Note how willing most of us are to believe companies would be eavesdropping on our computer and phone microphones to sell us ads. It’s absolutely in line with all the other sleazy surveillance a bunch of ad companies do. Tracking location, tracking email, tracking visits across unrelated websites, tracking us via crooked browser extensions, profiling us based on home address and personal traits, profiling us based on social media engagements… So many different forms of privacy invasion in the name of targeting ads a little better. Why not microphones too?
Apple has staked a big part of their business reputation on being the company that protects users more than the others against all this surveillance. I don’t know that many people really believe it’s true.
I’ve seen this comic bandied about a bit online; usually used (as in this case) to dismiss people arguing to consider patterns of behaviour.
To clarify: I don’t think that companies are using smartphone microphones to target ads. But the fact that fee would be surprised if they were is itself an interesting observation.
I think the comic is funny even if it’s being used to dismiss my comment. But it’s misapplied. The comic turns on the person believing something, then pivoting and saying “ok so it’s not true but look how people think it’s true!” That is an annoying rhetorical turn. But it’s not what I did. I didn’t say I think companies are using microphones for ad targeting. (I share Simon’s skepticism).
I’m content to push it beyond the context of “you originally believed this” and into the broader situation of “well, but you can see how someone WOULD believe…”, and I stand by its use here.
longtime lurker – this will be my first comment on Lobsters – but I’m confused. Is noting how someone might not be surprised at what should be a shocking discovery (i.e. apple’s use of microphones for ads) not a valid and relevant point?
From Marshall McLuhan’s Wikipedia: The medium is the message: the message of a newscast about a heinous crime may be less about the individual news story itself (the content), and more about the change in public attitude towards crime that the newscast engenders by the fact that such crimes are in effect being brought into the home to watch over dinner.
Manufacturing a mass panic unrooted in reality or evidence is a bad thing. Laughing off such a mass panic with a “well, but you see how someone could realistically have believed in it…” is also a bad thing.
We increasingly live in an age of social-media-fueled mass panics based on little or no actual evidence, and those mass panics increasingly have body counts. “Hahaha, well you see how someone COULD believe…” excuses need to have the door slammed on them early, often, and hard.
I’m not suggesting slamming the door on someone, but on something, and this site already does that for a variety of categories of content. I happen to think conspiracy theories should be among those categories (if they aren’t already).
Misinformation needs to be dismissed out of hand if it’s unfalsifiable, not blithely supported by public sentiment. Misinformation and conspiracy theories are bad.
If I say “asians can actually read minds”, that’s an unfalsifiable claim but it’s also misinformation if presented as factual (or possible) because it’s a claim not supported by evidence.
Apple has staked a big part of their business reputation on being the company that protects users more than the others against all this surveillance. I don’t know that many people really believe it’s true.
Most of their users don’t have a frame of reference. To accurately gauge that Apple is protecting them, they would have to know what the methods of surveillance are. But that is a black box to those not enmeshed in the advertising industry. Most people cannot help but resort to blind faith and hope that Apple does what it claims to do.
There’s old wisdom that privacy is never a successful feature in a computer product business. Users say they care but in practice generally don’t act like they do. Also privacy is often at odds with usability. I’m impressed Apple is genuinely working for privacy in many ways. I have no idea if it’s working as a product strategy outside discussions like those on Lobsters.
Apple has staked a big part of their business reputation on being the company that protects users more than the others against all this surveillance. I don’t know that many people really believe it’s true.
while technically correct, the missing piece is that Apple’s reputation for privacy is due to world-class PR and marketing and not because they actually live up to it. Apple’s attacks on privacy haven’t significantly hurt their reputation, so it’s cold comfort that they won’t continue.
I truly believe that Apple have respect for user privacy as a core value. I’ve seen so much evidence of that over the years. You don’t design a system this clever without having privacy as something you take really seriously: https://security.apple.com/blog/private-cloud-compute/
That’s addressed in the article and is definitely bad but misleading without the context:
What actually happened is it turns out Apple were capturing snippets of audio surrounding the “Hey Siri” wake word, sending those back to their servers and occasionally using them for QA, without informing users that they were doing this.
virtually every big tech firm has funded research into privacy preserving technologies. do you think google, microsoft, facebook, IBM, etc. take privacy “really seriously” too?
how do you distinguish between holding privacy as core value and investing in marketing to project the image of caring about privacy to serve the core value of profit maximization?
I just wish the world we live in was one where targeted advertising came from microphone data. At least then it would be easy to regain some privacy. Avoiding microphone spying is easy; avoiding the other more ubiquitous forms of surveillance is much harder.
This is usually the case with conspiracy theories.
The world order would be relatively easy to correct if it was five people in a backroom somewhere determining everything. The reality of it is far more complicated and far more difficult to get a handle on.
My preferred explanation is co-presence correlation:
If I’m visiting your home and I get on your wifi, we talk about vacationing in Malta, then later I go home and on my own wifi I research Malta vacations, there’s a good chance that advertisers can figure out that they should be showing you ads about Malta vacations even though you only ever spoke about it verbally.
They have our IP addresses, they have persistent tracking across connections, this is easy to do.
There are other more sophisticated ways to do similar things without relying on matching IPs, especially considering many mobile apps share the same SDK analytics that get collated together. It’s also a perfectly reasonable advertiser strategy to blanket a whole geographic region with ads about a specific topic that is mentioned by just one or two participants in that region (no matching IPs), especially in a short timespan.
But on a higher-level, I simply don’t believe that spying through your microphone is an effective way to advertise. It’s extremely expensive (especially if the goal is to be covert, imagine the battery drain alone!) and there’s just too much noise, it’s hard to capture valuable intent. On the other hand, my friend who was in the same room as me later searching for a term is extremely high quality signal for me too.
I suspect a lot of “hard to explain” ad targeting is explained by actions of our friends/family/people we interact with that have been correlated back to us.
Or: You’re talking about vacationing in Malta because you both read an article on the orange website, where somebody said that Malta is the most inspiring place to scale your startup ideas or whatever.
The ad companies know you both read the orange website, and that Malta fits your budgets, that’s enough.
This is very obviously the reason and I thought the article would mention this. I have worked in the advertising business and and I think the tracking is absolutely morally questionable to say the very least.
However, as the articles says, the truth matters! In order to address the issue, we indeed need to have a clear understanding of it. Which most of people don’t and quickly jump in completely unfunded claims such as the one at hand. Which frankly speaking resembles the flat earth ‘movement’.
John Doe is bored at the subway ans google trips to malt on the subway on his way to work. Låter that night he gets reminded of it and brings it up at the dinner table. After dinner, he picks up his phone and there are the ads about Malta. Hence: “They are listening to us via microphone!”
Trackers on pages, or in extensions you’ve installed. Your browser may be Google Chrome or Opera. The page you visit may use an anti-adblock framework that proxies to ad networks on the server side, so they’ll still get a request with your details, even if your uBlock ends up blocking the loading/display of the ad resources in the end.
You may not end up seeing the ad ultimately, but your data will still be collected unless you’re a complete internet hermit visiting only self-hosted pages on tiny webrings or whatever.
I have seen this first hand I think. We were in the pub and the table of strangers next to us were talking about having a bouncy castle for their kid’s party.
About 10 minutes later my friend shows me his phone and it’s got an ad for bouncy castles in his Facebook feed. None of our friend group have kids.
It was probably coincidence. But I did wonder of someone at the table next to us had searched for bouncy castles, and somehow a geographic link between the two devices had been made (perhaps both on pub WiFi)
That is very likely how it worked. Consider also: phone-based menu ordering, point of sale systems, ride hailing apps, both checking Instagram or a similar app to which you had previously given location permission…
I am one of the people who began to wonder “Is my phone listening to me?” because of Instagram ads. I never really believed that they were, but it felt like they could be given how targeted the ads were. Here’s a dilemma.
Instagram/Meta/Whoever was listening and sending me microphone-based targeted ads. That’s definitely bad.
Instagram/Meta/Whoever was not listening but they still had a method to send me (and people I talked with) ads (well) targeted enough that they felt as if they could have been based on microphone data. (E.g., I talk to my wife about needing sweaters. Within minutes, both wife and me have buckets of ads for men’s sweaters on Instagram.) That’s also definitely bad.
Either way, I’m glad I quit Instagram (and all social media) as a 2022 New Year’s resolution.
There are plenty ways to track users nowadays: cookies, pixels, tcp hello handshake,… Each comes with a different “resolution” allowing advertisers to send you more relevant ads. Chance is that Meta, Google, Adobe, Alibaba, Bytedance are just really good at building these data pipelines and segment them with different clustering algorithms, ML powered recommendations. It’s next to impossible to disable these completely given that many of these services also design and sell the underlying compute platform that you are using: android, chrome, search, email, isp, etc…
I think all these fear mongers created a really good selling pitch for Apple’s private compute pitch. However, i doubt that it gona last long bc Apple could start selling ads themselves
“Ads that are delivered by Apple’s advertising platform may appear on the App Store, Apple News, Stocks, and Apple TV app. Apple’s advertising platform does not track you, meaning that it does not link user or device data collected from our apps with user or device data collected from third parties for targeted advertising or advertising measurement purposes, and does not share user or device data with data brokers.”
Yes. Why does nobody believe anything a company says any more?
When companies are caught lying even a tiny bit it’s headline news. And yet a lot of people seem convinced you can’t believe anything any company says about anything.
I guess the big problem here is probably around telling the difference between marketing and material statements. If a company says “our product is the best solution on the market” that’s a different category of statement from “our products do not listen to your microphone to target ads” or “we don’t train our LLMs on your inputs”.
Why does nobody believe anything a company says any more?
Because they’re incentivized to lie by the only factor that they care about, money. If they can make more money by lying, they will, then pay a fine or a PR agency or fire some token employee if it comes out. Doing otherwise would be failing the great god of “maximizing shareholder value”. I mean, look who the richest man in the world is right now; what’s his history with materially false statements?
I also believe that “they are listening”. I’m a software engineer who’s worked in ad-tech and has developed mobile apps in the past.
I’m aware that, for example, the Facebook app may not be able to literally use my microphone to listen at that exact second. But I am also aware at a high level that lots of data is collected and exchanged between companies for advertising.
So whether or not Google’s app is listening to me, or my “smart TV” is listening and sending that info with identifying IP or other identity resolution methods, or someone else’s phone is listening and sharing text plus ip and geo, the result is the same. I have many times said incredibly specific things and immediately gone from seeing zero ads about that product to seeing an ad for that product.
It’s kind of like solving a crime or debugging a production issue. The advertisers possess the motive. I believe that they do possess the means (other devices or maybe other more unscrupulous apps on your phone).
More often than not the xkcd observation is true “Correlation doesn’t imply causation, but it does waggle its eyebrows suggestively and gesture furtively while mouthing ‘look over there’”.
You make a good point. While I am comfortable with Apple, and their promise of protecting users, my home network has several IoT devices of questionable origin (like the 4K projector that allows me to login to Netflix and plays sound), and I cannot be sure that they aren’t listening in.
As an example, Chinese random projector brands offer their $300+ projectors for peanuts (like under $50) with coupon codes. I won’t be surprised if these are actually CCP survellience devices. I cannot prove it either way, but I am inclined to believe the no-name cheap Chinese projector is doing something nasty.
It doesn’t really matter if this is true or not. Irrational beliefs don’t let themselves be debunked by rational arguments so in most cases this just becomes an exercise in demonstrating that you’re smarter.
The real question is: Why do people (choose to) believe this? And well… there’s a bunch of obvious answers to that.
Irrational beliefs don’t let themselves be debunked by rational arguments so in most cases this just becomes an exercise in demonstrating that you’re smarter.
Such as this one.
The real question is: Why do people (choose to) believe this?
Because of the reason you just said. It tricks them into believe that they are smarter. When in reality they just have no tech knowledge about the subject and speak about tech and exact Sciences as if they were discussing politics.
It does matter a whole lot of this is true or not. We cannot possibly address the issue if we have a poor understanding of it.
I don’t know if you are European or visit Europe often. The cookie consent dialogs are absolutely unbearable and are a direct result of a failed attempt to have the excessive web tracking problem. Understanding of the problem by political power was very poor, resulting in a silly and prepotent law. On top of that, businesses didn’t understand it and play defensive just in case. The result is that the situation got even worse! So I would say, as the article says, the truth matters!
But I agree win you in the sense that: even if they don’t listen (which they don’t) the tracking is already a huge privacy abuse.
Let’s think this through. For the accusation to be true, Apple would need to be recording those wake word audio snippets and transmitting them back to their servers for additional processing (likely true), but then they would need to be feeding those snippets in almost real time into a system which forwards them onto advertising partners who then feed that information into targeting networks such that next time you view an ad on your phone the information is available to help select the relevant ad.
I don’t know whether or not Apple or Google is selling ads based on mic input but this feels pretty silly to me. If the audio has been turned into text snippets, would this actually be that hard? You don’t have to forward a giant pipeline; you just have to have advertisements queued and targeted on hand.
@simonw’s a pretty smart cookie, I’m pretty sure that if I were a corporation who had exactly that goal and hired @simonw and said “hey Simon figure out how to build this advertising system” that Simon would be able to outline the whole design in half a day.
The real thing to me seems to be the line that follows, that since Apple is selling itself as a privacy-oriented company, they wouldn’t violate privacy. I’m not convinced of this, but I also think Apple is a more user-hostile organization than maybe many on here do.
I wonder though, so here’s a question to @simonw, should you read it: if this was a phone made by Meta, would you come to the same conclusions?
In 2025 it is now feasible to run audio transcription directly on a mobile phone.
These conspiracy theories have been circulating since at least 2017.
If the phone was made by Meta, and Meta said “we are not doing this”, and no security researcher had been able to produce evidence that they were doing it through network traffic analysis, and none of Meta’s 60,000+ employees had leaked that they were doing it… then I would believe Meta.
I think the point is though that the paragraph I quoted from your article is weak: it makes an argument that it would be technically infeasible, but it’s certainly technically feasible today. But it was also probably technically feasible in 2017: Siri came out in 2010, and Google Assistant was in users’ hands by 2016. I’m not saying it wasn’t done, but that it certainly was technically feasible, since such things were already being done from a technical perspective, whether or not they were happening with unknown spying circumstances.
Oh yeah, that poor battery life is likely due to the unending real-time notifications that just pollute the screen, and the apps running in background even when closed. Almost everyone I know in office puts their phone face-down on the desk during a meeting (if they take it out for some reason).
It depends on what “spying through your microphone” means. An app that covertly turns on your phone’s mic bypassing the OS permissions? Possible, but not very likely. Spying from the OS manufacturer itself? Fair, but probably done with care on specific targets and for purposes different from advertising. Spying from apps (including OS apps and services) that the user has authorized or from devices specifically designed to listen to people (Alexa & co)? Come on, it would be very naïve to think that it is not the case. (*)
(*) Edit: see also the “active listening” mentioned in another reply.
Now, whether that would count as “spying”, given that it is in principle a consequence of a deliberate choice of the customer may be debated by someone. The problem is how deliberate and conscious that choice actually is. And most people don’t value online privacy much anyway because privacy violations don’t have any perceivable bad effects for them. That includes their casual conversations possibly being recorded by a company in another continent.
I know of companies that could and would record all their customers’ conversations years before they had even started to think what they might possibly do with them. Then, speech to text improved, “AI” exploded, and they found ways to profit from what they had collected over the years (and still are).
Spying from apps (including OS apps and services) that the user has authorized or from devices specifically designed to listen to people (Alexa & co)?
You can assert this, but can you provide evidence for this? Alexa is only listening for “Alexa” until it hears that phrase, and then starts transcribing user input. The same thing goes for Google Home. The first Amazon Alexa device came out in 2014, why have none of the thousands of ex-Amazon employees in the past 10 years leaked that they were using data for targeted advertising or providing apps a way to do so?
What I meant is that any sound recorded every time the mic is activated by the user is likely retained for much longer or used in more ways than the user would probably expect. Profiling for ad purposes seems to me a pretty trivial task then (likely implied by the license terms of such devices, which I’m not familiar with). Whether they listen at other times I can’t tell. Surely, there must be some sensor (the mic itself?) able to process sound (locally?) all the time in order to capture the key phrase.
Yes, those devices have been around for a while, and hopefully someone has bothered to do some traffic analysis and has published the results.
I don’t have a strong opinion either way, I agree it seems unlikely.
However there was an interesting piece on 404 media, who dug up a pitch deck from Cox Media Group that claims they use data from microphones, they call it ‘active listening’.
I dug into this a bit; Cox was proposing a hypothetical technological framework to get funding to explore the idea, but they never would have gotten buy-in from mobile OS vendors to integrate this tech into the OS or be given special microphone access. It was only ever a pitch deck.
I think while this is true, it ignores the implication of “ad people want this, are excited about this, will get money for this, and anyone who manages to workaround the rules will do it”. Which makes it more of a “when, not if” issue.
I’m struggling with the conspiracy theory framing when people openly say they want to do it.
In May 2017 SilverPush technology was again the subject of research: “A team of researchers from the Brunswick Technical University in Germany discovered [234] Android apps that employ ultrasonic tracking beacons to track users and their nearby environment. Their research paper focused on the technology of ultrasound cross-device tracking (uXDT).”
In the paper in question they found no TV ads with those beeps but “4 of 35 visited stores in two European cities use ultrasonic beacons for location tracking”. The location tracking happened when a special “Shopkick” app was started.
I’ve also heard a rumor Nielsen had a similar product but I don’t know any details on that.
I think one of the reasons people underestimate how good ad targeting can be without needing to listen to your mic is because other similar systems we consume aren’t on the same level. Based on our experience with other products, we build this image of what’s technically possible or expected based on things like search or recommendations being terrible at times, so it’s easy to see how Ads targeting feels paranormal by comparison and make people raise their eyebrows.
I agree with Simon, but while reading, it just occurred to me that it would be possible to test this, albeit with a lot of fuss, thanks to speech synthesis.
Set up some new phones, set up some audio on various topics, with or without various advertising relevant terms. Then have the phones navigate to Facebook, and observe the ads that they are shown.
I don’t think they are spying through my phone’s microphone. I think they are spying through other microphones that have become ubiquitous in public spaces. For example, retail stores collect a lot of data on customers, and that includes video, audio, and location data. They can correlate that to you based on things like your phone’s location or the card you use to pay.
Billboards already have cameras and display ads based on your appearance and the emotion showing on your face. There are even some in London that profile you based on what car you drive.
It’s not a huge stretch to pair that with number plate recognition to show you custom ads at every red light.
I agree that it’s likely confirmation bias on our part and the only “rational” explanation is to blame the sleazy advertisement industry for overreach.
However, we know that Pegasus can record audio without us knowing about it, and without it being easily detected, and it definitely seems plausible to me that the NSOGroup’s people aren’t the only ones who know how to bypass the permissions systems in our phones and record audio without permission.
We also know that it can be really really really hard to detect subtle exploits in builds, as evidenced by the recent vulnerabilities in liblzma. I also know, from direct recent experience, that there are people in companies willing to do questionable things and keep quiet about it, and that people can and will be fired with the threat of lawsuit for questioning it / leaking it / etc. The number of people who will look away rather than face a lawsuit far outweighs the number of people willing to take on the lawsuit.
Therefore, it’s plausible to me that whistleblowers haven’t come forward at larger companies because the exploit is so good literally only a handful of people know about it.
But is this really happening? I’d still say most likely not. See also 2012, when Target knew about pregnancies before other people did.
I believe that there are zero-day exploits for recording audio. I believe that state-level hacking groups occasionally burn one of those zero-days on high value enough targets - but I don’t think ad tech companies have any incentive to exploit the same problems. They’d get sued, kicked out of app stores… it’s not worth it for them.
but I don’t think ad tech companies have any incentive to exploit the same problems.
I remember when location “beacons” came out there was a whole lot of foaming at the mouth for the idea of being able to target advertising to people walking in Times Square to last minute, discounted tickets for shows in a last ditch effort to sell it out. Any advantage advertising can get, they’re going to explore, at least, and take if possible. This is one of the reasons that the advertising industry has a bad rep to begin with.
As for legal exposure of such things, IANAL, so it’s hard to say, but terms of service are generally pretty broad. There’s a potential “does this violate wire tapping, or recording consent laws?” There’s other potential PR ramifications, which ironically, given everyone already believes companies are doing it maybe protects them from that…
I think at the very least I’m confident in saying that executives have had many conversations about the feasibility of such a practice. Again, I don’t believe it actively is happening, though.
As for the Target pregnancy “debunking” article, it’s all speculation. I think the original Forbes article is not that good, almost certainly has flaws (some of which the debunk points out), but it doesn’t invalidate the possibility that Target has proprietary information about the efficacy of its models and algorithms. Not everything is open, and especially not something that potentially creates a market advantage in retail.
In 2006, I audited a machine learning class and we could get 80-90% accuracy with “student grade” models for a wide variety of tasks. When you compare this to traditional advertisements that are effectively “broadcast spam people with an image, slogan, etc” at likely relevant audiences and hope it works out eventually, TARGETed advertising that gets 80-90% accuracy is not only worth pursuing but, especially when it comes to phases of life such as pregnancy, which leads to babies, which leads to toddlers, which leads to school age children, locking a customer into a relationship with a retailer is highly lucrative. Why are consumer loyalty cards (Target Circle card) a thing? Why exactly do you think wedding registries are a thing? Because they statistically lead to baby registries, which statistically leads to families, which statistically consume food, clothes, entertainment, in multiples…
Going back to that “student grade” model, if you consider pregnancy as a highly qualified lead for a “5 year loyalty customer” (I’m making up terms, of course, likely to buy diapers and children’s clothes) there are some pretty obvious features you could use to predict pregnancy. Did a customer who previously bought menstruation products all of the sudden stop? That feature right there is probably pretty good, by itself, at predicting a future diaper buying customer. Of course, when you layer in other things … I don’t know, increased pickle consumption, or bon bons, maybe you’re getting a little warmer. BUT even IF you’re wrong advertising is very forgiving because we’re used to seeing irrelevant ads!
I would expect more of a scientific explanation of how that is unlikely to be true. Instead it comes off as “do you realise how crazy that sounds??”. That Apple is concerned about privacy doesn’t really hold to the facts, btw.
but then they would need to be feeding those snippets in almost real time into a system which forwards them onto advertising partners who then feed that information into targeting networks such that next time you view an ad on your phone the information is available to help select the relevant ad.
To be fair, if the companies (like Meta/Facebook) could figure out a way to listen to your microphone and sell ads based on that, they would do so in a hearbeat.
Following is expected: that’s what the wake word is for, it lets you opt into sending a snippet of audio to Apple’s servers for processing.
The lawsuit was that sometimes your phone would send a snippet of audio to Apple caused by an incorrectly detected “hey Siri”, I believe because Apple had a threshold for “we aren’t sure about this one, send to us for further analysis” - and that analysis might include actual human QA people hearing your audio.
The ad targeting accusation thing was a wild stretch beyond that, part of this pattern of conspiracy theory reaching back to at least 2017.
Note how willing most of us are to believe companies would be eavesdropping on our computer and phone microphones to sell us ads. It’s absolutely in line with all the other sleazy surveillance a bunch of ad companies do. Tracking location, tracking email, tracking visits across unrelated websites, tracking us via crooked browser extensions, profiling us based on home address and personal traits, profiling us based on social media engagements… So many different forms of privacy invasion in the name of targeting ads a little better. Why not microphones too?
Apple has staked a big part of their business reputation on being the company that protects users more than the others against all this surveillance. I don’t know that many people really believe it’s true.
https://www.smbc-comics.com/comic/aaaah
I’ve seen this comic bandied about a bit online; usually used (as in this case) to dismiss people arguing to consider patterns of behaviour.
To clarify: I don’t think that companies are using smartphone microphones to target ads. But the fact that fee would be surprised if they were is itself an interesting observation.
I think the comic is funny even if it’s being used to dismiss my comment. But it’s misapplied. The comic turns on the person believing something, then pivoting and saying “ok so it’s not true but look how people think it’s true!” That is an annoying rhetorical turn. But it’s not what I did. I didn’t say I think companies are using microphones for ad targeting. (I share Simon’s skepticism).
I’m content to push it beyond the context of “you originally believed this” and into the broader situation of “well, but you can see how someone WOULD believe…”, and I stand by its use here.
longtime lurker – this will be my first comment on Lobsters – but I’m confused. Is noting how someone might not be surprised at what should be a shocking discovery (i.e. apple’s use of microphones for ads) not a valid and relevant point?
From Marshall McLuhan’s Wikipedia: The medium is the message: the message of a newscast about a heinous crime may be less about the individual news story itself (the content), and more about the change in public attitude towards crime that the newscast engenders by the fact that such crimes are in effect being brought into the home to watch over dinner.
Manufacturing a mass panic unrooted in reality or evidence is a bad thing. Laughing off such a mass panic with a “well, but you see how someone could realistically have believed in it…” is also a bad thing.
this clears things up, ty! :)
The comic is funny, and IMO can reasonably be applied in the more general case. But “AAAAH” is not really a counterargument. It’s a dismissal.
We increasingly live in an age of social-media-fueled mass panics based on little or no actual evidence, and those mass panics increasingly have body counts. “Hahaha, well you see how someone COULD believe…” excuses need to have the door slammed on them early, often, and hard.
I don’t think of Lobsters as the kind of place where “slamming the door on someone early often and hard” is part of the discourse.
I’m not suggesting slamming the door on someone, but on something, and this site already does that for a variety of categories of content. I happen to think conspiracy theories should be among those categories (if they aren’t already).
Misinformation needs to be dismissed out of hand if it’s unfalsifiable, not blithely supported by public sentiment. Misinformation and conspiracy theories are bad.
If it’s unfalsifiable, how can it be misinformation?
If I say “asians can actually read minds”, that’s an unfalsifiable claim but it’s also misinformation if presented as factual (or possible) because it’s a claim not supported by evidence.
Most of their users don’t have a frame of reference. To accurately gauge that Apple is protecting them, they would have to know what the methods of surveillance are. But that is a black box to those not enmeshed in the advertising industry. Most people cannot help but resort to blind faith and hope that Apple does what it claims to do.
There’s old wisdom that privacy is never a successful feature in a computer product business. Users say they care but in practice generally don’t act like they do. Also privacy is often at odds with usability. I’m impressed Apple is genuinely working for privacy in many ways. I have no idea if it’s working as a product strategy outside discussions like those on Lobsters.
while technically correct, the missing piece is that Apple’s reputation for privacy is due to world-class PR and marketing and not because they actually live up to it. Apple’s attacks on privacy haven’t significantly hurt their reputation, so it’s cold comfort that they won’t continue.
I’ll grant Apple this but Meta would do this in a heartbeat if they thought they could get away with it.
you don’t think apple would do it if they thought they could get away with it?
I truly believe that Apple have respect for user privacy as a core value. I’ve seen so much evidence of that over the years. You don’t design a system this clever without having privacy as something you take really seriously: https://security.apple.com/blog/private-cloud-compute/
Apple literally just paid a $95 million settlement due to Siri eavesdropping on conversations
That’s addressed in the article and is definitely bad but misleading without the context:
That quote is also misleading, as it’s presented as a fact when they are just taking it from the settlement agreement which provides no evidence.
Which is a smart financial and publicity move.
Is it? Doesn’t it sort of look bad to be paying out money to settle a lawsuit alleging that you’re recording people’s conversations all the time?
Contrast that, though, with the financial cost and amount of headline time if the story went to trial.
Especially if the trial were to reveal evidence supporting the plaintiff’s claim.
virtually every big tech firm has funded research into privacy preserving technologies. do you think google, microsoft, facebook, IBM, etc. take privacy “really seriously” too?
how do you distinguish between holding privacy as core value and investing in marketing to project the image of caring about privacy to serve the core value of profit maximization?
Meta has a proven track record of defrauding everybody and pushing harmful content to entire populations.
and… therefore apple would not do it if they thought they could get away with it?
I feel like those that claim this has happened to them, if they truly believed that this was occurring, would perhaps uninstall facebook et al apps
I just wish the world we live in was one where targeted advertising came from microphone data. At least then it would be easy to regain some privacy. Avoiding microphone spying is easy; avoiding the other more ubiquitous forms of surveillance is much harder.
This is usually the case with conspiracy theories.
The world order would be relatively easy to correct if it was five people in a backroom somewhere determining everything. The reality of it is far more complicated and far more difficult to get a handle on.
My preferred explanation is co-presence correlation:
If I’m visiting your home and I get on your wifi, we talk about vacationing in Malta, then later I go home and on my own wifi I research Malta vacations, there’s a good chance that advertisers can figure out that they should be showing you ads about Malta vacations even though you only ever spoke about it verbally.
They have our IP addresses, they have persistent tracking across connections, this is easy to do.
There are other more sophisticated ways to do similar things without relying on matching IPs, especially considering many mobile apps share the same SDK analytics that get collated together. It’s also a perfectly reasonable advertiser strategy to blanket a whole geographic region with ads about a specific topic that is mentioned by just one or two participants in that region (no matching IPs), especially in a short timespan.
But on a higher-level, I simply don’t believe that spying through your microphone is an effective way to advertise. It’s extremely expensive (especially if the goal is to be covert, imagine the battery drain alone!) and there’s just too much noise, it’s hard to capture valuable intent. On the other hand, my friend who was in the same room as me later searching for a term is extremely high quality signal for me too.
I suspect a lot of “hard to explain” ad targeting is explained by actions of our friends/family/people we interact with that have been correlated back to us.
Or: You’re talking about vacationing in Malta because you both read an article on the orange website, where somebody said that Malta is the most inspiring place to scale your startup ideas or whatever.
The ad companies know you both read the orange website, and that Malta fits your budgets, that’s enough.
This is very obviously the reason and I thought the article would mention this. I have worked in the advertising business and and I think the tracking is absolutely morally questionable to say the very least.
However, as the articles says, the truth matters! In order to address the issue, we indeed need to have a clear understanding of it. Which most of people don’t and quickly jump in completely unfunded claims such as the one at hand. Which frankly speaking resembles the flat earth ‘movement’.
John Doe is bored at the subway ans google trips to malt on the subway on his way to work. Låter that night he gets reminded of it and brings it up at the dinner table. After dinner, he picks up his phone and there are the ads about Malta. Hence: “They are listening to us via microphone!”
how do ad companies know I read the orange website? trackers on the linked article’s site? what if I have uBlock Origin installed?
Trackers on pages, or in extensions you’ve installed. Your browser may be Google Chrome or Opera. The page you visit may use an anti-adblock framework that proxies to ad networks on the server side, so they’ll still get a request with your details, even if your uBlock ends up blocking the loading/display of the ad resources in the end.
You may not end up seeing the ad ultimately, but your data will still be collected unless you’re a complete internet hermit visiting only self-hosted pages on tiny webrings or whatever.
I have seen this first hand I think. We were in the pub and the table of strangers next to us were talking about having a bouncy castle for their kid’s party.
About 10 minutes later my friend shows me his phone and it’s got an ad for bouncy castles in his Facebook feed. None of our friend group have kids.
It was probably coincidence. But I did wonder of someone at the table next to us had searched for bouncy castles, and somehow a geographic link between the two devices had been made (perhaps both on pub WiFi)
That is very likely how it worked. Consider also: phone-based menu ordering, point of sale systems, ride hailing apps, both checking Instagram or a similar app to which you had previously given location permission…
Geographic link = full location suite. Facebook & friends are extremely good at figuring out your location.
I am one of the people who began to wonder “Is my phone listening to me?” because of Instagram ads. I never really believed that they were, but it felt like they could be given how targeted the ads were. Here’s a dilemma.
Either way, I’m glad I quit Instagram (and all social media) as a 2022 New Year’s resolution.
There are plenty ways to track users nowadays: cookies, pixels, tcp hello handshake,… Each comes with a different “resolution” allowing advertisers to send you more relevant ads. Chance is that Meta, Google, Adobe, Alibaba, Bytedance are just really good at building these data pipelines and segment them with different clustering algorithms, ML powered recommendations. It’s next to impossible to disable these completely given that many of these services also design and sell the underlying compute platform that you are using: android, chrome, search, email, isp, etc…
I think all these fear mongers created a really good selling pitch for Apple’s private compute pitch. However, i doubt that it gona last long bc Apple could start selling ads themselves
https://www.apple.com/legal/privacy/data/en/apple-advertising/
Apple already sells ads.
“Ads that are delivered by Apple’s advertising platform may appear on the App Store, Apple News, Stocks, and Apple TV app. Apple’s advertising platform does not track you, meaning that it does not link user or device data collected from our apps with user or device data collected from third parties for targeted advertising or advertising measurement purposes, and does not share user or device data with data brokers.”
And you’re just going to take their word for it?
Yes. Why does nobody believe anything a company says any more?
When companies are caught lying even a tiny bit it’s headline news. And yet a lot of people seem convinced you can’t believe anything any company says about anything.
I guess the big problem here is probably around telling the difference between marketing and material statements. If a company says “our product is the best solution on the market” that’s a different category of statement from “our products do not listen to your microphone to target ads” or “we don’t train our LLMs on your inputs”.
Because they’re incentivized to lie by the only factor that they care about, money. If they can make more money by lying, they will, then pay a fine or a PR agency or fire some token employee if it comes out. Doing otherwise would be failing the great god of “maximizing shareholder value”. I mean, look who the richest man in the world is right now; what’s his history with materially false statements?
None of the companies I have ever worked for have seemed like that as an insider.
So what? That still allows selling targeted ads.
If there’s no user or device data shared with data brokers, how are those brokers targeting ads?
People buying ads from apple can target them at “segments” based on personal info, so long as each segment contains at least 5000 people. It’s in the link above. https://www.apple.com/legal/privacy/data/en/apple-advertising/
I also believe that “they are listening”. I’m a software engineer who’s worked in ad-tech and has developed mobile apps in the past.
I’m aware that, for example, the Facebook app may not be able to literally use my microphone to listen at that exact second. But I am also aware at a high level that lots of data is collected and exchanged between companies for advertising.
So whether or not Google’s app is listening to me, or my “smart TV” is listening and sending that info with identifying IP or other identity resolution methods, or someone else’s phone is listening and sharing text plus ip and geo, the result is the same. I have many times said incredibly specific things and immediately gone from seeing zero ads about that product to seeing an ad for that product.
It’s kind of like solving a crime or debugging a production issue. The advertisers possess the motive. I believe that they do possess the means (other devices or maybe other more unscrupulous apps on your phone).
More often than not the xkcd observation is true “Correlation doesn’t imply causation, but it does waggle its eyebrows suggestively and gesture furtively while mouthing ‘look over there’”.
You make a good point. While I am comfortable with Apple, and their promise of protecting users, my home network has several IoT devices of questionable origin (like the 4K projector that allows me to login to Netflix and plays sound), and I cannot be sure that they aren’t listening in.
As an example, Chinese random projector brands offer their $300+ projectors for peanuts (like under $50) with coupon codes. I won’t be surprised if these are actually CCP survellience devices. I cannot prove it either way, but I am inclined to believe the no-name cheap Chinese projector is doing something nasty.
It doesn’t really matter if this is true or not. Irrational beliefs don’t let themselves be debunked by rational arguments so in most cases this just becomes an exercise in demonstrating that you’re smarter.
The real question is: Why do people (choose to) believe this? And well… there’s a bunch of obvious answers to that.
Such as this one.
Because of the reason you just said. It tricks them into believe that they are smarter. When in reality they just have no tech knowledge about the subject and speak about tech and exact Sciences as if they were discussing politics.
It does matter a whole lot of this is true or not. We cannot possibly address the issue if we have a poor understanding of it.
I don’t know if you are European or visit Europe often. The cookie consent dialogs are absolutely unbearable and are a direct result of a failed attempt to have the excessive web tracking problem. Understanding of the problem by political power was very poor, resulting in a silly and prepotent law. On top of that, businesses didn’t understand it and play defensive just in case. The result is that the situation got even worse! So I would say, as the article says, the truth matters!
But I agree win you in the sense that: even if they don’t listen (which they don’t) the tracking is already a huge privacy abuse.
I don’t know whether or not Apple or Google is selling ads based on mic input but this feels pretty silly to me. If the audio has been turned into text snippets, would this actually be that hard? You don’t have to forward a giant pipeline; you just have to have advertisements queued and targeted on hand.
@simonw’s a pretty smart cookie, I’m pretty sure that if I were a corporation who had exactly that goal and hired @simonw and said “hey Simon figure out how to build this advertising system” that Simon would be able to outline the whole design in half a day.
The real thing to me seems to be the line that follows, that since Apple is selling itself as a privacy-oriented company, they wouldn’t violate privacy. I’m not convinced of this, but I also think Apple is a more user-hostile organization than maybe many on here do.
I wonder though, so here’s a question to @simonw, should you read it: if this was a phone made by Meta, would you come to the same conclusions?
In 2025 it is now feasible to run audio transcription directly on a mobile phone.
These conspiracy theories have been circulating since at least 2017.
If the phone was made by Meta, and Meta said “we are not doing this”, and no security researcher had been able to produce evidence that they were doing it through network traffic analysis, and none of Meta’s 60,000+ employees had leaked that they were doing it… then I would believe Meta.
I replied on the fediverse, so I’ll link that here: https://social.coop/@cwebber/113765247772087114
I think the point is though that the paragraph I quoted from your article is weak: it makes an argument that it would be technically infeasible, but it’s certainly technically feasible today. But it was also probably technically feasible in 2017: Siri came out in 2010, and Google Assistant was in users’ hands by 2016. I’m not saying it wasn’t done, but that it certainly was technically feasible, since such things were already being done from a technical perspective, whether or not they were happening with unknown spying circumstances.
The feasibility challenge is the battery life. People who believe this seem to think their devices are listening 24/7.
Most people also have really bad battery life on their phones which to them then corroborates the belief.
Oh yeah, that poor battery life is likely due to the unending real-time notifications that just pollute the screen, and the apps running in background even when closed. Almost everyone I know in office puts their phone face-down on the desk during a meeting (if they take it out for some reason).
I know. I’m just saying this is a corroborating factor for the normal person.
It depends on what “spying through your microphone” means. An app that covertly turns on your phone’s mic bypassing the OS permissions? Possible, but not very likely. Spying from the OS manufacturer itself? Fair, but probably done with care on specific targets and for purposes different from advertising. Spying from apps (including OS apps and services) that the user has authorized or from devices specifically designed to listen to people (Alexa & co)? Come on, it would be very naïve to think that it is not the case. (*)
(*) Edit: see also the “active listening” mentioned in another reply.
Now, whether that would count as “spying”, given that it is in principle a consequence of a deliberate choice of the customer may be debated by someone. The problem is how deliberate and conscious that choice actually is. And most people don’t value online privacy much anyway because privacy violations don’t have any perceivable bad effects for them. That includes their casual conversations possibly being recorded by a company in another continent.
I know of companies that could and would record all their customers’ conversations years before they had even started to think what they might possibly do with them. Then, speech to text improved, “AI” exploded, and they found ways to profit from what they had collected over the years (and still are).
You can assert this, but can you provide evidence for this? Alexa is only listening for “Alexa” until it hears that phrase, and then starts transcribing user input. The same thing goes for Google Home. The first Amazon Alexa device came out in 2014, why have none of the thousands of ex-Amazon employees in the past 10 years leaked that they were using data for targeted advertising or providing apps a way to do so?
What I meant is that any sound recorded every time the mic is activated by the user is likely retained for much longer or used in more ways than the user would probably expect. Profiling for ad purposes seems to me a pretty trivial task then (likely implied by the license terms of such devices, which I’m not familiar with). Whether they listen at other times I can’t tell. Surely, there must be some sensor (the mic itself?) able to process sound (locally?) all the time in order to capture the key phrase.
Yes, those devices have been around for a while, and hopefully someone has bothered to do some traffic analysis and has published the results.
I don’t have a strong opinion either way, I agree it seems unlikely.
However there was an interesting piece on 404 media, who dug up a pitch deck from Cox Media Group that claims they use data from microphones, they call it ‘active listening’.
I dug into this a bit; Cox was proposing a hypothetical technological framework to get funding to explore the idea, but they never would have gotten buy-in from mobile OS vendors to integrate this tech into the OS or be given special microphone access. It was only ever a pitch deck.
I talked about that piece here on Lobste.rs a few months ago. I’m confident it was a sales team taking advantage of a widely spread conspiracy theory to lie in a pitch deck. https://lobste.rs/s/mf7guc/leak_facebook_partner_brags_about
I think while this is true, it ignores the implication of “ad people want this, are excited about this, will get money for this, and anyone who manages to workaround the rules will do it”. Which makes it more of a “when, not if” issue.
I’m struggling with the conspiracy theory framing when people openly say they want to do it.
In 2014, a Singaporean ad tech company claimed to have a product that correlates ultrasonic beeps of TV ads with your browser cookies. From Wikipedia:
In the paper in question they found no TV ads with those beeps but “4 of 35 visited stores in two European cities use ultrasonic beacons for location tracking”. The location tracking happened when a special “Shopkick” app was started.
I’ve also heard a rumor Nielsen had a similar product but I don’t know any details on that.
I think one of the reasons people underestimate how good ad targeting can be without needing to listen to your mic is because other similar systems we consume aren’t on the same level. Based on our experience with other products, we build this image of what’s technically possible or expected based on things like search or recommendations being terrible at times, so it’s easy to see how Ads targeting feels paranormal by comparison and make people raise their eyebrows.
I agree with Simon, but while reading, it just occurred to me that it would be possible to test this, albeit with a lot of fuss, thanks to speech synthesis.
Set up some new phones, set up some audio on various topics, with or without various advertising relevant terms. Then have the phones navigate to Facebook, and observe the ads that they are shown.
While I mostly agree, it’s worth noting that we explicitly know of a case where this has happened in the past: https://www.nytimes.com/2017/12/28/business/media/alphonso-app-tracking.html
I don’t think they are spying through my phone’s microphone. I think they are spying through other microphones that have become ubiquitous in public spaces. For example, retail stores collect a lot of data on customers, and that includes video, audio, and location data. They can correlate that to you based on things like your phone’s location or the card you use to pay.
Billboards already have cameras and display ads based on your appearance and the emotion showing on your face. There are even some in London that profile you based on what car you drive.
It’s not a huge stretch to pair that with number plate recognition to show you custom ads at every red light.
I agree that it’s likely confirmation bias on our part and the only “rational” explanation is to blame the sleazy advertisement industry for overreach.
However, we know that Pegasus can record audio without us knowing about it, and without it being easily detected, and it definitely seems plausible to me that the NSOGroup’s people aren’t the only ones who know how to bypass the permissions systems in our phones and record audio without permission.
We also know that it can be really really really hard to detect subtle exploits in builds, as evidenced by the recent vulnerabilities in liblzma. I also know, from direct recent experience, that there are people in companies willing to do questionable things and keep quiet about it, and that people can and will be fired with the threat of lawsuit for questioning it / leaking it / etc. The number of people who will look away rather than face a lawsuit far outweighs the number of people willing to take on the lawsuit.
Therefore, it’s plausible to me that whistleblowers haven’t come forward at larger companies because the exploit is so good literally only a handful of people know about it.
But is this really happening? I’d still say most likely not. See also 2012, when Target knew about pregnancies before other people did.
I believe that there are zero-day exploits for recording audio. I believe that state-level hacking groups occasionally burn one of those zero-days on high value enough targets - but I don’t think ad tech companies have any incentive to exploit the same problems. They’d get sued, kicked out of app stores… it’s not worth it for them.
(Here’s an article debunking that Target pregnancy thing which I find convincing: https://medium.com/@colin.fraser/target-didnt-figure-out-a-teen-girl-was-pregnant-before-her-father-did-a6be13b973a5 )
I remember when location “beacons” came out there was a whole lot of foaming at the mouth for the idea of being able to target advertising to people walking in Times Square to last minute, discounted tickets for shows in a last ditch effort to sell it out. Any advantage advertising can get, they’re going to explore, at least, and take if possible. This is one of the reasons that the advertising industry has a bad rep to begin with.
As for legal exposure of such things, IANAL, so it’s hard to say, but terms of service are generally pretty broad. There’s a potential “does this violate wire tapping, or recording consent laws?” There’s other potential PR ramifications, which ironically, given everyone already believes companies are doing it maybe protects them from that…
I think at the very least I’m confident in saying that executives have had many conversations about the feasibility of such a practice. Again, I don’t believe it actively is happening, though.
As for the Target pregnancy “debunking” article, it’s all speculation. I think the original Forbes article is not that good, almost certainly has flaws (some of which the debunk points out), but it doesn’t invalidate the possibility that Target has proprietary information about the efficacy of its models and algorithms. Not everything is open, and especially not something that potentially creates a market advantage in retail.
In 2006, I audited a machine learning class and we could get 80-90% accuracy with “student grade” models for a wide variety of tasks. When you compare this to traditional advertisements that are effectively “broadcast spam people with an image, slogan, etc” at likely relevant audiences and hope it works out eventually, TARGETed advertising that gets 80-90% accuracy is not only worth pursuing but, especially when it comes to phases of life such as pregnancy, which leads to babies, which leads to toddlers, which leads to school age children, locking a customer into a relationship with a retailer is highly lucrative. Why are consumer loyalty cards (Target Circle card) a thing? Why exactly do you think wedding registries are a thing? Because they statistically lead to baby registries, which statistically leads to families, which statistically consume food, clothes, entertainment, in multiples…
Going back to that “student grade” model, if you consider pregnancy as a highly qualified lead for a “5 year loyalty customer” (I’m making up terms, of course, likely to buy diapers and children’s clothes) there are some pretty obvious features you could use to predict pregnancy. Did a customer who previously bought menstruation products all of the sudden stop? That feature right there is probably pretty good, by itself, at predicting a future diaper buying customer. Of course, when you layer in other things … I don’t know, increased pickle consumption, or bon bons, maybe you’re getting a little warmer. BUT even IF you’re wrong advertising is very forgiving because we’re used to seeing irrelevant ads!
I would expect more of a scientific explanation of how that is unlikely to be true. Instead it comes off as “do you realise how crazy that sounds??”. That Apple is concerned about privacy doesn’t really hold to the facts, btw.
sound exactly like what this company is doing? https://news.itsfoss.com/ad-company-listening-to-microphone/
As harlanhaskins said in another thread, that company just proposed the idea in a pitch deck, they didn’t actually do anything.
To be fair, if the companies (like Meta/Facebook) could figure out a way to listen to your microphone and sell ads based on that, they would do so in a hearbeat.
@simonw do you really mean “surrounding” here? Should it be “following”? If it does capture a pre-wake buffer, I’d be curious to know how long it is.
(mostly irrelevant to the point of your article, which I agree with, but it just made me curious)
Following is expected: that’s what the wake word is for, it lets you opt into sending a snippet of audio to Apple’s servers for processing.
The lawsuit was that sometimes your phone would send a snippet of audio to Apple caused by an incorrectly detected “hey Siri”, I believe because Apple had a threshold for “we aren’t sure about this one, send to us for further analysis” - and that analysis might include actual human QA people hearing your audio.
The ad targeting accusation thing was a wild stretch beyond that, part of this pattern of conspiracy theory reaching back to at least 2017.
[Comment removed by author]