is happening.
If there is a chance that ad-partners are injecting this kind of functionality into Facebook then Facebook needs to fix that. If there is a chance that people are giving shady apps too much access to their microphone then Apple and Google need to fix that.
It doesn’t really matter to me at what scale it’s happening, it should be next to impossible. I’m sure there will always be people with sufficiently low moral standards to do it if they can figure out how.
Strong agree here. I got a major sense of deja vu from this story - pretty sure some other random marketing company made the same claim a few years ago and it was swiftly debunked?
As pointed out in the comments, there are too many flaws in my methodology to draw any conclusions (for instance I am live streaming directly to YouTube which of course necessitates recording my microphone the whole time).
Well, someone should repeat the experiment without livestreaming then. What we’re doing instead is deliberating whether it’s a conspiracy theory or not while the truth is within reach of a scientific experiment.
The fact that nobody has successfully produced an experiment showing that this is happening is one of the main reasons I don’t believe it to be happening.
It’s like James Randi’s One Million Dollar Paranormal Challenge - the very fact that nobody has been able to demonstrate it is enough for me not to believe in it.
Yeah my bullshit detector has gone off on this every time it’s been “proven”. I understand that ad targeting is really good, but it just doesn’t pass the smell test to think that a weirdo marketing agency has figured out a way around Apple’s permission structure and not, say, the NSA
So, it’s actually been true all these years. They’re listening. At first I thought it was just another conspiracy theory, but then ad targeting became too precise for me to notice. One of the reasons why I disallow microphone access to most social media/messaging apps on my iPhone. One thing I like about iOS, for all its faults, is how easy it is to manage access to various parts of the hardware in a somewhat user friendly way. In retrospect, it was a good decision, obviously.
One thing that’s probably confusing is the distinction between “Facebook is listening to you”, which is probably technically false[0], and “some apps on your phone are listening to you and that data is shaping the ads you see on Facebook”.
Most people don’t care about the distinction, but it is an important one, both legally and in terms of the consequences. Because Facebook is centralized and a household name with a reputation, it is probably harder to stop a wide array of marketers/thread-actors from listening to you than it is to stop Facebook. But if that data ends up shaping ads on Facebook, the felt effect is very similar, and Facebook just has to act “shocked, shocked!” when one of their partners gets caught.
[0] Basically, I think Facebook would love to do that, but would probably understand that’s a bridge too far and not worth the risk. I would be relatively surprised to find out I was wrong, though not completely shocked.
Yes, I can agree with almost everything you said, except for the fact that FB wouldn’t go too far to listen to us directly. They have a long history of doing all kinds of privacy violating shenanigans with the culmination of Cambridge Analytica and the like, so it wouldn’t actually surprise me if they start listening directly at one point.
After all, with all the modern mobile CPUs with all kinds of hardware acceleration, it’s trivially do to all kinds of audio/video transcoding/encoding/decoding without being too taxing on the battery and CPU time (at least on iPhones) which is one of the nasty side effects of huge advances in mobile CPU design in recent years. I hope I don’t get too paranoid about all of this.
I think listening to private conversations feels even creepier than what happened with Cambridge Analytica
I think Cambridge Analytica was near a low point of Facebook’s PR, and they are now investing more effort in avoiding this kind of scandal, albeit without changing any fundamental values.
That said, neither of these is a air-tight argument and I don’t think it’s impossible Facebook is listening in, I just think it’s unlikely.
I agree on both points, and it’s true they’re much more cautious nowadays because of all the PR stunts they had to pull off, but I still think they’re open and actively investigating on ways to listen to us directly. I guess that’s one of the primary reasons they disguised their listening operations through all kinds of “strategic ad partners” and such.
I’m concerned more about profile building than targeted advertising. Doctor’s cellphone placed on the table between the doc and a patient is a goldmine for insurance companies and alike entities. Patient visits with their names in a synced calendar or patients-related schedule residing on the same device in other form could make it trivial to pair sensitive conversations to multiple names via a single bugging device (doc’s smartphone).
This is not about ads but bad actors’ access to all kinds of sensitive information with zero hacking but just laughably effortless social engineering of getting users to accept app’s privacy policy.
That’s a better story than the 404media one in my opinion. This denial from Cox rings true to me:
CMG businesses do not listen to any conversations or have access to anything beyond a third-party aggregated, anonymized and fully encrypted data set that can be used for ad placement. We regret any confusion and we are committed to ensuring our marketing is clear and transparent.
Supports my hunch that their ad sales team got caught lying to potential customers.
That makes a lot of sense, and I do hope that someone in Congress will give the CEO a nice opportunity to testify to that fact during hearings on any upcoming privacy legislation.
Several on the orange site suggested that this is “actually” (not that it makes it that much better) listening to audio between you and your smart device during voice commands or surrounding seconds such as with voice commands with a smart TV, not just random audio throughout the day between two humans.
How many times in the last few years did you have a conversation and then NOT spot ads relating to that conversation?
Most of the time. But assuming the tech is real, they wouldn’t want to overuse it, so that makes sense. Overuse runs the risk of detection, and could spur users to aggressively disable their microphone permissions. Similar to how the Allies in WW2 had to be picky about what German intel they could act on, lest they give away what they knew. If they just do it occasionally, there’s sufficient doubt.
Personally, I’ve had some relevant ads appear after conversations on super-obscure topics that I only discussed once with my coworkers, and never searched for online. It felt too implausible to be a coincidence the human mind latched onto, like successfully guessing a specific UUID.
I can’t prove anything, but I don’t think Facebook deserves the benefit of the doubt here.
I agree, but white-collar crime is rarely prosecuted, so jail is not much of a credible deterrent.
E.g., look at a similar case: Facebook during the Cambridge Analytica scandal. What were the consequences? Well, Facebook apologized a lot. Zuck went before Congress. And CA itself went bankrupt.
Facebook paid the SEC only $100 million, which is 0.02% of its then-market cap of $500 billion. A couple of years ago, they settled a class action lawsuit over CA for $725 million, which brings the percentage up to 0.1% of their market cap. Their stock prices dropped 24% at the time, but then recovered two months later.
I can’t prove anything, but I don’t think Facebook deserves the benefit of the doubt here.
Benefit of the doubt would be assuming they were sophisticated enough to build out a working system capable of listening like this and effectively using it to target ads without being caught. That seems far-fetched; it’s much more likely that they built some half-assed prototype, threw an LLM at it, and brag to their customers how advanced their “AI-driven technology” is. We’ve seen over and over that studies show that even “regular” targeted advertising is not remotely as effective as advertisers play it up as.
I have no doubt they would do this if they were actually capable of it.
I have no doubt they would do this if they were actually capable of it.
Facebook has the engineers, the time, and the amorality to figure out how to make this work, even if it’s not subverting the iOS microphone. This honestly doesn’t seem like a stretch to me.
We’ve seen over and over that studies show that even “regular” targeted advertising is not remotely as effective as advertisers play it up as.
Maybe… but then that’s an incentive to get as much info as possible. It doesn’t eliminate the motivation, it enhances it.
Facebook has the engineers, the time, and the amorality to figure out how to make this work
The article is reporting on claims made by Cox Media Group. There have been no claims reported that Facebook has built this. Facebook is one of their alleged clients.
OK, but I thought we were talking about Facebook because of what I said above:
Personally, I’ve had some relevant ads appear after conversations on super-obscure topics that I only discussed once with my coworkers, and never searched for online. It felt too implausible to be a coincidence the human mind latched onto, like successfully guessing a specific UUID.
I can’t prove anything, but I don’t think Facebook deserves the benefit of the doubt here.
Fwiw, I think it less likely that CMG has pulled this off, but I wouldn’t be surprised if a company with the resources of Facebook had.
I’m far more willing to believe “mall/store has microphones installed everywhere and sells audio to data brokers” over “an ad agency managed to circumvent/get a backdoor in the iOS and Android permission systems”
FWIW I’ve been getting those wide shoe ads a lot recently too, and I never talked to anyone about shoes (or anything else to suggest that I’m shoe shopping, because I’m not).
Any chance your wife searched for [wide converge shoes] at some point to see if that’s a thing, and because you’re both under the same IP address it got linked back to you?
Personally, I wore Chucks for decades, and have never seen a wide version, so I wouldn’t bother to search for it, since I figure I already know the answer.
Let’s assume this is happening. What could the source be?
In most of the world, recording your audio and sending to a server would be considered “wiretapping” and be very illegal. However, doing speech-to-text on device and looking for keywords would probably be legal. Let’s assume it’s a legit company the people involved don’t want to go to jail.
Most phones can’t do speech-to-text onboard without you noticing (they’d lose battery and get hot). Maybe the very latest iPhones have enough spare cycles, but most phones don’t.
Apple or Google would get mad if their app stores were being used to distribute this kind of spyware. So probably no major apps.
Then we’re looking for devices with a large power budget, that aren’t under a lot of scrutiny. Amazon Echo is obvious since it’s got a great high-quality microphone, but Amazon has put a ton of marketing money into convincing people that Echo isn’t listening to your voice all the time, and they don’t want to blow it.
So we’re looking at other devices that are plugged in to the wall, and have a microphone. Cable set-top boxes stand out because they draw a lot of power, and have an independent network connection separate from your home Internet connection so you can’t see what they’re doing. They do have a microphone for voice commands now.
Smart TVs also stand out. No independent network connection, but they often have a microphone and a powerful CPU. Or other TV gadgets like Roku. These are often greatly subsidized by advertisers already.
Home security cameras might be another source, but they normally aren’t in living spaces.
Game consoles are another possibility, although maybe even less likely because the mic is typically in the controller (and would lose charge quickly).
Just some thoughts. If I were trying to track this down, I might start reverse engineering TV-related stuff.
I am firmly convinced that the story here is CMG media lying to their potential clients (in a high touch sales process), not that CMG media blew the lid on a multi-year conspiracy.
This really matters to me. If companies are genuinely doing this it shouldn’t be a “who knows?” situation, it should be a national/international scandal with legislative consequences.
Yeah the more I read about it, the more I’m not so convinced by it being actually true.
But it’s definitely good to keep an eye on this. We’ve had the Samsung patent about saying the brand name loud in front of the TV to pass the app break.
Yeah, Samsung are so bad around this stuff. That’s part of the problem: it’s hard to argue companies aren’t doing creepy unscrupulous things when there are so many companies out there blatantly doing creepy unscrupulous things.
This is why I care so much about accuracy: we need to know exactly who is doing what in order to effectively campaign for them to stop.
It doesn’t pass the “my smartphone isn’t constantly 50C and the battery hasn’t died in an hour” smell test. Checking some text is absolutely trivial in comparison.
It’s unlikely the can access the mic through the FB app itself. Maybe there were some weird workarounds, but I’d be surprised if you could upload any custom code to FB - it’s too tightly controlled.
It was a conspiracy theory that everyday conversations are converted to personalized advertising until now. It was unthinkable that Mark Zuckerberg would sell your data until the Facebook–Cambridge Analytica data scandal even though he made his approach to personal data quite clear much earlier (‘People just submitted it. I don’t know why. They “trust me”. Dumb fucks’). It was unthinkable that good guys sporting a slogan saying “Don’t be evil” will become the evil.
One may be looking at this from everyday-developer’s diluted perspective of restricted ABI/API access, which may (my assumption) be less limited for certain so-called “partners” (other big tech, advertisers, insurance, other entities interested in purchasing personal data).
A this point, there are no conspiracy theories around personal data farming. For me it’s a pure distrust towards entities which lose one privacy-related lawsuit after another, and appear to have the personal data abuse lawsuits costs simply written into annual budgets as the “cost of doing business”.
Facebook exploited bugs in Android to read all of your text messages (without permission) and do targeted advertising based on that. They also did an MITM attack using a VPN product that they bought to read all your Snapchat messages (although that likely affected only a small number of people). I’d believe they’d do almost anything to get your private data. Fortunately they’re under a lot of scrutiny now so it’s harder for them.
Also, how would this work? Your microphone is always on? I guess that’s sort of true now, with “OK Google” or Siri, but I wouldn’t imagine that arbitrary apps can just access that. Can they? I have to approve mic access every time and the most permissive option is “always allow when this app is open” or something like that. I just don’t see it.
Also, executes/ sales people often say what amounts to bullshit.
I mean my guess is that there’s something to this but that it’s being wildly misreported and misunderstood somewhere.
On iOS, third party apps have zero access to the mic unless they request that privilege in their metadata, in which case the OS asks the user to grant permission the first time the app opens an audio input stream. There’s also an orange dot in the status bar while an app is using the mic.
Interaction with Siri is mediated by OS services; all the app gets is a high level IPC message with a parsed request. The initial “hey Siri” phrase is detected by a special low-power CPU that is hardwired to recognize only that phrase.
(The above is also true of sandboxed macOS apps; it might even be true for all apps nowadays, not sure.)
I think the article itself when taken literally is actually pretty clear that they are reporting on the advertiser’s own claims of how their systems work. There is nothing in the article to indicate that the claims are true. Your default position should be that if an advertiser makes a claim, it’s probably false.
The problem is that nuance is lost upon readers, and many commenters assume that they are reporting about something true instead of an unsubstantiated claim. The authors of the article should have anticipated this; it’s irresponsible reporting to omit a note that so far they have zero evidence.
it’s also impossible to bypass OS controls for mic access with any modern mobile OS these days….
unless we’re talking about ad networks using zero-day OS exploits without any detection whatsoever (preeeetty unlikely if you ask me).
Humans are good pattern matchers. I’m not surprised at all this turned out to be “factually true”. I wonder what else many people “feel is true” and is actually true.
Well, humans have plenty of biases and logical fallacies we fall for all the time. While some of them might have had evolutionary advantages, we are just good at finding patterns that match some filtered set of the data. We are not particularly good at finding the right pattern.
I’ve seen a lot of “you’re not that unique” rebuttals and then the usual counter rebuttals. I’m mostly in the unique camp, with one addition: these companies have thousands upon thousands of petabytes of data on consumers. How likely is it that they are gaining anything more valuable than that by actively listening to your microphone? Like, I can predict stuff fairly well with a few megabytes and a half-baked understanding of statistics. These companies have incomprehensible orders of magnitudes more data and better analytics.
I just do not believe potential value of the audio outweighs the cost of the shitstorm that would erupt if the active listening were to be true. They already have more than enough to profile you as-is. I mean, hell, they track enough other people they don’t even really need to track you and can still probably target you with ads well enough to make money.
See my comment elsewhere, but as a point of comparison, Facebook suffered no lasting consequences for the Cambridge Analytica scandal. Their stock price dropped temporarily for two months, and the total of the lawsuits and fees amounted to less than 0.1% of their market cap.
They probably figure they can weather most shitstorms.
What’s stopping you from installing apps? Is it concerns about them listening through your microphone, or tracking your location via GPS, or tracking IP address activity or something else?
For me, it is a bit of all of the above, but the main thing I hate is notifications. It is something I actually would like to enable - they can be useful when done well - but in practice you get so much spurious nonsense, like it pops up three weeks later “You haven’t logged in for a while”. Gee, thanks. Or “Your best friend is on Facebook!” ok, is she sending me a message right now? Nope, it just randomly decided it wanted my attention. (That one was actually an email, since I don’t use the main facebook phone app, but their emails usually mirror other notifications. And it was an annoying email too.)
Last week, I had to take a flight and briefly considered using the airline app since my mother’s printer was refusing to work (insisting it couldn’t print black and white because it was out of color ink… but it said it had plenty of black ink… evil). But… if I put on the airline app for this one thing, is it going to send me marketing notifications? Forget it, I’ll use the printer at the airport.
And just now, I tried something. Wanted to send somebody an instagram picture and did it on the phone… well, tried to anyway. Opened up the app and hit the camera. It asks for permission to use the microphone. Perpetual microphone permission… to send a photograph. I said no. It refused to proceed. This is probably just lazy programming, but like, come on.
In a web browser, you can take an individual picture and submit it to the program as a file, without giving it any permission beyond that one file. With email, I can do all kinds of filtering on my end to not ding me when useless spam comes in, while still beeping at me when something actually important arrives. There’s not this level of granular user control in phone apps.
Which is more likely?
My money continues to be on number 2.
Here’s the PDF pitch deck. My “this is a scam” sense is vibrating like crazy reading it: https://www.documentcloud.org/documents/25051283-cmg-pitch-deck-on-voice-data-advertising-active-listening
It’s a false dichotomy. This conspiracy can be real without all the others. It’s not all or nothing.
Cox? They’re a little more than that. These are the folks trying to sell me a Contour Voice Remote [1]. It’s not hard to imagine what they’re doing with the data.
[1] https://www.cox.com/residential/tv/learn/remote.html
I think you’re hitting the nail on the head here. I think the slides are getting crafty with language.
They flex the reader into an ingroup mentality with “our” to think they are talking about the devices we all have in our pockets. I think the reason their active listening occurs only once they’ve targeted a very specific geographic area is because it is their devices they are listening to in that area. I suspect they partner with stores, malls, car services, etc to host always-recording microphones attached to reliable power sources, with decent acoustics (i.e. not in someone’s pocket). Then they use BTLE signals, etc that stores already use for tracking consumers around stores to know which consumers are near the microphones and thus might be the ones talking about products they are about to buy. In other words, I think this is targeting people who are in Target (for example) and wondering if Amazon has a better price for the lotion they are standing in front of.
While less paranoia-inducing, this would also be a sleazy thing to do.
I think one team at Cox were lying to gullible ad customers, and they actually do nothing of the sort.
Alexa devices scan local networks to gather intelligence for targeted advertising. A printer exposing ink levels over SNMP results in relevant ads.
I’m honestly curious why you’d have such generous confidence in repeated convicts, multiple times fined by court for mistreating user data.
Because scanning local networks to gather intelligence for targeted advertising and exposing ink levels over SNMP are not the same thing as turning on a microphone and listening to what people are saying. Completely different levels of scandal.
“I can sense stuff you don’t expect and assume that implies consent to do so” is one level of scandal.
Can you source that SNMP bit? Sounds interesting. I can’t find a credible source. It feels important to provide sources for such an allegation.
Seriously, I’ve now actually looked around and I’m finding nothing. I’m going to go ahead and say “that’s not true” on that one. Perhaps a flag for “needs source” would be nice lol
While I’d love to be able to provide my own data for the above statement, I own no Amazon devices apart from Kindle Paperwhite 1. I have never confirmed this on my own (which I should have pointed out for clarity!) but here’s an old-ish reddit post about this: https://old.reddit.com/r/amazonecho/comments/ip5i1c/alexa_now_monitoring_working_with_my_ancient/
So a reddit post? Where someone connected a device to their network and it explicitly integrated with other devices on the network, because it is a home management device for managing devices on a network?
I’m dismissing this entire thing. I mean, I could easily justify this behavior, but I’m not going to even think about it when the evidence is a confused, non technical redditor.
I may have misremembered the source but I definitely read about it on some website, not reddit directly (even old.reddit.com doesn’t work for me anymore).
I have never owned an Alexa device, but I believe that this “integrating with other devices on the network” thing you mentioned, would make me ditch the device the moment I’d notice that it gathers intelligence to push me to towards making more purchases via Amazon.
But what’s the alleged “conspiracy”? I don’t think it takes a conspiracy to make this true
If people are saying that Facebook has a secret API in iOS and Android so they can listen to you when their app isn’t running and permissions are off, then I’d say “no that conspiracy requires too many parties to coordinate without it leaking”
If people are saying that apps that have permission overcollect data, including audio data, and that this information eventually makes it back to Facebook for ad targeting, then I’d say “that probably happens”
Why wouldn’t it happen?
The whole reason sites like Reddit have purposely let their website rot and push the app so hard is because a web browser is sandboxed in a way that a phone is not
I’m pretty sure the device ID is a huge thing for advertisers – if they didn’t have the device ID, they couldn’t join global profiles together, even when you are logged out
https://www.appsflyer.com/glossary/device-id/
https://stackoverflow.com/questions/2785485/is-there-a-unique-android-device-id
The way I think it works is that every there are a bazillion data streams of different apps, but you are not logged in on all the apps.
You might look like 20 or 30 different users to the advertisers
Now the trick is to find a fuzzy join key that can join most of your profiles together, because it’s shown to improve ad conversion rates
I think basically what happened over the last 10 years is that the joining got better. That’s why people noticed more things “following them around”
Hell I just got printed spam via snail mail from some company ZocDoc (who I have no relationship and never gave my mailing address or e-mail to), recommending a Dentist that lives with 3 blocks of me, because I’ve been using the web to search for dentists, and I guess all my profile data / location is leaking
There is so much damn data out there that this is sort of inevitable
Every damn company is pushing you to install their app, because when you do, it unlocks all the data from the other apps you use. They are pooling their data together, to “improve business for all”
I guess Apple noticed all this and locked it down a LITTLE, but not 100%. I’d be interested in details/corrections from people who know more
https://www.vox.com/recode/23045136/apple-app-tracking-transparency-privacy-ads
https://developer.apple.com/documentation/apptrackingtransparency
You may have seen in the news that there is implicit rental price collusion among landlords, via data sharing:
https://www.ftc.gov/business-guidance/blog/2024/03/price-fixing-algorithm-still-price-fixing
So I think that is analogous to what has happened in the ad industry. There is not necessarily an EXPLICIT secret agreement, but there is so much data sharing that it can give the EFFECT of coordinated action
i.e. an implicit “conspiracy” rather than than an explicit one
And no doubt SOME of that data is audio data, collected from phones (where the app has permission).
Also, the book “Chaos Monkeys” has some good detail on how Facebook came to join data in a way that Google doesn’t (or didn’t at the time)
As far as I remember it involved pre-Internet “offline” databases of consumer information
Right: that’s the thing. The rental price collusion among landlords is true. The way advertising companies merge data together from all sorts of different sources is also true. We need to know that those things are true so we can respond to them, because they are real threats to our privacy.
“Facebook apps listen to you through your phone’s microphone and target ads at you” is not true. Believing it’s true is a distraction from the things we should be reacting to.
What if I remove one word:
Apps listen to you through your phone’s microphone and target ads at you
Is that true from the average person’s perspective? I’d argue it is
In a different comment, you said
I’d say their phone is in fact untrustworthy. Why would they trust it? (honest question)
And I personally behave in a way that’s consistent with that – I have never installed a social media app on my phone ever. If I have to use social media, I use the web
I worked at Google for 11 years (not anywhere near ads), and I have only a rough idea how it all works, but I know that there is data sharing and tracking without any real consent
As the salesperson explained, your “consent” is part of the multi-page EULA
It’s also due to purposely grinding down the web experience and nagging you to death (and again I personally don’t consent by not using many apps on phones)
The average person doesn’t know what any of these things are
So again, if someone says, Apps listen to you through your phone’s microphone and target ads at you, then I’m not really going to disagree with them
Just like they can say landlords collude to fix prices – that also appears to be true, and is a new type of crime enabled by technology
On the iPhone there’s an orange circle that displays if an app has access to the microphone.
Yeah, I’ve seen variants of this argument before: phones do creepy things to target ads, but it’s not exactly “listen through your microphone” - but there’s no harm in people believing that if it helps them understand that there’s creepy stuff going on generally.
I don’t buy that. Privacy is important. People who are sufficiently engaged need to be able to understand exactly what’s going on, so they can e.g. campaign for legislators to reign in the most egregious abuses.
I think it’s harmful letting people continue to believe things about privacy that are not true, when we should instead be helping them understand the things that are true.
This discussion thread is full of technically minded, engaged people who still believe an inaccurate version of what their devices are doing. Those are the people that need to have an accurate understanding, because those are the people that can help explain it to others and can hopefully drive meaningful change.
(Rewrote 2 comments because I realized they conflated 2 things, and are too long)
On the question of whether the salesman is lying, we don’t need to invoke any conspiracy or technical inaccuracy. I think the most likely scenario is:
So the salesman is not lying when he says:
Just exaggerating. From experience, these companies don’t have the kind of engineering that FB/Google do.
(e.g. Google engineers bypassed Safari protections to collect more data (and paid a settlement); I don’t think most companies do that.)
Now, this single Cox Media Group incident does NOT necessarily justify widespread consumer perception that their phones are untrustworthy, or that they are being constantly spied on via audio.
But I would ask if you can rule that out.
You can consider the CMG app an instance of “grayware”. Surely it’s not the only one that exists. The incentive is there for thousands of such apps to exist.
It’s a question of degree, not “if it happens”. Trust is also not binary, and some users have experiences that rationally lead them to trust less than others.
This pitch deck does not read to me like the deck of a company that has actually shipped their own app that tracks audio and uses it for even the most basic version of ad targeting: https://www.documentcloud.org/documents/25051283-cmg-pitch-deck-on-voice-data-advertising-active-listening
They give the game away on the last two slides:
That’s not describing anything ground-breaking or different. That’s how every targeting ad platform works: you upload a bunch of “past consumer data”, identify top keywords and setup a tracking pixel.
I think active listening is the term that the team came up with for “something that sounds fancy but really just means the way ad targeting platforms work already”. And then they got over-excited about the new metaphor and added that first couple of slides that talk about “voice data”, without really understanding how the tech works or what kind of a shitstorm that could kick off when people who DID understand technology started paying attention to their marketing.
To be fair, I mostly agree with you but this is a tricky topic. There are like multiple ‘conspiracies’ & multiple claims..
I do not believe my personal iPhone has recorded any audio that’s made it “downstream” to the ad/behavior/intent market. That is seemingly not how the sausage gets made.
However, there are lots of audio sources that I believe feed the downstream: voice control remotes, video doorbells, anything I say in a supermarket. I do not think there’s much conspiracy in saying all that audio is fair game. If all that audio is on the table, so to speak, it’s going in the sausage; they’re not leaving it on the floor.
Other sources, I’m not sure. Hey Alexa, I’m not sure (I don’t own that stuff). Voicemail speech-to-text, I’m not sure. Baby monitors, I’m not sure.
So there’s the too-far-too-specific claims like your-iPhone-is-listening-always that they can confidently deny. (without mentioning they don’t even need that, as much as they’d like it) Is it bad journalism to jump to the (likely false) conclusion? Sure. I don’t know why they do that. It muddies the topic, and gives them an out. That is not a hill I wanna argue on.
But to claim the slides are faked ?? That’s wild, to me. There’s clearly legitimate sources for this audio, and business interest, and technical capability. The sausage does get made, it would seem. (the question is: out of what?) The slides do not say that your-iPhone-is-listening-always so it’s like there are 2 conversations going on. A tricky topic.
There are relevant laws to consider. The US has various federal and state level wiretapping and eavesdropping laws. There are privacy laws like GDPR in the EU and CCPA in California. Illinois even passed its own “Keep Internet Devices Safe” act, albeit with lobbyist alterations that will stir up skeptics even more.
[Comment removed by author]
[Comment removed by author]
Tech companies do a lot of bad things. That’s why I care about us accurately describing the bad things they do, rather than saying “Yeah, Facebook probably advertise to you based on listening to what you say through your microphone, that’s the kind of thing they would do.”
I couldn’t agree more. The technical aspects of option 1 are usually overlooked, especially when it comes to power usage. I have some experience with audio fingerprinting with smartphones (kind of like Shazam but for TV/Radio commercials). Even turning on the mic for one second every 10 will absolutely obliterate your battery. This is not just in terms of daily consumption, expect the overall battery life to be severely reduced. Back in the days you would have to swap your battery for a new one every other month. That is to say: people will notice if any app is sampling the microphone constantly.
Back in the day where I had a Google account and an Android phone (circa 2018), I did the experience of downloading all the data that Google had about me in their cloud. Inside, I found many audio records that appeared to be random part of every day.
I could hear myself playing with my children far from the phone. I had glimpse at several conversations with my wife.
Those were actual audio files stored on Google cloud. I had no knowledge of it. I had never asked anything to be recorded. In fact, I even had “Ok Google” disabled (because of false positives). Yet, those audio files were there and there was nothing preventing Google to analyse them.
In fact, for some snippets, I even suspected that my phone was in airplane mode while it was recorded (my phone is, by default, in airplane mode at home). So those were probably recorded and then sent afterward.
It was six years ago. At the time, I, like you, considered that phones could not listen all the time but I had to surrender to evidence : Android phones do listen all the time and send random audio excerpts of your life on Google servers. That’s a hard, indisputable fact.
How does “OK, Google” or “Hey Siri” work?
One thing is listening thru mic and another is sending it out from the device. I think simpe voice pattern matching with predefined and tailored set of keywords downloaded regularly to the device can be kept low enough to not make a notice of the additional power consumption.
There’s a dedicated low power chip for those “wake words”, at least on iPhones.
Only Apple can update the firmware for that.
supposedly, with almost no way to verify, and big co’s have used device exploits in the past for gain so I still default to zero trust with all devices, apple included.
Why burn a zero day on this?
Because it’s worth hundreds of millions in recurring monthly income?
I just don’t think it is.
If you want to make a ton of money effectively targeting ads at people, I think you want to know their age, gender, location and general demographics.
Snippets of conversations they had are so much less useful than that. What if they were sat in a coffee shop next to some loud talkers? What if they left the phone near the radio?
I’ll believe audio snippets from phones are valuable when they become a serious part of the conversation around selling ads (and I don’t mean the Cox team who briefly promoted this last year and then dropped all references to it).
I don’t believe Facebook is hacking anything, but in terms of using audio for targeting it’s quite doable.
Smart TVs already have ability to identify what you watch and listen to, and they’re not hiding it.
ML around sound recognition has gotten really good recently. Detecting radio or non-conversational speech is perfectly doable. It’s also possible to estimate age and gender of speakers.
Even without phone location access FB knows where its long-term users live from IPs & usage patterns + GPS clusters of photos.
Note that the data doesn’t have to be perfect, nor explicit. It’s just more features to throw into the big machine learning pile.
I think that’s a case in point: we all know smart TVs tell the mothership what TV shows you are watching. It’s not a conspiracy theory. It’s well known. (Incidentally, now that you can’t rely on public TV ratings anymore, this data is very valuable to the streamers to know which of their competitors shows are most popular.)
How would turning on microphones be secretly burning zero days and not telling anyone and yet still raking in sufficient money to make up for it? It doesn’t make sense. If they were doing it, it wouldn’t be a secret.
Yeah. If I were in charge of avoiding mic use detection, I’d use beacons/geofencing to only listen in commercial zones, to increase the likelihood of picking up something useful. Avoid the radio draining the battery by saving to upload only when wifi is available. And minimize/skip actual processing of audio on the phone, let remote servers handle that.
I am also suspicious of these claims for the same reasons as you. However, reading through the linked slides, the time when the microphone would need to be active seems pretty narrow. They claim to only do so after you’ve paid a daily rate for a specific area and once they know the ad metadata that is best associated with your product. They could pretty easily use other data sources to eliminate most potential targets in the area and be sure to only listen to each phone once for multi-day engagements. So this would look like one of those times where you thought you had half a battery but a few hours later you’re at 10% and you can’t quite remember if you did actually have half a charge.
The other reason I’m very suspicious of these claims is that voice data just doesn’t seem that helpful. I don’t talk to anyone about most of the things I buy. The shopping conversations I have with my wife are “did the toilet paper ship yet?” (well after a purchase) and “should I grocery shop on Saturday or Sunday?” (with no content about products). Intersect that with the probability of you listening when I happen to be talking about it and we must be near $0 expected value.
This is a good point, but the techcrunch article mentions smart TVs, which are conveniently plugged into the wall.
For some people it’s more comforting to believe that malevolent global powers are spying on you than to accept that you’re not that unique, and that using a few fairly public signals you can be characterized and have ads targeted at you fairly accurately.
Anecdotally, I spoke on the phone with my dad about an upcoming visit to a family member several states away in GA, and later that day told my wife in person that I needed to make a dentist appointment soon. Later that day I got a YouTube ad for dentists in the town I was going to visit in GA.
This isn’t proof of anything, but it’s a hell of a lot more than “you’re just not that unique, get over yourself”
You can visit https://myadcenter.google.com/u/0/home to see a bunch of information about what Google are using to target ads to you - and https://myactivity.google.com/myactivity for even more detail.
Oh interesting! There’s actually a setting on https://myactivity.google.com/activitycontrols?utm_source=my-activity for “Include voice and audio activity” which defaults to off - but the information panel about it explains that if you turn this on they use your “Hey Google…” audio snippets like this:
This scenario is explainable with phone company voice transcription.
You get a lot of ads for things other than dentists, and you probably don’t notice dentist ads when you’re not thinking about needing to make an appointment. As for the geographic specificity, I’d blame a web search or map lookup or a data broker buying your travel plans from an airline company or something.
I’ve worked on the audio stack for mobile devices and you really couldn’t justify the power consumption for always on recording, let alone voice recognition and uploading it to the cloud.
I’m not saying something didn’t listen to you and make targeted ads for you, but it seems odd to assume it was your cell phone.
Cell phones are battery powered and resource constrained. Much easier to use things that are always plugged in that are around you, or have someone in the middle of the communication path listen in. Where they are not as resource constrained.
It would be very interesting if you spent the time trying to figure out what if any device it might in fact be, and get network traces to prove it.
I’ve never had anything like this happen to me, but it’s also possible that it never will since I have little tech near me that could listen in and block almost all ads from reaching me anyway.
I don’t have any smart devices or assistants, so it would have been either my phone or my laptop ¯_(ツ)_/¯
I spent a good bit of time rapping my brain on what else could have brought that up but I hadn’t done any googling (already had a dentist) or maps searches (I’d been to that family members house before)
It would be really interesting to get some network traces though, I’ve considered setting something up to block ad trackers in genera
If you can come up with a reasonable explanation for why I get ads 5 minutes after talking about something that I am positive is:
I’ll listen. I just spoke of a product. Going to browse the web a bit and see if I get related ads.
(Edit: To be clear, I don’t believe the mic idea. I do think that human behavior is easy to manipulate, and engineer. But have, on numerous times, wondered what the odd set of steps were that lead to being served an ad for Rice-a-Roni — the product I spoke 30 minutes ago, and am now seeing ads for. Something caused me to believe I have no connection to that item—it’s not in the stores I shop at. Not something I can even eat.—yet, here I am being targeted for it. The explanation of “conspiracy” is just obvious, right?)
Coincidence.
Try this exercise: make a note of every time you say anything out loud within range of a microphone. Then note how often you see an ad related to the thing you said within the next five minutes. The goal here is to count how often you DON’T see an ad relating to a snippet of audio.
This exercise is deliberately absurd, because nobody would ever make notes that detailed about what they were saying… but if you did, I bet the number of times a relevant ad came up would be a fraction of a fraction of a percent.
And that’s what’s happening. We don’t notice all of the times that we say something and our devices DON’T then show us an advert - but when it does happen (purely out of coincidence, combined with our broad demographics: I see ads that a 40-something Californian male might be interested in) we instantly associate it with our recent conversations.
Why were you talking about it if you have no connection to it? How did it enter your mind?
Are you sure it’s not more simply explained by selective memory? I frequently catch myself looking at a TV at the gym and seeing an advertisement for something that seems targeted to me, only to realize it’s impossible. I don’t tend to remember the other ads.
I think your comment is a useful corrective, but I’ve only been hearing people I know talk about hyperspecific targeted advertising that can be connected to your speech for a few years. So it wouldn’t be that the industry was doing it for decades, but that they were doing it for a few years.
Here’s a podcast episode about this conspiracy theory from 2017: https://gimletmedia.com/shows/reply-all/z3hlwr
…I had one of those terrible moments where I started to say “yeah, just a few years ago”, but though my felt sense of time is wrong that 2017 is just a few years ago, it’s also not decades, meaning we were both off by a bit.
And to your point, keeping it a secret for 7 years is more work than for 3.
it’s not conspiracy when it’s true. If the code is closed source and the employees sign NDAs how are people supposed to get evidence? It’s not even that crazy to think that without evidence. It happened hundreds of times to me and people I know that after mentioning something in a conversation a related ad pops up on fb. Now I might not know the technical details, but it’s definitely not a coincidence if it happens every single time to everybody.
It doesn’t happen “every single time to everybody”.
If this has been going on for the past 5-10 years enough people know about it that somebody would have leaked - NDAs are one of the reasons journalists sometimes grant anonymity to their sources.
(Conspiracy theories can be true - but this one definitely isn’t.)
How would people even know? Everybody who cares about this is using an ad blocker, right? Right?
I don’t know why you insist on the conspiracy theory angle. It’s e.g. no state secret that google collects data of your every movement through google maps and google play services. The average person doesn’t care as long as they can get an uber. Same thing with FB, the average person won’t care that their audio data is collected without their consent as long as they can use facebook. People are far less concerned about data when they are asked to change their habits. FB doesn’t need to hide things, but what happens to fb if this comes out with evidence? Nothing. Because at best people don’t care. And those who care are not on facebook. So what’s the great conspiracy here? Data collection is old news
I spent some time yesterday digging through the Facebook and Google tools that allow you to view and export the data that they are using for targeting ads to you.
They are actually extremely transparent: You can see exactly what kind of location data they are keeping, plus lists of companies that they have identified you as interacting with.
There is no hint of the kind of audio data what we are discussing here. The closest is Google’s defaulted to off preference that allows them to use your “hey google” audio snippets for further improvements to that model.
Why would they be transparent about all of their other creepy location data, but entirely omit the audio stuff?
I think because they are not storing audio content in the first place.
More likely, who cares? We’re focused on finding which is more profitable, and it turns out misinformation is wildly more profitable than providing a useful and reliable service. Lying to people and making society dysfunctional is a small price to pay ;)
I care. This is such a damaging conspiracy theory.
The evidence seems to suggest we can’t, given humanity can’t even ameliorate its own rapidly approaching downfall.
People shouldn’t believe things the evidence keeps pointing away from. Are you aware of any instances of someone not getting away with this kind of thing in the last decade or two?
I’d say the real damage is 4. it further estranges folks from an understanding of their property, making it harder for them to control. On (1), phones shouldn’t be trusted by default, not as long as their manufacturers and carriers insist on being so undeserving of trust.
But you’ve talked to Facebook users, right? On (2), a close friend replied to learning that Facebook materially contributes to three genocides by explaining that they only use it to stay in touch with friends and family, and also Marketplace. On (3), they see anybody with phone discipline as engaging in some sort of illusory moral elitism rather than genuinely caring about health and safety. Facebook is a real threat and people invite it in anyway.
I also care and I think the right view here is that this is happening.
If there is a chance that ad-partners are injecting this kind of functionality into Facebook then Facebook needs to fix that. If there is a chance that people are giving shady apps too much access to their microphone then Apple and Google need to fix that.
It doesn’t really matter to me at what scale it’s happening, it should be next to impossible. I’m sure there will always be people with sufficiently low moral standards to do it if they can figure out how.
Is there any technical evidence this is happening, or conjecture based on “pattern recognition” (cognitive biases) and these slides?
I was being facetious, sorry if that wasn’t clear. This is dangerous misinformation.
Strong agree here. I got a major sense of deja vu from this story - pretty sure some other random marketing company made the same claim a few years ago and it was swiftly debunked?
I don’t know, this seems like a reasonably conducted experiment:
https://www.youtube.com/live/zBnDWSvaQ1I?si=61BmldbU8OStz9W_
From that video’s own description:
Well, someone should repeat the experiment without livestreaming then. What we’re doing instead is deliberating whether it’s a conspiracy theory or not while the truth is within reach of a scientific experiment.
The fact that nobody has successfully produced an experiment showing that this is happening is one of the main reasons I don’t believe it to be happening.
It’s like James Randi’s One Million Dollar Paranormal Challenge - the very fact that nobody has been able to demonstrate it is enough for me not to believe in it.
Yeah my bullshit detector has gone off on this every time it’s been “proven”. I understand that ad targeting is really good, but it just doesn’t pass the smell test to think that a weirdo marketing agency has figured out a way around Apple’s permission structure and not, say, the NSA
I’m not making a claim either way, but I think your logic is flawed there.
Finding out a “weirdo marketing agency” is doing it doesn’t say anything about if the NSA is doing it.
So, it’s actually been true all these years. They’re listening. At first I thought it was just another conspiracy theory, but then ad targeting became too precise for me to notice. One of the reasons why I disallow microphone access to most social media/messaging apps on my iPhone. One thing I like about iOS, for all its faults, is how easy it is to manage access to various parts of the hardware in a somewhat user friendly way. In retrospect, it was a good decision, obviously.
One thing that’s probably confusing is the distinction between “Facebook is listening to you”, which is probably technically false[0], and “some apps on your phone are listening to you and that data is shaping the ads you see on Facebook”.
Most people don’t care about the distinction, but it is an important one, both legally and in terms of the consequences. Because Facebook is centralized and a household name with a reputation, it is probably harder to stop a wide array of marketers/thread-actors from listening to you than it is to stop Facebook. But if that data ends up shaping ads on Facebook, the felt effect is very similar, and Facebook just has to act “shocked, shocked!” when one of their partners gets caught.
[0] Basically, I think Facebook would love to do that, but would probably understand that’s a bridge too far and not worth the risk. I would be relatively surprised to find out I was wrong, though not completely shocked.
Yes, I can agree with almost everything you said, except for the fact that FB wouldn’t go too far to listen to us directly. They have a long history of doing all kinds of privacy violating shenanigans with the culmination of Cambridge Analytica and the like, so it wouldn’t actually surprise me if they start listening directly at one point.
After all, with all the modern mobile CPUs with all kinds of hardware acceleration, it’s trivially do to all kinds of audio/video transcoding/encoding/decoding without being too taxing on the battery and CPU time (at least on iPhones) which is one of the nasty side effects of huge advances in mobile CPU design in recent years. I hope I don’t get too paranoid about all of this.
I have two reasons:
That said, neither of these is a air-tight argument and I don’t think it’s impossible Facebook is listening in, I just think it’s unlikely.
I agree on both points, and it’s true they’re much more cautious nowadays because of all the PR stunts they had to pull off, but I still think they’re open and actively investigating on ways to listen to us directly. I guess that’s one of the primary reasons they disguised their listening operations through all kinds of “strategic ad partners” and such.
Facebook laid off more than 20k people and nobody leaked this?
Would you like to buy a bridge from me?
I’m concerned more about profile building than targeted advertising. Doctor’s cellphone placed on the table between the doc and a patient is a goldmine for insurance companies and alike entities. Patient visits with their names in a synced calendar or patients-related schedule residing on the same device in other form could make it trivial to pair sensitive conversations to multiple names via a single bugging device (doc’s smartphone).
This is not about ads but bad actors’ access to all kinds of sensitive information with zero hacking but just laughably effortless social engineering of getting users to accept app’s privacy policy.
For another view on this, see Techdirt:
https://www.techdirt.com/2024/08/29/cox-caught-again-bragging-it-spies-on-users-with-embedded-device-microphones-to-sell-ads/
That’s a better story than the 404media one in my opinion. This denial from Cox rings true to me:
Supports my hunch that their ad sales team got caught lying to potential customers.
That makes a lot of sense, and I do hope that someone in Congress will give the CEO a nice opportunity to testify to that fact during hearings on any upcoming privacy legislation.
Should swap this in.
Several on the orange site suggested that this is “actually” (not that it makes it that much better) listening to audio between you and your smart device during voice commands or surrounding seconds such as with voice commands with a smart TV, not just random audio throughout the day between two humans.
Yeah, I believe it. Of course they’re not doing the “listening” themselves, they’re buying the audio from upstream. Which fits their denials.
All bets are off in public, though.
Probably not even that… more likely they’re buying data augmentation services that assign profiles to interests based on the audio.
This article, especially not with the misleading headline being used, does not belong at the top of lobsters, for multiple reasons.
Dupe of https://www.404media.co/heres-the-pitch-deck-for-active-listening-ad-targeting/?
I haven’t seen it posted on lobsters (according to https://lobste.rs/search?q=pitch+deck&what=stories&order=newest), and I can’t find it being removed.
Also, I wanted to post that originally but it is paywalled.
I don’t know if that’s been posted already (I haven’t seen it) but it’s also paywalled.
Yep. Was it posted here?
Funny, I was talking with my wife in the mall last week about Converse shoes, and said I loved them, but they were just a bit too narrow.
For the last week, my Twitter ads are all for explicitly “wide” shoes. Creepy.
How many times in the last few years did you have a conversation and then NOT spot ads relating to that conversation?
This kind of coincidence only has to happen once for people to suspect that their voice is being recorded and used to target ads.
Most of the time. But assuming the tech is real, they wouldn’t want to overuse it, so that makes sense. Overuse runs the risk of detection, and could spur users to aggressively disable their microphone permissions. Similar to how the Allies in WW2 had to be picky about what German intel they could act on, lest they give away what they knew. If they just do it occasionally, there’s sufficient doubt.
Personally, I’ve had some relevant ads appear after conversations on super-obscure topics that I only discussed once with my coworkers, and never searched for online. It felt too implausible to be a coincidence the human mind latched onto, like successfully guessing a specific UUID.
I can’t prove anything, but I don’t think Facebook deserves the benefit of the doubt here.
If this is real, people should go to jail over it.
I agree, but white-collar crime is rarely prosecuted, so jail is not much of a credible deterrent.
E.g., look at a similar case: Facebook during the Cambridge Analytica scandal. What were the consequences? Well, Facebook apologized a lot. Zuck went before Congress. And CA itself went bankrupt.
Facebook paid the SEC only $100 million, which is 0.02% of its then-market cap of $500 billion. A couple of years ago, they settled a class action lawsuit over CA for $725 million, which brings the percentage up to 0.1% of their market cap. Their stock prices dropped 24% at the time, but then recovered two months later.
Nobody went to jail.
Fine: if this is real, companies should be fined $100m by government agencies and their CEOs should be hauled in front of congress.
There were literally a news last week about google employees asking “is history enabled for this chat?” - and cut.
https://www.courtwatch.news/p/heres-22-examples-of-google-employees
Edit: added link, changed to “last week”.
Benefit of the doubt would be assuming they were sophisticated enough to build out a working system capable of listening like this and effectively using it to target ads without being caught. That seems far-fetched; it’s much more likely that they built some half-assed prototype, threw an LLM at it, and brag to their customers how advanced their “AI-driven technology” is. We’ve seen over and over that studies show that even “regular” targeted advertising is not remotely as effective as advertisers play it up as.
I have no doubt they would do this if they were actually capable of it.
Facebook has the engineers, the time, and the amorality to figure out how to make this work, even if it’s not subverting the iOS microphone. This honestly doesn’t seem like a stretch to me.
Maybe… but then that’s an incentive to get as much info as possible. It doesn’t eliminate the motivation, it enhances it.
The article is reporting on claims made by Cox Media Group. There have been no claims reported that Facebook has built this. Facebook is one of their alleged clients.
OK, but I thought we were talking about Facebook because of what I said above:
Fwiw, I think it less likely that CMG has pulled this off, but I wouldn’t be surprised if a company with the resources of Facebook had.
I’m far more willing to believe “mall/store has microphones installed everywhere and sells audio to data brokers” over “an ad agency managed to circumvent/get a backdoor in the iOS and Android permission systems”
FWIW I’ve been getting those wide shoe ads a lot recently too, and I never talked to anyone about shoes (or anything else to suggest that I’m shoe shopping, because I’m not).
Any chance your wife searched for [wide converge shoes] at some point to see if that’s a thing, and because you’re both under the same IP address it got linked back to you?
I just asked her, and she said no.
Personally, I wore Chucks for decades, and have never seen a wide version, so I wouldn’t bother to search for it, since I figure I already know the answer.
When technical details are reported, this will be on-topic.
Let’s assume this is happening. What could the source be?
Just some thoughts. If I were trying to track this down, I might start reverse engineering TV-related stuff.
Funny how they all suddenly “remove the Partnership” or “investigate” it. Why does an ad-partner even have the right to access the microphone?
Unless something has drastically changed since I worked at FB a few years ago, they don’t.
I think they removed the partnership because their partner was lying about what their technology could do in order to scam that partner’s customers.
Could be, though we’ve seen the clipboard-sniffing already, so who knows.
See comment here: https://lobste.rs/s/mf7guc/leak_facebook_partner_brags_about#c_jxayna
I am firmly convinced that the story here is CMG media lying to their potential clients (in a high touch sales process), not that CMG media blew the lid on a multi-year conspiracy.
This really matters to me. If companies are genuinely doing this it shouldn’t be a “who knows?” situation, it should be a national/international scandal with legislative consequences.
Yeah the more I read about it, the more I’m not so convinced by it being actually true.
But it’s definitely good to keep an eye on this. We’ve had the Samsung patent about saying the brand name loud in front of the TV to pass the app break.
Yeah, Samsung are so bad around this stuff. That’s part of the problem: it’s hard to argue companies aren’t doing creepy unscrupulous things when there are so many companies out there blatantly doing creepy unscrupulous things.
This is why I care so much about accuracy: we need to know exactly who is doing what in order to effectively campaign for them to stop.
It doesn’t pass the “my smartphone isn’t constantly 50C and the battery hasn’t died in an hour” smell test. Checking some text is absolutely trivial in comparison.
It’s unlikely the can access the mic through the FB app itself. Maybe there were some weird workarounds, but I’d be surprised if you could upload any custom code to FB - it’s too tightly controlled.
It was a conspiracy theory that everyday conversations are converted to personalized advertising until now. It was unthinkable that Mark Zuckerberg would sell your data until the Facebook–Cambridge Analytica data scandal even though he made his approach to personal data quite clear much earlier (‘People just submitted it. I don’t know why. They “trust me”. Dumb fucks’). It was unthinkable that good guys sporting a slogan saying “Don’t be evil” will become the evil.
One may be looking at this from everyday-developer’s diluted perspective of restricted ABI/API access, which may (my assumption) be less limited for certain so-called “partners” (other big tech, advertisers, insurance, other entities interested in purchasing personal data).
A this point, there are no conspiracy theories around personal data farming. For me it’s a pure distrust towards entities which lose one privacy-related lawsuit after another, and appear to have the personal data abuse lawsuits costs simply written into annual budgets as the “cost of doing business”.
Facebook exploited bugs in Android to read all of your text messages (without permission) and do targeted advertising based on that. They also did an MITM attack using a VPN product that they bought to read all your Snapchat messages (although that likely affected only a small number of people). I’d believe they’d do almost anything to get your private data. Fortunately they’re under a lot of scrutiny now so it’s harder for them.
Doesn’t really pass the smell test.
Article seems kinda obviously biased. Saying “Facebook Partner” seems intentionally evocative and misleading.
Also, how would this work? Your microphone is always on? I guess that’s sort of true now, with “OK Google” or Siri, but I wouldn’t imagine that arbitrary apps can just access that. Can they? I have to approve mic access every time and the most permissive option is “always allow when this app is open” or something like that. I just don’t see it.
Also, executes/ sales people often say what amounts to bullshit.
I mean my guess is that there’s something to this but that it’s being wildly misreported and misunderstood somewhere.
I’ll wait for more information.
On iOS, third party apps have zero access to the mic unless they request that privilege in their metadata, in which case the OS asks the user to grant permission the first time the app opens an audio input stream. There’s also an orange dot in the status bar while an app is using the mic.
Interaction with Siri is mediated by OS services; all the app gets is a high level IPC message with a parsed request. The initial “hey Siri” phrase is detected by a special low-power CPU that is hardwired to recognize only that phrase.
(The above is also true of sandboxed macOS apps; it might even be true for all apps nowadays, not sure.)
Worth mentioning for Android these days, your first paragraph is exactly true as well (except its a green dot/icon in the corner).
I think the article itself when taken literally is actually pretty clear that they are reporting on the advertiser’s own claims of how their systems work. There is nothing in the article to indicate that the claims are true. Your default position should be that if an advertiser makes a claim, it’s probably false.
The problem is that nuance is lost upon readers, and many commenters assume that they are reporting about something true instead of an unsubstantiated claim. The authors of the article should have anticipated this; it’s irresponsible reporting to omit a note that so far they have zero evidence.
how is this technically possible without the app swallowing the whole battery?
it’s also impossible to bypass OS controls for mic access with any modern mobile OS these days…. unless we’re talking about ad networks using zero-day OS exploits without any detection whatsoever (preeeetty unlikely if you ask me).
+ it’s supposed to show this indicator in the status bar: photo
Have you ever been in a secure facility? I’ve seen where they tear the microphones out of the speakerphone. Why would that be?
Humans are good pattern matchers. I’m not surprised at all this turned out to be “factually true”. I wonder what else many people “feel is true” and is actually true.
Well, humans have plenty of biases and logical fallacies we fall for all the time. While some of them might have had evolutionary advantages, we are just good at finding patterns that match some filtered set of the data. We are not particularly good at finding the right pattern.
In the movie Ex Machina, “BlueBook” secretly listens to users’ phone audio and visual to develop Ava’s AI.
Probably the other “pattern match”. Someone, somehow and somewhere is using this data to train on.
I’ve seen a lot of “you’re not that unique” rebuttals and then the usual counter rebuttals. I’m mostly in the unique camp, with one addition: these companies have thousands upon thousands of petabytes of data on consumers. How likely is it that they are gaining anything more valuable than that by actively listening to your microphone? Like, I can predict stuff fairly well with a few megabytes and a half-baked understanding of statistics. These companies have incomprehensible orders of magnitudes more data and better analytics.
I just do not believe potential value of the audio outweighs the cost of the shitstorm that would erupt if the active listening were to be true. They already have more than enough to profile you as-is. I mean, hell, they track enough other people they don’t even really need to track you and can still probably target you with ads well enough to make money.
See my comment elsewhere, but as a point of comparison, Facebook suffered no lasting consequences for the Cambridge Analytica scandal. Their stock price dropped temporarily for two months, and the total of the lawsuits and fees amounted to less than 0.1% of their market cap.
They probably figure they can weather most shitstorms.
And every day someone asks me why I do not install this or that app…
What’s stopping you from installing apps? Is it concerns about them listening through your microphone, or tracking your location via GPS, or tracking IP address activity or something else?
For me, it is a bit of all of the above, but the main thing I hate is notifications. It is something I actually would like to enable - they can be useful when done well - but in practice you get so much spurious nonsense, like it pops up three weeks later “You haven’t logged in for a while”. Gee, thanks. Or “Your best friend is on Facebook!” ok, is she sending me a message right now? Nope, it just randomly decided it wanted my attention. (That one was actually an email, since I don’t use the main facebook phone app, but their emails usually mirror other notifications. And it was an annoying email too.)
Last week, I had to take a flight and briefly considered using the airline app since my mother’s printer was refusing to work (insisting it couldn’t print black and white because it was out of color ink… but it said it had plenty of black ink… evil). But… if I put on the airline app for this one thing, is it going to send me marketing notifications? Forget it, I’ll use the printer at the airport.
And just now, I tried something. Wanted to send somebody an instagram picture and did it on the phone… well, tried to anyway. Opened up the app and hit the camera. It asks for permission to use the microphone. Perpetual microphone permission… to send a photograph. I said no. It refused to proceed. This is probably just lazy programming, but like, come on.
In a web browser, you can take an individual picture and submit it to the program as a file, without giving it any permission beyond that one file. With email, I can do all kinds of filtering on my end to not ding me when useless spam comes in, while still beeping at me when something actually important arrives. There’s not this level of granular user control in phone apps.
I generally prefer not using proprietary software. Apps that have nothing to hide can be published on F-Droid.