• Ilandar@aussie.zone
    link
    fedilink
    English
    arrow-up
    73
    arrow-down
    3
    ·
    2 months ago

    As a reminder, this entire story is still only based on the reporting from 404 Media who themselves have been unable to confirm whether any of this technology actually exists or is in use. The journalists investigating this story (not the outlets republishing it with clickbait headlines) are not convinced themselves and have suggested it could also be a case of CMG tech bros trying to hype their company by shipping around proof of concept marketing material to other tech companies. Ford has patented similar technology but again, there is no proof that this is actually being used currently.

    I have seen this shit reposted multiple times all over Lemmy as “dEfiNiTiVe pRoOf” but seemingly none of the people who share it or comment have actually read the original articles themselves or listened to anything the 404 Media journalists have said about it. This is not proof, this is a developing story which requires proof for the conspiracy theory to be confirmed as real.

      • Ilandar@aussie.zone
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        2 months ago

        Yes, that is a more rational take. Though it is from last year, based on the original 404 Media article (not the update from this year which OP’s article is piggybacking off). I would encourage people to just read the 404 Media articles or, if they can’t do that, listen to the 404 team discuss them on their podcast. When you get away from all the clickbait headlines from people trying to make money off 404’s reporting and actually listen to what is being said by the people who know more about this story than anyone else, it becomes pretty clear that this isn’t the slam dunk so many privacy illiterate people on social media would have you think it is.

          • Ilandar@aussie.zone
            link
            fedilink
            English
            arrow-up
            6
            ·
            2 months ago

            404 are investigative journalists, they don’t just report 'news" - they actually go out and find it. When they published the original story they asked for people to contact them with further information, as investigative journalists do. This isn’t reporting the exact same story again, it’s an update to the original story based on new information they’ve acquired.

          • catloaf@lemm.ee
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            2 months ago

            There’s nothing new, news sites are just rerunning the same story because it gets clicks.

  • MajorHavoc@programming.dev
    link
    fedilink
    English
    arrow-up
    53
    arrow-down
    14
    ·
    edit-2
    1 month ago

    In summary: Google, Amazon and Meta all deny that they directly access your microphone, and all three failed to actually deny purchasing voice data from third party apps that definitely do use your microphone and pair that with your ad targeting profile.

    This is getting more attention because an internal slide deck from Cox Media Group was leaked. Based on the nature of leaks, it’s safe to assume that Cox isn’t the only organization up to this, they were just the least careful.

    So yeah, they’re listening to anyone who isn’t incredibly careful what apps they install and what permissions they give those apps.

    Exactly as we all have suspected for years, while they gaslight us promising that they definitely don’t.

    Notice that they’re still denying it, and trust that as you will.

    • bdonvr@thelemmy.club
      link
      fedilink
      English
      arrow-up
      32
      arrow-down
      2
      ·
      edit-2
      2 months ago

      Someone back this up with proof. Security researchers would’ve noticed this. They’d’ve had to have hacked their way around the microphone permission systems and microphone use indicator (depending on OS) on your phone and upload that data without being caught by security analysts. That kind of bug would probably be worth a fairly decent bounty too.

      The article talks about a slide in a PITCH to advertisers. But not a concrete system. Then it goes on to say advertisers bought a dataset from other sources. What dataset? From where? It doesn’t say. Transcriptions from voice assistants? Maybe. But without hard evidence I don’t believe random apps are just recording clandestinely in the background. But people want to believe this so writing shitty unsourced articles with click bait titles and tenuous-if-I’m-generous linking of weak facts lacking entirely in context generates lots of clicks.

      • MajorHavoc@programming.dev
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        3
        ·
        2 months ago

        Security researchers would’ve noticed this.

        They did notice. Malicious apps that use everything they can to spy on you are old news.

        To your point - this isn’t confirmation that any of the big players are listening directly. That would probably have been caught by security researchers, although it would be really difficult in Google’s or Amazon’s case, as they run proprietary software at a very low level.

        The news here is two fold;

        1. Cox got caught buying that data, and when confronted about it, Google, Amazon, and Meta all failed to deny that they also buy that data from those malicious app makers.

        2. This is strong evidence that someone is routinely collecting that data. That’s news. We’ve suspected for awhile that, at minimum, the malware apps do. Occam’s razor says at minimum, we should now assume many malware apps are using microphone to collect speech and submit it elsewhere for analysis.

        The unprovable part of this that smells much worse is: a kid in a basement writing malware does not have the computing power to turn tons of raw voice recordings into useful correlated data.

        That kid needs an ally with a lot of computing power. Google, Meta, and Amazon all have a motive here and have the necessary computing power.

        And all three worded their denials pretty carefully, I noticed.

        • bdonvr@thelemmy.club
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          2 months ago

          Cox got caught buying that data, and when confronted about it, Google, Amazon, and Meta all failed to deny that they also buy that data from those malicious app makers

          But what is that based on? This paragraph?

          A spokesperson for CMG told Newsweek that “CMG businesses have never listened to any conversations nor had access to anything beyond third-party aggregated, anonymized, and fully encrypted data sets that can be used for ad placement.”

          I don’t think that explicitly means they had datasets made up of clandestinely recorded conversations in the wild.

          third-party aggregated, anonymized, and fully encrypted data sets that can be used for ad placement.

          Really could describe ANY possible set of tracking data… Unless you put this quote into a clickbaitey article and strongly imply it’s something sinister.

          • MajorHavoc@programming.dev
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            edit-2
            2 months ago

            You’re not wrong to give the benefit out the doubt and believe their PR person isn’t lying.

            But I’m not inclined to give that benefit of the doubt. I don’t trust these folks farther than I can throw them. I don’t, myself, need proof, to believe they would try this crap.

            And this is definitely evidence.

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        9
        ·
        2 months ago

        What bug? It’s super easy to do this in an app that already has access to your microphone, like Whatsapp, then extract only keywords from conversations and send them to Meta packed as innocuous numeric codes piggybacking on the overhead of encrypted connections.

        A single byte here and there is all you need to know people were talking about cats, or perfume, or shoes etc.

        Whatsapp protocol, app and servers are closed source, and Meta apps will download and compile native code upon installation, which escapes normal JVM restrictions and does God knows what.

        On certain brands of phones (like Samsung) Meta apps come with a manufacturer-preinstalled system stub that can do pretty much whatever it wants, but is typically used to elevate the rights of Meta apps that were installed via normal means and to collect information from them as well as any app that’s running ads from Meta.

        And this is a company that’s a third party to the Android ecosystem — it’s a lot easier for Google themselves, who are datamining the shit out of everything you do on a phone, from second-by-second location to email. And Meta is datamining the shit out of absolutely everything you put on Facebook and Instagram, in spite of any fines and sanctions. And Microsoft are datamining the shit out of everything you do on your PC and they’re openly pushing Recall and Copilot and have been pushing Cortana for so long.

        What do you think Cortana and OK Google were listening for?.Hell, Amazon and Google were both caught storing recordings of people’s conversations in the beginning, before they started hiding it better.

        So you’re being watched in every way possible in every single thing you do that touches any technology from these companies, we have countless documented instances of them breaking privacy in heinous ways like giving up people to authoritarian governments and to anti-abortion governments in the US and so on…

        …and you’re seriously wondering if they’re snooping on your conversations? They have every means at their disposal, they’re using it every second, and you’re wondering if they’re doing that too?

        Why wouldn’t they? It’s obvious that we live in a world where it’s ok to ask forgiveness (and you’ll get a slap on the wrist, if that) rather than permission. What would possibly compel them to not do it?

        Consequences? What consequences? We already know for a fact they spy on so much stuff and we keep using their tech. There are no consequences.

        • bdonvr@thelemmy.club
          link
          fedilink
          English
          arrow-up
          13
          ·
          2 months ago

          I’m not interested in conjecture I’m interested in facts. Get me some research papers. Get me some court docs. Something.

          • catloaf@lemm.ee
            link
            fedilink
            English
            arrow-up
            11
            ·
            edit-2
            2 months ago

            Even a tweet from a security professional with a screenshot of Wireshark would be nice for a start.

      • MajorHavoc@programming.dev
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        10
        ·
        edit-2
        1 month ago

        But without hard evidence I don’t believe random apps are just recording clandestinely in the background.

        I certainly do. Malware attempts to record you is old news.

        We have always assumed voice was off the table for practical reasons - voice recordings are expensive to decode and correlated usefully.

        Cox has particularly deep pockets, which makes this interesting.

        I do actually agree, this really could just have been a vendor bullshitting. Normally I would say Occam’s razor points there. But Occam’s razor points the other way, to me, when I consider that basically everyone I know has experienced a voice targeted ad.

        The big ugly question is which apps are recording voices?

        It might just be name squatting spyware. I haven’t seen confirmation that any do this, and I always assumed it was too expensive. Maybe it still is, but my guess is Cox isn’t the only ones who got that sale offer.

        The creepy part is, if you’re not inclined to take Google, Amazon, and Meta at their word, then one wonders what other apps are recording voices…

        Here’s the conspiracy part:

        • Apps by Meta famously ask for more permissions than they should reasonably need.
        • Both Google and Amazon publish operating systems that promise us they are enforcing our permission preferences, while definitely collecting more behavior data than most people would feel comfortable with, if they were aware.
        • We know that all three companies thrive on tracking our behavior, and selling what they learn.
        • One of the three had to change it’s corporate slogan away from “don’t be evil”.

        The conspiracy emerges when we look at these data points and squint a little.

        Edit: I think many of y’all are in denial about how much you shouldn’t trust Meta apps on your phones.

        We know Meta wants to use things you say to build an ad profile. We have evidence they don’t have any moral qualms about doing it. We know they have unfathomable terms of service and closed source apps.

        And now we know there’s been at least one closed door conversation about buying the recordings that supposedly don’t exist.

        I don’t have proof but I also don’t have any apps by Meta on my phone.

    • umami_wasabi@lemmy.ml
      link
      fedilink
      English
      arrow-up
      6
      ·
      2 months ago

      At least I want to see some proofs my voice data being transmitted over some medium. Those slides are ads created by ad company to potential ad clients.

  • catloaf@lemm.ee
    link
    fedilink
    English
    arrow-up
    29
    ·
    2 months ago

    tl;dr: no. The article shits all over the question. Newsweek is still trash.

  • 9point6@lemmy.world
    link
    fedilink
    English
    arrow-up
    36
    arrow-down
    8
    ·
    2 months ago

    No, people are just super predictable, that’s why it feels like it has to be spying sometimes.

    No one has ever managed to prove this is actually happening and people have been paranoid of this for over a decade now. Someone would have 100% found some evidence by now.

  • Sterile_Technique@lemmy.world
    link
    fedilink
    English
    arrow-up
    33
    arrow-down
    13
    ·
    2 months ago

    I’ve heard and experienced WAY too much supporting anecdote to just wave it off as confirmation bias. Official statements by telecoms and such be damned, this shit is 100% happening.

    • linearchaos@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      4
      ·
      2 months ago

      So I have never experienced it at all. But my wife, at least once a week will mention something random and get an ad for it. If it were just purely confirmation bias I should be seeing the same biases.

      The last one last week she mentioned checking out a certain store 10 minutes later she got around to searching for it. Google auto completed “where can I” with find (whatever store she was looking for) It was the first time she had typed it in and it was dead on what we had been talking about.

      It’s definitely not everyone and everything every time but it happens in awful lot for coincidence.

  • liveinthisworld@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    20
    arrow-down
    9
    ·
    2 months ago

    I do not see why everyone wants to deny this and trust big tech. After you lot completely brainwashed?? Assume the worst, that malicious applications are recording both your microphone and your camera, and do the best you can. Anyone even taking Meta’s/Google’s side here is absurd to me.

    • MimicJar@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      2 months ago

      It’s not trusting Big Tech, it’s understanding that Little Tech can also lie.

      Cox Media Group wants to hype up their product and use AI buzzwords. To be seen as reliable they say that they work with Google, Amazon, Facebook, etc.

      The report is basically CMG saying they can do X, and everyone else calling bullshit. (And in response CMG clarifying “No, we don’t actually do that” and then also removing the companies they don’t actually work with.)

      It isn’t definitively saying they don’t, but also isn’t saying that they do. You can assume the worst if you like, but that doesn’t mean the worst is actually true.

      Is it possible this type of spying exists? Yes. Is it possible this is a cover up? Yes. Do we have actual data to support that? No.

      Tomorrow an investigation may reveal otherwise, but for now it doesn’t seem to be the case.

      • liveinthisworld@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        6
        ·
        1 month ago

        And because some random report from a third-party who is just as interested in profit said something that matches the worldview of the general masses is out, you’re going to believe them?

        I don’t care what “tech” it is, they are incentivized to lie and you know it. I am still baffled at how absolutely anyone takes the word of corporations to heart

        • MimicJar@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          1 month ago

          Yes? I’m forming my opinions based on reporting. You’re basing your opinions based on opinions.

          Again I’m not saying you’re wrong. Look at the information Snowden revealed. Before the reveal it was conspiracy theory. Now it’s fact.

          This reporting isn’t fact, it’s reporting in progress. At the moment it doesn’t find the always listening allegation to be true, but not impossible either.

    • atrielienz@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      1
      ·
      edit-2
      1 month ago

      Because the amount of data use alone would be so astronomical as to be very obvious. Unless it’s specifically recording you locally and then uploading that information when you’re on wifi (which would be obvious too because of the slow down it would cause, the amount of bandwidth it would take up (making you hit data caps with your provider and throttling your service), and the fact that most phones just do not have that much storage and don’t have a slot for added sd cards anymore. Feasibly it doesn’t make sense for a handheld device to be recording everything you say passively. Your battery alone would have to last several weeks of normal use.

    • skuzz@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      2
      ·
      2 months ago

      It’s surprisingly easy to use adtech without voice and make a connection to serve a targeted ad. Had a friend ask me about what I was drinking. They were on my guest wifi network. They searched for it. Next day, I’m getting ads because of geoIP pinned my IP address as having an interest.

      Also had someone that lives off the grid with no active network or devices watch a DVD of a movie and the entirety of their Internet connectivity was two cell phones in the room. They started seeing things related to the movie. They’re older and not constantly on their phones. The phones just sit somewhere in the room.

      Had a discussion with some tech friends a few years back and remarked that keeping awake to do this would take a lot of power. The EE mentioned running audio recording would take basically nothing. I expanded from there, the device uploads audio for off-phone translation to text, or queues batch jobs to process locally when power is high enough or on charger. Etc.

      It is 100% probable that code runs on phones and just ships off amalgamated text frequency charts or entire conversations and the user won’t even notice the battery dent.

      That being said, I can’t find even in the greediest capitalist money-claw that the person giving a go would not think, “well, I can’t trust my own device anymore…” and maybe go: “yeah, I shouldn’t do this.” Maybe I’m too optimistic though.

      • liveinthisworld@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        3
        ·
        1 month ago

        How do you think your friend in the woods got the advertisements?

        And yes, I still think you’re too trusting of Big Tech. They are 100 times more vile than you think they are. THEY WILL do everything they can, and this is nothing to them.

        The funny part is nobody wants to believe me and instead want to trust for-profit companies for their supposed pinkie-promises. Oh well, they’ll learn in time.

        • skuzz@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 month ago

          My best guess is that I know one of them uses Facebook. Apple phones. Facebook, Uber, and a few others have had pretty deep access to APIs not accessible to other software companies. Sometimes they’re caught like when Uber was caught using a screen scraping API. Sometimes they aren’t. The other guess that glues it together is that Facebook has indeed scraped audio to text for a long time. It was almost 10 years ago that I had the EE conversation.

          Google and Meta pay Apple money to gain access to their user metrics. It’s likely symbiotic relationships. Facebook once had hooks directly in iOS. Likewise, the little mic/video indicators the OS displays when they are “active” are completely software-controlled and can be overridden.

          At a time, I worked at a company that had(has) deep access to other aspects of iOS. Apple always required the source code is available to them so they could inspect it. I doubt that has changed. It also means they would be complicit. External tools wouldn’t really be able to figure this out. For someone to black-box this they’d need a jailbroken iPhone and some specialized tooling or MITM decryption capabilities.

          Not to sound hyperbolic, I’m connecting dots with no evidence, it’s pure speculation. The compute seems to be there and with no regulation in source code, anything goes, if you want money bad enough. Especially with the mad dash every tech company has been on for the last 20ish years to harvest everything they can, ever since smartphones became powerful and commonplace enough.

          • liveinthisworld@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 month ago

            Exactly. People should read your comment before shouting at me for not providing “proof”. They seem incapable to understand that Big Tech can be smarter and more resourceful than a lot of security engineers

        • atrielienz@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 month ago

          Nobody wants to believe me (a random person on the internet who has provided no proof whatsoever of their own that can be replicated in any way by a credible source, over actual investigative journalists and security experts who have been actively looking for such a thing to validate it and have found nothing after years of these allegations). Hmm. I wonder why that is.

        • Ilandar@aussie.zone
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          Why would anyone believe you? You have provided zero evidence to support anything you’ve said here.

    • Ilandar@aussie.zone
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 month ago

      I do not see why everyone wants to deny this and trust big tech.

      This is the exact same logic conspiracy theorists use with aliens - “everyone wants to deny they exists and trusts the government, are you guys brainwashed!!!”.

      Where is your proof this technology exists and is currently being used? The 404 media articles are not proof of either of these things. They are proof that CMG has some marketing slides and a former web page claiming that they have the capability to do this. They are proof that CMG has contacted at least one other company and tried to sell them this alleged service. They are not proof that the technology is being used, or that it even exists.

      It’s so ironic that you claim we are the brainwashed ones for demanding proof, yet you naively assume that CMG must really have developed this technology and employed it worldwide just because they said so. No one would ever lie about the capabilities of their company to inflate its worth and make more money! Only bad big tech lies, everyone else in the world is 100% honest!

  • linearchaos@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 month ago

    Got a fun one today!

    Wife gets a piece of snail mail from the school. Little post card saying you should try pickupusafitness, it’s a service on the other side of the city that organizes pickup games for elementary-aged kids. Place is 20 miles away through Baltimore suburbs.

    She talked to me about it, mentiones the name, picks up her phone, goes to search them out, types “pick” and they autocomplete in her search. She’s never searched for it before.

    My phone and PC autocomplete pickles pub, pickleball, pick 3 md, pickup lines, pickled cucumber…

  • Shape4985@lemmy.ml
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    10
    ·
    2 months ago

    They have to be listening all the time if you have voice activation. The mic always needs to be open so it knows when you say “hey siri” or “hey google”. How would it know you said that if it didnt already listen to every word. The question is if that stays local on the device.

    • Zozano@lemy.lol
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      edit-2
      2 months ago

      Had this explained once, I might miss a detail, but it’s like this:

      The only way not to drain your battery is to program in selective key words.

      “But then its always listening” yes, but also, no.

      Imagine someone speaking into a microphone, and seeing their voice bounce around on a oscilloscope.

      This compresses the audio a LOT, and makes it very difficult to discern the differences between words.

      But if you were trained to notice the pattern for a specific word, like “Siri”, then you could ignore all the other shapes, conserving your battery.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 months ago

      In that sense, yes, they are always listening. But that’s a very small system that only compares like the last two seconds of audio against the stored model of the user saying “Alexa”.

  • shoulderoforion@fedia.io
    link
    fedilink
    arrow-up
    8
    arrow-down
    20
    ·
    2 months ago

    yes, they are. it’s been reported so many time, it’s like continuing to ask if narwhals are real.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      2
      ·
      2 months ago

      I like how that is the privacy take or break. Apparently Google collecting everything else was fine.

      Just for the record, the only companies that can arbitrarily record audio is Apple and Google and maybe the phone manufacturer. Anything else would need the Microphone permission

      • seang96@spgrn.com
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        2 months ago

        Maybe it’s a distraction for cars constantly listening to you. Their privacy policies are horrid and they don’t have a mic listening feature.

          • seang96@spgrn.com
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            2 months ago

            Sacrificing between modern safety / environmental standards for privacy it all sucks. If only we could have privacy laws.

            • Possibly linux@lemmy.zip
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              1
              ·
              2 months ago

              Not really. New cars a plastic junk. My old car is much simpler to work on and is a lot less cheap plastic