Honestly I’m fine paying a subscription if the content is good. There’s one local news source that’s free that I’d be happy to pay a reasonable amount to view.
There are plenty of small independent publications and online journalism outlets that survive off donation drives, subscription patrons, and volunteer citizen journalists. There are even totally independent citizen journalists that report on community sources. Unfortunately, honest journalism is something that society currently has a limited carrying capacity for, but that capacity is not zero.
I usually wear the tin foil hat in these debates, but I must concede in this case: the eavesdropping phone theory in particular is difficult to substantiate, from a technical standpoint.
For one, a user can check this themselves today with basic local network traffic monitors or packet sniffing tools. Even heavily compressed audio data will stand out in the log, no matter how it’s encrypted, streamed, batched or what have you.
To get a sense of what I mean, run wireshark and give a wake phrase command to see what that looks like. Now imagine trying to obfuscate that type of transmission for audio longer than 2 seconds, and repeatedly throughout a day.
Even assuming local audio inference and processing on a completely compromised device (rooted/jailbroken, disabled sandboxing/SIP, unrestricted platform access, the works) most phones will just struggle to do that recording and processing indeterminately without a noticeable impact on energy and data use.
I’m sure advertising companies would love to collect that much raw candid data. It would seem quite a challenge to do so quietly, however, and given the apparent lack of evidence, is thus unlikely to have been implemented at any kind of scale.
Yeah they’d have to it seems, but real time transcription isn’t free. Even late model devices with better inference hardware have limited battery and energy monitoring. I imagine it’d be hard to conceal that behavior especially for an app recording in the background.
WetBeardHairs@lemmy.ml mentioned that mobile devices use the same hardware coprocessing used for wake word behavior to target specific key phrases. I don’t know anything about that, but it’s one way they could work around the technical limitations.
Of course, that’s a relatively bespoke hardware solution that might also be difficult to fully conceal, and it would come with its own limitations. Like in that case, there’s a preset list of high value key words that you can tally, in order to send company servers a small “score card” rather than a heavy audio clip. But the data would be far less rich than what people usually think of with these flashy headlines (your private conversations, your bowel movements, your penchant for musical theater, whatever).
My own theory is that they tokenize key words and phrases with an AI so that they’re not sending the actual audio data. Then it’s stored in a form some AI can parse but isn’t technically user data so they can skirt legislation around that.
A tokenized collection of key phrases omitting delimiters in text format is going be much, much less than audio, or a transcript.
Can it be implemented on pc? They often turned on and people speak around them too. Cpu activity much harder to trace when there are a lot of different processes. Someone can blame their phone, while it listening pc near by.
Yeah outside mobile devices I imagine there’s a lot more leeway technically speaking. I’d be far more inclined to suspect a smart TV or a home assistant appliance like Amazon Echo, for example. And certainly there are plenty of PCs out there that are 100% compromised.
But it’s the phone that people often think of as eavesdropping on their conversations. The idea is stickier perhaps because it’s a more personal violation. And I wouldn’t put it past data brokers by any means. They would if they could. I’ve just yet to hear a feasible explanation of how they can without being caught. Hence my doubt.
What if its not streaming? What if its just cached for future access, e.g. next time the user opens the app (and network traffic spikes anyways) maybe?
That’s possible too, and in general I’d think a foreground application currently in use alleviates most of the technical restrictions mentioned (read: why we never install FB).
But again we must assume some uncommon device privileges and we still haven’t solved the problem of background energy usage required to record and/or process a real time feed.
as someone who has played around with offline speech recognition before - there is a reason why ai assistants only use it for the wake word, and the rest is processed in the cloud: it sucks. it’s quite unreliable, you’d have to pronounce things exactly as expected. so you need to “train” it for different accents and ways to pronounce something if you want to capture it properly, so the info they could siphon this way is imho limited to a couple thousand words. which is considerable already, and would allow for proper profiling, but couldn’t capture your interest in something more specific like a mazda 323f.
but offline speech recognition also requires a fair amount of compute power. at least on our phones, it would inevitably drain the battery
most phones will just struggle to record and process audio indeterminately without a noticeable impact on energy and data use.
I mean, it’s still a valid concern for a commoner. Why my phone has twice the ram and twice the cores and is as slow as my previous one? I’d love to fuel this conspiracy into OS, app makers to do their fucking job.
There’s no reason an app can weight more than 50mb on clean install*, and many socials, messengers fail to fit in. A client I use to write this is only 30+, and that’s one person doing that for donations.
If there could be a raging theory that apps are selling your data to, like, China, there would be a push to decline it and optimize apps to fit that image.
I obviously exclude games, synths, editors of any kind with their textures and templates.
The filesize of most binaries is dominated by text strings and images. Modern applications are loaded with them. Lemmy is atypical in that it doesn’t need tons of built in images or text.
I get it. It’s just I don’t see any dev-put images in many big apps, besides a logo and a welcome screen. Updating them with dozens of megabytes doesn’t feel okay. It seems like there’s some bloat, or a vault management problems. Like in some seasonally updated games that put dupes to speed up load of a map or easily add new content on top of them instead of redownloading a brand new db. Some I followed shawed off tens of gigabytes by rearranging stuff.
Like, messengers. I don’t get it how Viber wants more than 40+ mb per update having nothing but stickers, emoji already installed and probably don’t change them much. Cheap wireless connection could allow them to ignore that for some reason and start to get heavier in order to offload some from their servers, for many images are localized. Is that probably what their updates are? Or they consequentially add beta patches after an approval, so you download a couple of them in a close succession after they get into public?
What could be possible, would be maybe send tiny bits. For example, a device could categorize some places or times, detect out of pattern behaviours and just record a couple of seconds here and there, then send it to the server when requesting something else to avoid being suspicious. Or just pretend it’s a “false positive” or whatever and say “sorry, I didn’t get that.”
I don’t think they’re listening to everything, but they could technically get something if they wanted to target you.
Right, I suppose cybersecurity isn’t so different than physical security in that way. Someone who really wants to get to you always can (read: why there are so many burner phones at def con).
But for the average person, who uses consumer grade deadbolts in their home and doesn’t hire a private detail when they travel, does an iPhone fit within their acceptable risk threshold? Probably.
There's also a totally plausible and far more insidious answer to what's going on with the experiences people have of the ads matching their conversations.
That explanation is advertising works. And worse, it works subconsciously. That you're seeing the ads and don't even notice you're seeing them and then they're worming their way into your conversations at which point you become more aware of them and then start noticing the ads.
Which does comport with the billions of dollars spent on advertising every year. It would be very weird if an entire ad industry that's at least a century old was all a complete nonsense waste of money this whole time.
To me, this whole narrative is just another parable about why we need to do everything possible to limit our own exposure to ads to avoid being manipulated.
Damn, I hadn’t thought of that. The chicken egg question of spooky ad relevance. Insidious indeed.
I feel like the idea of some person or group having enough info to psychologically manipulate or predict should be way scarier than the black helicopter stuff, especially given that it’s one of the few conspiracy theories we actually have a bunch of high quality evidence for, just in marketing and statistics textbooks alone.
But here we are. Government surveillance is the hot button, not the fact that marketers would happily sock puppet you given the chance.
Smartphones by definition are Spyware, at least if you use the OS as is, because in them all aspects are controlled and logged, either by Google on Android or by Apple on iOS. Adding the default apps that cannot be uninstalled on a mobile that is not rooted. As COX alleges, they also use third-party logs and therefore can track and profile the user very well, even without using this technology that they claim to have.
Although they feel authorized by the user’s consent to the TOS and PP, the legality depends directly on the legislation of each country. TOS and PP itself, to be a legal contract, must comply in all its points with local legislation to be applicable to the user. For this reason, I think that these practices are very different in the EU from those in the US, where legislation regarding privacy is conspicuous by its absence, that is, that US users should take these COX statements very seriously in their devices, although in the EU they must also be clear that Google and Apple know exactly what they do and where users live, although they are limited from selling this data to third parties.
Basics:
– READ ALWAYS TOS AND PP
Review the permissions of each app, leaving only the most essential ones
Desactivate GPS if not used
Review in Android every app with Exodus Privacy, maybe Lookout or MyCyberHome in iOS (Freemium apps !!!)
Use as less possible apps from the store
Be aware of discount apps from the Supermarket or Malls
Don’t store important data in the Phone (Banking, Medical…)
Agreed, though I think it’s possible to use smart devices safely. For Android it can be difficult outside custom roms. The OEM flavors tend to have spyware baked in that takes time and root to fully undo, and even then I’m never sure I got it all. These are the most common phones, however, especially in economy price brackets, which is why I’d agree that for the average user most phones are spyware.
Flashing is not useful advice to most. “Just root it bro” doesn’t help your nontechnical relatives who can’t stop downloading toolbars and VPN installers. But with OEM variants undermining privacy at the system level, it feels like a losing battle.
I’d give credit to Apple for their privacy enablement, especially with E2EE, device lockdown, granular access permission control and audits. Unfortunately their devices are not as affordable and I’m not sure how to advise the average Android user beyond general opt-out vigilance.
Yeah those push token systems need an overhaul. IIRC tokens are specific to app-device combinations, so invalidation that isn’t automatic should be push-button revocation. Users should have control of it like any other API on their device, if only to get apps to stop spamming coupons or whatever.
It’s funny though: when I first saw those headlines, my first reaction was that it was a positive sign, since this was apparently news worthy even though the magnitude of impact for this sort of systemic breach is demonstrably low. (In particular, it pertains to (1) incidental high-noise data (2) associated with devices and (3) available only by request to (4) governments, who are weak compared to even the smallest data brokers WRT capacity for data mining inference and redistribution, to put it mildly.)
That is glossing over how they process the data and transmit it to the cloud. The assistant wake word for “Hey Google” invokes an audio stream to an off site audio processor in order to handle the query. So that is easy to identify via traffic because it is immediate and large.
The advertising-wake words do not get processed that way. They are limited in scope and are handled by the low power hardware audio processor used for listening for the assistant wake word. The wake word processor is an FPGA or ASIC - specifically because it allows the integration of customizable words to listen for in an extremely low power raw form. When an advertising wake word is identified, it sends an interrupt to the CPU along with an enumerated value of which word was heard. The OS then stores that value and transmits a batch of them to a server at a later time. An entire day’s worth of advertising wake word data may be less than 1 kb in size and it is sent along with other information.
Hmm, that’s outside my wheelhouse. So you’re saying phone hardware is designed to listen for not just one but multiple predefined or reprogrammable bank of wake words? I hadn’t read about that yet but it sounds more feasible than the constant livestream idea.
The echo had the capacity for multiple wake words IIRC, but I hadn’t heard of that for mobile devices. I’m curious how many of these key words can they fit?
And yet thousands of security researchers can’t find a shed of evidence. This shit is tiresome and counter productive. The general public is weary of hearing this made up bullshit.
The technical practice isn’t hard. That’s the claim. The reality is nobody is buying shit doing this and this is just another repost from the same 404 article months ago.
Bro, I’ll literally be having a conversation with someone about a topic, and all of the sudden Google starts recommending me products related to the discussion afterwards. Smart phones and smart speakers without a doubt listen in on our conversations. There’s the evidence.
Eh, surprised that’s happening to someone in this community. Strip Google off your phone and throw out any hardware with a microphone that doesn’t run open source software and this will stop happening.
Following an investigation by Bloomberg, the company admitted that it had been employing third-party contractors to transcribe the audio messages that users exchanged on its Messenger app.
So not your IRL conversations.
There is no indication that Facebook has used the information it collected to sell ads.
Companies DO analyze what you say to smart speakers, but only after you have said "ok google, siri, alexa, etc." (or if they mistake something like "ok to go" as "ok google"). I am not aware of a single reputable source claiming smart speakers are always listening.
The reality is that analyzing a constant stream of audio is way less efficient and accurate than simply profiling users based on information such as internet usage, purchase history, political leanings, etc. If you're interested in online privacy device fingerprinting is a fascinating topic to start understanding how companies can determine exactly who you are based solely on information about your device. Then they use web tracking to determine what your interests are, who you associate with, how you spend your time, what your beliefs are, how you can be influenced, etc.
Your smart speaker isn't constantly listening because it doesn't need to. There are far easier ways to build a more accurate profile on you.
So, you and your friend were talking about a subject you obviously are interested in, likely spend heaps of time online searching about, commenting and following on social media and you’re surprised you got an ad for it? Bonkers.
It’s been published by multiple sources at this point that this happens because of detected proximity. Basically, they know who you hang out with based on where your phones are, and they know the entire search history of everyone you interact with. Based on this, they can build models to detect how likely you are to be interested in something your friend has looked at before.
Yup. For companies it’s much safer to connect the dots with the giant amount of available metadata in the background than risk facing a huge backlash when people analyze what data you’re actively collecting.
Which is why people need to call out the tracking that’s actually happening in the real world a lot more, because I don’t really want my search-history leaked by proxy to people in my proximity either.
On mobile, can’t find the recent one based on conversation that was floating around lemmy recently.
This one finds high levels of inconsistent misactivation from TV shows. Some shows caused more than 4 misactivations per hour (a rate of more than 80 per day) …northeastern.edu/…/smart-speakers-study-pets20/
It’s literally impossible for them to not be “analyzing” all the sounds they (perhaps briefly) record.
[Sound] --> [Record] --> [Analyze for keyword] --> [Perform keyword action] OR [Delete recording]
Literally all sounds, literally all the time. And we just trust that they delete them and don’t send them “anonymized” to be used for training the audio recognition algorithms or LLMs.
The way that “Hey Alexa” or “Hey Google” works is by, like you said, constantly analysing the sounds they said. However, this is only analyzed locally for the specific phrase, and is stored in a circular buffer of a few seconds so it can keep your whole request in memory. If the phrase is not detected, the buffer is constantly overwritten, and nothing is sent to the server. If the phrase is detected, then the whole request is sent to the server where more advanced voice recognition can be done.
You can very easily monitor the traffic from your smart speaker to see if this is true. So far I’ve seen no evidence that this is no longer the common practice, though I’ll admit to not reading the article, so maybe this has changed recently.
If they were to listen for a set of predefined product-related keywords as well, they could take note of that and send that info inconspicuously to their servers as well without sending any audio recordings. Doesn’t have to be as precise as voice command recognition either, it’s just ad targeting.
Not saying they do that, but I believe they could.
Services that “listen” for commands like Siri and Alexa have to be, by default, always listening, because otherwise they would not be able to hear the activate command. They are supposed to dump the excess data like anything that came before the activation command, but that’s just a promise. There are very few laws protecting you if that promise turns out to be a lie. The best you can get is likely small restitution through a class action lawsuit (if you didn’t waiver right to that by agreeing to the Terms of Service, which is more often than not, now).
They’re not. Not yet. People are on edge and looking for this exact thing, which hadn’t happened yet. Meanwhile, they’ve already built a pretty damn good profile of you based on your search queries and mistyped urls.
…a Verizon representative told Poppy that the corporation was a victim too.
Fuck off. You’re all a bunch of idiots who didn’t do an extremely quick search online to find an officer of that name in that area. Or at the very least call the police in that area to confirm said person isn’t a fraudster! Large corporations need to stop gaslighting us into thinking that when they fuck up that they’re victims!
Yup. I used to work for a much smaller tech company, and we had a perfectly reasonable process for dealing with cour orders and search warrants that involved crazy things like “get it in hard copy”, and “verify the information contained in the order”.
For some things, we would even just ask the officer to physically come in and that was weirdly never a problem.
I’ve never met a person in my life that was convinced by an ad to buy something. I know I never have and never will, I actually stay away from things that are advertised to me. So these fucking brainless fucks are literally wasting their money and energy on ads. Every human being I know loaths ads and would love to erase them from existence. When will they ever get this?
When I was a kid there were some things I’d see and wanted, only to get them and be seriously disappointed. I learned quickly that ads are fluff.
Nowadays, I actively stay away from things I’ve seen advertised. The way I see it is if a company has to pay tons of money to get their product seen, it can’t be all that good to start with. Genuinely good products don’t need to try and convince you they’re worth it.
You are generalizing too much here. I know many who have tried out a product only after seeing its ad. Ads can give plenty of returns to brands. But targeted ads which even exploits our most intimate conversations are really bad news for our right to privacy.
Ive absolutely bought shit that ended up as an embedded ad after I visited the page previously. Youre just more likely to follow through if you see it over and over again.
If you say generalize within my circle of people that I know then yes I agree with you, but generalizing in general means everyone, even those I don’t know and have never met, and I didn’t say that. So, literally not yes. lol
so then your argument is companies are wasting money because you and your circle aren't affected by advertising? how big is your circle that companies should fear not appealling to it?
This argument presumes that the entire many-billion and maybe even multiple-trillion dollar global ad industry is ALL based on complete, ineffective nonsense. That everyone has just been bamboozled. That's a naive view, I think.
The best argument for why we must be vigilant against ads and data collection by advertisers is because the shit does work. It influences people to make purchases, sometimes against their better judgement or reason. Because subverting someone's agency over their own body and mind is heinous at a very high level.
I'm certain you are wrong. You've absolutely purchased products that were advertised to you. You just didn't make the connection between your decision and the advertisements. You THINK seeing an ad makes you unlikely to buy a product, but you likely only really notice and have an emotional response to the ads for products you weren't likely to buy in the first place.
This argument presumes that the entire many-billion and maybe even multiple-trillion dollar global ad industry is ALL based on complete, ineffective nonsense.
Strangers things have happened than money being thrown at bullshit.
All the industry analysis of the ROI on advertising would've had to come to the same spurious conclusions about that effectiveness, too. With the largest, richest, and most profitable firms being the ones MOST fooled.
No, I don't think anything that strange has ever happened. This is basically a conspiracy theory.
You've literally just described your own view as believing in a grand conspiracy where all players have sworn themselves to secrecy in a scheme any one of them could undermine in a moment, so I guess that's that.
What phone do you hve? What computer? What shoes? What milk do you buy? Ads dont work by showing up and making you go buy it like a drone. You see the ads a thousand times and then you start believing its better than other products
Or even as subtle as brand recognition. Nobody can research every purchase and when you walk walk up to two items and one sounds familiar. You’re more likely to buy that one.
I’ve gotten a type of product I didn’t know existed before, but it’s never been the brand that alerted me to it. From experiences, brands that advertise generally have the lower quality and less value for money product. Brands that don’t advertise but you frequently see mentioned are generally the top tier shit for quality and value and they don’t need to advertise.
I’ve never met a person in my life that was convinced by an ad to buy something.
I believe that you’re being truthful, but I respectfully challenge the idea that you don’t know some person who was convinced by an ad to buy something. Even if all your friends truthfully insist that their decisions are not swayed by ads, there is probably some product they chose at least partially because an advertisement reached them and left a positive impression about the product.
Ads do clearly work on people who are suggestible enough to be susceptible to them. Some of your contacts are probably these people whether they admit to it or not. If ads didn’t work, they wouldn’t be made. Ads aren’t made inherently to be annoying or make our lives worse; they’re driven by profit. Kill the profit and the motive dies. IMO that’s all the more reason to get rid of them.
Anecdotally, my parents and grandmother watch TV with commercials, and they give me a bug-eyed look when I explain to them that I don’t get advertisements and that I don’t want to see them. Most people I know just want to get content crammed down their content-holes and will deal with ads to avoid the momentary inconvenience of change. So I feel like we’re fighting an uphill battle.
Ads only work when you are searching them out yourself. Like, if i go to steam looking to buy a new game I’d be susceptible to a video game ad. And ads for established brands are complete wastes of money, I’m not gonna buy a coke because i saw an ad for it.
Except the device is already in your home, and most people leave their account logged in. That’s basically like you inviting someone into your house, they hang out in your spare bedroom…and they’re still there. So no need to re-grant consent to a situation that hasn’t changed. Unless you mean it auto-logs out (or you log out) and have to re-grant consent then? Most do require consent on logging in, and the average consumer would hate having to log in every time and would probably use weak passwords because of this.
But, you can at least kick them out (revoke consent).
I just don’t see how a proper law/regulation would fix/restrict this, except to make certain personalization attempts (targeted ads) illegal.
Except the device is already in your home, and most people leave their account logged in.
People buy products to serve a purpose to themselves and their family, so yes, the device is in their home FOR THEIR USE.
Being logged in isn’t an open invitation to be spied, so laws need to address that.
That’s basically like you inviting someone into your house, they hang out in your spare bedroom…and they’re still there.
The invite, in this case, is not for a company to spy on you and your family. I don’t think anyone would actually want that, especially not for the purpose of targeting them with ads.
People use voice activated devices, which do record and react to voice prompt, but the permission here is given only for that use. A company shouldn’t be able to say “hey, you can use the service you’ve paid for, and by agreeing to use that service, you also agree to give us permission to digitally invade your home and privacy.”
I just don’t see how a proper law/regulation would fix/restrict this, except to make certain personalization attempts (targeted ads) illegal.
Yes, make it illegal. And make everything opt-in without strings attached (i.e. if you agree to use the service you paid for, you agree to being spied on).
I will personally continue to use my wallet to yield power. I won’t buy devices or support companies who are evil, and will support companies who respect privacy and data freedom. The whole enshitification of the digital landscape is incredibly sad to see, TBH.
How can they technically do that? They would need their own app because Android by itself isn’t listening (it does while using voice command). And why would they say they can while it’s against the law to do it (at least in Europe, but I guess in the USA too).
Yeah it sounds sus. Apple themselves published an explanation of how siri doesn’t actively listen to you all the time, so I’m not sure how they can bypass that.
When you speak to Google services, Google uses its audio recognition technologies to process your audio and respond to you. For example, if you touch the mic icon to search by voice, Google’s audio recognition technologies translate what you say into words and phrases that Search looks up in an index to give you the most relevant results.
Web & App Activity saves things you do on Google sites, apps, and services in your Google Account on Google servers and can include associated info like location. Certain interactions may not be saved.
This optional voice and audio activity setting lets you also save audio recordings with Web & App Activity when you interact with Google Search, Assistant, and Maps. This setting is off unless you choose to turn it on
And here’s what I saw on a comment from another post about this. From arstechnica:
The company added that it does not “listen to any conversations or have access to anything beyond a third-party aggregated, anonymized and fully encrypted data set that can be used for ad placement” and “regret[s] any confusion.”
If your phone has the capability to have a parental control / monitoring mode on it enabled, which can see everything you are doing on the phone, hear what youre saying and see what the cameras see and know your GPS location… and hide all of this to the user…
Why wouldnt ad companies also pay for such a live feed, or at least parts of it, if the software and hardware capabilities already exist?
People have been reporting getting advertisements based on conversations they were having 10 minutes ago with a person next to their phone for years.
Well, all phones with Google’s Android do, and probably all iPhones too, though I am not an iPhone user so I cannot speak from personal experience on iPhones.
My brother, last year, decided to engage parental control on my android phone and used it to stalk me on foot and in his car.
He was the head of the TMobile family plan we were on. I talked to TMobile employees at different locations many times about this. They tried to helo me, but because I was not the head of the plan, the tech support people that the instore agents had to call to try to fix my situation wouldnt do anything.
At one point a T Mobile employee told me to call the police… on T Mobile.
But uh yeah everything on stock android is connected to a google account, and TMobile and Google apparently just presume that any one not the head of a family plan are children, and will allow parental control to be enabled /without informing the ‘child’/.
404media.co
Active