[HN Gopher] Your phone isn't secretly listening to you, but the ...
___________________________________________________________________
Your phone isn't secretly listening to you, but the truth is more
disturbing
Author : zeech
Score : 205 points
Date : 2025-04-26 00:26 UTC (22 hours ago)
(HTM) web link (newatlas.com)
(TXT) w3m dump (newatlas.com)
| simonw wrote:
| > As far as anyone could understand, the proposed CMG system
| wasn't listening through a phone's microphone 24/7, instead it
| was using those small slivers of voice data that are recorded and
| uploaded to the cloud in the moments after you activate your
| voice assistant with a "Hey Google" or "Hey Siri" command.
|
| That's not quite accurate. The CMG thing was very clearly a case
| of advertising sales people getting over-excited and thinking
| they could sell vaporware to customers who had bought into the
| common "your phone listens to you and serves you ads" conspiracy
| theory. They cut that out the moment it started attracting
| attention from outside of their potential marks. Here's a rant
| about that I originally posted as a series of comments elsewhere:
| https://simonwillison.net/2024/Sep/2/facebook-cmg/
|
| The "Hey Google" / "Hey Siri" thing is a slightly different
| story. Apple settled a case out of court for $95m where the
| accusation was that snippets of text around the "Hey Siri" wake
| word had been recorded on their servers and may have been
| listened to by employees (or contractors) who were debugging and
| improving Siri's performance: https://arstechnica.com/tech-
| policy/2025/01/apple-agrees-to-...
|
| The problem with that lawsuit is that the original argument
| included anecdotal notes about "eerily accurate targeted ads that
| appeared after they had just been talking about specific items".
| By settling, Apple gave even more fuel to those conspiracy
| theories.
|
| I wrote about this a few months ago:
| https://simonwillison.net/2025/Jan/2/they-spy-on-you-but-not... -
| including a note about that general conspiracy theory and how
| "Convincing people of this is basically impossible. It doesn't
| matter how good your argument is, if someone has ever seen an ad
| that relates to their previous voice conversation they are likely
| convinced and there's nothing you can do to talk them out of it."
|
| ... all of that said, I 100% agree with the general message of
| this article - the "truth is more disturbing" bit. Facebook can
| target you ads spookily well because they have a vast amount of
| data about you collected by correlating your activity across
| multiple sources. If they have your email address or phone number
| they can use that to match up your behaviour from all sorts of
| other sources. THAT's the creepy thing that people need to
| understand is happening.
| nickpsecurity wrote:
| "Convincing people of this is basically impossible. It doesn't
| matter how good your argument is, if someone has ever seen an
| ad that relates to their previous voice conversation they are
| likely convinced and there's nothing you can do to talk them
| out of it."
|
| It sounds more like we have evidence of what we believe, you
| think we should toss the evidence for your counter-theory, and
| people won't do that. We also have an effect where tons of
| people experienced this. You want us to toss that, too.
|
| "You don't notice the hundreds of times a day you say something
| and don't see a relevant advert a short time later. You see
| thousands of ads a day, can you remember what any of them are?"
|
| On Facebook, during one period this happened, they were only
| showing me adds for Hotworx and a massage place every time.
| Trying to stay pure minded following Jesus Christ means I avoid
| such ads. So, it was strange that it's all they showed me.
| Then, strange the only break from the pattern was showing
| unlikely topics we just talked about in person.
|
| So, I'm going to stick with the theory that they were listening
| since it best fit the evidence. I don't know why they'd do it.
| Prior reports long ago said they used to use ML (computer
| vision) to profile people outside of the platform who showed up
| in your pics.
|
| I'll note another explanation. Instead of always listening,
| they could have done it to a random segment of people who were
| rarely clicking ads. Just occasionally, too. We wouldn't see
| the capability in use all the time. A feature tested or used on
| a subset of users.
|
| Also, these companies keep saying on us in increasingly
| creative and dishonest ways. If anyone is to be blamed, it's
| them.
| simonw wrote:
| Thank you for illustrating my point so perfectly.
| diggernet wrote:
| > "Apps were automatically taking screenshots of themselves and
| sending them to third parties. In one case, the app took video of
| the screen activity and sent that information to a third party."
|
| > Out of over 17,000 Android apps examined, more than 9,000 had
| potential permissions to take screenshots. And a number of apps
| were found to actively be doing so, taking screenshots and
| sending them to third-party sources.
|
| Which permission is that, and how do you detect which apps are
| doing that and stop them?
| maxlybbert wrote:
| I doubt there's a specific "ability to send surreptitious
| screen shots to developer" permission. It must be a combination
| of permissions: one for making network connections, another for
| capturing the screen without making it obvious to the user,
| etc.
| fzzzy wrote:
| For apps that want to send their own screens to third
| parties, there's no permission needed or possible. The app is
| drawing the content to the screen. It knows what the content
| is.
| jeroenhd wrote:
| If you're trying to track user information (notifications,
| actual timezone/language, battery level, VPN usage, etc)
| you can use screenshots of the current screen and open
| keyboard. You can also see stuff from other apps if the
| user is using split screen modes or has chat bubbles open.
| Apps can otherwise only access the data they render.
|
| The research talks about thousands of apps but I do wonder
| how many of these are apps people use every day and how
| many are Chinese clones of freemium games and other
| shitware with a fraction of daily users. All we know from
| public app store data is the number of "downloads" and even
| that is distributed as a range. I doubt these 19000 apps
| were found by doing a survey on what people actually had on
| their phones.
| badc0ffee wrote:
| Is that true, that these apps can capture screenshots of
| the notification area/clock/chat bubbles?
| ch4s3 wrote:
| When it's a developer tool we call it RUM or real user
| monitoring. It's super useful for solving bugs, but obviously
| the potential for abuse or user hostile activity is super high.
| quicklime wrote:
| I followed the links to the study they referenced, and it says:
|
| > Unlike the camera and audio APIs, the APIs for taking
| screenshots and recording video of the screen are not protected
| by any permission
|
| However they also talk about doing static analysis on 9,100 out
| of the 17,260 apps, to determine (amongst other things)
| "whether media APIs are actually referenced in the app's code".
|
| They then talk about doing a dynamic analysis to see which apps
| actually call the APIs (rather than just link to a library that
| might call it, but the app never calls that function the
| library).
|
| The soundbite is bad, it shouldn't say "had potential
| permissions to take screenshots", it should just say "had the
| potential to take screenshots"
| simonw wrote:
| ... and is this permission to take screenshots of anything else
| you are doing on your phone at any time, or is it permission to
| take screenshots while you have that app open?
| grishka wrote:
| There is a permission to record the screen. It requires user
| consent and there's an icon in the status bar while it's being
| used. It's impossible to use this covertly.
|
| What I believe the article is speaking about, is an app taking
| screenshots of its own windows. This is obviously possible and
| obviously requires no permissions whatsoever. Just make a
| screen-sized bitmap and do
| getWindow().getDecorView().draw(new Canvas(bitmap));
|
| It does sound believable that third-party
| advertising/marketing/tracking SDKs, which many apps are chock
| full of, could be doing this.
| daveguy wrote:
| > It's impossible to use this covertly.
|
| *Unless there's a zero-day that allows it.
| grishka wrote:
| If you're going to exploit a privilege escalation
| vulnerability from your app, why not just grab the most
| interesting parts of the /data partition while you're at
| it?
| daveguy wrote:
| Sure why not. I wasn't implying that a zero day that
| allows surreptitiously recording the phone screen is the
| only shitty thing that can be done with your phone with a
| zero day.
|
| Also, it is possible for a zero day to break specific
| privileges (like screen record without notification)
| rather than root.
| simonw wrote:
| Burning a zero-day like that for targeted advertising seems
| extremely unlikely to me.
| daveguy wrote:
| I think you missed the point GP was making. I believe
| they meant the vector might come from that kind of SDK.
| Not that someone who had a zero day to allow
| surreptitiously recording phone screens would use it for
| that purpose.
| wrs wrote:
| BTW, "smart" TVs send screenshots too. [0]
|
| [0] https://dl.acm.org/doi/10.1145/3646547.3689013
| microflash wrote:
| We've reached the state where you can safely presume anything
| "smart" is violating your privacy.
| Spivak wrote:
| Anything network connected.
| pixl97 wrote:
| Everyday we seem to step closer and closer to the 'network
| connected smart dust' as written in some science fiction.
| EasyMark wrote:
| yeah, I liked the simplicity of having things on my tv, but I
| gave up and got an apple tv box. I was getting way too many
| "I was just talking about that!" ads on some of the "free"
| services i was watching old tv shows and movies on. I'm a
| pretty frugal guy for the most part but buying a separate box
| that doesn't sell everything you do and say to advertisers is
| worth it.
| wrs wrote:
| According to the paper, your TV may send snapshots even
| when it's in a "dumb" HDMI input mode. So make sure it's
| not on the network at all.
| anenefan wrote:
| My younger bro is convinced phones are eavesdropping on
| conversations and got particularly paranoid (I thought) a year or
| so back in regard to talking in earshot of his phone.
|
| His evidence is empirical - Apparently he gets pretty high with
| friends and shit talks - but when when the search started to
| suggest some pretty way out things along the same lines, he
| landed that their conversations weren't private any more.
|
| So I have an understanding of how much tracking is going on so I
| pressed him on that. But he assured me it was stuff he would not
| even bother to look up in a clearer mindset and of course smoking
| recreationally for a very long time knows not to go near some
| tools that could land himself trouble or awkward explanations.
| That's probably true he says a lot of stuff that a half decent
| search would put him straight. In the end I just figured loose
| permissions of one of the many apps he's installed and that's how
| they (the app) make their money, selling _illegally_ obtained
| data to more legal sources.
|
| Permissions are the problem with android phones - there needs to
| be a specific install route for users, one that the app starts
| asking for things it should not need have access to, the
| installer refuses to install and suggests the user look for
| something better. Camera apps for example really don't need
| access to communication channels, if it's updates it's need, it
| can ask - one time access.
| JadeNB wrote:
| > Permissions are the problem with android phones - there needs
| to be a specific install route for users, one that the app
| starts asking for things it should not need have access to, the
| installer refuses to install and suggests the user look for
| something better. Camera apps for example really don't need
| access to communication channels, if it's updates it's need, it
| can ask - one time access.
|
| I definitely don't want my phone making those decisions for me;
| I want my phone enabling me to make decisions. The app asks for
| permissions, I say no, and, rather than ratting me out to the
| app, my phone does its best to pretend to the app that it (the
| app) has the permission it wants, say by giving an empty
| contact book or whatever. (I know rooted phones can do this,
| but it shouldn't have to be something I have to fight my phone
| for.)
| bigyabai wrote:
| He is right, all modern phone brands are surveillance devices
| furnished to provide the OEM with identifying data:
| https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...
| marcusb wrote:
| > Apparently he gets pretty high with friends and shit talks -
| but when when the search started to suggest some pretty way out
| things along the same lines, he landed that their conversations
| weren't private any more.
|
| I had an experience like this several years ago. I was having
| dinner with a customer, and one of the guys brought up this
| story about how he went to school with someone who got caught
| cheating on Who Wants to be a Millionaire. Later, back at my
| hotel, I pulled up YouTube and the first recommended video was
| of the guy who got caught cheating on the game show. I had not
| searched for this during the conversation (or prior) nor do I
| watch game show videos on YouTube, or cheating scandal videos
| on YouTube.
|
| Here's what I think happened: somebody at the dinner googled
| it, and the video got recommended based either on geo-location
| data (we were in close proximity) or because the person who
| googled it was in my phone contacts, or maybe both. But, I
| don't think Google/Youtube was recording anyone's conversation
| to make that recommendation.
| wzdd wrote:
| It could also be that YouTube started recommending this video
| to people for whatever reason, which was why it was on this
| guy's mind.
| marcusb wrote:
| Anything is possible, but he didn't start the conversation
| about cheating. Someone else brought up something to the
| effect of they thought game shows were fake, then he told
| his story and a third person the table searched for and
| showed the video.
| edgyquant wrote:
| He's right and everyone knows it. It's pretty blatant and there
| have been lawsuits settle rather than go to a trial that would
| surely reveal the extent to which this thing that's obviously
| happening is happening
|
| https://www.sfchronicle.com/bayarea/article/apple-siri-priva...
| simonw wrote:
| I attempted to debunk that one here (an admittedly impossible
| task but I can't help myself trying):
| https://simonwillison.net/2025/Jan/2/they-spy-on-you-but-
| not...
| number6 wrote:
| A swan can't stop a hurricane
| simonw wrote:
| OK wow that actually fits here.
| https://simonwillison.net/2025/Apr/23/meaning-slop/
| alganet wrote:
| It is irrelevant. The suggestion that spying is for
| advertisement makes no difference.
|
| That idea only exists to create fake two-dimensional anti-
| capilist rethoric, which is a rethoric easier to put down
| than the fact that privacy does not exist anymore.
|
| So, I am supposed to do this. To "correct you" and look
| very lunatic.
|
| It serves, however, a very specific goal. First, it cannot
| be copied en masse. If this behavior is copied (even as a
| meme), it implies doom to the more easier to defeat anti-
| capitalist rethoric and the birth of a true 3D anti-
| capitalist rethoric. It can only be mocked (smoking guy
| pointing to a conspiracy board), but that mockery is
| getting real serious real fast now.
|
| Can I dive deeper into the mechanics of how this is gonna
| go?
|
| We had so many chances, of doing good. You all had so many
| chances.
| steve_adams_86 wrote:
| Something I discovered when going down this rabbit hole is that
| if you had that conversation in your house and your visitors
| have access to your wifi, it may be that they performed the
| search without you knowing, and your ISP connected that data to
| you and sold it (as they do).
| brody_hamer wrote:
| Location location location.
|
| - User 1 shows an interest in <topic>.
|
| - User 1 visits the same location, for the same period of
| time, as user 2.
|
| - So I show an ad for <topic> to user 2.
| nickpsecurity wrote:
| That's true. I had to rule that out by only counting
| instances when my friends and I were alone. If not, or Wifi
| is open, then who knows.
| simonw wrote:
| How would your ISP connect that data if every search engine
| uses HTTPS now, so there's no way for the ISP to see what you
| were searching for?
| briankelly wrote:
| Yeah, it's Google and Facebook - not the ISP.
| IggleSniggle wrote:
| DNS lookups are still frequently in the clear, and even if
| they're not, that just means you're trusting some DNS-over-
| HTTPS provider. The incentives are perverse.
|
| And of course whoever you are performing your search with,
| like, oh, an ad company like Google, Meta, or Facebook?
| They just might use that search data for something.
| simonw wrote:
| Exactly. Google or Meta can correlate behavioral data
| like this. Your ISP cannot do that by intercepting your
| searches.
|
| I care about accuracy when it comes to privacy
| conversations. I don't want people wasting their time on
| theories that aren't true when they should be focusing on
| the real issues at stake.
| jeroenhd wrote:
| For what it's worth, the ISP may not know the search
| terms entered, but it can see "google.com" followed by
| "itchybuttcream.net" when people click the first results.
| The data will grow more granular over time as users click
| the second or even third result on Google.
|
| On WiFi you control this risk can be mitigated (force DNS
| to your own server that uses ODoH or similar) but for
| most people ISPs are still sitting on data gold mines
| obtained from passively observing DNS.
| anenefan wrote:
| His phone would have to be running a hotspot for any visitors
| (in many parts of the rural area in my locale, mobile data is
| it for the internet) but if any visitors were with the same
| carrier network, visitors could have searched. However it's
| entirely improbable any of his buddies would be on their
| phone while they're there unless it was a legit interest.
| Secondly this is stuff from what I gathered, some of is stuff
| that no one would really even think exists - it's shit talk
| speculation that's out past the black stump - no one once
| they're back to earth is ever going to bother to look up even
| a small aspect of it.
|
| In his case a realistic answer falls towards loose or sneaky
| permissions in regard of an app that have slipped through
| that have allowed a weird conversation to influence
| suggestions in internet activity later on.
|
| However for more grounded subject matters, the more probable
| strange coincidences falls to queries and visits to the net
| being scraped by external API and content (fonts scripts etc)
| providers. I've no idea how much meaningful info would
| normally be shared between the site and third party providers
| that seemingly need to be contacted while a site loads.
| Argonaut998 wrote:
| This matches up with my exact thoughts too. My old phone was an
| Android, and it was quite old in that the manufacturer hadn't
| updated it in a while. There were times when speaking about
| something would give me ads relating to it on Google, or posts
| in Instagram's case.
|
| Then I got an iPhone and it stopped completely. My wife has a
| newer Android phone and the same things happen to her.
|
| Now, I swear I read a few years ago that Facebook have teams to
| deliberately look for vulnerabilities to exploit, as well as
| things such as this:
| https://x.com/ashk4n/status/1070349123516170240.
|
| So my personal conclusion(s) is this: 1. There are
| vulnerabilities in older (if not current) Android versions
| which companies like Meta exploit to eavesdrop at all times, or
| at least while the app is not closed. 2. Most people just
| provide the 'While using the App' or 'Always allow' permissions
| for the microphone/camera, so this basically gives permission
| for them to do that regardless, even if it's not what those
| permissions were requested for (sending a voice message, taking
| a picture to post etc), BUT now there are status lights for
| when apps are using the microphone/camera which I never noticed
| been activated on my wife's phone when using it, unless for the
| correct reasons.
|
| Between all the apps people use daily which is pretty much
| Instagram/Twitter/TikTok/WhatsApp, microphone permissions tend
| to be enabled, and if they are, then most of someone's screen
| time is on an app with those permissions. Not to mention the
| 'Google' app on Android phones which seems to have every single
| permission enabled at all times that perpetually runs.
|
| Sorry, but I'm not buying the "someone else in your home
| searched something similar" or "ads are so advanced that they
| can predict what you want" etc excuses. I'm extremely careful
| with what I search. I have never experienced this once I
| switched to an iPhone, but I have experienced it too many times
| when on Android.
| wiseowise wrote:
| > There is no easy way to close this privacy opening
|
| Sure there is.
|
| Hide screenshot taking behind permission and slap down hard apps
| that refuse to operate without them.
| o11c wrote:
| It says "screenshots of themselves". The application is
| responsible for rendering the screen in the first place so it
| fundamentally doesn't need a permission.
|
| Now, what _could_ reasonably be a permission is "access the
| internet", but our overlords don't approve of that thought.
|
| (Contrast this to web pages, which do not render themselves and
| thus can sensibly be blocked from screenshotting)
| gretch wrote:
| I mean yeah technically the website can't screenshot, but it
| can do many functionally equivalent things.
|
| For example, it can capture the entire DOM and send it off,
| including the contents of input fields that have not been
| submitted.
|
| That DOM capture can be replayed on a browser to show what
| the user sees. So what's the difference?
| Thorrez wrote:
| Well, blocking javascript would stop that. Noscript is a
| thing that some people use.
| danaris wrote:
| For an increasing plurality (possibly even majority at
| this point) of sites where the purpose is not purely to
| read text, this is effectively equivalent to saying "you
| can just not use the site."
| beeburrt wrote:
| Ublock origin also has that ability
| VerdisQuo5678 wrote:
| Doesnt android already have a "network" permission? On some
| roms you can enable it/disable it on install of the app even
| o11c wrote:
| No, it has a "full network" permission. It's not at all
| difficult to bypass it if you control both ends.
| zzo38computer wrote:
| All I/O (including timing, date/time, internet, and everything
| else) should be behind permissions (although some may be
| permitted by default, they should still be overridable).
| Furthermore, all I/O should allow the user to program proxy
| capabilities (which can be used for testing error conditions,
| as well as for privacy and security, and for finer permissions,
| and logging, and other stuff).
|
| However, if an app wants to make a screenshot of itself, then
| it could do so by emulation of itself (so no permission is
| needed), as long as everything it displays is rendered by its
| own code rather than calling other functions in the system to
| do so.
| Am4TIfIsER0ppos wrote:
| I seem to recall that state of the art audio encoding can
| compress voice to 8kbit/s which is a single packet per second,
| insignificant compared to how chatty your device is. Trivial to
| buffer and send during a period of activity. It sums to 1.7MB
| over the 30 minute window in the article graphs which should be
| visible if it is actually counted. Why would apple or google
| actually make it count though? They want to spy on you either for
| their own benefit or because the government forces them to. You
| say you found it taking screenshots and phoning them home. Of
| course! It is a surveillance device. Is it worse? Maybe. You
| should consider it sends everything home. Every keystroke, every
| touch of the screen, every sample of the accelerometers, every
| sample of audio. Perhaps only the sheer quantity of data in video
| prevents them from sending it all. Might be "remedied" with 5G
| bandwidth.
| sampullman wrote:
| Audio, screenshots, and some of the other stuff I can believe,
| but I think batteries need a big upgrade before the data
| snatchers can get away with streaming video, even at a low
| bitrate.
|
| I'm also not sure how easy keylogging is these days, is there
| even a permission that allows it? I supposed there's ways to do
| it with custom keyboards. Google/Apple doing it themselves
| would be a pretty big deal.
| Am4TIfIsER0ppos wrote:
| I think everyone acknowledges that chrome sends every
| keystroke in the address bar home. I don't keep up with the
| spyware so perhaps it is now every keystroke in the rest of
| the browser. It isn't much of a leap further that their
| operating system does the same.
| adolph wrote:
| If that were true why are cell phone voice calls still so
| terrible?
| daneel_w wrote:
| Because cellular carriers keep the same pace as a snail on
| vacation.
| Narkov wrote:
| What makes you think the raw audio stream needs to be sent
| anywhere. Modern phones are capable of doing keyword extraction
| on-device.
| simonw wrote:
| This conspiracy theory has been around for a lot longer than
| phone hardware has been capable of doing that.
| Supermancho wrote:
| The Chrome Browser can transcribe audio into text, with
| what I consider good accuracy. It's well out of the realm
| of a conspiracy theory when it's been demonstrable for a
| couple decades.
| simonw wrote:
| Don't forget energy usage. The phone would need to be on
| high power mode _all the time_ to run those kinds of
| algorithms. There 's a reason "Hey Siri" has dedicated
| low-power hardware - it means it can work without burning
| through the battery.
| Supermancho wrote:
| > it can work without burning through the battery.
|
| It can work by burning through the battery. When you have
| a browser open or any number of apps, some of them are
| certainly detecting.
| Am4TIfIsER0ppos wrote:
| You need to know what keywords to listen for before
| discarding the audio data. An advertising giant might know
| but a government doesn't.
| Supermancho wrote:
| Knowing how digital advertising works, it's more likely that a
| payload is delivered to the phone in some app or by os or by
| browser that has a dictionary of keywords paid for to be
| associated with specific ad campaigns. If the device detects
| that term (via sound, search, or media) it triggers a message
| home as an analytics to target you and your device now calls
| for those campaigns.
| simonw wrote:
| If it works like that, why aren't the app companies
| describing exactly how it works to advertisers in order to
| earn their business?
|
| They describe how everything else they do works in great
| detail if you're someone who buys ads.
| alganet wrote:
| There's a nation proud of overspinning enrichment turbines with a
| complicated computer virus that can even work offline. No
| conspiracy, that's just StuxNet.
|
| So, when you start learning about tech, you get paranoid. If
| you're not, it's even weirder.
|
| The fact that someone can target you, individually, is
| undisputable. Whether it will or not, that's another question.
|
| What I can recommend if you think you are being observed, is to
| avoid the common pitfalls:
|
| Don't go full isolationist living without technology. That is a
| trap. There is nowhere to hide anyway.
|
| Strange new friends who are super into what you do? Trap.
|
| You were never good with girls but one is seemingly into you,
| despite you being an ugly ass dirty computer nerd? That is a
| trap. Specially online but not limited to it.
|
| Go ahead, be paranoid. When an article comes to probe how
| paranoid you are, go ahead and explain exactly how paranoid you
| have become.
|
| But live a normal life nonetheless, unaffected by those things.
| Allow yourself to laugh, and be cool with it.
|
| Hundreds of clone accounts doxxing me? Well, thanks for the free
| decoys.
|
| Constant surveillance? Well, thank you for uploading my soul free
| of charge to super protected servers.
|
| Dodgy counter arguments in everything in care to discuss? Sounds
| like training.
|
| The paranoid optimist is quite an underrated character. I don't
| see many of those around.
| Ferret7446 wrote:
| Sounds like the age old adage: if it's too good to be true, it
| is.
| alganet wrote:
| I also tend to be very skeptical towards popular sayings.
| Sometimes, they fail.
|
| "true" in the sense you used here. Have you thought about
| what it means in that context?
|
| We live in an age full of fear of missing out baits and
| reversed versions of such. There is no sense of "oh, this is
| good for me" that can be relied upon (implied in the original
| comment, you are going to find it), although there are
| sayings.
| sadeshmukh wrote:
| If it _sounds_ too good to be true, it probably is. Otherwise
| it 's just a tautology.
| ivape wrote:
| Doesn't it have to listen to everything to capture the wake word
| "hey siri"? How else is it done?
| simonw wrote:
| The iPhone has dedicated low-power on-device hardware that is
| trained to pick up "Hey Siri" exclusively. It only wakes up the
| rest of the device and captures additional audio after that
| wake word has been triggered.
|
| https://machinelearning.apple.com/research/voice-trigger
|
| https://machinelearning.apple.com/research/hey-siri
| akimbostrawman wrote:
| >pick up "Hey Siri" exclusively
|
| until it isn't. anything apple is proprietary and any feature
| could silently change at any time even for only specific
| devices/user.
|
| https://web.archive.org/web/20250415140321/https://www.thegu.
| ..
| benlivengood wrote:
| The thing is, it's not even people doing the correlations. Just
| like transformers can learn most of human knowledge just by
| trying to predict tokens, I would not be surprised if the ad-
| serving machine learning systems have learned about people in
| similar detail.
|
| State of the art about 10 years ago was 4 9s of accuracy
| predicting click-through rates from the available context
| (features for user profile, current website, keywords, etc.),
| which I interpreted as requiring a fairly accurate learned model
| of human behavior. I got out of that industry so I don't know
| what current SOTA is for adtech, but I can only imagine it is
| better. The models were trained on automatically labelled data
| (GB/s of it) based on actual recent click-through rates so the
| amount of training data was roughly comparable to small LLMs.
|
| Recent anecdote; three of us were sitting around the kitchen
| table with our phones out chatting about an obscure new thing
| that had come up; it appeared in one of our FB ad streams pretty
| quickly.
|
| My top guesses about how this is possible today;
|
| 1) Apps routinely link many third-party data gathering and
| advertising libraries. Any of these libraries could be gathering
| enough contextual data and reselling it to make a correlation
| possible. It's not just obscure thing A that triggers an ad, it's
| highly correlated mixtures of normal things X, Y and Z that can
| imply A.
|
| 2) other friends may have talked about the obscure thing recently
| and social network links implied we would be aware of it through
| them.
|
| Distant 3) the models are actually good enough to infer speech
| from weird side-channels like the accelerometer when people wave
| their hands when they talk, etc. Accelerometer sample rate is <
| 1KHz but over 100Hz which may be enough, especially when you
| throw giant models at it.
| jancsika wrote:
| > an obscure new thing that had come up
|
| Since you've provided no explicit counter-evidence, I'm gonna
| go ahead and say I have four nines of accuracy in predicting
| that your smartphone was squarely in the dependency chain of
| any "obscure new thing" you could have imagined discussing.
|
| Edit: wording
| ajb92 wrote:
| Kind of a weirdly sad, uncharitable assumption to make
| lud_lite wrote:
| > 4 9s of accuracy predicting click-through rates
|
| Having a hard time parsing what that means.
|
| Lets say the CTR for 1000000 impressions of an add is 24.5898%
| and the ML predicts 25.1926%. How many 9s of accuracy is that?
| fmajid wrote:
| At one of my previous companies we made a moderately popular
| mobile app SDK that app developers would embed in their apps. We
| were approached by a company that claimed they had a MIT
| developed (or was it Bell Labs?) audio recognition technology
| similar to Shazam, but orders of magnitude more efficient, that
| would be used to recognize audio from ads and record when a user
| was exposed to a TV or radio ad for tracking purposes.
|
| I don't remember the name, that was at least 10 years ago before
| Apple started enforcing permissions on microphone access and
| showing an orange dot, but they wanted to do a revenue-share deal
| in exchange for us quietly bundling their SDK inside ours.
|
| Needless to say we turned them down so we never learned more or
| tested the veracity of their claims, but there are some really
| sleazy companies out there. Modern smartphones have sufficient
| horsepower to do the audio processing on-device so the argument
| that this would show up in network traffic does not hold.
| pixl97 wrote:
| Probably something along these lines
|
| https://www.pcworld.com/article/424417/ad-tracking-tech-uses...
| Ichthypresbyter wrote:
| >Not only does the system know exactly where you are at every
| moment, it knows who your friends are, what they are interested
| in, and who you are spending time with
|
| This actually makes sense of an anecdote a colleague uses to say
| that he thinks his phone is listening to him.
|
| I am a keen skier. He used to ski a lot, but hasn't been for
| several years. Around the start of ski season this year, we
| talked about my plans to go skiing that weekend, and later that
| day he started seeing skiing-related ads.
|
| He thinks it's because his phone listened into the conversation,
| but it could just as easily have been that it was spending more
| time near my phone (I had only recently started at that job) on
| which I regularly search for skiing-related things like
| conditions reports and directions to ski areas.
| lcnPylGDnU4H9OF wrote:
| > but it could just as easily have been that it was spending
| more time near my phone (I had only recently started at that
| job) on which I regularly search for skiing-related things like
| conditions reports and directions to ski areas
|
| Bingo! This is most certainly what happened.
|
| I've spent time trying to convince my friends that their
| phone's microphone is not constantly listening and running
| sounds through voice recognition software to isolate their
| voice (so the individual who owns the phone can be advertised
| to), then through sentiment analysis software (to inform
| advertisement bids), all without meaningfully affecting battery
| life. That is usually an uphill battle but explaining location
| services and the fact they don't know what I've searched gets
| the point across better. (It is actually creepier.)
| fsmv wrote:
| Or just ski ads go out when ski season starts and he only
| noticed that he saw one because you had the conversation.
| trollied wrote:
| You were probably in the same place using the same IP address,
| and both browsed - doesn't matter which sites you both visited,
| the trackers have you. You might have shown him where you were
| going. Ad trackers thought "I'll serve ski ads to people that
| were on that IP address because somebody else looked at xyz".
| Ichthypresbyter wrote:
| How do IP addresses work with cell towers? The WiFi where I
| work doesn't allow personal devices to connect, but there's
| reasonable 5G.
| polskibus wrote:
| Do iOS apps also take screenshots of activity in other apps
| without consent? Does the platform allow it to, if yes then is
| there a way to block it?
| trollied wrote:
| They cannot.
| NemoNobody wrote:
| That was a stupid study. Phones know if they are being used - the
| phones for 3 days around ads is meaningless.
|
| Tracking isn't all the time - that would be tough. They do record
| stuff when you doing certain things tho...
|
| It's not impossible at all, actually it's rather easy if you have
| access to their actual online activity too.
| xg15 wrote:
| I think it would be interesting to try to do a "constructive
| debunking" - try to build a system yourself that uses a
| tampered phone and constantly records and transcribes all audio
| around it, without being obviously detectable by battery drain,
| CPU usage or network traffic.
|
| Variants/difficulty levels could be about: capture everything,
| or just keywords? What if you have a million keywords?
| Transcribe on-device or in the cloud? Can you do it just inside
| an app or do you need OS support/root access? Etc etc.
|
| Would be interesting to see what can be done at all and how
| easy or difficult it would be to detect.
| jeroenhd wrote:
| Comparing a small project like that with the vast
| cyberstalking industry we call advertising today isn't going
| to yield similar results if the conspiracy theory is true. I
| can make a full tracker that drains the battery like crazy
| but that doesn't mean the smartypants who know when women are
| pregnant weeks before they do themselves can't come up with a
| system that's more efficient with acceptable data
| granularity.
|
| Worst case scenario you succeed, and you've built yourself
| the torment nexus. If you publish your results, you'll have
| to publish the torment nexus to prove you don't have anything
| up your sleeve, making the world slightly worse for everyone
| else now that there's an accessible torment nexus ready to
| go. If you don't publish your torment nexus, nobody will
| believe you. Hell, if you succeed, you might've actually
| invented the thing! At best, the result of your success is
| knowing for sure you _could_ be spied upon any time,
| anywhere.
|
| There's probably a much easier method to know for sure: work
| for advertising companies and learn their secrets.
| xg15 wrote:
| Good points. Though I there are other options - e.g. build
| a proof-of-concept in a closed environment, e.g. as an
| university project, demonstrate it with a small (but still
| sufficiently large) group of people, so you have witnesses
| and publish a paper about it.
|
| I know the prevailing wisdom is to always publish your code
| with a paper, to ensure maximum reproducibility, but this
| would be a valid case where you DON'T want to make
| reproducibility easy.
|
| It's essentially the same dilemma that security research
| already has today: You want active research into
| vulnerabilities to be able to close them, at the same time
| you don't want people abusing your research to exploit
| them.
|
| There is also the point of how feasible such a system would
| be to deploy on new phones. E.g. if you require a rooted
| phone and a custom Android image, chances are relatively
| slim your system will be used in the wild.
| washadjeffmad wrote:
| Does anyone recall the national discussions surrounding what
| constituted metadata following 9/11 when ThinThread and
| Trailblazer were brought to public attention?
|
| I also recall reading about members of the TIA "Total Information
| Awareness" program leaving to join advisory boards for rising
| social media platforms, Facebook most notably. These weren't
| tinfoil opeds in fringe outlets, but regular reporting by
| journalists published in trusted local newspapers.
|
| Are there any outlets left who aren't part of consolidated media
| groups that can or do still track and report on movements like
| this? I've having trouble finding original articles that haven't
| been "revised for historical accuracy" or hidden behind paywalls
| of the few entities that remain.
|
| Edit: For context, I was looking for the earliest articles about
| Google citing legal justification for scanning the contents of
| emails under a favorable interpretation of metadata that allowed
| for tokenization by an automated process (ie- the contents were
| not read by a human or made personally identifiable, which met
| the letter of the law). It follows that the same justification is
| not limited to any source or data type, but I couldn't recall any
| more recent reporting or statements from companies over the last
| 10-15 years, or, the "don't break Google" era.
| ThinkBeat wrote:
| At the time I am typing this, the title on the page is:
|
| ""Your phone isn't secretly listening to you, but the truth is
| more disturbing""
|
| Which is presently also the title on this post.
|
| Then as I read it becomes clear that it is merely focusing on
| Facebook.
|
| However the confusion that may stem from "Your phone isn't
| secretly listening to you"
|
| The blog post never attempts to establish that your phone is not
| listening to you, just that some companies may not be going it.
|
| The truth is that your phone may well be listening to you . There
| is plenty of malware / spywear that uses exploits to achieve it.
|
| Like the NSO group1.
|
| Tools to do so can be bouught on the malware market from other
| sources as well and we must assume that Mossad, NSA, and other
| major intellitence agencies have tools that exceed what you can
| buy on the open market.
|
| You phone may aboslutely be listening to you. but probably it is
| not.
|
| 1
|
| https://www.bloomberg.com/news/features/2023-01-24/nso-group...
| https://www.britannica.com/topic/Pegasus-spyware
| https://citizenlab.ca/2016/08/million-dollar-dissident-iphon...
|
| https://newatlas.com/computers/smartphone-listening-conversa...
|
| https://www.bloomberg.com/news/features/2023-01-24/nso-group...
| Etheryte wrote:
| In aggregate, your phone is not listening to you, but if you
| are of great interest to a powerful adversary, it very well
| might be. But at that point, I would wager that's one of the
| smaller things on your plate.
| dist-epoch wrote:
| Phones today show in the status bar if the camera/microphone is
| active.
| 9dev wrote:
| If you can't trust the software, why would you trust the
| software? Am I supposed to rely on the hope that an attacker
| can take over some part of the OS, but not the one rendering
| a tiny blob in the status bar?
| pests wrote:
| Apple has moved these indicators into their "exclaves"
| removing any control or influence from the OS / software
| running.
| nonameiguess wrote:
| Television, not phone, but YouTube sure intrigued me at minimum
| yesterday. First, it revealed pretty clearly that even with
| history turned off, it will use the history of other accounts
| accessed from the same IP to serve recommendations anyway.
| Without history, it turns off the home page recommendations, but
| when I ran a search, it showed me completely unrelated videos
| from a rock climbing channel my wife had watched on another
| account. I have never watched any rock climbing content on this
| account.
|
| The second incident was the "listening to you thing," though. Not
| on the phone, but on a smart television. Exterminator was there
| to do the quarterly spray of my house and I was showing him scars
| from when I fell off a skateboard trying to bomb a hill I
| couldn't handle late last year, talking about what happened, and
| not five minutes later I turn on the television, open YouTube,
| and the very first recommendation on my wife's account is a video
| of a guy falling off his longboard at 50 MPH. Not like it's some
| kind of secret that we both skate and I watch a lot of downhill
| videos on this account, but I have never once specifically
| searched for, watched, or even been recommended a video _of a
| crash_ , until they decide to do so five minutes after I was
| talking about it in front of that television.
| kevinsync wrote:
| I get all the proximity-based aggregation, and creating graphs of
| relationships to leak content between personal "algorithms"
| (dislike that wording but that's the colloquial usage), and
| tracking between sites + social networks, and all the basic stuff
| ... but can somebody explain how I immediately get served ads
| relevant to text typed into (presumably-encrypted) iMessage
| conversations?
|
| I also have a couple distinct memories of getting served ads for
| products I've never searched for or never bought before, after I
| either bought it in a store or, even weirder, literally just
| picked it up, looked at it, and put it back on the shelf in a
| store?
|
| I can craft some kind of super-surveillance-state theory as to
| how you _could_ achieve that, but it feels very unlikely to be
| deployed at a small CVS lol
|
| Anyways, these might just be coincidences but still perplexing to
| understand how it's done.
| viraptor wrote:
| > how I immediately get served ads relevant to text typed into
| (presumably-encrypted) iMessage conversations?
|
| Are you using a third party keyboard? Or any apps you don't
| 100% trust if you sent the message from a Mac?
| kevinsync wrote:
| Nope, regular iOS/macOS on all ends. Literally just stock
| Apple Messages on devices. I just notice sometimes topics
| will come up (what appears to me to be randomly) and then
| relevant ads and/or content will appear on Instagram or web.
|
| I guess it's possible that, to me, it appears "organic" (ex.
| somebody just mentions Taco Bell or whatever) but they had
| actually been searching on their device, and since our
| digital proximities are known, the next thing you know I'm
| Living Mas lol
| viraptor wrote:
| If you have specific situations where it's reproducible,
| you can record your DNS and connections on local network
| and try again. You can only prove/disprove that with enough
| experiments.
| HWR_14 wrote:
| My guess on iMessages is that the ads are actually tracking
| your friend (or other person at your location) looking up
| details/a link to use in the iMessage conversation. And that
| only works some percentage of the time, but that's the percent
| you notice.
| mindcrash wrote:
| Way back then I exposed massive data collection from Twitter by
| Google which made it possible to plot locations at which you used
| Twitter in Google Maps by simply putting your Twitter handle into
| the search field. Somehow they knew about these locations even
| when you opted out of sharing location data with Twitter (I
| checked) -- so this was only possible by Twitter privately
| providing this information to Google.
|
| This "experiment" has since then been shut down, but exposing
| this and many other other forms of activism permanently has cost
| me my Twitter account, to the point that asking to reinstate it
| several times because I was permanently suspended for no valid
| reason led to X Support directly rerouting every attempt to
| appeal this decision into the digital trash can.
|
| Let's say nothing surprises me anymore.
| immibis wrote:
| Doesn't every site route every support request for every reason
| into the digital trash can? You're supposed to just make a new
| account, using as many mechanisms as possible to make sure the
| site can't link it to your old account.
| TheDong wrote:
| I too sell my phone and buy a new one and also get a new
| phone number each time I get banned
| mindcrash wrote:
| Someone from X Support replied, basically told me to fuck off
| and that this would happen after my second or third appeal...
| so no.
| hyperpape wrote:
| It's really indefensible to post this without linking to your
| research to show people what you found.
| mindcrash wrote:
| Believe it or not, I wrote about it on my now permanently
| suspended Twitter account.
|
| Here is a remnant from someone who replied at the time:
|
| https://xcancel.com/kpcuk/status/601451439215353857
|
| By the way: somewhat later we (thanks to a group effort)
| figured out it wasn't "just" Chrome as mentioned, and this
| basically led to the strong assumption there was some serious
| data sharing involved.
|
| And yes that screenshot from this person is 100% real; my
| pins for example were sprinkled all across Brighton in the UK
| near places with Wifi access (I recently went on a city trip
| there at the time), and my home town in the Netherlands.
| NikkiA wrote:
| Tweets were geolocated, with a 'see tweets near me' page
| until about 14 years ago, so it's entirely feasible that at
| least some of that infrastructure has survived the feature
| being removed.
| monkeyfun wrote:
| Could you link to some of it? Sounds extremely interesting!
| mindcrash wrote:
| See screenshot:
| https://xcancel.com/kpcuk/status/601451439215353857
|
| Do note that at first it was assumed just Chrome was
| involved, but then people started to message me that they
| also saw it when using the apps, Firefox, Safari and other
| browsers aswell.
| monkeyfun wrote:
| Thanks!
| danielrhodes wrote:
| People seem to ignore the cost and accuracy aspects of a phone
| listening to you 24/7. At least with today's constraints, it is
| highly unlikely to be happening.
|
| First, the cost to transcribe audio is not free. It is
| computationally expensive. Any ad network or at scale service
| would not be able to afford it, especially in orgs where they are
| concerned about unit economics.
|
| Secondly, the accuracy would be horrible. Most of the time, your
| phone is in your pocket and would pick up almost nothing. More
| over, it's not like you are talking about anything of value to
| advertisers in most cases. Google is a money printing machine
| because people search with an intent to buy. The SNR of normal
| conversation is much much much lower. That makes the unit
| economics of doing this gets much worse.
|
| Third, it would be pretty hard to not notice this was happening.
| Your phone would get hot, your battery would deplete very
| quickly, and you'd be using a lot of data. Moreover on iOS you
| could see the mic is being used and the OS would likely kill the
| app if it was using too many resources in the background.
|
| So until we find an example of this actually happening, it's not
| worth worrying about.
| scrose wrote:
| These are all points that were brought up in the article as to
| why voice recording is less useful than all of the other
| tracking mechanisms advertisers have available
| derefr wrote:
| For all of these reasons, audio snooping is much more likely to
| be something done by wired, stationary devices that maybe have
| a decent amount of RAM + a fair bit of usually-idle processing
| capacity (to run the transcription model locally and just push
| the resulting text), and which are expected to draw a decent
| amount of power and use the Internet at vaguely-arbitrary
| times.
|
| Like a smart TV, for example.
| limbero wrote:
| This article reminds me of this excellent tongue-in-cheek piece
| of writing by Jonathan Zeller in McSweeney's:
|
| Calm Down--Your Phone Isn't Listening to Your Conversations. It's
| Just Tracking Everything You Type, Every App You Use, Every
| Website You Visit, and Everywhere You Go in the Physical World
|
| https://www.mcsweeneys.net/articles/calm-down-your-phone-isn...
| Spooky23 wrote:
| There is so much time spent "debunking" audio recordings being
| shared with various entities it makes me more suspicious.
|
| Just like Facebook's "we never sell your data (we just stalk
| you and sell ads using your data)". I'm sure there's a similar
| weasel excuse... "we never listen to your audio (but we do
| analyze it to improve quality assurance)"
| LgWoodenBadger wrote:
| It's similar with the TSA facial recognition photos. "We
| delete your photo immediately" but what they don't say is
| that they don't delete the biometrics from that photo.
| bsimpson wrote:
| It's a crime that were compelled to concede our 4th
| Amendment rights in order to travel.
| spunker540 wrote:
| Same with drivers licenses and passports having a photo
| requirement too
| kurthr wrote:
| I can just say that I knew an entrepreneur in early post Y2K
| who developed apps to track music played in clubs in SF for
| folks like ASCAP, BMI, and SESAC. They gave out "free" phones
| (these were the small expensive candybars and nice
| flip/slideups) to the influencers of the day. They compressed
| the audio for orthogonality, and had a huge number of hashes
| to match. If they got more than a few consecutive matching
| hashes at a location that wasn't paying royalties, they got
| an enforcement call.
|
| So the idea that it takes a huge amount of computing
| resources, battery life, permissions, or bandwidth to do
| matching of keywords is hilarious. That's what "siri", "hey
| google", "alexa" etc are all doing 24 hours a day. Just add
| another hundred and report them once an hour. You don't need
| low latency. It's just another tool in the bag!
|
| Of course the cat food example is bad, because if they
| weren't looking for that you wouldn't get a response. Who
| would be willing to pay big for clicks on cat food. Now
| bariatric surgery? DUI? HELOC? Those pay.
| LeafItAlone wrote:
| >That's what "siri", "hey google", "alexa" etc are all
| doing 24 hours a day.
|
| You might have just convinced me that the "phone is
| listening" is total bunk, because these dedicated devices
| are just so bad at recognizing the very specific, short,
| phrases when explicitly directed at them that I can't
| imagine they are listening for much more. Listening to my
| in-laws try to activate their Alexa and Google Homes is
| something the CIA might consider for their next torture
| method.
| ACV001 wrote:
| bs article paid for by those big corporations.
| karaterobot wrote:
| I'm not going to ask if you actually read the article. My
| recommendation is to read the second half of the headline.
| intended wrote:
| What rot.
|
| Here's a simple experiment I ran and still works.
|
| Back in the day there was a truly ghastly add for ear wax removal
| that showed up on YouTube in the UK.
|
| In an experiment, and prank, I told two of my close friends about
| this, and how this horrid advert would kill my appetite when it
| came up.
|
| And then I made it a point to repeat "ear wax removal" loudly
| several times.
|
| Sure enough. A day later my dear friend messaged me with
| something on the lines of "I hate you"
|
| Their phones were Android and iOS. I believe it was the Android
| user suffered.
| paulcole wrote:
| This is why "my phone is listening and I can prove it" is such
| a good shibboleth for lack of critical thinking skills.
|
| Can you not see all the biases and fallacies in your own
| comment?
| jeroenhd wrote:
| If what you're talking about is the source of the ad, why did
| you see the ad yourself? Were you shouting about ear wax
| removal at your phone?
|
| There are millions of ways the adware running on your phones
| could've correlated your profile and spread the "infection" to
| your friend. Basic location access being the most important
| one, but sharing an IP address (your friends' WiFi?), being
| near the same Bluetooth beacons, having the same stored SSIDs,
| or mere coincidence that your friend saw the same ad targeting
| a wide demographic are much more probable than "my phone is
| listening 24/7".
| intended wrote:
| Sure. But its fun, and we can always replicate, just need a
| terrible ad.
|
| Do note, this was tested in a park, so no shared WiFi, no
| Bluetooth beacons/devices. Also, this ad doesn't/didn't show
| up for others, ever.
| paulcole wrote:
| I'm assuming like most friends you and your friends have
| nothing in common like interests, demographics, etc.?
|
| And I'm assuming you also made them aware of other ads
| you'd seen recently so they could see if those showed up as
| well?
| macawfish wrote:
| The phone is listening. Services like Shazam and Alphonso are
| constantly fingerprinting audio from the mics and sending these
| fingerprints up for "matching".
|
| What are they matching against? Against key "content".
|
| To check if the fingerprints from your phone mic match the
| "content" they have to do some kind of nearest neighbor search.
| What if the fingerprints aren't super close but they're somewhat
| close? To "content" related to certain products? Should we send
| the ad?
|
| What if employees at Alphonso and Shazam _know_ that the
| fingerprints from your phone aren't quite close enough to have
| been generated from key monetizable samples of the "content", but
| also know that they are close enough to be effective? At
| targeting potential buyers?
|
| Who decides how close is close enough? What's the ethical
| threshold here? And what's the most profitable threshold?
| perching_aix wrote:
| > The phone is listening. Services like Shazam and Alphonso are
| constantly fingerprinting audio from the mics and sending these
| fingerprints up for "matching".
|
| Could you please provide a source for this?
|
| Just on the outset this sounds pretty wild if true. In the
| settings I do not see any permissions associated with Shazam,
| and only when I open it do I see the usual microphone indicator
| light up.
|
| I will say though, it _is_ weird that it doesn 't have
| associated permissions listed, because clearly it can access
| the mic at least when it's open.
|
| Edit: nevermind, found it, was just super hidden. But yeah,
| says it can only access it when the app is "in use". Now can it
| auto launch? Apparently also yes, after boot. Otherwise idk.
| It's further interesting I cannot tweak any of these
| permissions.
|
| Edit #2: now it says that notifications are enabled for it, but
| then i check, and they aren't. i exercise the toggle, now it
| doesn't say that anymore, and the mic permissions are no longer
| hidden? Samsung please...
|
| No amount of years in tech will rid me of tech pains it seems.
| dist-epoch wrote:
| Shazam only records when you open it.
| udev4096 wrote:
| > User permissions for a large number of apps were all enabled
|
| This says it all. Privacy is not by default, because of souless
| mega corporations, including HN which has an extremely invasive
| privacy policy. If you don't actively take steps to improve your
| privacy, they will continue to exploit it. Use GrapheneOS, it is
| the most private and secure mobile operating system. Nothing
| happens without your explicit permission, the way it should have
| been from the beginning
| rahen wrote:
| These discussions seem to come up frequently lately. Both /e/OS
| and Lineage with microG provide good enough privacy for those
| who can't afford high-end smartphones like the Google Pixels.
|
| The ranking would probably be:
|
| - Pixel on GrapheneOS
|
| - Any Android smartphone on Lineage or /e/OS
|
| - iPhone on recent iOS (the best choice for technically
| illiterate people)
|
| People concerned with privacy should avoid stock Android
| phones. Additionally, software only goes so far in protecting
| privacy. Some hygiene is also required, especially with iOS,
| where everything is sent to iCloud by default and E2E
| encryption is either not enabled by default or not available at
| all in some countries.
|
| When it comes to hardware, nothing really compares to the Titan
| and T2 chips found in Pixels and iPhones though.
| titaphraz wrote:
| Pretty much every time I add a new contact to my phone I start to
| get really strange ads online. I figured it out when I added a
| guy who's retiring for the army. I started getting retirement ads
| for soldiers.
|
| Then, I add a guy I loosely know and what do I start seeing?
| Cocaine rehab ads. I shit you not. It's not hard to argue that
| this is more than a minor privacy violation.
| littlestymaar wrote:
| It is in fact listening to you, at least if you have an iPhone:
| https://www.lemonde.fr/en/pixels/article/2025/02/14/apple-ta...
| quijoteuniv wrote:
| << The article posits that the uncanny relevance of some ads is
| due to sophisticated data collection methods. Companies analyze
| user behavior, online activity, and social interactions to
| predict interests, making it seem as though devices are
| listening.
|
| In essence, while smartphones may not be actively eavesdropping,
| the depth and breadth of data analytics employed by tech
| companies can create the illusion of such practices.>>
| kjkjadksj wrote:
| There has definitely been cases where I have not looked up an
| idea at all on my devices, only mentioned it in speech at home,
| and the highly targeted at shows up on mobile the next day or
| even that day. I would take the correlation theory if I
| actually left data to correlate.
| wormius wrote:
| This... I have had on at least 2 occasions explicitly where I
| know for a fact I hadn't searched or looked up this topic on
| any system, and I brought up a topic and talked to my
| roommate and within the next 12 hours FB served me ads or
| content relating to the topic.
|
| I get the idea that an "always on" monitoring system would be
| problematic (even if you discarded the data itself and only
| retained/filtered relevant bits for a short period of time).
| But ... I have no other way to explain events like this.
|
| I suppose some weird correlation of user has x,y,z and they
| searched for a,b,c in the past, and other users search for D,
| then we show D at exactly the 12 hour time they searched for
| it.
|
| Yes I am aware of recency bias, and how perhaps it was shown
| other times without recognizing it. But it's... hard to shake
| that feeling, and I am (well less so now) a skeptic...
|
| If it's anything it's like AI that's eerily creepy like
| "intelligence" but not it, just like this is "like listening"
| but isn't. Both use statistical models to do creepy ass shit.
| BenjiWiebe wrote:
| Did the roommate use the same WiFi network as you, and your
| roommate used the WiFi to research it?
| twoodfin wrote:
| But why did you mention it at all?
|
| That's the point the article makes: That some idea is on your
| mind is essentially always correlated with any number of
| signals, some of which are visible or inferable by adtech.
| leumon wrote:
| > Even though these ad algorithms are not nearly perfect (try to
| pay attention to how often you are served ads that are entirely
| irrelevant to your interests), the simple fact that they are so
| eerily correct even some of the time is the real conspiracy here.
|
| This could be intentional. Having too many accurate ads is having
| a bad effect, because you then enter the uncanny valley of
| noticing what the data collectors all know about you.
| tiltowait wrote:
| Amazon often tries to show me a dress store. I'm a guy, and
| I've never bought women's clothing. On the surface, the ad
| makes no sense and is irrelevant--but what if I end up wanting
| to buy a dress for someone else? Then I might remember that
| Amazon dress shop.
|
| This (or simple error) seems more likely to me than a
| conspiracy to appear less creepy, though I suppose all three
| could be in play.
| keybored wrote:
| iPhone will tell me that I have a 25m drive to get to work.
| Literally why? I know where I work and how long it takes. I have
| done it enough times for it to learn what I do at 07:30 in the
| morning. Is it just flexing repeapetedly that it did a simple
| inference?
| huntsman wrote:
| Some places, including the Bay Area where this feature was
| probably created, have significant variance in commute times
| depending on the traffic of the day so this can be a useful
| feature.
|
| The commute time from SF to Cupertino is certainly not
| constant.
| kjkjadksj wrote:
| Keep thinking its merely correlation while the US military bans
| phones from the SCIF...
| weare138 wrote:
| _This fact is important, because if an app were accessing a
| microphone and sending the audio to a cloud server for analysis
| there would be detectable traces of data consumption._
|
| Because that's not how it works and companies like Meta know this
| when misleading it's users about their privacy.
|
| Speech-to-text transcription is handled on your device. They
| never transmit the raw audio, there's no need to. A compressed
| text transcription of your conversation would only generate a few
| kilobytes of data. You would never notice it.
|
| And the mic needs to be active in order to receive legitimate
| voice commands. If it can respond to your voice, the microphone
| is on and listening. That's the only way it can work.
| psyclobe wrote:
| Tl;dr it's not the microphone... it's screenshots.
___________________________________________________________________
(page generated 2025-04-26 23:01 UTC)