21
votes
A vast majority of people in the US and Canada suspect their smart speakers can eavesdrop on their conversations, and just over two-thirds think they’ve gotten ads based on that snooping
Link information
This data is scraped automatically and may be incorrect.
- Title
- People Still Think Their Smart Speakers Are Eavesdropping on Conversations
- Word count
- 668 words
“Magical” technology along with crude ad targeting results in many more coincidences to feed people’s superstitions. The ads don’t need to be targeted all that well to sometimes be convincing.
There's also confirmation bias going on. It happens once by coincidence, and you look for more. Then when spot another coincidence, it seems like a pattern.
That said, they actually found that Alexa is spying on you, so there's that.
This? https://www.theverge.com/2022/4/28/23047026/amazon-alexa-voice-data-targeted-ads-research-report
At least it's only when you're intentionally talking to it.
Something like this happened to me just this week. I was having a physical face-to-face conversation with my housemate, during which I received an SMS. A few minutes later, I opened the message. It was from my housemate. It was a snippet of his words from that earlier part of the conversation. Somehow, he'd activated a voice-to-text feature in his phone that he didn't even know was there. We both laughed, but it could have been more serious.
I'm not sure. I want to believe that Google and Amazon and Apple aren't eavesdropping, but it's so profitable for them to do so. I can't believe they'll always resist the temptation to listen in.
This is why I've been watching the progress of Mycroft AI closely. As they say, "Mycroft’s platform provides users with privacy by deleting queries in real time. User data is not mined, aggregated, processed or sold."
I don’t know much about the ads business but I doubt it would be very profitable. Google used to sell ads based on email contents, but they stopped because explaining how it worked was a PR hit and it wasn’t worth it. Random conversations are even less likely than email to be commercially useful, and it would be much more expensive to process.
I doubt it’s tempting either. You’d need a team of engineers to build it and do you really think it wouldn’t leak?
I won't say it's impossible that they're listening, because knowing my luck there'll be an exposé the very next day, but I think at least some of these cases only look very convincingly like your phone was listening. Here's what I think is happening:
You doomscroll on social media every day. The algorithm puts thing in front of your face based on what's trending, what the data says might influence you etc. etc, including topic X. You ignore most of it but your brain still saw it all, even the stuff you forget seeing. Later that day you talk to another person who also spent all morning being influenced by a social media platform. One of you mentions topic X, a topic that just popped into your head, no idea why, just picking random topic. Later that day, one of you gets an ad for topic X.
Because we see ourselves as having perfect autonomous free will, we limit our perspective to "I said thing" > "Thing appeared in ad on my phone", and fail/refuse to see that there's an earlier step: "Phone feeds me stimulus designed to influence me" > "I say thing" > "Thing appears in ad on my phone"
I think this says more to the fact that no one has any idea how these proprietary devices work and has absolutely no trust in the tech companies behind them.
However "Phone monitors every move to choose ads" or "social media platform sells ads directly related to topics you see" isn't any less creepy than directly listening.
If the misconception helps push common support for privacy laws I'm all for it.
Me too, but if that support isn't rooted in any understanding of the actual nature of the problem, you run the risk that your 'popular support' could be easily placated by some ultra-specific law against remotely-activatable microphones in mobile devices, which may not even be an issue.
There was a time I was at a social gathering with a few friends watching an event on TV, and someone was talking about this specific brand of beer, and then another person was scrolling on Instagram and an ad for that specific brand of beer popped up, and wow that's crazy what are they listening what a coincidence that would be, everyone said.
And yeah your phone could be listening to you and hear you talk about that specific brand and serve you ads for it, or it could be that the only reason we talked about that specific brand of beer is because we're in the demographic its marketed towards.
Another friend of ours buys and drinks that beer on the regular, its a beer that's marketed towards our age group and social status, it's cultivating an image that people in our position should be attracted to and fit the lifestyle. If that ad had been for any other brand of beer, well then it wouldn't have stood out and we wouldn't have to rationalize how could they know, or we could stumble upon some other ad related to something else we were coincidentally talking about and have the same reaction to that instead.
People aren't as special as they think they are, or maybe more accurately and more kindly: people have a lot more similarities to others than they realize.
Alright so this thread has gone somewhat off topic into a discussion about surveillance in general and not just with smart speakers. I've seen some arguments here along the lines of Meta/etc not doing mass microphone/camera surveillance because it's not profitable for them to do so, and because they already can target ads effectively enough without them. I agree with that, but I'd also like to add one thing - current mobile operating systems are extremely robust at application sandboxing. Deny Messenger, TikTok, or Instagram microphone permissions? They're not getting it. This is true for both current versions of Android and iOS. Even if you did grant them microphone permissions, there is an extremely obvious indicator when it is being accessed that even non tech savvy users would pick up on. iOS is also notorious for killing apps in the background (though there is a bug on recent versions that reverses this for some reason), so I doubt that spying apps could run constantly without destroying the battery life or resorting to things such as using the API made available to maps apps (which is something that I doubt would even get past app store review, and also has an extremely obvious indicator anyways). Someone else in this thread mentioned BLE being used as tracking, and a look at iOS app developer documentation also makes it clear that it's supposed to run in the foreground only. Even if apps could run willy nilly in the background (iOS has the aforementioned bug, and I'm not sure how restrictive Android 13 is with them since I don't use it), both Android and iOS have introduced sections in the privacy settings that allow you to see what apps have accessed what permissions at what time. So I'm somewhat confused by all these stories of people suspecting apps of listening to them and not checking the app privacy report or dashboard.
My concern about smart speakers isn't that the companies are listening, but that its the NSA and their shit. For the device to work, the microphone is always on. What part of the technical design of these speakers prevents the NSA having wiretap access in "Cases of National Security"? PRISM already included the full contents of emails, voice and video calls, and pretty much everything on the platform.
I tend to think that if a state-level intelligence group does, for some unfathomable reason, want to eavesdrop on you - you not having a smart speaker isn't going to even slow them down.
I am a bit confused by your response. Sure, if the US government really wants to surveil me, they will succeed because I am 1 dude against 100s of experts with million dollar equipment. What I don't get is how that is relevant to my original point. My point was that the NSA has been concretely been proven to have access to all "private" data in Google, Apple, Microsoft, etc., so why would smart speakers be exempt? Their free real estate, why not have a few tens of million more data sources?
Had. Not have. Times have changed since 2013. For one thing, that sort of data gathering is illegal now, and perhaps I'm naive but I still believe in the rule of law. Also the Googsapplesofts of this world got quite upset about that and vastly increased their use of crypto (which various governments, including mine, were quite vocally angry about)
Smart speakers would be exempt because mics in everyone's homes produce almost exclusively noise (in terms of signal intelligence, you talking to your cat is just noise). There's so little signal in that data that it's considerably more effort to filter out the useful stuff than it is to just find it via other ways.
I guess you're talking about the Snowden documents? It's been a while, but I'm pretty sure that's not what they revealed.
The relevent info is on page 5 of the slides. The part that gets me is the Special Requests line on a list that includes pretty much everything I can think of.
So, my understanding is that various law enforcement agencies send warrants and "national security letters" and these can give them access to pretty much anything already stored in your account. I don't know if these requests can include special hacks to devices to record when they aren't normally designed to be recording. That would be making corporate hardware and software teams work for the government. I expect that Google and Amazon would resist that, since it's different from giving law enforcement access to data they already have. (As an example, I know that Google's Next Hub Max has a hardware switch for the microphone and camera, and at least some video chats are end-to-end encrypted.)
So, I don't think it's proven that they have access to "all private data." Consider that it's been at least nine years since those slides were made, and that slide is a fairly vague summary across multiple providers. If they got video conferencing data from Skype, for example, it doesn't imply that they got it from other providers, on services that didn't even exist at that time.
But it's reasonable to worry about having these devices around if law enforcement access is something that worries you.
Real world spying is an expensive pain in the ass that requires paperwork and boots on the ground, though. Why work that hard?
Better to just turn on every camera and microphone, then cram it all into a server farm somewhere. Once voice is automatically processed into text by AI already superior to human translators it becomes so very tiny and trivial to store and sort and search and track. Just have a couple hundred thousand algorithms watching the sum total of human conversations in real time in their most public and private moments. If anyone says anything interesting the algos can pass it off into specialty systems and then on to the humans. No pesky paperwork or warrants required - not even a phone call.
There's money to be made selling this data for a million different purposes. The amount of knowledge to be gleaned from an entire nation or population may be priceless - a behavioral psychologist's gold mine. Real time identification of opinions, ideas, reactions, and trends across an entire population. Those with access could realize tips and insight that would allow them to put a thumb on the scale in any field, industry, or election.
Not having this information is a severe disadvantage. That's why it's inevitable regardless of law or politics or nation or religion or activism. We will all do it and we will all get incredibly good at it and we will all learn to live with it. Somewhere along the line the idea of 'privacy' will become quaint and wither on the vine. If you think it's bad now, just wait until the tech can read your eyes.
I had a conversation about spam in the supermarket - specifically how to de-salt it. Want to guess what the top recommended youtube video was when I opened youtube up on my home theater PC that evening? What's interesting about this is that no actual human needed to invade my privacy per-se. There was no Bond villain in a black suit in this story. Just a couple of primitive algorithms.
Because "working hard" and doing things the old fashioned way actually is the easy way. Harvesting and processing exabytes of data isn't easy and requires significant resources.
GCHQ (UK's signals intelligence agency) tried that. They ran out of storage and compute and they have billions to spend. The data they did manage to process produced a dataset so vast it was basically useless. Almost all noise, barely any signal. Turns out that surveillance works much better when it's targetted at someone of interest, found by more traditional means. Even nation-scale actors have resource limits and it's much more effective to spend money on targetted spying.
And yet, despite massive financial and political incentive to do this, nobody seems to be doing it. The bad guys are up to bad stuff but it appears to be limited to old-fashioned bribery and outright lying. Perhaps that indicates that it's not happening?
This raises an interesting question - if no humans were involved, has your "privacy" been "invaded" at all? Nobody knows anything more about you than they did last week.
(not convinced that I would consider a conversation I had in a public place to be private in the first place, but that's a slightly different question)
The NSA tried that too, and likely had similar results. They and GCHQ are featherweights, though - and it's the heavyweights that matter in this game. Government agencies are cavemen compared to Facebook and Google and Apple.
Calling it an impossible data problem is a laughably bad argument when you stop to think about it because it requires you to ignore the hyper-exponential progress in information processing that we have enjoyed every day for the better part of a century. That argument is only true right up to the point tech trivializes it with impunity, and it always does.
Governments don't get to drive this bus. Combine them all and they haven't got the money for the job. They are just along for the ride, like the rest of us. The tech companies are the ones in the driver's seat. Their profits and their very existence depend on what they know about us now. They also don't have to worry about pesky things like borders and warrants and jurisdictions. They don't even need to worry about activism - everyone knows about the spying yet everyone hands over all of their data anyway because it provides some kind of value or convenience. People don't seem to value privacy much by comparison. They'll turn over intimate data to an app that they'd never share with family or government.
Matching an advertisement to a person isn't different from matching a political opinion to a person, from the computer's perspective. We're already practicing it all over the world, every day. We're kinda bad at it and it's still a $300 billion a year global industry. That's just a bit more money than the NSA and all of their partners combined including GCHQ have to spend on the problem, and by 2030 it'll be over a trillion a year. Governments are becoming irrelevant to this privacy problem, and it's not just their spying we need to worry about.
A text record of every word ever uttered and written by every human who ever lived could fit under your desk right now on a single computer using existing technology. Text is so tiny that it barely even counts as storage. Text is nothing, text is free. Even processing it is vastly easier compared to other forms of data. Once the context and meaning and your target's preferences are extracted you don't even need the text anymore, so it can become even smaller. Disabuse yourself of the notion that there will ever be a storage issue, because there won't be.
No, it's the processing that's the issue - but if the devices themselves start doing it in your hand, rather than expecting a centralized system to manage it all, that problem also falls. One data center can't handle the processing, but it can collate the results delivered by 9 billion CPUs in pockets the world over and it can sort through that mess. We can manage one CPU core per person on the planet, and that's all we'd ever need. Why send recorded audio or even generated text of your conversation over the internet when we can just adjust a couple weights in your app's locally stored profile, and then file that in the cloud once you're back with internet access?
One thing that gets overlooked about these narrow AI programs that perform little miracles like flawless speech to text in 100 languages is that while they take a massive amount of computation and training data to create, they take a pittance to execute by comparison. Once they are good at their job, they leave the data center and enter consumer devices as a proprietary black box. Or app.
We don't need to build a special surveillance network, either. Society already built (and is building) that network for everything else. The NSA did not put that camera and microphone in your pocket - in fact they'd probably rather everyone didn't have one. No, their surveillance is a simple bolt-on for a marginal cost, riding on the coattails of the tech industry. That's how we got where we are right now.
That allows tracking all opinions, preferences, contacts, political views, religious affiliations, locations, profits, expenditures, race, gender, sexual orientation, family information, genetic data, medical history, etc for that person over their lifetime. Every company you do business with will have a piece of it. They already sell it to each other and to the government.
The computer will know you better than you will ever know you because you forget things that matter, and it does not. Start combining profiles and now you know the motives of every group whose members you have profile data about. I'd honestly expect the false positive rate to be the chief hurdle. I'm sure China is struggling with that reality right now. Eventually narrow AI will solve that problem too. It's just more of the same pattern recognition.
Warrants and privacy don't even make sense as concepts in this kind of world. We're going to need a new paradigm. Short of a solar flare knocking us back to the dark ages I can't think of anything that will stop this from playing out, either. The idea that any amount of activism could change the outcome seems laughable to me. Governments couldn't stop this even if they wanted to. It's just too much money on the table, and the money always wins.
Although it's been years since I worked there and I mostly worked on internal and open source stuff, that's not how I remember it looking from inside Google. Have you ever worked in a bureaucracy? Every product needs a privacy document that the privacy committee reviews to make sure it's up to snuff. That got put into place after some summer intern thought it would be cool to log unencrypted WiFi traffic seen by Street View cars and got the company into a heap of trouble. Since then, they want to know what you're logging and why, and if it's questionable then it gets run past the lawyers.
Similarly for security. There are security audits and bug bounties. Meanwhile there is likely some kind of security initiative in progress to lock everything down more than it was already, with finer-grained permissions. Just the systems to manage all the permissions are complicated.
Also, there is often a space crunch. Few teams are going to have all the machines they might want in the datacenter where they want them to be. People get promotions for figuring out clever ways to reduce costs by 0.01%. Data that users don't care about and that's not actually moving the needle for something important like increasing ads revenue is waste and a candidate to be dropped.
Yes, I realize that Google looks really big from the outside, and it is, but team X will be operating under different constraints and dealing with lots of headaches. Although the culture is different, you might compare with working for a bank. Yes, banks have a lot of money, but as an employee, it's not your money, and there are internal controls.
Also, although diversity is high (the place looks like the United Nations) by and large the opinions of engineers aren't that different than from the outside. People who work on security tend to care a lot about security. People who work on privacy tend to care a lot about privacy. There was also a loud minority who were activist-sympathetic. Some got angry at just the notion that Google might sign big contracts with government agencies.
I would be more worried about all the security cameras that people are adding to their homes and businesses on purpose, built by some random Internet of Things company, getting logged to the cloud and probably with terrible security.
I've worked on large information systems myself, and been through the same red tape, programming meetings, and legal discussions. I've even done analysis and reporting that got certain people arrested for breaching sensitive personal data on systems that I was responsible for, though that was many years ago.
Are the ethical and legal hurdles enough? How about China, will those concerns stop them? Players in this game may be ethical to various degrees, but there are unethical actors as well, and competition has a way of sweeping non-financial concerns under the rug. Capitalism does not have the greatest track record fostering ethical behaviors.
I'm not very optimistic about it, especially concerning the level of apathy on this issue present in the general population. Perhaps once the tech reaches a certain level of competence it'll start to creep everyone out on a daily basis and we'll get a backlash. That would surprise me, but it would be a nice surprise.
Yeah, I think my main point is that each organization needs to be considered separately.
It's not a good sign that the executives in charge of that sort of thing just resigned at Twitter.
Rather than assuming a very expensive network of surveillance with no real point to it, it seems more reasonable to assume you did a spam-related web search recently. Or bought spam?
Never once. There was spam in the cupboard that was two years old I found while doing some cleaning. I made something just to use it up and later saw it on the shelf at an Aldi's (and it's cheap). My sister and I talked about making it more edible in the supermarket, with my cell phone in my pocket and her cell phone in her pocket. That is the only conversation I had about actual canned spam in at least a decade. Not four hours later the video is on top of my recommendations like clockwork.
It's not the only personal example I can give. I'm the 'tech' guy in my friend circle, so I get everyone's questions about this. Friends tell me they walk through a Sears and then suddenly get the catalog in the mail and similar merchandise on Facebook. In a way it's a comically un-subtle form of surveillance.
I don't trust people's memories. I'm reminded of the Amazon mystery seeds.
Oh don't worry, it'll start happening to you soon enough. ;)
Yeah. Just one example out of many: they can aim an invisible laser at any window from across the street, and perfectly hear the people talking in the room just by measuring the vibrations of of the glass. This particular example is more than 20 years old.
The modern version just comes attached to a very small, very quiet remotely controlled drone that has a long hang time. :)
In theory the always on part is only attached to a local processing chip that just detects the wake word, which makes a connection at that point to enable full server side voice processing. This can be verified to at least some extent by monitoring the network traffic out of the device.
In practice, yeah, that’s all controlled in closed source software and delivered over an encrypted connection to an endpoint that may or may not be considered trustworthy when we’re talking about state level monitoring. The same goes for phones and laptops, for that matter - they have software controlled microphones and connectivity, so there’s no reason I can see to consider them safer than smart speakers.
My personal bet, based on what we know from history and from security researchers’ investigation of these devices, is that there probably isn’t a vast on-by-default voice surveillance program in operation. The processing overhead to find needles in that haystack would be huge, and the data being sent out at that scale would leave fingerprints that I’d expect someone to have noticed by now. On the other hand, if I had any reason to believe I were a specific target, I’d be looking to ensure I only kept devices with a physical microphone disconnect switch just to be on the safe side - I’m sure there are exploits out there that would enable monitoring if needed, whether they were placed as backdoors or just discovered as bugs.
I 100% believe that big tech is spying on everyone. Meta in particular have been accused of doing this because people have noticed that Facebook and Instagram seem to be serving them ads based on recent conversation.
The only parts where I remain sceptical is whether Meta even has the space to store
Even if audio recordings were compressed into a lossy format like MP3, bulk capturing the data of three billion internet users, who talk an average of 18 to 180 minutes a day, would require anywhere from 5.4 to 54 petabytes a day of data transfer and storage. The only way they could really bypass a very noticable level of data transfer is by converting speech to text on the fly, encrypting it and then sending it over to Meta's servers.
One aspect that hasn't been discussed is the normalization of voice surveillance. Whether a spy-device is actually listening at any given moment - and there are plenty of news stories of Big Tech companies listening in without users' knowledge or consent - the device could be listening. Knowing this, if we keep using the device anyway, we'll gradually habituate ourselves to the possibility of constant audio surveillance. This will allow the companies to gradually make the surveillance more frequent and intrusive without people raising much of a protest.
A good book that gets into voice surveillance is The Voice Catchers by Joe Turow, who's a professor an the Annenberg School at UPenn. (I interviewed him on Techtonic awhile back - you can stream the interview or see the show notes.)
BTW one of the many examples I've seen of Big Tech listening in is from this Wall Street Journal article - Google Contractors Listen to Recordings of People Using Virtual Assistant from July 2019 - which came about after a Dutch reporter at VRT NWS, a Belgian broadcaster, published leaked recordings from Google devices.
Here's an explanation for why cell phones, at least, can't be listening all the time, from someone who should know. But he ends with:
I've been testing our local grocery store, after two particular experiences.
First was looking for some chopsticks, they didn't have any. Brand new item there a week later...figured it was just a coincidence. But then my wife and I talked about how we'd really wish they'd stock kewpie mayo...we've never seen it outside an asian grocery and would save us a trip.
A few weeks later kewpie mayo appeared on the shelves. That's one hell of a coincidence. We're now testing another, even rarer item. If that appears 100% the grocery store has bugs.
Eh, I think most of these cases are caused by our ideas not being as original as we think they are. The fact that you were interested in kewpie mayo isn't a random chance occurrence. You were interested in it because you saw some recipe that required it, or a friend talked about it, or you saw it used somewhere. Chances are if you were interested in it, some other people around you are also interested in it, and most likely, someone just asked them to stock it. If you do a google trend search for Kewpie Mayo, you can see a very sharp peak over the past year, likely because it was featured somewhere that a lot of people were influenced by.
Additionally, there are probably a lot of other things that you you've had conversations about that your grocery stores don't stock, but because they never followed through and stocked them, you don't even notice or remember.
The sheer amount of integration and efficiency that grabbing speech from some random person that shops at a local grocery store, then processing that speech, routing it to the correct store, then having them actually value that data enough to act on it would require would be absolutely staggering. Not saying its impossible, its just very unlikely. Especially because if it was that important to you for them to stock chopsticks and kewpie mayo, you could just ask them to and they most likely would.
Everyone forgets the relatively low tech solution: Timestamp when BLE device beacon stops for X% over average time and attach security footage for minute around it.
Provide link to store manager as a digest for potential leads. Only requires existing camera footage (they've got them every 20 feet or so) and some BLE beacons.
I'm sure someone already sells a 'word cloud of customer footage' product.
Furthermore, our consumer world has become hyper corporatized and meme-ized.
Given the nature of our technologically-mediated culture, it's very easy for analysts to detect the tremors of consumer 'memes'.