Hacker News new | ask | show | jobs
by chrisrhoden 1987 days ago
What's described in the article is hotword-activated? So not at all what GP is supposing. If you say "Hey Google, tell me about toilet paper" and get ads for toilet paper, that's a fairly understandable cause => effect, but there are persistent anecdotes about conversations manifesting in ads where no hotword activation occurs (typically about Facebook.)

Every company vehemently denies this is possible.
3 comments
fiddlerwoaroof 1987 days ago
I find this hard to believe because I’d think constant voice recognition would either have a noticeable impact on battery life or it’d have a major impact on data usage. Also, on iOS at least, it’d have to be provided by Apple, to be a constant background thing, and then Apple would already be using it for Siri.
link
strogonoff 1987 days ago
If always-on mic for virtual assistant activation is enabled, it does impact battery life.

Regarding iOS, I hadn’t observed ads obviously based on what I spoke about in presence of my iPhone, but then I don’t use voice-activated Siri and generally tighten up privacy settings.

link
fiddlerwoaroof 1987 days ago
I’ve never noticed this myself: I’ve always assumed that what is actually going on is that people’s phone usage is more correlated with what they’re thinking/talking about than they realize and ad companies have gotten pretty good at uncovering these latent connections (e.g. the story about Target deducing someone was pregnant from seemingly unrelated shopping patterns).
link
strogonoff 1987 days ago
I remember that story. However, what I observed with Android’s Google (or is it called Google News?) app last year was a tight feedback loop: after talking a little about %SUBJECT% near the phone, and refreshing the feed within the next minute or two, a relevant article from past few days showed up.

(Similar to Vice’s article I linked, but faster.)

Again, the owner of the device saw that as a convenience feature and consciously did not set the phone up to prevent it, which made me feel a little old-fashioned and unnecessarily paranoid.

Also, unlike Vice’s article, in the scenario I have witnessed the recording did not necessarily have to leave the phone: the news app could have kept a large cache of recent articles and locally pick the ones matching the %SUBJECT% that we spoke about.

I am inclined to believe that Google, given their business model and scale, is unlikely to store voice data insecurely or insufficiently de-anonymized, so I’m primarily worried about third-party apps getting access to always-on microphone without visual feedback. (Hopefully it’s not very likely and app stores have tools to detect nefarious uses of relevant APIs at review stage.)

link
fiddlerwoaroof 1987 days ago
I’d like to see an actual technical write up of this: network logs, tracing of the android device activity etc. My original impression was that the reason why mobile voice assistants have trigger words is that anything more complicated isn’t feasible as an always-on feature. (Although, I do remember stories about the Facebook app using the microphone to suggest that you post a status update about the movie or tv show you’re watching, so maybe it’s more feasible than I imagine).
link
BoorishBears 1987 days ago
You won't find one because it doesn't exist.

As a person who's made a living the last few years working in the guts of Android on embedded devices, there are so many holes in this way too common myth that phones are listening all the time.

You don't even need to dive into the technical aspect of it, what on earth is the risk reward here?!

Risk: Forever break the trust people have in your devices, this isn't some grey area intrusive tracking that would just get swept under the rug...

Reward: Get noisy info about people's interests when you literally own the device that contains more information about than their own short term memory does!

It's nonsensical, and there's no way that Google could do this that wouldn't already have been caught.

I mean is the theory that all Google devices do it and somehow no OEM has realized their microphone is getting accessed? (Because even with the lowest level access on the device, modern microphones are not so unsophisticated, there's no universal way to access it in a way a manufacturer wouldn't catch onto sooner or later

Or Google did this but only on phones they own or something?

It's nonsense.

link
strogonoff 1987 days ago
> I’d like to see an actual technical write up of this: network logs, tracing of the android device activity etc.

FWIW there’s a technical paper[0] that summarizes existing studies as of 2019, and it’s been neither definitively proven nor disproven that it happens. Turns out it’s not at all that trivial to detect.

From the paper:

> Perhaps most importantly, Pan et al. were not able to rule out the scenario of apps transforming audio recordings into less detectable text transcripts or audio fingerprints before sending the information out. This would be a very realistic attack scenario. In fact, various popular apps are known to compress recorded audio in such a way [10, 33]. While all the choices that Pan et al. made regarding their experimental setup and methodology are completely understandable and were communicated transparently, the limitations do limit the significance of their findings. All in all, their approach would only uncover highly unsophisticated eavesdropping attempts. …

> Therefore, the fact that no evidence for large-scale mobile eavesdropping has been found so far should not be interpreted as an all-clear. It could only mean that it is difficult – under current circumstances perhaps even impossible – to detect such attacks effectively.

(Apparently, noticing relevant content being obviously suggested is the only way of detecting it at this time, and of course it comes with its own caveats.)

[0] https://link.springer.com/chapter/10.1007/978-3-030-22479-0_...

link
srtjstjsj 1987 days ago
The Target thing was for related shopping. The scandal was thar Target noticed before she told people explicitly.
link
rightbyte 1987 days ago
To hear "Ok Google" it need to record everything and process everything. Adding "toilett paper" as a processing keyword would not be noticable on battery life.
link
fiddlerwoaroof 1987 days ago
Sure, but for the sort of thing being suggested, you’d need to go quite a bit beyond one or two extra keywords.
link
rightbyte 1987 days ago
100 keywords then? There doesn't have to be that many.
link
strogonoff 1987 days ago
Which one? Vice’s article and some answers on Quora imply continuous listening without engaging a virtual assistant.

In case of my friend showing me this, this happened a few months ago and I can’t remember exactly how the demonstration went. I’m inclined to believe there was no hotword activation, as I remember myself being quite startled (at that point I disbelieved that a phone can be listening and suggesting relevant content right away), and as you noted with hotword activation it would have been markedly less surprising.

link
chrisrhoden 1986 days ago
From the vice article:

> For your smartphone to actually pay attention and record your conversation, there needs to be a trigger, such as when you say “hey Siri” or “okay Google.” In the absence of these triggers, any data you provide is only processed within your own phone. This might not seem a cause for alarm, but any third party applications you have on your phone—like Facebook for example—still have access to this “non-triggered” data. And whether or not they use this data is really up to them.

link
reaperducer 1987 days ago
Every company vehemently denies this is possible.

Until they get caught. They they issue a wishy-washing non-apology and put out a press release stating "We can do better."

We've been to this rodeo before.

link