
Phones that secretly listen to us are a myth - AndrewDucker
https://www.bbc.co.uk/news/technology-49585682
======
ricardobeat
Fixed headline: synthetic study that did not even try to reproduce normal
phone usage patterns fails to find evidence of audio tracking.

Wasn’t it just last year that a wide network of android apps using inaudible
cues for ad tracking was uncovered? What are they trying to prove here?

~~~
whamlastxmas
It's the BBC. Who knows what their agenda is today.

------
ncmncm
In other words, not a myth at all. "It's not the phones listening, it's apps
on the phones. And maybe also the phones, when somebody cares to snoop."

Likely snooping happens more when phones are moving, and not lying about in a
room with recognizable recordings playing, and that belong to people somebody
cares to snoop on.

But it is true that readily available metadata being deliberately sent by
users, via clickstream, is much easier to extract usable detail from.

------
segfaultbuserr
The notation that phones that secretly listen to us, because the big tech
companies are evil and they do it because they can - may be a complete myth.

But the notation that phones, due to their system insecurity, widespread of
malicious applications, the reliance of voice recognition over 3rd-party
servers (and in turns, their insecurity), and the ethical problems of handing
training data and samples, are all avenues that can be easily exploited to
secretly listen to us, is very true.

Overemphasizing the first notion while downplaying the second one is a way to
manipulatively shutdown the public concerns over privacy issues.

------
kennywinker
> Interestingly, the study found that most of the android phone apps seem to
> consume significantly more data in the silent rooms with many iOS apps using
> more in the audio-filled rooms.

Disturbing. The fact that there is a difference suggests that they are doing
_something_ with microphone input...

~~~
iamnotacrook
Or that they are different operating systems. Perhaps iPhones ship with shazam
enabled, for example (given Apple bought them).

~~~
kennywinker
Less concerned that there is a difference between ios and android, more that
there is a difference in a quiet room vs a noisy room in both cases.

To your specific point, Shazam has to be activated (hey siri, what song is
this?) on iOS.

------
maehwasu
Even if there were not already ample evidence that phones do listen to us, the
very publishing of this article would basically be a blaring confirmation.

This feels like it was dictated to the writer directly by a not-super-
competent intern at an intelligence agency.

------
kzzzznot
> For 30 minutes they played the sound of cat and dog food adverts on loop.

I feel like this could’ve been more similar to what was being suggested,
adverts or background TV/radio isn’t what any ad-driven telemetry is going to
be interested in. Definitely not discounting the research, just seems like
this element could’ve been improved.

------
m-i-l
Anecdote time.

Short summary: I received in my Google news feed a story about something I
would never expect to see in my news feed. The only rational explanations I
could think of were that (i) Google had eavesdropped on an earlier
conversation, or (ii) Google had received the full data for an offline credit
card purchase in a bricks and mortar store made with a credit card which had
been saved in my Google profile.

Full story: My wife went to a bricks and mortar bookshop to buy a boy's
birthday present. In the bookshop, our daughter said he liked football, so she
bought a children's book by an English footballer. She did not know what to
buy beforehand, and did not look the author up online afterwards, so there was
zero online footprint for the transaction. When she got home, I asked what
present she'd got, and she told me it was a football book. When she told me
the author's name, and I said I'd never heard of him, joking that the only
footballer's names I knew were Scottish footballers from the 1980s that I'd
memorised to try to fit in at school. Again this conversation had zero online
footprint. The next day there was an article in my Google news feed about that
specific English footballer. I don't recall ever seeing any football related
story in my newsfeed, so would never expect to have seen that specific
footballer appear by chance.

I'm inclined in this case to believe it was Google buying data on credit card
transactions for credit cards linked to the Google account. I keep on meaning
to ask around if anyone knows if Google do this. Perhaps someone here knows?

~~~
UweSchmidt
A quick Google search suggests that this might possible.

[https://www.theverge.com/2018/8/30/17801880/google-
mastercar...](https://www.theverge.com/2018/8/30/17801880/google-mastercard-
data-online-ads-offline-purchase-history-privacy)

It's interesting to see how slowly we are all catching up to what is going on
behind the scenes, and how we all struggle to come to terms with the
implications.

~~~
m-i-l
Thanks for the link. Certainly sounds feasible. FWIW the credit card used for
the purchase was a Mastercard. This would definitely go beyond what is
described in the article though because (i) I'm pretty sure neither of us were
shown any online adverts for football related children's books prior to going
into the store (if we had they'd have stuck out like a sore thumb among all
the unicorn, pony, fairy etc. children's books we normally see based on our
purchase history), (ii) to target an individual's newsfeed the Mastercard data
can't have been anonymised.

------
jason46
My wife and I were watching John Wick and got to talking about owning a
handgun. The next morning my facebook feed was showing me marketplace listings
for holsters.

~~~
johnchristopher
Frequency illusion or Baader–Meinhof effect: The illusion in which a word, a
name, or other thing that has recently come to one's attention suddenly seems
to appear with improbable frequency shortly afterwards (not to be confused
with the recency illusion or selection bias).[51] This illusion is sometimes
referred to as the Baader–Meinhof phenomenon.[52]

[https://en.wikipedia.org/wiki/List_of_cognitive_biases](https://en.wikipedia.org/wiki/List_of_cognitive_biases)

Or maybe you watched john wick on netflix or amazon and boom.

~~~
insickness
Or read a John Wick review, bought the movie tickets online or paid for the
tickets with a credit card.

------
dev_dull
I’m not really sure who this article is trying to convince. Besides, who
thinks it’s the “phones” listening to us? It’s the apps that do the listening.
Only recently are iOS and android finally clawing back errant permissions on
these apps to prevent such behavior.

~~~
garmaine
The baseband firmware almost certainly has backdoors exploitable by certain
national intelligence agencies to listen in on you, selectively.

~~~
ncmncm
I know someone who worked at Qualcomm with access to that baseband code, who
had a personal project to scan it for backdoors. He came up empty. So if they
are there, they are subtle. At least in Qualcomm basebands. Exploits probably
provide all the backdoors the spooks need.

~~~
stordoff
Two alternatives:

* Firmware is patched after the fact either by inserting a backdoor into the build process, or binary patching the resulting firmware image. Such an operation is likely to be compartmentalised to avoid employees knowing about it.

* Intelligence agencies seed online discussions with false assurances (note that I'm not suggesting any wrongdoing on your part - merely pointing out that an anonymous forum post is hardly verification that can be relied upon).

That said, I do agree that exploits are likely sufficient, and that planting a
mass backdoor is probably not worth the risk of it being detected.

~~~
garmaine
I was in fact referring to exploits in my post. That's typically how NSA and
GCHQ operate these days: either find exploits, or if a sufficient number can't
be found, have some hard-to-detect exploits inserted into the code by
operatives or as part of unrelated bug fixes.

There's also hardware exploits. The firmware doesn't need to have a back door
if a certain sequence of packets sent to the network controller will cause key
memory to be overwritten and live patch in a backdoor.

~~~
ncmncm
Agreed, hardware backdoors are very possible, but software is much cheaper to
mess with. The spooks have in the past shown a preference for hardware
jimmying, but those have been one-off cases.

That said: monkey-patching is much more easily concealed than hardware or
source-code changes, and is more in line with how US spooks have been seen to
operate.

------
Quai
So, there are hardware in phone whos job is to recognize trigger words and
phrases like "Hello Google" , "Alexa" and "Siri" and wake up the phone so it
can listen to the users request. They probably have limited memory, but I
would not be surprised if they can store a few hundred low quality rules for
detecting certain words. The ad-network already have a profile on you, and
could compile a list of trigger words you are likely to use based on your
profile. They upload this list to the phone, and lets the phone build up a
frequency list that they can use to better target you with ads you are likely
to click on.

All this would just require a few thousand bytes transferred between the phone
and the ad-network. Since they are using information they already have about
you, and there are little or no additional CPU or network usage it would be
really hard to detect.

------
TuringTest
Why phones that secretly listen to us are a myth?

Because we _know_ they're doing it. Therefore, not a secret.

------
CryptoPunk
This is a misleading title. Intelligence agencies turning phones into
listening devices is not a myth

~~~
dandare
Not just Intelligence agencies, if I remember correctly FBI used switched off
phones to record mobsters. But I can't find the link now, hope it was not a
hoax.

~~~
sdinsn
The FBI is an intelligence agency, FYI.

------
esoterica
The insistence, in the absence of concrete evidence, that tech companies are
using illicit speech recognition is a symptom of tech illiteracy in the
broader population. People are basically anthropomorphizing their phones -
since humans acquire most of their knowledge by listening to others talk,
people irrationally assume that the machines must be operating using the same
methods. They don't quite grok that there are other less anthropomorphic, less
intuitive, but more sophisticated methods for apps to make inferences about
you without having to listen to you talk.

I saw some guy on Reddit once triumphantly declare he had proof that Google
(or Facebook?) was listening to his microphone because he started receiving
Spanish language ads after he began working at an office with a bunch of
Spanish speakers. Come on dude, you share a wifi network with them, your GPS
location overlaps with theirs 8 hours a day, and you presumably frequently
send/receive emails from them. Facebook/Google doesn't need to listen to your
mic to know that you have a bunch of Spanish speakers in your social network.

~~~
marshray
We're long past the days when you had to be paranoid and 'computer illiterate'
to believe computing devices couldn't pick up speech.

For a decade or more vendors have been shipping voice recognition technology
onto consumer devices, with less and less friction to operate, actively
attempting to make it part of very common device interactions.

Now the only questions are:

A. Do these omnipresent hot mics have adequate access control?

B. How many parties have access to them, and

C. Are these parties worthy of being trusted with such responsibility?

~~~
esoterica
It’s not about whether phones can listen in to you l, it’s about whether
that’s the only possible explanation for accurate as targeting (it is not)

------
mlang23
Oh yes! "We monitored a few phones for a few minutes and are now so convinced
that we write an article telling everyone to relax"

While I am not a fan of conspiracy theories, such half-assed pseudo-proofs
actually make me believe there might be something behind the underlying
conspiracy theory.

------
INTPenis
It's not a myth though. After GDPR and Google added the new privacy tools to
their accounts I was able to hear the audio files it had "accidentally"
recorded of me.

Usually I just heard ambiant noise like computer, media, some distant talking.
My naive assumption was that it had misfired on "OK google" and recorded for a
few seconds to see if I'd give it a command.

I've never opted-in for any OK google type service or device but I did own two
vanilla Pixel devices.

I've since opted-out of such recordings and it appears that Google has made no
more recordings of me since then.

------
braindouche
My personal favorite anecdote: I was out driving in the car with my partner. I
said "hey, that guy is riding an electric unicycle", and then starting 4 hours
later and lasting for 5 months, facebook showed me ads for electric unicycles.

~~~
ryandvm
Sure, we all have funny little anecdotes about times we talked about something
and then saw ads for it later that day.

But as a technologist and software developer myself, I know just how difficult
it would be to make a device that would be able to constantly transcribe the
audio input stream and surreptitiously upload that data all day - and do so
without destroying the battery life or having a noticeable network bandwidth
footprint.

Not too mention the fact that if any memos/emails documenting any part of
these "black-ops" advertising programs were leaked, it would be the tech story
of the decade and probably result in billions of dollars of fines and legal
fees for Facebook/Google/Apple/Amazon.

No, in the end, it seems much more likely to me that these occurrences are
just the Baader-Meinhof phenomenon in effect.

After all, how many things have you talked about that DIDN'T end up in your
advertising stream? I mean, this is pretty easy to test. Why don't you just
start talking about adult diapers in front of your phone right now and see
what happens?

------
mrarjen
Then how do they explain the third party company with audio recordings from
Facebook?

Plus sending full audio recordings to a server would be somewhat odd, isn't
collecting key words converted in text and sending that a lot more plausible?

------
EasyTiger_
I mean, the BBC would say that.

------
politelemon
I am unable to find anything published by Wandera related to this. What source
is BBC quoting and where is the paper?

I am hoping that the datasets used by Wandera will be available for us to look
at.

------
Kaiyou
In other news, Google isn't biased, which a Google search revealed just
yesterday. More news at eleven.

------
StreamBright
This is funny. You can review the audio files Android records online. This
feature is completely unknown to my parents, secretly maybe a strong word
though.

[https://support.google.com/websearch/answer/6030020?co=GENIE...](https://support.google.com/websearch/answer/6030020?co=GENIE.Platform%3DDesktop&hl=en)

~~~
gmueckl
Just to be prdantic: that's not Android, but Google Assistant. This would also
show requests made through Google Home etc.

