Hacker News new | comments | ask | show | jobs | submit login

I have always assumed that Facebook uses heat maps to track what is under your pointer. Doesn't every serious site do that to gauge user behavior, interest and interface utilization? I guess the difference is FB is putting it in an available data set along with everything else about consumers' individual lives.

More interesting is "a patent held by the company states that the Facebook app uses voice recognition algorithm, which uses audio recorded by the microphones, to modify the ranking scores of stories in users News Feed." and their speculation that Facebook could soon reveal details about their use of surreptitiously recorded user audio.

Facebook makes a curiously specific denial about audio, which is that it is not used for advertising. Considering their entire business is basically advertising, what does that leave? But all they mean is ad selection. When they were found to be recording audio during the posting of statuses, I believe they claimed it it was so they could recognize the music you were listening to, and know something about your mood. So for a long time, I have thought that they use audio to select other content, like friend suggestions, or to inform the selection of stories that appear on your newsfeed.

Like heat mapping a visual UI, there are a lot of people out there recording audio.

However, I think that I disagree with you on whether or not sharing the data is important. If you are heat mapping me, like facebook and probably everyone else from Microsoft to CNN and FoxNews does, or you are recording me like everyone from Facebook to Samsung does, I'm sorry, I've got a problem with it. I don't care if you don't share that data. I don't want Samsung recording what's going on in my living room. Doesn't matter if the data isn't shared. It's just the principle of the thing.

It's gotten to the point where I actually purchased a certain model of Sony TV, because the teardown verified that there is no microphone in it. Then I tossed the remote control and got a generic remote with no voice control.

People joke about me being paranoid, but I'm not paranoid. Sheez... I'm old and boring, I know that no one cares about what's going on in my house or on my computers.

I'm just stubborn.

Why let the privacy invaders win?

I'm on your side mate. Everyone seems to think people like us are nuts. Only time will tell what side of history we were on. Be the change you want to see in the world and all that. Big faceless corporations make me uncomfortable in general; having their tentacles in my home, with my family, makes me even more uncomfortable. Don't pitch me any nonsense about trying to provide me with a service because that's absurd: you literally have to use technology to be a part of modern society. There's no option. I don't care if people think I'm a wacko for being privacy conscious, I think they're wacko for the opposite. Even if there is no future horrible implications of the surveillance state, which is hard to imagine, I think just trying to exist without having every micro detail of my life profiled by what seems like every mega international on the planet is a worthwhile ambition.

I got carried away and rambling but I mean, come on. Mouse movements? Really? I suppose you have to give them credit they are creative in a very perverted sense.

Not only that, but it makes the sites literally unplayable on most devices and computers manufactured more than like 2 years ago. The technical bloat is horrendous.

May I ask what model of television that was? Might be worth getting one myself.


You need to be careful though because the microphone is in the remote control instead. So buy the remote control WITHOUT voice control, get rid of the remote that comes with the TV, and you're good. There will be no mic's in your tv setup. (This will cost you a bit extra. About 20 or 30 bucks for a generic one.)

A second problem is that it is a smart tv, so you have to make sure to NOT connect it to the internet and get your smart services via a box you control. (I haven't been able to prove that Sony siphons smart data usage from its tv's the way the Samsung Android tv's do, but it is technically possible for them to do so.)

In any case, under no circumstances should you get a samsung. You can't even use those tvs without the privacy invasion equipment activated.

Thank you for sharing this information. I have a 10 year-old tv that I might get replaced soon, so your comment is very helpful.

>You can't even use those tvs without the privacy invasion equipment activated.

Could you elaborate further? If I don't connect a samsung smart TV to my network, shouldn't I still be able to use it as a normal TV?

Thanks. I'm in similar circumstances to jake_the_third and have been wondering for some time about how to find a decent television that's not full of this.

Indeed, I would never buy a Samsung smart TV (or phone).

I agree with all of that. Personally I don't even use a smart phone because of the lack of controls over knowing what or who is tracking whatever crazy shit. I either carry a laptop or a netbook when I go places, which isn't perfect still, but with proper precautions is fairly secure.

I don't do anything im worried about people finding out, but that doesn't mean I want to let them listen in either. Maybe if someone was upfront about it from the beginning or showed us what they were truly doing, but seeing how shady it all seems to be makes me assume they are doing shady shit with it.

The difference is how the data is used and the whether it's associated with an individual's permanent personal data. If it's only gathered anonymously and used for internal UI improvement, that isn't objectionable. At the other extreme, association with a real-world individual enables many uses that are potentially harmful, such as unmasking those who legitimately prefer to be anonymous.

Edit: I wanted to add that I didn't intent to focus on whether the data is shared. I think FB having and using it is bad enough, especially if they're ubiquitous. Also, once anyone creates such data, other entities such as governments will seek to obtain it and likely do so eventually.

Anonymous data is one identifier or clever match away from identification. This is particularly severe for sites/services/hardware that records audio (man, who would knowingly allow that kind of abuse??), but it can apply to mouse tracking too. Mouse tracking fingerprints could be used to re-identify all sorts of other things.

It depends how much data is collected in the first place, and how much is available to the person trying to break anonymization. If I'm not mistaken, everything is deanonymizable with global traffic analysis.

For some people, there is no difference ultimately. Because it's not that they aren't doing anything malicious with the collected data now, it's about the fact that they CAN do it if they desire to (ethical or not) in the future--the data is being collected, stored (perhaps indefinitely), and will always be accessible. In a world where capitalism reigns, to think that any large corporate business would treat our data with the best care and in our bests interests seems a little silly. I have always held the belief that businesses are not people and it's reasonable to expect that businesses may not be inclined to always do the right thing, especially if it gains them more money and power.

I'm picturing the minimum being a system that collects nothing more than a mouse movements, rather than also IP address, full URL, user account, and other details that could easily tie it to a person. I mean more the minimum as an abstract ideal, than something anyone actually does.

There is no such thing as anonymous data. The belief that something is anonymous is simply an aspect of statistical ignorance or naiveté.

And, since we can't know in advance all the ways data can be combined, recombined, projected, and analyzed there is no such thing as informed consent to use said data unless specifically restricted to a single analysis using only given data.

I realize this, but I can picture a bare minimum store of heatmap generated data that would be extremely difficult to use for anything other than knowing what people on the website clicked on. Indeed, the more info collected, the more likely someone can combine it with other data to make broader conclusions.

Such as, any time you store a precise time in connection with user actions that has privacy implications. I picture simply not recording the time or exact URL. If the system is designed without any sort of privacy in mind, and just records whatever data is convenient and too much, that's easier to abuse than one that intentionally records a minimum with privacy in mind. I agree it's amazing the way all of this can be subverted, and yes, I realize that HN is stocked with data scientists who are more knowledgeable about this than I am.

Perhaps a noob question but doesn't the browser ask for permission to use the microphone? And hence: they can't really listen in if you haven't given it explicitly.

If you attempted to record a video once with the Facebook app, it then has the microphone permissions forever.

Plus: At least Instagram and Messenger will force you to enable the microphone to let you use the camera even if just to take pictures. Now I always take pictures from the Camera app and simply load it into the app instead of giving them permission to use the microphone.

Can apps with access to the camera simply record video and audio whenever they want, even while running in the background?

Yes. AVFoundation provides both a turn-key camera UI view and direct control to the camera and microphone.

Correction: Not in the background, but it could do it silently while the app is in the foreground.

Looks like Android P blocks background access to camera and mic too: https://www.theverge.com/2018/3/7/17091104/android-p-prevent...

I can only assume that up until P developers could record both sound and video in the background. That's some scary shit.

[edit] Why isn't there a system level visual indication or audit trail of any camera or mic access? Surely this would be trivial to implement, you could even disable it if you just didn't give a toot about privacy at all.

Indeed. Finally in Mojave Apple is adding direct control over which apps have access to the camera and microphone, but in general iOS is miles ahead of macOS in regards of privacy control.

This is just truly bad if they use the this permission to then record you without knowing! You gave the permission to take a video when you wanted to, not when they want to..

I wonder if the apps and browsers will get a "grant access for 5 minutes" setting, so that one can feel safe with the services of these services. EDIT: Or maybe lock-screen/pulldown-screen (or whatever it's called) notification that has a "remove permission" button so that you can remove it when you're done.

Firefox has both the option of granting the permission only for the current pageload (this is in fact the default behavior!) and exactly the "click the icon and revoke the permission" behavior you are asking for once you have granted the permission. So "browsers" already do this, for some values of "browsers". l)

[Disclaimer: I work on Firefox.]

Many permissions like that are used in ways a typical user doesn't expect. Companies will explain it away by saying you agreed to it in the terms of service, although it's generally acknowledged that almost nobody reads or understands those terms for any company. For example, most people don't realize that when you give an app read access to your photos, it probably will scan every single one of them for data and upload it to the app's maker. Practices like this are so common that I don't even think the developers understand that they're abusing users' trust.

On macOS Safari, any location request through the browser API (not based on IP geolocation server-side) only gives the option to allow it for a day, not permanently. It's a start.

Does it?

In Firefox you can grant the permissions once (for the current page only) or grant them forever, your choice. If your browser doesn't offer that choice, that's a problem with your browser.

[Disclaimer: I work on Firefox.]

You are assuming the facebook.com page. He was talking about one of their apps.

That's fair, now that I reread his comment, but he was responding to a comment that was talking about browsers, not apps...

Is it like this in Android, iOS or both?

I’m pretty sure iOS doesn’t let you access either the camera or the microphone without displaying a banner.

Only the first time, then any use is permitted while the app is in the foreground (on iOS at least) unless the user manually disables it.

"Facebook App"

Webtrends had a product that launched, I wanna say more than 10 years ago, that generated heat maps of mouse movement

The media and general public seem to be 10-15 years behind when it comes to understanding how the things they rely on, and the tools being used to “improve” them, work

Though IMO, a lot of the blame is on Facebook and the whole lot for avoiding discussing openly in order to avoid fallout. Just asking customers too is out of the question, of course. Cause BIG Corps are smarter than their customers

Only once you’re “too big to fail” can you be honest about your shady BS

> "a patent held by the company states that the Facebook app uses voice recognition algorithm, which uses audio recorded by the microphones, to modify the ranking scores of stories in users News Feed.

Does the patent really state that Facebook does that, or Facebook spammed the patent office with obvious ideas about how they could do that. Big tech companies have loads of trivial patents on stuff they have no firm plans to build, just to stake out IP territory.

> I believe they claimed it it was so they could recognize the music you were listening to, and know something about your mood.

When did this happen, and why wasn't it frontpage on HN and all the news sites?

I don't know, does the patent state that? We should find it and read it.

As far as the status audio, I'm sure it has been discussed on HN. I don't have the time to dig up all the info right now but here is FB's take on that: https://newsroom.fb.com/news/2014/05/a-new-optional-way-to-s...

Audio might be used to locate users that are nearby (and hear the same sound). Or to detect what TV program/radio/music is the user listening to. Both of these of course are invasion into user's privacy.

I feel like they even want to know the basics, like whether you are in a loud place or a quiet place.

Just to be clear - users had to give explicit permission for that status update recording feature back in 2014. There are no external apps that can record audio on Android without permission unless Google explicitly whitelists the permission for the app. This never happens because there is no use case where the user shouldn't know.

One bad thing about this system for Android is how much control Google has over permissions - for example, their own built-in Shazam...

Facebook's various apps ask for the microphone permission, anyway, for other reasons. How could we verify they aren't recording or analyzing audio at times?

They are using speech spectral analysis to gather emotion context from users, used in conjunction with syntactic emotional features to tailor ads based on user mood.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact