
Facebook Patent Imagines Triggering a Phone’s Mic When Hidden Signal Plays on TV - mmaanniisshh
https://gizmodo.com/facebook-patent-imagines-triggering-your-phone-s-mic-wh-1827176182
======
brian-armstrong
If anyone wants to try ultrasonic transmission, I have a demo that runs in
your browser, and boy do I love to plug it

[https://quiet.github.io/quiet-js](https://quiet.github.io/quiet-js)

~~~
asteli
This is pretty amazing, worked well out-of-the-box between my laptop and
phone. Makes me think of all the weird ways that one could exfiltrate data (to
use a different example I've seen, convincing a device to puke its firmware
out via an LED)

Also I'm pleasantly surprised by my ability to hear (barely) the 19kHz
carrier.

~~~
paulie_a
Some group either got caught or proved you could exfiltrate data via the fans
on the air gapped computer to the microphone on the connected one. It was
obviously incredibly low speed but possible.

I honestly don't recall if this was just a trial or it was used in the field
by a spy agency

~~~
Nition
I saw one where they got audio out of a silent video of sound waves in the
area vibrating a potato chip packet on the ground.

[http://news.mit.edu/2014/algorithm-recovers-speech-from-
vibr...](http://news.mit.edu/2014/algorithm-recovers-speech-from-
vibrations-0804)

~~~
disqard
That was impressive work, but they do require a camera that can record at
2000-6000 fps.

~~~
jacquesm
That's logical. Nyquist won't budge just because your idea is clever.

[https://en.wikipedia.org/wiki/Nyquist_rate](https://en.wikipedia.org/wiki/Nyquist_rate)

~~~
Nition
They actually got Nyquist to budge to some extent. Check out the last portion
of the video.

They took advantage of the fact that digital cameras tend to scan line by line
over a short period of time, so there's actually more timing information
available in an image than the base 60fps.

------
pinewurst
This is apparently already in use: [https://arstechnica.com/tech-
policy/2015/11/beware-of-ads-th...](https://arstechnica.com/tech-
policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-
tablet-and-pc/)

~~~
noir_lord
Yeah it's SilverPush isn't it, I remember this from a few years ago.

No matter how many ways I come up with to do things I'd never actually do
there always seems to be someone who both thinks of things I didn't and
absolutely would.

Depressing really.

~~~
voltagex_
Someone has a dataset of every (?) apk from the Play Store - they need to scan
for SilverPush and release the results.

~~~
smilliken
Here you go!

8 apps with SilverPush currently integrated:
[https://mixrank.com/playstore/namespaces/com.silverpush.sdk....](https://mixrank.com/playstore/namespaces/com.silverpush.sdk.android/installs?expiration=2018-07-29&sharedby=scott%40deltaex.com&auth=709d8c7aa5e29ef2)

68 apps that have removed it:
[https://mixrank.com/playstore/namespaces/com.silverpush.sdk....](https://mixrank.com/playstore/namespaces/com.silverpush.sdk.android/uninstalls?expiration=2018-07-29&page_size=250&sharedby=scott%40deltaex.com&auth=b6a58a6e6e9a663f)

The FTC cracked down on SilverPush a couple years ago, which explains why
almost all apps have removed it: [https://www.ftc.gov/news-events/press-
releases/2016/03/ftc-i...](https://www.ftc.gov/news-events/press-
releases/2016/03/ftc-issues-warning-letters-app-developers-using-silverpush-
code)

------
TaylorAlexander
I noticed recently that a YouTube ad that played on my device had a high
pitched whine in it. Could have been an audio editing error, but I wondered if
it was some kind of trigger, perhaps to see if I am near others when it goes
off.

I really dislike being tracked. I wish it was easier to “go dark” and still
own a smartphone like device.

~~~
NetOpWibby
You and me both.

~~~
SquirrelOnFire
Check out light phone 2. Might suit you.

~~~
NetOpWibby
I’m still waiting on my book reward from their first campaign. Am not giving
them any money until I get what I paid for.

------
luddaite
I wonder if you could solder a low pass filter into the electronics that drive
the speakers in a TV in order to disable this sort of tracking. It might be
even easier if you have an external receiver.

~~~
bcheung
A lot of fingerprinting technologies use something called Difference of
Gaussian (a type of bandpass filter). However, in practice you capture
interest points across multiple bands (scale space).

Basically what this means is that interest points are in multiple frequency
bands.

A high or low pass filter is unlikely to filter out a significant number of
these interest points at other frequencies so the fingerprint is still able to
match with a fairly high confidence.

~~~
luddaite
If the fingerprint frequencies are in the audible range, wouldn't you hear a
brief humming when the fingerprint signal is being broadcast?

------
peterlk
Google, Amazon, and others who have speech-based "smart" devices don't even
need this. Just apply Shazam to commercials. I would be very surprised to
learn that they weren't already doing this.

~~~
reaperducer
_Just apply Shazam to commercials. I would be very surprised to learn that
they weren 't already doing this._

Shazam does this on both commercials and TV shows.

I've seen several times "Shazam this ad for more information!" at the bottom
of the screen.

~~~
codeisawesome
I think peterlk might be talking about a more sinister version where the
computation is performed without consent.

------
vuln
With all the Facebook 'We're sorry' on TV it's a no brainier. They want to see
if you're still surfing Facebook while they apologise. Also they can see if
the money their spending is effective.

------
ben509
This is a patent, no one has actually made it, and big corporations file tons
of patents just to have them. It's fine to keep an eye on it, but it's not a
big story because, fundamentally, no one has done anything or has concrete
plans to do it.

As bad as Facebook is about watching your every move, don't forget that
Gizmodo, as part of Univision, is also a large corporation incentivized to
push your buttons for money.

~~~
fao_
> This is a patent, no one has actually made it,

False. This has been in use by ad companies for quite a while now. One
implementation, Silverpush, was reverse-engineered three years ago:
[https://www.theregister.co.uk/2015/11/20/silverpush_soundwav...](https://www.theregister.co.uk/2015/11/20/silverpush_soundwave_ad_tracker/)

And the company advertised it's services a year before that:
[https://techcrunch.com/2014/07/24/silverpush-audio-
beacons/](https://techcrunch.com/2014/07/24/silverpush-audio-beacons/)

More sources: [https://arstechnica.com/tech-policy/2015/11/beware-of-ads-
th...](https://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-
inaudible-sound-to-link-your-phone-tv-tablet-and-pc/)

[https://thehackernews.com/2017/05/ultrasonic-tracking-
signal...](https://thehackernews.com/2017/05/ultrasonic-tracking-signals-
apps.html)

[https://www.wired.com/2016/11/block-ultrasonic-signals-
didnt...](https://www.wired.com/2016/11/block-ultrasonic-signals-didnt-know-
tracking/)

[https://arstechnica.com/information-
technology/2017/05/there...](https://arstechnica.com/information-
technology/2017/05/theres-a-spike-in-android-apps-that-covertly-listen-for-
inaudible-sounds-in-ads/)

~~~
ben509
Fair enough, though I meant "no one at Facebook".

~~~
fao_
Indeed, facebook most likely uses a variation of the method by Silverpush, to
subvert the copyright.

After all, they're known to use the microphone, but it's not known what they
use it for:

[https://www.computerworld.com/article/3079412/security/faceb...](https://www.computerworld.com/article/3079412/security/facebook-
advertising-microphone-itbwcw.html)

[https://www.independent.co.uk/life-style/gadgets-and-
tech/ne...](https://www.independent.co.uk/life-style/gadgets-and-
tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-
claims-professor-a7057526.html)

------
mhfs
Couldn’t be happier with the decision to delete my Facebook account.

~~~
a3n
Be careful next time you buy or shackle yourself to a new phone, it will
probably have an unremovable FB app. I see no reason why it would need you to
have an account to track and analyze you.

~~~
zepto
Not if it’s an iPhone.

~~~
mhfs
Agreed. Apple respecting user privacy at some level is a big decision factor
for me lately.

------
wyattjoh
From what I understand, this isn't a problem for users on iOS who haven't
given microphone access to the offending apps right?

~~~
fiatpandas
Would also like to know this. And even if you did allow access, there would be
the big red recording bar shown at the top of your screen when activated,
right?

~~~
rnet85
Nope, just tried this [https://quiet.github.io/quiet-
js](https://quiet.github.io/quiet-js) on safari on my iphone. It just asks for
permission, after that there is no indication that it's listening or not

~~~
coolspot
Tried the same. It has red microphone indicator in the URL bar.

Safari, iOS 11.4

------
jhowell
Neilsen has a similar API. Trigger your phone, send coordinate data when
inside a geofence. Sure it's for a better user experience.

------
dlhavema
did i misunderstand the fact that it needs the microphone on listening for the
signal to turn the microphone on to record another signal?

~~~
icebraining
That was my question as well, we must be missing something.

------
reaperducer
Oh good. It's the CueCat again.[0]

I've been meaning to do a blog post explaining why this wasn't the
technological disaster everyone makes it out to be. Perhaps this is an
opportunity.

[0][https://en.wikipedia.org/wiki/CueCat](https://en.wikipedia.org/wiki/CueCat)

------
Uberphallus
Yet another piece of previous art: the Spanish La Liga recording from the
phone app to identify unlicensed broadcasts:
[https://news.ycombinator.com/item?id=17296449](https://news.ycombinator.com/item?id=17296449)

------
cryoshon
yes, but facebook "cares about user's privacy" and people here on HN will
stick their head firmly into the sand and swear up and down that this is
somehow excusable.

violating privacy is their business model. there are no (zero) limits to the
lengths they will go to fulfill the end of violating your privacy whether or
not you are a user of their service. i highly doubt any user would knowingly
consent to this.

~~~
thewizardofaus
You can never get a free lunch. If you ain't paying for it, you're paying for
it with your data.

~~~
codedokode
This is a little bit outdated. Nowadays you pay with both your money and your
data. For example, see Windows telemetry. It even collects the full command
line for applications elevated through UAC.

------
madmulita
Can someone please explain to me why, if this is possible, I have to point my
remote control to the TV to make it do something?

------
taneq
"Imagines"

