Christine Lemmer-Webber
Hm. I'm not as convinced as @simon that phones aren't spying on users through their microphone inputs, but at minimum I definitely think that the companies trivially *could*. https://lobste.rs/s/zkboyo/i_still_don_t_think_companies_serve_you_ads#c_82n0i8
Also having had enough conversations with @profdiggity about the horrors of spying on phones their research lab has uncovered I definitely think this kind of thing is highly possible.
Stefano Zacchiroli
@cwebber @simon I'm biased because I've the exact same main reference for this than Simon (the Reply All podcast episode from back in the days), but I find the more plausible explanation to be way more shocking than the theory of active listening. Advertisers, in all likelihood, don't even *need* to listen to us. And that's horrifying. (But yes, they could if it were cost effective to do so. It probably isn't.)
Christine Lemmer-Webber
@simon @profdiggity It's true re: on-device transcription in 2025 being more feasible than it was in 2017. Though in 2017 having voice assistants on phones was already well past commonplace, as well as voice activation of said assistants, even if some of it was farmed off to servers (I'm actually uncertain how much was at the time myself). So people had good reason in 2017 to be paranoid about such things; they were already used to being listened to in the regular operation of their life
Simon Willison
@cwebber @profdiggity it's technically feasible to run on-device transcription models today, in 2025
These conspiracy theories have been commonplace since 2017, if not earlier
The issue of whether or not malicious attackers can use zero-day vulnerabilities to spy through a microphone should be discussed separately from whether ad tech companies are using those tricks for targeting IMO
Christine Lemmer-Webber
@zacchiro @simon I agree enough in that I think users tend to feed such companies so much information already that they probably don't have to. But the many avenues of information being fed might not be understood by all users; microphones are one that's clear and straightforward.
I think if anything, we should be raising the profile of just how much people *are* being spied upon, rather than dismiss a concern that's plausible but unknown. That seems more important to me personally.
Christine Lemmer-Webber
@simon @profdiggity Regarding separating malicious zero-days from potentially malicious actions by phone operating system providers and associated ad networks, I think that's true, but I'm responding to the *feasibility* paragraph in your article, which I think is fairly weak. It's incredibly feasible, technically, and claiming it isn't seems silly to me.
I'm not convinced such carriers are doing so, but I think it's worth understanding the security aspect that it would be easy to do so.
Dan Sugalski
@cwebber @simon @profdiggity FWIW, the kind of voice recognition you'd need for this kind of ad targeting has been feasible with 2017-phone-level computing power since the turn of the century. (he says, as he turns to dust and blows away) Honestly with 2017 level phones you could probably run a continuous voice recognition transcriber and not use a noticeable amount of CPU/power for it.
The transcriptions would be kinda crap in many cases, but for ad targeting that'd be just fine.
Dan Sugalski
@cwebber @simon @profdiggity As a specific data point, Dragon NaturallySpeaking was released in June of 1997 and ran on x86 systems. The amount of computer power an x86 system had in 1997, compared to even a mid/low-level phone ARM chip in 2017 is... not big.
Christine Lemmer-Webber
@wordshaper @simon @profdiggity I was thinking that too. I had a lot of interest in this tech in ~2010 when I developed such severe RSI it nearly destroyed my career, so I did a lot of overview of speech-to-text options at the time (though I found that since I was committed to using FOSS, the options available weren't quite good enough at the time).
Dan Sugalski
@cwebber @simon @profdiggity This isn't to say that our phones are listening and ad targeting, they almost certainly aren't. And it's not to say the transcription you'd get from them would be good, because it'd be crap and probably ~80% accurate (to pull a number out of nowhere). 80% for transcription is *horrible*, 80% for a signal to feed to an ad targeting algorithm is just fine.
Christine Lemmer-Webber
@wordshaper @simon @zacchiro Glad we generally agree there. Though in general, I do think phones today *are* dystopian surveilance machines, whether or not they use the microphone for it. I would still like to see phone OS directions that don't resemble the user freedom nightmare that users have become accustomed to.
The particular reason I pushed back on the "technical feasibility" part of your post though: it could also mis-teach readers that the NSA, domestic spy apps, etc aren't spying
Dan Sugalski
@simon @cwebber @zacchiro Yeah, this is very much true. There are a *very* small number of people for whom "my phone is listening to what I say" is a reasonable threat model, and those folks already know who they are. For everyone else it's just a combination of fantastically bad statistical understanding and a depressingly deep (and, unfortunately, earned) distrust of complex systems and the orgs that run them.
Simon Willison
@cwebber @zacchiro I also think it's a really harmful conspiracy theory, because it teaches people that everything is lost already, and it makes the believers accept that they'll tolerate a dystopian surveillance state if it lets them keep using their phones
That's so unhealthy for society
Simon Willison
@cwebber @zacchiro I completely agree!
I want people to understand things like how companies use their email and phone number as a unique ID to correlate their activity across multiple apps
I push back on the microphone thing so hard because it distracts people from understanding the real issues
Sean O'Brien
@cwebber @wordshaper @simon My expertise in this area were so-called "ultrasonic trackers" and there are plenty of known cases of that, with the most notable being Fidzup which faced legal troubles in the EU because of it. I'd like to think we @yaleprivacylab and @exodus had something to do with that for calling attention to it. (shoutout to @nursecherise for the literal hand in this video): https://www.youtube.com/watch?v=Xweq1eF_eP4
Sean O'Brien
@wordshaper @cwebber @simon Yes, exactly. There are a few known cases where people got caught doing this with smart TVs and toys as well back then. *However* things have changed dramatically with cloud-based AI / LLMs. That goes for power issues as well. The transcription is fast + cheap and the energy consumption is an externality for the company - it's not a cost incurred by the ad brokers / spies or the mobile device and, if Microsoft gets their way, the servers will run on US-based nuclear.
Sean O'Brien
@simon @wordshaper @cwebber We're soon going to be in a deregulation cycle in the US, and trends seem to be pulling that way even in the EU. It's going to be "great" for me since there will be lots of spy tech to dig into and shout about. It will be awful in general for civil liberties and just day-to-day life in a technocratic society.
Simon Willison
@profdiggity @wordshaper @cwebber so
Let's pass some regulations such that it's not legal to do that stuff and there are penalties with teeth for companies caught doing it
(Throw in some whistleblower rewards too, incentivize reporting!)
Christine Lemmer-Webber
@profdiggity @wordshaper @simon one thing I have always appreciated about when we've talked is you've always emphasized the point of not leading people to walk away with despair!
Sean O'Brien
@wordshaper @simon @cwebber I really try not to have this effect on people. But the problem is real and growing.
Try the products yourself - LLM voice transcription is amazingly good and currently offered cost-free or as a software addon in many cases. The energy cost is being shoved elsewhere, as it has been for "the cloud" for decades. But now it's amplified and accelerating. This is great for microphone spying, bad for a free society.
Dan Sugalski
@simon @profdiggity @cwebber ...so what you're saying is we're doomed? /ducking
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.