Hacker News new | comments | show | ask | jobs | submit login
[flagged] Couple Proves Facebook Listens in on Conversations with Simple Experiment (theearthtribe.net)
54 points by sharjeelsayed on Nov 13, 2017 | hide | past | web | favorite | 52 comments

Post hoc ergo propter hoc.

This experiment is so full of flaws it's ridiculous. Here are just some of them:

* Pet food ads are extremely common. The chances of not seeing them are fairly low.

* The likelihood of them choosing that subject at random is also very low. It's more likely that they had seen an ad on the topic recently, but were simply unaware because of its lack of relevance to their lives.

* They didn't do a placebo. They should also have discussed another common subject, away from any phones, then waited to see if they were also served advertisements about that.

* Two days is arguably too long to wait to influence purchasing decisions of much needed groceries.

* Confirmation bias. How many scores or even hundreds of other subjects did they see in the same period that they had not discussed.

At least the "simple" in the title is not misleading.

I love everything you said.

It’d be so easy to structure a clean experiment to test this. Bad science sucks.

The video is really a flimsy proof IMO. We don't know what else they did with their phones between the start and the conclusion. Did they search for it somehow? Did they or their friends post about it somewhere? I've seen this video posted several times already but never found anybody replicating the experiment, only anecdotal evidence in comment threads. That's not very scientific.

I'm in no way a Facebook shill (I don't even have an account) but I doubt they're silly enough to risk the insane backlash they would get if people caught them spying on conversations when they shouldn't.

I mean, think about it, Facebook would be listening on all their users cell phones all the time, parse it constantly to isolate keywords (not an easy task at this scale, and would probably result in a comical amount of false positives) and then use it to show ads? And all that in complete secrecy?

Furthermore the video is more than two months old now, I'd expect that somebody would have found a harder proof by now, either by snooping on the network or even at the hardware level.

Facebook is still showing me ads to buy an iPhone, car, and a clock from my home country 5 months after I moved away and updated my location. If they can't get that right, I doubt they're able to gain anything useful from listening from my mic 24/7.

They know you're an IT-worker who could expose them.

So they know where I work but not where I live, even after updating my location and 5 months of location-tagged posts?

The level of mental gymnastics people are going through to hold their belief is astounding.

> “My wife and I took a random subject we had NEVER every talked about or searched online, and talked about it while her iPhone was on in the background. Two days later, our Facebook advertising completely changed over to cat food for a few days,” Neville wrote.

This is really unconvincing. How many hundreds of ads were they shown over two days until they were shown one in the category that confirmed their bias? Refreshing Facebook a few times now, I'm shown several ads for products and pages I have zero interest in which I don't search for or talk about.

Wouldn't Facebook randomly recording your conversations be a PR disaster for them as well? Seems like a damning and unfair claim to make with such flimsy evidence.

>How many hundreds of ads were they shown over two days until they were shown one in the category that confirmed their bias? Refreshing Facebook a few times now, I'm shown several ads for products and pages I have zero interest in which I don't search for or talk about.

And to go even further. How many ads of cat food have they seen in the days prior to their experiment that they did not conciously see but that influenced the "random topic" they chose.

There was a Reply All episode on this conspiracy theory recently.

My thing is, why does everyone get hung up on listening to the microphone? Facebook surveillance of users and non-users alike is more powerful and creepier than listening in on the microphone!

I mean at least people have some understanding of audio bugs. Nobody really understands the byzantine network of distributed opt-in web trackers and data brokers that Facebook uses to put together its compelling, yet deeply flawed dossier on every person.

If their experiment is N=1 then allow me to be N=2. The moment I heard about this I inserted "Toyota" into nearly every other sentence with a couple of friends of mine. No ads from Toyota yet. Now that I posted the word twice here my experiment of course has ran its course.

Does it work with brands, too? Why would Toyota show you their commercials if you remember them so well?

Okay I just said "adult diapers" three times around my phone and still no related ads are coming up.

A positive result would require Toyota to advertise on Facebook, yes? This may not be the case.

A better question may be car-related ads.

Perhaps Toyota just didn't pay for this scenario? Or you're not in their current demographics?

Every time an article like this hits HN, one of the standard responses is how trivial this would be to check doing network analysis.

I'm curious if anyone has ever actually gone and done the so-called trivial network analysis to check it out?

I don't think it would be that easy. If this is done "the right way", then facebook processes audio locally and only uploads keywords every once in a while. The traffic would be indistinguishable from normal https traffic between your phone and their servers.

Also - Facebook is likely doing SSL Pining so it isn't easy to unpack their SSL traffic either...

Also - The Facebook App itself is heavily obfuscated making the task of rooting through the source code very difficult to try and discover what is going on...

Not an easy task at all...

(Although I doubt they are actually recording sound)

Nope. Their traffic and energy consumption is very distinguishable. It's like 3x higher energy usage with the Messenger App running. Don't know the exact data volume usage, but it's also significantly higher.

Decrypting the SSL traffic is a bit too hard.

That's why every privacy concerned citizen uses chrome with the mbasic.facebook.com url.

Note that this will be hard to generalize without some type of proof that different devices are running the same software. (different automatic updates pushed to different people? Some sort of A/B test? We cannot be sure without verifying hashes of the software)

Isn't this trivial to check if you just inspect the network traffic?

This is exactly what I would imagine. What is it about this topic that causes HN-types to drop all sense of logic and critical thought?

People have been claiming Facebook eavesdrops on conversations for years now, yet no one has been able to technically prove it. Facebook is a huge target for people to 'decompile', reverse engineer and sniff network traffic, which has been done multiple times, yet no one has been able to identify this.

This is of course ignoring the fact that its 'supposed' to be impossible for iOS apps to use the microphone without the status bar from going obviously red. It would be extremely surprising if there was a venerability that only Facebook knew about that they were exploiting to bypass iOS.

They might have a neural network that preprocesses the input first; then it would be quite difficult to understand its output.

If you mean doing speech to text on the device then that was my first thought as well. But DSP isn't cheap and we are talking about serious battery consumption. Even if they cache audio and only process it while the phone is charging then they would still need the algorithms baked into the binary (researchers could find em) unless they somehow sidestep the app stores not allowing remote code to be loaded.

They could have a really cheap algorithm that just tries to inexpensively match audio fingerprints in windows of audio. I guess if you have trillions of hours of audio it's ok not to inspect every minute to the fullest extent.

It's an interesting problem to think about but as other hackers have mentioned: why would they risk doing it in secret? They could just update the EULA.

If (it's not) it were true it wouldn't have to be sent in clear text or even at once though. There's tons of ways they theoretically could send data that wouldn't be obvious from looking at network traffic.

That would mean Facebook would have a natural language processor that works and fits on a phone. I thought that's way past the state of the art atm. Otherwise you could just look for large amounts of data being sent to their servers.

Custom CAs being ignored for the applications makes it a bit difficult so not trivial but possible by modifying the app.

I saw this on reddit a few days back, and showed to family members who are less technically inclined and hopelessly addicted to facebook. It seemed to hardly bother them, as they continue to use it the way they have been - shaping their life choices based on the chosen moments of others' life. What concerned me was they found the advertisements "very useful", as it reduced the time spent searching for goods they wanted to buy. I haven't been able to put up any argument convincing enough about why this trade off is bad.

Metaphors, I think could have a better result. One that I have thought of is: If this was a job position, and one candidate could buy their chances of getting picked - would it be fair to the other candidates or the company? It only profits the broker.

Any other convincing argument I can put forward to get them thinking about it?

Ultimately, all arguments come to the fact that "keeping in touch" is so much easier with facebook - and I do not have an alternative that I can propose. Note I use the word argument as any discussion I have tried to initiate becomes an argument very quickly.

If you really don't want Facebook listening to anything you say at any time, you can turn off the app's access to your microphone.

In iOS, go to the Settings panel, find Facebook, and slide off the "microphone" option.

On Android, go to "Privacy and Safety" in Settings, find the microphone section under the app permissions panel, and toggle off Facebook's access.

Well, the premise of these claims is that Facebook is bypassing system protections (which I highly doubt they're doing) to listen without notifying the user. If they're doing that then surely they can get around microphone being shut off for the app.

Again, I would be extremely surprised if they've managed to do this without anyone finding out. iOS and Facebook as just too big of a target for this to stay with just them.

Here's a wild speculation:

What if Facebook is only doing this to people it profiles as non-technical and therefore unlikely to notice it?

Taking the app apart might not even be good enough since in that case those not receiving surveillance may not even have the code for surveillance. (Apple's store technically bans such practices, but this is Facebook we're talking about.)

I once joked with my friends about something similar to this. The best target audience to attempt something like this one would be people who are really big into conspiracy theory's and would have any attempts to bring something like this to light immediately shot down due to their other beliefs. It would be pretty simple for facebook to flag users that match a profile like this just off their likes and profile activity!

One of the best ways to cover something up is to have someone with "negative credibility" break the story. There's been a persistent rumor for years that some tabloids have ties to intelligence agencies and pretty much exist for this purpose.

Wasn't this covered before and it was something like Facebook analyses audio from messenger for modulated id codes in adverts that may be playing in the same room? (ex, find out what TV station they've got on in the background, deploy adverts based on said station's demographic) That sounds way more probable than running speech recognition on everything. Even then I think they would only do it if the app had focus.

I cant watch the video, but in general I dont take anything seriously on a horoscope website.

Still this seems like a good time to point out that mbasic.facebook.com exists.

The page would convince me more if it didn't appear in its own "popular posts" section between two articles about horoscopes.

It sounds to me like the kind of thing targeted at people who believe an article because it has "proves" in the title and one data point in the contents.

I do not think it likely that Facebook could pull this off without either Apple or Google noticing.

This sort of articles always end up with people doubting that Facebook actually records audio, me included.

But somehow it seems even scarier how much information facebook can scrape without having to record audio. They can read chats and emails, track your location and daily routine, they buy data from credit bureaus, track which sites you visit... And on and on it goes.

The article states as "proof" that it is possible to eavesdrop is based on what the FBI could do in 2006. That was before the first iPhone or Android reached a customer.

Is FB somehow able to hide the notification that the iPhone displays on the top when an app is using the microphone?

Direct YouTube link when theearthtribe.net is suffering the HN hug of death: https://www.youtube.com/watch?v=U0SOxb_Lfps&feature=youtu.be

On a related topic, I was looking for a rental car and was googling related keywords, and then 30 minutes later chat bot from some car company messaged me on Facebook. Can someone explain how it is possible, how did they know my Facebook account?

Couple Alleges Facebook Listens in on Conversations with Alleged Simple Experiment.

Yawn, nonsense.

They obviously just used deep learning to predict these were the kind of people who would want to do a cheesy video, and predicted cat food was an obvious topic they’d pick.

I've bet they discussed with friends on instagram/whatsapp, how they are gonna do experiment with Facebook, about cat food. :D

Sorry but this doesnt prove facebook doing it, unless only app on the phone is messenger.

Android doesn't give access to always-on microphone, right?

If the user has given permission for `android.permission.RECORD_AUDIO` then it should be possible to use a MediaRecorder in a background service?

My first impression was that an always on microphone would murder battery life. Only recording when there is sufficient noise level and batching recordings before uploading might work, though. Plus keyword extractions sounds a lot easier than full speech recognition. A sleeping app I tried before could record background noise to check for snoring and that only added a couple percent of battery usage.

Also, facebook messenger murders battery either way.

Also on many phones turning on the mic would prevent any sound to the speakers. So users will immediately notice something is wrong.

No, and the battery usage should make it very obvious if the microphone is always on.

One day someone is going to write some Android malware that does system level power optimization to cover it's tracks. The only means of detecting it will be to observe abnormal battery life on your Android phone. People will start freaking out when their phones start lasting all day. It will be madness.

neither the iphone. This article is bullshit

Prove it at least a x>1 times, a little more please.

Could this not just be a coincidence?

Source: David Wolfe

Case dismissed.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact