Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Without doxing myself by giving too much info about myself away, I can say with 99% certainty that this is not happening with Facebook or Apple.

The remaining 1% is if policy changed in the past few years (read: < 3 ), or if there was some top-secret team that few knew about working on this.

In general, these cases are coincidences based upon one or some combination of the following:

1) Search history that became "subconscious" and the person forgot. Annecdotally, check your history and see if you remember _everything_ you've ever searched for...you may be surprised. Android especially saves more than you might think

2) Related searches or characteristics relevant to the market. Example: during Black Friday in the 'States, many people are searching for TVs, so Amazon or Walmart will probably serve you ads for that in anticipation. Let's say with 10% odds, 1/10 people will see this ad and think "huh - I was just telling my wife we need a new TV. How did they know?" Law of large numbers and such...

3) The person installed malware that IS collecting sound samples, feeding that data to an ad-server, and actually performing this malicious behavior - but it isn't necessarily FB/Apple/etc. You tend to see this more on Android, as the Play Store has too many apps with malware like this, but it can happen on iOS too if the user isn't careful about privacy permissions.

Hope that long response helps answer your question =)



Your item (3) definitely seems to match the current situation in the wild - FAANG companies are genuinely invested in maintaining their brand and reputation and so I do completely agree that they wouldn't tend to collect seemingly shady or 'underground' data themselves.

I think the definition of malware is blurring though. On some websites when I view the list of advertisers & third parties listed in consent dialogs, it's literally hundreds of them. There's no way to tell how many of those are equally motivated to protect user data and be on best behaviour.

It's also easy to forget that many users simply don't have the same understanding or reasoning about phone permissions that the audience on HN does.

I worry a great deal that we're walking into a world where older generations in particular are exploited by technology via a bombardment of settings and dialog boxes -- and that we're veering away from the real promise of technology, which is to provide clear, simple, fast and effective life improvements.


> I think the definition of malware is blurring though. On some websites when I view the list of advertisers & third parties listed in consent dialogs, it's literally hundreds of them. There's no way to tell how many of those are equally motivated to protect user data and be on best behaviour.

I worked on a side project a few years ago for price checking stuff. When I was working on the toys r us integration I noticed their site loaded insanely slow. So I dug deep and the site had dozens of hits to random urls. After doing a bit of spelunking - whois lookups, etc - the webpage was having my browser contact pretty much every major (or subsidiary of) tech company you could think of: oracle, ibm, cisco, facebook, etc. etc. etc.

It made me realize how utterly insane the web has gotten.


> I can say with 99% certainty that this is not happening with Facebook or Apple.

> The person installed malware that IS collecting sound samples

The Facebook app uses certificates that circumvent permissions. Any analytics package installed in the Facebook app could actually be listening and putting that on their ad server, making the Facebook app the malware that is collecting sound samples.

Facebook Inc. can accurately say "we aren't collecting" and may actually have no knowledge, and everyone continues to be misdirected.

Ironically, whether it was a package in the Facebook app, or from any other service on the phone, the ad-server is sharing the same fingerprinting across to all the other apps and companies including Facebook.


If i remember right when there was a 'scandal' last year - where journalist worked with transcribing voice data from google assistant recordings. They found out that it activated plenty of times without the key phrase(it is easy to see why it happens), and it did contain PII occasionally.

Probably by sheer 'coincidence', when google was being investigated - apple, samsung and few others shut down similar initiatives.

And with how hostile and profitable the advertising world is, I'll stay with 'guilty until proven innocent' mindset.


Did they also say that it was used for advertising? I don’t think it’s much of a stretch to think they would, but it doesn’t sound like a smoking gun.


You are saying, "Trust me I work with apple and facebook"

No, no trust, none at all, zero. This is not at all in any way personal and you're anon so it couldn't be.

Do you understand how that works and why? Pathological lying has taken place in the world's most successful bait and switch. Nobody agreed to this. Not a single person agreed to a surveillance state and the creation of a turnkey facist enforcement solution. The stasi couldn't have dreamed of having so much power.

Zero trust. Less than zero. Facebook and Apple (and others) have now been caught and are desparately trying to pretend it's all ok. It isn't. Not even close.

We now have to assume the content is lies, we don't have a choice. The fact you need to be anonymous in claiming everyting is really ok is telling.


Do you not trust anything on Wikipedia? Of course you can't ascertain 100% whether a comment is true or not but going around saying everything is a lie because Ad companies lie to you doesn't seem very helpful. OP wasn't saying trust me I work at Apple/Facebook they were saying: I had pretty good visibility into internal projects and the codebase and from what I saw that type of tracking wasn't going on. Of course you can only take that type of comment at face value but to assume it's a lie seems silly.

Not believing a PR/damage control statement from an Ad company on the other hand is probably the right thing. Now at some point Ad companies may start doing huge disinformation campaigns on social media with payed commenters but that doesn't seem to be the case yet.


You trust Google anytime you plan your way to the airport with maps.

“Zero trust” sounds cool because cynicism is often confused with smartitude. But it is impossible to actually verify even a tiny slice of the information you consume and rely on every day.


Conflating reading a map with a claim of "nothing to see here, there is no crime, trust me." is utterly ludicrous. But I think you know that.


Then I guess when you say “zero trust” you actually mean “some trust, but not enough for that”.


If you wish to deliberately play silly semantic games to obsfuscate the obvious and intended meaning there is no prospect of meaningful exchange of ideas. This conversation is well beyond sense in that if you have a point I have no idea at all what it could be regarding whether or not facebrick et al are criminal enterprises or you should not trust at all those who claim, anonymously, without any evidence at all one way or another. But especially when those claims are that facebrick aren't misbehaving terribly. Especially based on hard won experience and the mess we are now in. Espeically because we know they are desperate not to be seen that way and spend money to that effect.

But yeah, maybe it doesn't involve trust at the level of whether the letter s is actually q. Sure.


>> You are saying, "Trust me I work with apple and facebook"

The exact turn of phrase was "Facebook or Apple". Formally speaking, you cannot conclude that they are working for either, given they phrased it as a disjunction, much less that they are working for both.

So maybe let's not jump to conclusions about other commenters? Who knows what the GP meant by "doxing myself"?

(Note: formally, "A or B" implies neither A nor B).


FFS

the claim is "i have inside info at apple and facebrick therfeore trust me" The pedantic difference is utterly meaningless here but you know that.

The answer is you absolutely refuse to trust an anonymous person based on this claim. The end. Period. Yeah? Yes.

Interesting all the pedantic responses that have zero baring on that, including yours.

Trust was asked for. The only sane response is to refuse, publically and loudly.


Even if "trust no one" is good advice, it's certainly not evidence that Facebook or Apple listen to audio from your phone and use that to target advertisements.


Verify uisng evidence. Esepcially when dealing with the claims of an industry of pathological liars.

Especially verify if there are zero consequences for someone deliberately and falsely making a claim that this time there is no deception.

Deliberately false and misleading claims by facebrick, goog, apple and the entire internet advertising con-job is how we got to this point, remember. So maybe don't just decide to believe blindly when that has been tried before with the outcome we have.

The _denial_ is the thing that is not evidence. Whether it is happening or not the denial here is not worth electrons used to deliver it.

I make no claims at all about what /is/ happening beyond all these companies having zero credibility given their incredible bait and switch to produce an outcome that literally nobody agreed to.


I don’t really trust them more than I can throw them, however I’m inclined to believe in this case given the practicality of it. Capturing and parsing all that audio is expensive and would be low signal to noise. Additionally, many of these companies are sitting on data that is significantly more valuable and relevant.

So purely from a selfish business perspective, which is how I assume they make decisions, why would they implement this? And that is to say nothing of the PR risks.

What do you have leading you to believe it’s happening?

Or are you simply saying we should not implicitly trust the anon commenter? If so, I agree fully.


> Verify uisng evidence. Esepcially when dealing with the claims of an industry of pathological liars.

Verify what, exactly? Verify literally every claim someone else makes that Facebook denies? There's simply no smoking gun to indicate that they're listening to phone audio. It would be extremely surprising if security researchers had not discovered them secretly doing this, or that a concerned employee wouldn't have leaked it to the press.

I don't trust these companies either, but that doesn't mean I believe any and all negative claims made about them, particularly claims that don't have any evidence supporting them other than the occasional well-targeted advertisement.


So now flip it and decide whether you trust positive claims that facebrick are not doing whatever.

That is what we are discussing, here, now.

I don't trust those positive claims that facebook are not misbehaving. If you do, I can't help you.

Is that evidence of their nuclear weapons program? Obviously and clearly not. I have never here put forward evidence of their misbehaving. That continues to come regularly. Whether it is this or somenthing else more will come is a reasonble bet.

Should you trust them or anyone who says without evidence "we are doing nothing wrong" That is being addressed here.

Do you? Really?

So much pushback for taking exception to an anonymous defence with no evidence. Surely taking exception to anonymous claims with no evidence because "trust me" is what every single one of should do. Especially when we've been burned so very, very hard.

Until there are real consequences for telling lies trusting facebook denials is naieve in the extreme.

Fool me a 56th time what am I? An owner of a facebrick account.


Re: #2, it's also possible that an ad you saw and dismissed prompted you to start thinking about replacing your TV, and then a later ad from the same campaign seems like an odd coincidence.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: