| > I've done all of these things since it's my job. It's weird that this is your day job and yet you tell me that I should mark a certificate as "trusted" when we both explicitly acknowledged that the problem was with certificate pinning. You didn't answer this part: how long does it take you to manage to intercept Android HTTPS traffic for a brand-new, never-before-seen application that uses certificate pinning on your day job? > I haven't tried Facebook, because I don't have any confidence in the surveillance hypothesis Well then try it with Facebook. If this kind of thing is really your day job then it shouldn't take long, and you'd do everyone a favor by (a) showing that nothing is going on, and (b) teaching people how to do it themselves so that the myth doesn't keep spreading. People would appreciate it. > Furthermore, this could be proven with some fair reliability using correlation only. No, it can't. They don't need to be sending raw audio. They could just do some rudimentary speech recognition and send it along with some other routine data. > Does the app access the microphone while sleeping? Nobody has presented anything _close_ to evidence. I've personally logged it accessing the microphone when I've been scrolling on my news feed. Though I don't see why you'd believe me anyway. |