
Facebook denies 'listening' to conversations - Jerry2
http://www.bbc.com/news/technology-41776215
======
rickhanlonii
They're listening, but not to your voice or with a microphone.

Facebook is listening to your data--to all of our data, all at once. They have
locations, searches, clicks, messaging, photos, hashtags, and any other form
of browsing patterns for everyone in your country, everyone in your
neighboorhood, everyone in the same room as you.

They have enough data with such advanced analysis that on occasion they can
get really close what you're thinking/doing without you explicitly telling
them. They're doing this frequently enough to creep a lot of people out and
they're only going to get better at it over time.

What we have here is something like Turing test for privacy: _a sufficiently
advanced amount of data and analysis will be indistinguishable from
surveillance._

It's simply unnecessary to listen with a microphone.

Edit: found this slide from F8 in 2015 where they said they store 300PB and
process 10PB (with a P) of data per day
[https://www.instagram.com/p/0tUjrQKH6R](https://www.instagram.com/p/0tUjrQKH6R)

~~~
tfinniga
Right, like the example from Target. It is possible that facebook has access
to a stream of Target purchases or credit card purchase information. I'd be 0%
surprised if there was a data sharing agreement with credit rating companies.

Even if they just knew the price of the purchase, combined with the job (burn
risk) and location data (traveled from work to nearest store with pharmacy
during the day), it's possible that you might be able to infer a burn with
enough accuracy to be valuable to advertisers.

~~~
branchless
My suspicion on this is that stores offer "reward cards" so they can get you
to sign something that allows them to gather and sell your data.

~~~
TAForObvReasons
Rewards cards / loyalty card are designed to incentivize you to spend more
with the stores. Ostensibly reselling data is a lot less valuable than
directly trying to convince you to shop more at their establishments

~~~
reaperducer
That was true at the beginning of the loyalty card phage. But now the big
chains are learning how to data mine and discovering the value of their data
to others.

Now your loyalty card data is worth twice as much. Once to the retailer for
internal marketing, targeting, purchasing, etc... and again selling it to
outside parties.

~~~
branchless
thanks, sorry to reply to this late. I often wonder if I take a loyalty card
and then for example I purchase twice as much double cream as the next person,
does this get sold to health insurers who then charge me a higher premium? The
permutations are endless eg too much beer. too many condoms. Too much spicy
dip.

------
brad0
> "At work, happened to me though earlier this year. Working as a barista, got
> a burn, talked to my partner in person about it, went to Target, bought the
> burn cream, and saw an ad on FB for the exact product I purchased. Never
> searched for product either," wrote Brigitte Bonasoro.

Facebook has data sharing agreements with many, many companies. It's most
likely that the cream was bought with a card then linked together with your
facebook profile. It's not that hard, especially when you use the same email
identifier for all those loyalty cards you have.

EDIT

A video that explains what Facebook does
[https://www.ted.com/talks/zeynep_tufekci_we_re_building_a_dy...](https://www.ted.com/talks/zeynep_tufekci_we_re_building_a_dystopia_just_to_make_people_click_on_ads)

~~~
null0pointer
I have a similar anecdote. Girlfriend was having some symptoms, we briefly
talked about it then walked to the pharmacy and bought a pregnancy test. Maybe
30 minutes after purchasing the test we watched a youtube video on her phone.
The ad on the video was for the exact test we bought.

I figured that youtube got the credit card info from the purchase but I was
shocked at how quickly that translated into something showing on the screen.
I've always thought about these things in the back of my mind but this was
still eye opening for me.

I'd never had it happen to me personally since I aggressively block all ads :)

~~~
imron
Advertisers are suckers.

Facebook and YouTube are selling ads to people who have already bought their
product.

~~~
ravenstine
In a sense, they are suckers. Plus, as another story on HN suggested, their
abandonment of advertising you things you don't need right now(but you may
find you want later in life) proves counterproductive. A heck of a lot of
things advertised to me on Facebook are things I already searched for and
either purchased or already decided wasn't worth buying. I don't believe that
modern internet ads are as valuable as the industry seems to think, which may
be a sign of an impending bubble burst.

~~~
londons_explore
Internet ads are far more measurable than most other forms of advertising.

The advertiser certainly has all the data necessary to see if it's profitable
or not to do those seemingly counterintuitive ad campaigns.

~~~
sharkmerry
except the data is controlled by the entity selling you the ad, so they have
reasons to make the profitablity difficult to discern

~~~
sobani
But still, when you advertise X to people who searched for X' (or even X
itself), you can see the conversion rates of those ads, right? And you should
be able to measure if that setup is profitable or not.

------
denzil_correa
> "I run ads product at Facebook. We don't - and have never - used your
> microphone for ads. Just not true," Mr Goldman wrote.

Personally, I am so used to corp speak and word play by major companies that
it is difficult to take anything at face value. Therefore, I think the nature
of the question asked to Facebook should be different. It should be on what
they do rather do they do X. So, here's my question - "What does Facebook use
data gathered from user microphones across any devices for?"

~~~
madeofpalk
How could they respond to remove all doubt they're listening?

Edit: [https://www.theverge.com/2016/6/3/11854860/facebook-
smartpho...](https://www.theverge.com/2016/6/3/11854860/facebook-smartphone-
listening-eavesdrop-microphone-denial)

    
    
        In a statement issued on June 2nd [2016], Facebook said it "does not use your
        phone’s microphone to inform ads or to change what you see in News Feed."
    

That's pretty fucking clear to me.

 _Original comment:_

If they had said something like "We don't use microphones to gather data to
drive personalisation on users profiles" there would be comments here on HN
complaining about corporate speak and how they didnt just flat out deny using
it for advertising.

Apps get busted for doing dodgy things all the time. The Facebook app has been
decompiled and network traffic inspected and studied so often that if this
actually was true then it would have been proven by now. Instead, all we have
is this weird 'survivorship bias' where _one time_ someone said something out
loud there was a tangentially related ad on FB.

Today I was looking up bars in Budapest and found one on Google. I started
looking at images, at the only one that loaded so far on the slow internet was
of food. "Wow, Google knows me so well. All I care about right now is food and
the first image it loads is of food" I said out loud to my friend. Eventually
the internet caught up and the rest of the images that loaded were of food. It
only showed me food photos (in a bar thats more known for its decoration and
alcohol). Nothing more than a coincidence.

~~~
denzil_correa
My question was NOT "Does Facebook use the phone's microphone to inform ads or
change what we see in the News Feed?". It seems you have misunderstood my
question. Let me repeat my question again :

"What does Facebook use data gathered from user microphones across any devices
for?"

~~~
sosborn
"When did you stop beating your wife?"

~~~
Dylan16807
No, it's not a loaded question. It's much more like "list everything you've
punched". Maybe with "in my house" appended as an analogy to it being user
microphones.

The question does not presume any misuse. It just leaves _no_ room for
implications.

------
sp527
Once happened while remarking on the Fruit Loops shake at Burger King. Opened
Facebook minutes later and got a Fruit Loops ad. I assure you I don’t message,
post, or in any other way remotely suggest an affinity for Fruit Loops.
Commenting on it at Burger King was the definition of a one-off incident.

I guess another possible explanation is some very sophisticated combination of
location tracking and Kellogg’s targeting people they know will be primed by
that promotional item. And then of course it could always just be an amazing
coincidence.

All I know is I revoked microphone permission after that.

EDIT: Something just occurred to me. Facebook doesn’t have to be the one using
your microphone to target ads. The ad buyers just have to have a way to match
your phone to your ID (which they can easily; there was a site posted here a
while back that sells that) and then listen in through ANY one of the apps you
have installed. If this were the scheme, Facebook could reasonably get away
with saying “WE don’t use your microphone to target ads.”

~~~
jlgaddis
I was once sitting at a bar having a beer, chatting with the bartender (one of
my best friends) and the guy sitting next to me, whom I had never met before.
I pulled out my phone to show my friend something that had been posted on
Facebook and, while browsing Facebook right after that, the app showed the guy
sitting right next to me as the first person under "People You May Know". I
had not "checked in" or posted any updates while I was there, FWIW. It was at
that point that I removed all permissions (i.e. location tracking) that I
could from the Facebook app.

More on-topic: I recall reading that the Facebook app would activate the
microphone when one was posting a status update, apparently listening for
things like a movie playing in the background and such.

 _ETA:_ Related Snopes articles:

[https://www.snopes.com/computer/facebook/facebooklisten.asp](https://www.snopes.com/computer/facebook/facebooklisten.asp)

[https://www.snopes.com/2016/06/04/professor-claims-
facebook-...](https://www.snopes.com/2016/06/04/professor-claims-facebook-is-
eavesdropping-on-their-users/)

~~~
sp527
After Obama’s comments on the NSA surveillance program back when sh*t was
hitting the fan, I’m always keenly parsing these kinds of statements for word
play. There’s usually a way out of accountability and liability through
evasive rhetoric.

~~~
jlgaddis
I agree. Really, I don't see why Facebook _wouldn 't_ monitor audio like this
for targeting ads. If you make money from serving ads, that seems like exactly
the kind of thing you would _want_ to do.

Like you, I have gotten pretty good at noticing "weasel words" and such in the
government's statements (denials). It is clear that they take their time to
make sure they word their statements ever so carefully.

~~~
eru
> Really, I don't see why Facebook wouldn't monitor audio like this for
> targeting ads.

Horrible battery life?

~~~
jlgaddis
From another comment [0] in this thread:

> _Remember the time they kept the app open in the background on iOS devices
> by sending an empty audio buffer to the phone for playback?_

> _People started discovering that after iOS introduced the battery /power
> usage section in the Settings app._

They couldn't do it 24/7, of course, but they could certainly take "samples"
at regular intervals or in certain locations or something. From my own
experience, it doesn't seem that Facebook has ever been worried about battery
life or preserving it.

[0]:
[https://news.ycombinator.com/item?id=15580748](https://news.ycombinator.com/item?id=15580748)

~~~
Mindwipe
What would be the purpose of taking "samples"? How is this possibly supposed
to work?

------
thinkingemote
Many people here may have missed something. From the link in the article,
Facebook does listen using your microphone. They say so themselves, they say
that you have to give the app permission, and that it's used to listen to say
a background music or TV show. they also deny using it to target ads, but they
say they do use it for other things.

now, I also remember them writing that they only listen when the app is open
and a status is being written, but I'm not sure about that statement. Anyhow,
the key thing is that Facebook does overtly and publicly use your microphone
with its app.

~~~
Karunamon
We can look at the OS permissions to see what it’s doing in the background.
Facebook definitely doesn’t have the ability to listen to the mic in the
background on iOS unless you’re implying that Apple created a back door for
them...

------
codingdave
The thing that frustrated me with Lance Armstrong over so many years was the
smirk on his face when asked whether he used drugs, and he would reply, "Hey,
I passed the test, isn't that good enough for people to stop asking?"

I suspect Facebook is falling in that same boat - technically following rules
so they can answer questions the right way. But we're not seeing the smirks on
their faces as they give that answer.

~~~
goialoq
Besides Facebook denial and the complete lack of empirical evidence, what are
you looking for? Why do people keep talking about "this one time it maybe
happened", when it should be happening to everyone all the time, if it's
happening at all?

------
cyberferret
I was totally skeptical when I first heard stories about people's feeds being
curated to suit what they were talking about in front of their computers, but
then a couple of things made me rethink my views.

I was in the car with my friend once (both our phones were in the car with us
too), and we were driving and it started raining. His wiper blades were shoddy
and doing a bad job of clearing his windscreen. We had a 5 minute discussion
on cleaning blades, where was the best place to get a replacement, etc.
Neither of us picked up our phones, or did a search on 'wiper blades', nor
asked Siri etc. about nearest places to buy.

But the next day, for the first time ever, I started seeing ads for wiper
blades on my feed. They disappeared after a few days, but it was spooky, as it
was for an item that I have never ever discussed, or seen on my feed before,
or since.

Another anecdote. I was sitting working in my office the other day, when my
son came in to talk to me about something. While chatting, he picked up a bass
guitar that sits behind my desk and started playing the riff from 'Seinfeld'.
I may have said something like "Oh, the Seinfeld theme - you _know_ that was
played on a synth and not an actual bass guitar?". Our conversation though,
was about something else altogether.

A day later, on my feed, I see an ad about "How they played the Seinfeld
theme" [0]. A totally specific ad like that, within 24 hours, totally
unrelated to any searched I had done in my past. This one too disappeared
within a couple of days.

[0] -
[https://twitter.com/dsabar/status/924763005014831104](https://twitter.com/dsabar/status/924763005014831104)

~~~
IanCal
This is called the "Frequency Illusion" (also often called / a similar thing
is called the "Baader-Meinhof Phenomenon").

~~~
cyberferret
I would disagree with that phenomenon. In direct contrast, my awareness of
these ads kicked into overdrive after seeing them for the first time, so I was
hyper aware and looking out for them afterwards, which is why I noticed they
disappeared a day or two after popping up.

Since then, my feed has been a bland sea of adverts for mattresses, knives
etc. that almost all of my friends complain about seeing.

I don't use ad blockers, due to my development work in web apps etc. I like my
browsers to be as stock as possible, and I do actually at least glance at
nearly all ads I see in FB etc. just to see how their targeting is being
skewed by my search history or messaging online.

These were two quite distinct cases of ads that I've never seen before, which
popped up within 24 hours of me talking about (but not doing anything else
online related to them) and then disappearing soon after.

Sure, an anecdotal sample size of 2 could just be pure coincidence, but
something about it still doesn't sit right with me.

~~~
callumlocke
It would be weird if that sort of coincidence never happened. Two incidents of
this happening to you _ever_ doesn’t sound like much. Maybe even a bit low.

If they really are using audio for ad targeting like they do with search
history, then it should be easy enough to prove it by experiment.

~~~
cyberferret
Sure. I am used to, nay, I _expect_ ads for software tools and music gear
given my work and hobbies in my life, as I frequently talk about those things
to my friend on FB and IRL all the time.

But wiper blades is so off the charts for me, that I was totally surprised to
see about 3 ads for them the day after I had a discussion in the car. I don't
even go to sites remotely associated with the automotive industry. Not even
locality based, as it was a full 4 months out of the real 'wet season' we have
later in the year. (NOTE: Not even in our wet season did I see random ads for
wiper blades).

Having said that, I won't be surprised to see more wiper blade ads now that I
have been talking about it on HN - who knows if they have linked up the data
from online forums back to FB etc.? The handle I use here I tend to use on
nearly all online forums I belong to.

~~~
artificial
I read that you do web app work and like to keep browsers stock, if it’s not
too forward consider debugging in private mode in a pinch.

------
firefoxd
They do record your conversation [1]

> Here’s how it works: if you choose to turn the feature on, when you write a
> status update, the app converts any sound into an audio fingerprint on your
> phone. This fingerprint is sent to our servers to try and match it against
> our database of audio and TV fingerprints. By design, we do not store
> fingerprints from your device for any amount of time. And in any event, the
> fingerprints can’t be reversed into the original audio because they don’t
> contain enough information.

And my previous comment :[2]

> Notice how they say they do not store sound or recordings. But what if it is
> converted to text?

Notice below they say that the fingerprint cannot be reversed into the
original audio because it doesn't contain enough information. Text cannot be
converted to the ORIGINAL audio but it can be converted to audio.

This may be just me being paranoid, but I do know that legalese is designed
exactly to say something without saying everything.

[1] [http://newsroom.fb.com/news/2014/05/a-new-optional-way-to-
sh...](http://newsroom.fb.com/news/2014/05/a-new-optional-way-to-share-and-
discover-music-tv-and-movies/)

[2]
[https://news.ycombinator.com/user?id=foxfired](https://news.ycombinator.com/user?id=foxfired)

~~~
thisacctforreal
The length of the audio snippets they fingerprint is pertinent information.

If it’s syllable- or word-length fingerprints it’s not much solace that they
won’t be able to get the original audio.

------
zwtaylor
Dozens of times in the past few years I've been served relevant ads on some
topic instantly after discussing it in person in proximity to a smartphone.
I've encountered countless other anecdotal stories from friends. When this
happens I feel an acute sense of violation and vulnerability. It's hard to
imagine a less sinister explanation for this phenomena.

~~~
Cacti
You can't imagine a less sinister explanation other than Facebook or some
other entity is secretly recording your voice and the voices of millions of
people, in violation of numerous state and federal laws, through their
smartphone microphones, uploading it to their servers surreptitiously,
performing voice analysis on it to determine who is speaking out of
350,000,000 possible cases (presumably they've already cataloged everyone in
the country somehow?), and then use that to serve you more targeted
advertising?!

I mean, really?

~~~
zwtaylor
True, it seems far-fetched at first. We should keep in mind that a even few
short years ago theorizing about the US Government operating a widespread
domestic electronic surveillance dragnet was still the realm of delusional
conspiracy theorists.

~~~
gaius
I remember the days when we thought archiving Usenet was technically
impossible... Then DejaNews announced they'd been doing it for years
already...

------
crooked-v
No microphone access is needed for the spooky ultra-targeted advertising
claims. You just have to keep in mind that Facebook is cross-referencing all
your information with everyone physically near you (even people without
Facebook accounts, as they can be extrapolated from their relatives and from
photo geodata and tags), and cross-referencing all of those results with
cookies from ads all over the web and with purchase history results from
credit card companies and retailers.

------
5ilv3r
They don't at all deny listening to conversations in this article. They only
deny using that information for advertising.

Now about the confirmation bias thing, it seems more likely to me that your
credit card history or the store member card purchase history is being mined.

------
imroot
A few weeks ago, I went into a Lenscrafters because I needed some cleaning
wipes for my glasses. I have Wifi, Bluetooth, and Location services disabled
for Facebook.

Someone messaged me on Facebook Messenger, I responded, put my phone back in
my pocket, and finished the transaction, and then left Lenscrafters and walked
down to the store that I was actually in the mall to see.

Within the day, I started seeing contextual ads for eyeglasses in my facebook
feed, along with ads in other apps for eyeglasses.

I'm only suspecting that there's a service that does some flavor of ultrasonic
beacon/listening technology, and facebook (along with DFP and the other large
ad markets) are buying that service in troves.

~~~
ec109685
Or like the article said, you just noticed the contextual eyeglass ads because
you had just been to lens crafters and it seemed weird to you. Also, by
contextual ads, do you mean the eye glass ads were related to context they
were shown next to?

The other explanation is Facebook has data sharing agreements with the payment
instrument you used for the wipes.

~~~
imroot
I had been to Lenscrafters, but, there were no location services (no wifi,
gps, or bluetooth) turned on...just my cell phone data.

By contextual ads, I mean, "News stream ad/in game ad" \-- basically, anything
that had been targeted to be sent to my device.

I believe I read something about Facebook using DataLogic info (which tries to
tie payment instruments to advertising clients), but, apparently the music
supplier for LensCrafters also has "Audio Beacon" technology for their clients
to use ([http://us.moodmedia.com/social-
solutions/](http://us.moodmedia.com/social-solutions/)), so, it could be one
of the two.

~~~
ec109685
Rather than contextual, I think “native ad” is closer to what Facebook’s ads
are versus Google’s old system that tried to match ads with the content they
were shown next to.

------
oh-kumudo
From a technical perspective, it is not very likely that they will listen to
people's voice to push advertisements. They needs to listen to you ALL the
time, collecting your voice from all kinds of noisy environment, uploading to
their server for further analysis. And in order for this service to be
profitable, they need to train model to extract the part of your conversation
that hints a shopping intention.

This requires infrastructure at a really large scale I don't think even
FaceBook can sigh up for that. And if they have a legal department, which I
assume they do and a functional one, those ideas would be killed before it
moves to implementation.

~~~
wu-ikkyu
>in order for this service to be profitable, they need to train model to
extract the part of your conversation that hints a shopping intention

So basically just listen for any time someone says a variant of "I need/want
x"?

~~~
oh-kumudo
Well, there are a lot of needs: I need to go. I need some sleep. I need more
time. I want to quit...like you name it.

------
austinhutch
I was skeptical until I experienced an ad in my feed which in my estimation
could only attribute to data captured by a conversation had hours earlier. Of
course there is the possibility of coincidence but I find it hard to believe.

I took advantage of the option to see why I was shown the ad, and was told
demographic information, as well as a data partnership with DLX. I would like
to know if others who see and ad they suspect was displayed due to microphone
captured data have this DLX data supplier source in common.

~~~
randycupertino
It did something very similar to me and really made me second guess myself,
but there is no other explanation other than it used my microphone to listen
to my conversation at work. I felt so paranoid about it and was very weirded
out.

My backpack zipper broke when I was walking to work. When I arrived at work I
told my coworker I needed to buy a new backpack. She and I talked in her
office about what type of backpacks her son liked, did they have enough
pockets, are the zippers strong. I never used my phone to google anything
about backpacks, never looked anything or searched for a new backpack online.
That same afternoon- boom backpack ads in my facebook feed. Totally creepy.

~~~
IanCal
> but there is no other explanation other than it used my microphone to listen
> to my conversation at work

You'd have not noticed if you saw a backpack advert at some other time. Just
how many adverts do you see that _aren 't_ standing out? Huge amounts,
probably.

This could be quite easily explained by the frequency illusion.

------
quickben
[https://www.qualcomm.com/news/onq/2013/02/20/snapdragon-
wake...](https://www.qualcomm.com/news/onq/2013/02/20/snapdragon-wakes-mobile-
world-snapdragon-voice-activation)

[https://developer.qualcomm.com/blog/using-qualcomm-
hexagon-s...](https://developer.qualcomm.com/blog/using-qualcomm-hexagon-sdk-
device-speech-processing)

"Industry wide adoption"

2013

The rest is PR.

~~~
halflings
IMHO this is irrelevant to what is being discussed here.

> enables devices powered by Snapdragon 800 processors to be “woken up” by a
> custom voice command (beginning with a custom phrase set by the device OEM
> like “Hey Snapdragon”, for example)

Because they are always on and have to use minimal power, these chips are used
to recognise a very specific term (probably why these companies don't let you
customise how you summon the assistant), and cannot do anything like voice
transcription, network calls, ... (which would just kill your battery).

~~~
sp527
Why would audio have to be transcribed locally on battery power? You could do
that server-side and/or keep the data stored locally as audio until the device
is charging and on WiFi.

~~~
halflings
Record audio data continuously on disk? I'm not sure if this is even worth
debating, it is a fact that this is not happening (these chips are on most new
Android phones, and they do not save audio).

~~~
sp527
Wait are you trying to say there’s no way to record audio on a smartphone app?
And also, why are you calling it “disk”? Smartphones use flash memory for
storage.

------
amiga-workbench
Its proprietary software, I have no idea if its malware or not, so I stick to
the mobile website and do not install their apps.

------
uptown
One thing I've wondered was that Facebook began showing the recent photos
you'd taken at the top of the app, and prompted you to share them. Are they
sending every photo you take to their servers to feed it back to you at the
top of your stream? I realize they could implement this feature by displaying
local photos without sending them to their servers, but I've never seen
confirmation that photos remain on your device only until you post. I
uninstalled the app awhile back, so maybe they don't do this anymore, but
anybody have any insights into how they handle your photos?

------
mingabunga
I don't play golf or have any interest in it, but I was talking to my brother
about him using golf carts on his farm as vehicles. I kept getting golf cart
adverts in Facebook for the next month. Maybe it used location data to suggest
we might be interested in the same thing, but it was a bit weird.

------
nothis
I used to dismiss these rumors as paranoia/conspiracy theories in a maybe
naive application of Occam's razor. But concrete leaks and tech news of recent
years made me a believer. I sure believe Facebook is capable of this,
nowadays. The only thing that makes me skeptical is that there should be
reproduceable cases someone has documented for concrete evidence. All I ever
hear is anecdotes.

~~~
cvsh
>All I ever hear is anecdotes.

The fact that there is no hard evidence makes me very skeptical.

Every anecdote is explainable another way. Someone in the comments said they
were having a conversation about storage units and saw an ad for storage units
immediately after. Even if they had never searched for storage units -- and
can we really be sure? That would be easy to forget -- Facebook might just
have extrapolated they they would need a storage unit from related searches,
like searching for a moving company.

I would be willing to bet this type of algorithmic extrapolation explains
every one of the microphone-ad-conspiracy stories.

------
bpanon
A fairly reliable and simple test is this: leave your phone around content for
several hours of a different language and see if ads related to that language
show up.

It's surprising to me that people here are still debating this. I believe it's
been going on since the original iPhone came out after a friend told me a very
specific product appeared for her on Facebook immediately after she spoke
about it and went to go look it up on her phone.

I don't think Facebook would stop at any measure to get all the data they can
from you if they can get away with it and frankly anyone who does is extremely
naive. It's right there available to them. There has never been and may never
again be a time when companies (particularly Facebook and Google) to obtain as
much sensitive data as is available to them from us without our knowledge,
without external oversight, and without repercussions due to the lack of
legislation.

------
jparse
I am not sure if this is real. However, there are people on YouTube talking
about topics they have never typed, never cared about, or never shared on
Facebook and sure enough, the ad appears.

It would be great to really inspect the traffic and see if this is really the
case. Independent of what Facebook claims.

Either way, I am happy I have deleted it off my phone. I have never been
happier each day not reading garbage and actually focusing my time on apps
that improve my life and move my life forward.

------
j_s
Technicalities and choice of words are amazing ways to deny what isn't
_exactly_ happening here.

For example, why use the word 'recording' when the problem is accessing the
microphone at all... Facebook doesn't have to 'record' to stream the audio to
their server for audio recognition without 'recording' anything.

Of course all of this is just from the title of the article but the paranoid
will pretty much always be able to find wiggle room.

------
0x0
Couldn't somebody decompile the android or iOS app and try to find evidence
for one way or the other?

~~~
ehsankia
Or just have a proper methodology with many samples, control group, etc.

~~~
Sargos
The kind of people who believe these conspiracy theories about Facebook are
not the kind of people who believe in scientific methodology. Fuzzy bigfoot
syndrome and all.

------
Overtonwindow
I think the risk versus reward for Facebook and other companies is very high.
All things being equal, I think it's more likely than not they will record
things, will listen for words you say, and use that. The risk is enormous if
it comes out with proof, but let's say they only listen a small percentage of
the time, that kind of AI analysis is priceless.

~~~
cooper12
I doubt it will make a difference to most people. The staunch pro-privacy
stance really only exists on tech-savvy forums like HN. Go on reddit sometimes
and observe how people will say "so what if Google has all my info, it's
useful and free". If Zuckerberg calling his users dumb fucks for trusting him
didn't get them off the platform, a "small" privacy violation like this won't
either.

~~~
dsharlet
This reddit post is the very top of /r/all right now:
[https://www.reddit.com/r/videos/comments/79i4cj/youtube_user...](https://www.reddit.com/r/videos/comments/79i4cj/youtube_user_demonstrating_how_facebook_listens/)

And the general sentiment appears to be very far from what you claim. I think
it's possible that this issue is going to come to a head this time around. I
don't know what the outcome will be. Just saying it's confirmation bias (the
likely real explanation?) may not be enough to satisfy people.

~~~
jacobush
Reddit is a small vocal tech savvy minority. The moral majority just don’t
care or are too busy working three shifts to care.

------
jparse
For anyone interested, the iOS app is composed of about 18,000 classes. Here
is the dump:

[https://gist.githubusercontent.com/quellish/473f513fbd131023...](https://gist.githubusercontent.com/quellish/473f513fbd1310233a8e/raw/ddfa17d01435d43ee43751fb6fe17f4d0c8911c6/FBClasses.txt)

------
ceejayoz
I'm inclined to dismiss it as confirmation bias, but I've had this experience
personally - a conversation followed shortly by an _extremely_ specific
advertisement on FB shortly thereafter.

~~~
teraflop
As suggested in the comments on Reddit, there's another possible explanation
for this -- someone else in the conversation does a search based on what you
were talking about, clicks on a result that sends tracking data to Facebook,
and then the ads are retargeted to you based on a shared public IP address.

~~~
ceejayoz
The last time I noticed this, it was a conversation between my wife and I, and
I (we) poked around in her search history for that reason. Nothing that I
could see, and it was within minutes of the conversation.

All that said, I still lean towards confirmation bias.

------
croatoan
What I'm getting out of "We don't use your microphone for ads" is that they
use your microphone, they just don't use it for ads. Which as many comments
have already stated makes sense because you don't really need the recordings
to determine a suitable ad when they are already getting all the data they
need from just using facebook.

What I think they do is, they record everything using the microphone, and they
store it if you are a person of interest. A person of interest could be that
maybe you have a over 1000 friends or something, maybe your a ceo of some tech
company, maybe you're a lead programmer at intel, maybe you're someone the US
government wants to track, maybe your a senators staff member, maybe you work
for the Skunk Works at Lockheed, maybe you said a key word/phrase that throws
you into the 'person of interest' category like 'electrogravitic propulsion'.
When these surveillance companies do this type of stuff, they do it to people
of interest, and if they ever need to put the squeeze on someone, or steal
important information like get secret information about a stock trade or
something, they go to that person of interests microphone records (which
probably get transcribed into text by some program) and search for whatever
they want to know. This is why this shit should be utterly banned, it controls
people, it steals from people, it destroys innovation and scientific progress
before they ever get off the ground, and its just plain manipulative.

------
mistercow
One thing the internet does which is super incompatible with how people deal
with information is that it amplifies anecdotes and selection bias.

If you were just talking to a sample including a small fraction of your
friends and acquaintances, and you found that like 10 of them had noticed that
Facebook seemed to be showing ads based on their conversations, that would be
compelling evidence that something was up. And since for the vast majority of
human history, that was the kind of information you had access to, that's the
way we tend to process things.

But now you can go online and mention this weird thing that happened to you,
and a thousand other people will all see it. Suddenly you have _super_ high
odds of a "cold hit", even though the phenomenon was purely random.

And to make matters worse, it's _not_ purely random. Facebook has algorithms
that are trying, often successfully, to model your life based on the
information you give it. So the chances of "eery" ad targeting are
significantly higher than if it were just random.

I think we're going to see this kind of conspiracy theory more and more as
time goes on, and we need to figure out cultural tools to counteract this
problem.

------
trophycase
Of course they deny it. Even if they did there is absolutely no way they'd
admit it. This article asserts nothing.

~~~
cc81
On the other hand seeing as this must be done client side then someone should
be able to do an investigation and see if Facebook sends voice data to their
servers.

And not to mention how many engineers that work on Facebook that could be
whistle blowers.

------
ojosilva
But has anyone scientifically validated any of these assumptions? It doesn't
seem very hard. Speak, then visit pages with FB ads and take note.

Seems like the internets has taken these serious accusations as some sort of
corporate conspiracy but I haven't seen any independent, credible study of how
Facebook's apps (confirmed) access to microphone are actually being translated
into ads.

~~~
bhouston
Can not one decompile the Facebook app, or just somehow instrument it to see
when it accesses the microphone feed?

~~~
tedunangst
None of the people who think this is happening can.

------
api
Wouldn't it be possible to detect this?

If this is happening then it must require some amount of CPU and memory use on
the device, which even if hidden from the OS can be detected via power use and
heat dissipation. It should be possible to indirectly measure a phone's CPU
load (including any hidden processors) by filming it in the infrared and/or by
attaching it to power and measuring the wattage consumed from the supply.

If this is happening it must also require some network I/O. Something must be
phoning home and reporting the data if the data is to be useful.

Note that there is an intrinsic trade-off between the heat dissipation angle
and the bandwidth angle. If the device is doing parsing, speech recognition,
AI, etc. locally then it must be consuming more energy and dissipating more
heat. If the device does these things remotely it must upload more data.
Compressed audio is far more bandwidth intensive than digested meta-data.

This seems like something security researchers can and should look into.

~~~
smashingfiasco
Remember the time they kept the app open in the background on iOS devices by
sending an empty audio buffer to the phone for playback?

People started discovering that after iOS introduced the battery/power usage
section in the Settings app.

------
kmm
A few days ago I ate a chili pepper out of boredom, and after finding out what
a bad idea that was, I opened Reddit. The frontpage of /r/todayilearned had a
post about someone learning that birds can't detect capsaicin and that peppers
evolved it to deter mammals (which have grinding teeth).

These kinds of cosmic coincidences happen to me and everyone else every few
weeks, and they mean absolutely nothing. We're just wired to see patterns. I
(and millions more) see hundreds of Reddit posts per day, you (and millions
more) see hundreds of ads per day. A crazy coincidence every 10,000 ads isn't
very strange.

Something like this should be piss easy to prove, especially on Android.
Traffic monitoring, monitoring when exactly the microphone is accessed on a
rooted phone, anything really. The fact that this rumor has been going about
for years and nobody has found anything, means it's just nonsense.

------
feelin_googley
It is interesting that they feel the need to officially deny it. The Twitter
user co-hosts a podcast where users can call in to tell him whether they think
Facebook is listening or not.

One could argue, from a PR perspective, it does not matter whether Facebook is
listening or not.

First, some users do not trust them. Maybe Facebook is worried about those
users telling other users.

Second, some users believe it is technically feasible to listen.

Finally, there is no legal/regulatory framework in the United States to
_effectively_ stop Facebook from listening[FN1], if they wanted to do so. They
have clear business incentives to listen because the objective is to gather
more personal data about users than their competitors.

NB: Added "in the United States" for clarification.

FN1. Incorrect? What are the theories of liability? What are the sources of
law or regulation in the United States? _Is injury required?_ What is the
injury? How does one prove the injury?

~~~
notimetorelax
Hm... what about the expectation of privacy? I’m guessing in some states and
countries this is illegal.

------
thrill
As long as it is possible (closed source software and hardware which is
unaudited by trusted organizations), then it's going to continue to be assumed
to be happening.

------
submeta
If they do listen and present you ads based on your conversation, can't you
fool it (and test it) by talking about (let's say) buying new running shoes?
Shouldn't you observe ads about running shoes?

Edit: added missing word

~~~
comboy
There are some videos of people who did exactly that:
[https://www.youtube.com/watch?time_continue=4&v=U0SOxb_Lfps](https://www.youtube.com/watch?time_continue=4&v=U0SOxb_Lfps)

~~~
mikeash
I thought iPhone apps couldn’t silently listen to the microphone.

~~~
ggreer
That's correct. Apps must request access to the microphone, and iOS shows an
indicator while the app is recording.

This is pure confirmation bias. If someone tests this and doesn't get a
relevant ad from Facebook, they won't upload a video or tell their friends.
Note that even in this confirming case, it took _two days_ before the guy saw
a cat food ad. We don't know how many other ads he scrolled by before that
one.

------
em3rgent0rdr
I've learned to never believe an entity that says they won't do something
without any way to verify such a claim.

------
twostorytower
I don't see definitive proof one way or the other, but I've never given
Facebook microphone access on my iPhone. And many others users claiming
they've received targeted ads haven't either. But something interesting that
is being pointed out on Reddit is that they can use your gyroscope to detect
vibration and convert it to soundwaves when your phone is on a flat surface.
The PM at Facebook denies listening to the microphone, but what about the
gyroscope data? Technically, what he is saying could be a true statement, but
still invading privacy just as much.

------
jasonrhaas
Regardless of whether or not they are doing it purposely, the capability is
certainly there. But the other data they have from cross referencing other web
traffic, financial data, etc is probably much more powerful than what they
could get from listening in to our conversations.

However, I still turn off microphone access for facebook and instagram. It's
probably not fool proof, but it can't hurt.

------
Shinchy
Why don't we just try this out, get a fresh device and block location services
then create a new Facebook account. Make sure you don't search for the thing
you're aiming to get Ads for (Cat Food, Carpets, Jumper, etc.) on the device
itself or nearby devices. Then just talk about those things and see if the ads
come up.

------
m-p-3
No one should trust what they say they can or cannot do. What we can only
assume is their capabilities in doing it. This is where end-to-end encryption
is important. If you can't encrypt it in a way that only the other end can see
it, then assume that someone in the middle can eavesdrop it.

------
chillingeffect
There have been plenty of stories of malware eavesdropping over smartphone
microphones in the last two years.

I doubt Facebook does it with their app. It's too much trouble, blatantly
illegal and easy to get caught. It's most likely malwAre selling the info to
fb, who has no idea how any advertisers get their info.

------
huntermeyer
Couple doesn't own cats. Talked about cat food to test if Facebook is
listening. Started getting ads in FB for cat food:
[https://hooktube.com/watch?v=U0SOxb_Lfps](https://hooktube.com/watch?v=U0SOxb_Lfps)

------
haihaibye
To add an anecdote to counteract confirmation bias: I heard this rumor months
ago and we started talking about motorbikes with smart phones held up for a
few days (20+ mentions). We saw no motorbike ads.

------
7373737373
Like webcams, microphones should (and even be required to) have a status LED.

------
CharlesDodgson
I wonder do FB buy user ad preference data from 3rd parties, that may in turn
buy them from another listening app.

If I was FB, I'd either process the audio on the device to avoid network
traffic, or buy the results from a partner, to keep the actual listening at
arms length.

It wouldn't be that hard to imagine another ad-tech company collecting the
data in some other app and feeding the data back to FB. I can't imagine FB
would be asking as many questions from a 3rd party as it would to internal
teams.

------
rxever
Once it happened to me that Facebook has shown me under "People You May Know"
a person that was on the same WiFi as I was. We had zero mutual friends and no
known connection prior.

~~~
ikeboy
IP address is obviously sent to Facebook

------
vita17
According to this post on Reddit, Apple gave Uber access to a private API.
He's speculating that Facebook might have access to a private API and is using
it to spy on its users. Does anybody have more information about this?

[https://www.reddit.com/r/videos/comments/79i4cj/youtube_user...](https://www.reddit.com/r/videos/comments/79i4cj/youtube_user_demonstrating_how_facebook_listens/dp2gshm/)

~~~
UncleMeat
It would be trivial to decompile the app and see if they were using some
hidden or undocumented API.

Why has nobody ever been able to find actual evidence in the code?

------
unabridged
I think people are really underestimating how much they can use your friends
search data (especially ones you have been in close proximity to) for your
ads. Or how big their interest "niche" is. There are only so many categories
of web users, even on the very fringe there are probably 10k who think and
search just like you. And when they are searching/clicking on products,
Facebook will show you similar things.

~~~
bpanon
I have a story about this.

A girl I was seeing years ago was looking for a new apartment. She texted me
telling me she found a new apartment on 20th and Gladstone Ave and asked me if
I wanted to go with her to see it. Minutes later, I get a Google Now update
saying "It would take you 43 minutes to get to 2020 Gladstone Ave if you leave
now".

I thought it was cool at first - Google Now was getting really helpful with
the driving suggestions. I also thought it was strange that it was for a
specific address - I thought that was a glitch, or the nearest address to that
intersection, although Google Now has worked with intersections in the past.

I thought Google telling me the time it would take to travel to her apartment
showing was impressive enough to actually tell this girl what my phone did.
She was not amused and thought that I had hacked her phone. She wanted to know
how I knew the exact address of the apartment!

I was curious how this could have been possible since she never texted me the
exact address and found out she did look it up on Google Maps. So it's clear
how Google had the data but sharing it with me seemed like a huge breach of
privacy.

Perhaps the craziest part of all this is that not 5 minutes after telling this
girl what Google did, when I went back to take a screenshot of the suggestion
- the Google Now card CHANGED to 20th and Gladstone Ave!

I was seriously wondering they were analyzing my conversation afterwards
expressing my concern of this breach of privacy and had the "privacy invasion"
level turned down a degree.

------
habosa
I just don't think anyone could record an analyze audio constantly without
absolutely killing battery life. We're saved by the hardware.

------
Feniks
I know that smart TVs and the now defunct Kinect have the ability to monitor
conversations. Hell I remember when I first used Soundhound! I was
flabbergasted, what will they think of next.

But I also know corporations are usually scrupulous about following laws so
unless there is something in Facebook's ToS/EULA that mentions doing this I'm
skeptical.

~~~
throwaway613834
> so unless there is something in Facebook's ToS/EULA that mentions doing this
> I'm skeptical

I don't see why the vague terms in their data policy [1] couldn't include
audio (all-caps are my own emphases):

> We collect information FROM or about the computers, PHONES, or other devices
> where you install or access our Services, depending on the permissions
> you’ve granted. [...] Here are some EXAMPLES of the information we collect:

> \- Device locations, including specific geographic locations, such as
> through GPS, Bluetooth, or WiFi signals.

If device location is merely an _example_ of information they gather from my
phone then why couldn't audio just as easily be another example?

[1]
[https://www.facebook.com/full_data_use_policy](https://www.facebook.com/full_data_use_policy)

------
dictum
On a sufficiently short-lived and well-targeted A/B test, nobody knows you're
a listening bug.

------
heydonovan
What can we do to prevent this? Use another service? Make it more difficult to
link information together with use of per-website generated emails, burner
phones, etc? Just seems there is room for something to come along and change
the game, just not too sure what that thing is.

------
dba7dba
I removed Facebook from my phone years ago when I learned they were accessing
my sms messages. Simple.

~~~
madeofpalk
I'm so glad my phone doesn't allow apps to do that.

------
api
If this is legit it seems hard to explain in any other way:

[https://www.youtube.com/watch?v=U0SOxb_Lfps](https://www.youtube.com/watch?v=U0SOxb_Lfps)

------
a_imho
I'm not versed in the facebook tos, but it very well could be included. If
that bothers someone they should just stop using facebook, what's so hard
about it?

------
wozer
If we (theoretically) assume that Facebook actually does listen and use the
data for advertising: what would be the legal consequences?

Could this become the next Volkwagen?

------
eurticket
With all the data gathering and listening, how doesn't any organization get
the information to stop the attacks that we know about?

------
elorant
Sooner or later we'll have to get in the offensive and break their business
model by rendering ads ineffective. It's either that or the Internet we used
to know won't exist for much longer. As long as they don't seem to give a fuck
about user privacy we don't need to play nice.

------
j_s
Linking to the discussion that just jumped off the front page for my own
benefit when I get back:
[https://news.ycombinator.com/item?id=15580281](https://news.ycombinator.com/item?id=15580281)

~~~
j_s
Rumors That Facebook Is Secretly Recording You Refuse to Die |
[https://news.ycombinator.com/item?id=15580281](https://news.ycombinator.com/item?id=15580281)
(Oct 2017 18:20, 80+ comments)
[http://hnrankings.info/15580281/](http://hnrankings.info/15580281/)

Facebook denies 'listening' to conversations |
[https://news.ycombinator.com/item?id=15581114](https://news.ycombinator.com/item?id=15581114)
(Oct 2017 20:30, 171+ comments)
[http://hnrankings.info/15581114](http://hnrankings.info/15581114)

Basically the same discussion on separate stories covering the same topic,
both on the front page simultaneously. The second only took off after the
first was flagged off the page or something.

I didn't want to summon the dupe police before I had a chance to review it a
bit closer. Also didn't want to lose both to the flagging committee.

Mostly planning to review participation by various HN users. #facebook
#haterade

PS. Neither one is worth an up-vote from me, let alone adding as a favorite!

------
beeskneecaps
Facebook is definitely creeping on your conversations

------
chis
Facebook obviously doesn't do this, but I wonder how this will end. Lots of
people wanting to regulate Facebook right now, maybe some ineffective laws
will get passed.

------
oculusthrift
i don’t get why this is a debate. can’t we just use wire shark or something
similar and see if audio data is sent to fb?

------
ireallydonot
Facebook is liar and privacy violator!!

------
nilved
There's an easy way to verify this: run tcpdump and record it happening. The
fact that nobody has done this, instead only offering anecdotes, strongly
suggests that these are coincidences or from other forms of targeting.

~~~
throwaway613834
tcpdump? How do you record HTTPS connections (with pinned certificates, I
might add) via tcpdump?

~~~
objclxt
Regardless, it’s easy enough to dump HTTPS traffic (pinned or otherwise) if
you have root access to the client, which in the case of Android is not
difficult to get.

~~~
throwaway613834
> Regardless, it’s easy enough to dump HTTPS traffic (pinned or otherwise) if
> you have root access to the client, which in the case of Android is not
> difficult to get.

Hm, well okay, would you mind explaining the easy procedure that lets you
capture Facebook traffic then? I have tried lots of different methods
(Fiddler, Xposed modules, etc.) with root access and have failed. It's no
problem in theory, but practice is another matter...

~~~
nilved
If you have root access to one end of encryption, you necessarily can inspect
and save it. The way I would do this is by issuing a certificate for
facebook.com that I mark as trusted on the device. This will let you do a man
in the middle "attack." But you can probably do this directly on the device:
just look for where the encryption is taking place, and intercept it.

~~~
throwaway613834
> The way I would do this is by issuing a certificate for facebook.com that I
> mark as trusted on the device.

Half the entire point is "mark it as trusted" doesn't work when the
application has already pinned the certificate it's expecting. Have you
actually done this yourself at all?

> But you can probably do this directly on the device: just look for where the
> encryption is taking place, and intercept it.

"Just" intercept it? You mean "just" spend several weeks if not months trying
to disassemble/decompile their code, figure out how to inject your own,
somehow locate the relevant in-memory data structures for encryption, &
reliably patch them at runtime? all while preventing the application from
crashing? That's "easy" to you? Have you done any of these things you're
suggesting yourself? How often have you done them? and how long have they
taken you that you found them "easy"?

~~~
nilved
I've done all of these things since it's my job. I haven't tried Facebook,
because I don't have any confidence in the surveillance hypothesis, but my
first guess being inapplicable doesn't change the fact that root access would
allow people to prove this is happening, and that hasn't happened.

Furthermore, this could be proven with some fair reliability using correlation
only. Is more encrypted data sent when you're speaking? Is more encrypted data
sent when the microphone permission is enabled? Does the app access the
microphone while sleeping? Nobody has presented anything _close_ to evidence.

~~~
throwaway613834
> I've done all of these things since it's my job.

It's weird that this is your day job and yet you tell me that I should mark a
certificate as "trusted" when we both explicitly acknowledged that the problem
was with certificate pinning. You didn't answer this part: how long does it
take you to manage to intercept Android HTTPS traffic for a brand-new, never-
before-seen application that uses certificate pinning on your day job?

> I haven't tried Facebook, because I don't have any confidence in the
> surveillance hypothesis

Well then try it with Facebook. If this kind of thing is really your day job
then it shouldn't take long, and you'd do everyone a favor by (a) showing that
nothing is going on, and (b) teaching people how to do it themselves so that
the myth doesn't keep spreading. People would appreciate it.

> Furthermore, this could be proven with some fair reliability using
> correlation only.

No, it can't. They don't need to be sending raw audio. They could just do some
rudimentary speech recognition and send it along with some other routine data.

> Does the app access the microphone while sleeping? Nobody has presented
> anything _close_ to evidence.

I've personally logged it accessing the microphone when I've been scrolling on
my news feed. Though I don't see why you'd believe me anyway.

------
Overtonwindow
[dupe]
[https://news.ycombinator.com/item?id=15578016](https://news.ycombinator.com/item?id=15578016)

------
anotherelise
[https://puri.sm/shop/librem-5/](https://puri.sm/shop/librem-5/)

