|
|
|
|
|
|
by nilved
3160 days ago
|
|
|
I've done all of these things since it's my job. I haven't tried Facebook, because I don't have any confidence in the surveillance hypothesis, but my first guess being inapplicable doesn't change the fact that root access would allow people to prove this is happening, and that hasn't happened. Furthermore, this could be proven with some fair reliability using correlation only. Is more encrypted data sent when you're speaking? Is more encrypted data sent when the microphone permission is enabled? Does the app access the microphone while sleeping? Nobody has presented anything _close_ to evidence. |
|
|
It's weird that this is your day job and yet you tell me that I should mark a certificate as "trusted" when we both explicitly acknowledged that the problem was with certificate pinning. You didn't answer this part: how long does it take you to manage to intercept Android HTTPS traffic for a brand-new, never-before-seen application that uses certificate pinning on your day job?
> I haven't tried Facebook, because I don't have any confidence in the surveillance hypothesis
Well then try it with Facebook. If this kind of thing is really your day job then it shouldn't take long, and you'd do everyone a favor by (a) showing that nothing is going on, and (b) teaching people how to do it themselves so that the myth doesn't keep spreading. People would appreciate it.
> Furthermore, this could be proven with some fair reliability using correlation only.
No, it can't. They don't need to be sending raw audio. They could just do some rudimentary speech recognition and send it along with some other routine data.
> Does the app access the microphone while sleeping? Nobody has presented anything _close_ to evidence.
I've personally logged it accessing the microphone when I've been scrolling on my news feed. Though I don't see why you'd believe me anyway.