[fiddlerwoaroof]

I find this hard to believe because I’d think constant voice recognition would either have a noticeable impact on battery life or it’d have a major impact on data usage. Also, on iOS at least, it’d have to be provided by Apple, to be a constant background thing, and then Apple would already be using it for Siri.

[strogonoff]

If always-on mic for virtual assistant activation is enabled, it does impact battery life.

Regarding iOS, I hadn’t observed ads obviously based on what I spoke about in presence of my iPhone, but then I don’t use voice-activated Siri and generally tighten up privacy settings.

[fiddlerwoaroof]

I’ve never noticed this myself: I’ve always assumed that what is actually going on is that people’s phone usage is more correlated with what they’re thinking/talking about than they realize and ad companies have gotten pretty good at uncovering these latent connections (e.g. the story about Target deducing someone was pregnant from seemingly unrelated shopping patterns).

[strogonoff]

I remember that story. However, what I observed with Android’s Google (or is it called Google News?) app last year was a tight feedback loop: after talking a little about %SUBJECT% near the phone, and refreshing the feed within the next minute or two, a relevant article from past few days showed up.

(Similar to Vice’s article I linked, but faster.)

Again, the owner of the device saw that as a convenience feature and consciously did not set the phone up to prevent it, which made me feel a little old-fashioned and unnecessarily paranoid.

Also, unlike Vice’s article, in the scenario I have witnessed the recording did not necessarily have to leave the phone: the news app could have kept a large cache of recent articles and locally pick the ones matching the %SUBJECT% that we spoke about.

I am inclined to believe that Google, given their business model and scale, is unlikely to store voice data insecurely or insufficiently de-anonymized, so I’m primarily worried about third-party apps getting access to always-on microphone without visual feedback. (Hopefully it’s not very likely and app stores have tools to detect nefarious uses of relevant APIs at review stage.)

[fiddlerwoaroof]

I’d like to see an actual technical write up of this: network logs, tracing of the android device activity etc. My original impression was that the reason why mobile voice assistants have trigger words is that anything more complicated isn’t feasible as an always-on feature. (Although, I do remember stories about the Facebook app using the microphone to suggest that you post a status update about the movie or tv show you’re watching, so maybe it’s more feasible than I imagine).

[BoorishBears]

You won't find one because it doesn't exist.

As a person who's made a living the last few years working in the guts of Android on embedded devices, there are so many holes in this way too common myth that phones are listening all the time.

You don't even need to dive into the technical aspect of it, what on earth is the risk reward here?!

Risk: Forever break the trust people have in your devices, this isn't some grey area intrusive tracking that would just get swept under the rug...

Reward: Get noisy info about people's interests when you literally own the device that contains more information about than their own short term memory does!

It's nonsensical, and there's no way that Google could do this that wouldn't already have been caught.

I mean is the theory that all Google devices do it and somehow no OEM has realized their microphone is getting accessed? (Because even with the lowest level access on the device, modern microphones are not so unsophisticated, there's no universal way to access it in a way a manufacturer wouldn't catch onto sooner or later

Or Google did this but only on phones they own or something?

It's nonsense.

[strogonoff]

> You won't find one because it doesn't exist.

There is no proof it happens, and no proof it doesn’t happen, because it’s non-trivial to detect based on network activity. The only evidence is observing content relevant to what was being spoken about being suggested across apps.

> Risk: Forever break the trust people have in your devices, this isn't some grey area intrusive tracking that would just get swept under the rug...

Reward: get people to love your services for relevant suggestions. Believe it or not, there are people outside the extra privacy-conscious bubble who do not at all mind their devices listening.

> Or Google did this but only on phones they own or something?

I am pretty sure this depends on software. I have seen this demonstrated on a Google-branded phone with a Google app.

[strogonoff]

> I’d like to see an actual technical write up of this: network logs, tracing of the android device activity etc.

FWIW there’s a technical paper[0] that summarizes existing studies as of 2019, and it’s been neither definitively proven nor disproven that it happens. Turns out it’s not at all that trivial to detect.

From the paper:

> Perhaps most importantly, Pan et al. were not able to rule out the scenario of apps transforming audio recordings into less detectable text transcripts or audio fingerprints before sending the information out. This would be a very realistic attack scenario. In fact, various popular apps are known to compress recorded audio in such a way [10, 33]. While all the choices that Pan et al. made regarding their experimental setup and methodology are completely understandable and were communicated transparently, the limitations do limit the significance of their findings. All in all, their approach would only uncover highly unsophisticated eavesdropping attempts. …

> Therefore, the fact that no evidence for large-scale mobile eavesdropping has been found so far should not be interpreted as an all-clear. It could only mean that it is difficult – under current circumstances perhaps even impossible – to detect such attacks effectively.

(Apparently, noticing relevant content being obviously suggested is the only way of detecting it at this time, and of course it comes with its own caveats.)

[0] https://link.springer.com/chapter/10.1007/978-3-030-22479-0_...

[fiddlerwoaroof]

Well, I'm fairly confident that there'd be a lot of online noise about the iPhone's orange dot being on all the time, the way there was about Clipboard notifications.

[srtjstjsj]

The Target thing was for related shopping. The scandal was thar Target noticed before she told people explicitly.

[rightbyte]

To hear "Ok Google" it need to record everything and process everything. Adding "toilett paper" as a processing keyword would not be noticable on battery life.

[fiddlerwoaroof]

Sure, but for the sort of thing being suggested, you’d need to go quite a bit beyond one or two extra keywords.

[rightbyte]

100 keywords then? There doesn't have to be that many.