[mfrisbie]

ChatGPT for Google was #1 on HN earlier this year. Check out the GitHub repo now: that person sold the extension.

I had a small side project extension, ~25,000 installs & free to use. I got enough inbound interest trying to "help me monetize" that I thought it would be worth cataloguing all the different unsavory avenues: https://mattfrisbie.substack.com/p/the-ugly-business-of-mone...

[ericd]

The most galling offer we saw on the mobile app side was something that would turn on the user's microphone, and listen for ads on tvs around them to track what they'd been exposed to offline. Adtech is such a thoroughly gross field.

[ummonk]

When I worked at Meta, the execs said that many users think they're being spied on when they see ads based on a conversation they've had in real life, but the execs categorically denied that this could be happening, and said it's all just a coincidence. I thought this was a completely unfounded denial, since Meta had no way of auditing 3rd party apps on the user's phone, and it's perfectly plausible for another app to spy on their conversations and then use that to provide targeted ads to the Facebook account associated with the individual's email.

[gmerc]

In many cases it’s more than simple:

You had the conversation with someone and that someone googled/shopped/amaozned/clicked it. Or did before already, you don’t initiate every conversation in your life after all.

Now go and try getting a denial that they are not using the fact that you share a wifi with someone as parts of the recipe for the recommendation cake.

[red_admiral]

The arrow of causality can also go the other way. X corp is currently running a campaign targeting your area/demographic. A friend of yours sees and X ad and mentions something X-related to you in a private conversation. The next day, you see an X ad too.

[seru]

"since Meta had no way of auditing 3rd party apps on the user's phone"

https://en.wikipedia.org/wiki/Onavo

[tiffanyg]

Realistically, in a simple statistical way, plain "coincidences" have a significant "expected value". I.e., if you simply take the billions of people across the planet, and look even across a single day, lots of coincidences occur.

Now, add in psychological effects - "synchronicity", "frequency illusion" ("Baader-Meinhof"), "recency illusion", confirmation bias, etc... I'd expect a fair bit of compounding*.

Then, add in simple use of statistics, statistical inference, etc. and basic tracking of user navigation around the web, on a given website, etc.

I've had these experiences, perhaps one or two times a year, on average. Experiences where I was VERY surprised by ads presented. Experiences that would easily suggest a microphone must have been on when it shouldn't have been. Sometimes, I realized I'd used someone else's device in a way that could be tied to me. Other times, while some "leaps" would be involved, I could basically deduce myself that someone who had looked for information on some "X", and information on some "Y", might really be thinking about some "Z" that isn't easily arrived at from either X or Y in vacuo.

Spying, in the sense you suggest, can't be ruled out by the above. But, I would ask - why even spy? Is a company like "meta" really going to get much more useful (from their perspective) info by doing so? Particularly given the COST? It's becoming more realistic, arguably, but, really, these companies have had more than enough info on just about anyone for well over a decade to keep their algorithms and such well-occupied.

People gladly hand over tons of data constantly ... with full awareness and intentionality, and otherwise. The vast majority have no idea what statistical inference and other techniques can suggest based on seemingly obliquely connected info. Further, most users are so accustomed to "cookies" and other hidden types of tracking, and ignoring EULAs** ... really, it's hard for me to imagine a good case for doing anything more ... "invasive" and ... legally / otherwise dubious.

Edit: mostly came back to add one of my favorite (ab)uses of (statistical) inference:

https://youtu.be/Oseqh7SMIvo

(also, added the bit below about EULAs)

* Outweighing significantly, I'd suggest, other quirks of human perception, memory, etc. that may diminish awareness and recognition of potentially related events. I write "suggest" mainly because I don't have ready refs to offer this second and don't have time to dig a couple up ... IIRC, the research that exists strongly favors compounding, though, of course, this could be argued to be influenced itself by human psychology (including social and economic factors, e.g., "publish or perish" etc.).

** Jargon buried in legalese, what a genius way to get just about anyone to agree to just about anything! If only John, King of England (in 1215), had been more skilled in the ways of the EULA - perhaps "King Charles III" would be emperor of the world now. Oh utopia denied ... kek.

[3abiton]

> Billions of people > lots of coincidences

While that is a positive take that could explain it, I am not convinced by that number crunch. 2/situations per year, per person, that is still "a lot" to be considered plausible statistical coincidence.

[Phemist]

Wow what, facebook allows ad targeting based on a user's email?

[ummonk]

Yup. The typical use case is e.g. if someone logs in to your e-commerce site with their email and looks at a product but doesn’t purchase, then you can show them an ad for that product to try to remind them to go back and buy it.

It’s a really creepy feature though that can easily be abused.

[mktk1001]

Wdym? You cannot target specific individuals when creating ads on FB/IG?

[ummonk]

You can (e.g. by email address), which is why it's impossible for Facebook to guarantee that ads weren't targeted based on listening in on conversations. It has no ability to determine how an advertising purchaser generated / obtained the data it is using to for ads targeting.

[TheDong]

You could roughly 10 years ago: https://news.ycombinator.com/item?id=34780696

And, it looks like that feature still exists: https://www.facebook.com/business/help/170456843145568

"Upload a list of emails to create a custom audience"

Seems easy enough.

[jstanley]

But every time this comes up the threads are flooded with people saying it doesn't actually happen and the ad companies just work out what you're interested in by what you're browsing.

[Buttons840]

> the ad companies just work out what you're interested in

The word "just" doesn't belong in that sentence. The ad companies being able to know things about you without actually listening to you is even more scary.

Evil-Ad-Company Neo: "You're telling me I can know things about my customers by secretly listening to them?"

Evil-Ad-Company Morpheus: "No Neo, I'm telling you that with the right license agreements, data sharing partnerships, and algorithms, you wont need to secretly listen to them."

[colinsane]

sorry, i don’t mean to be dense here but could you spell out the implications for me? why is what you’re suggesting more scary?

[karpierz]

They're saying it's scarier that ad companies can figure out these things without the data because it means that you can't protect yourself by withholding your data.

[chii]

> you can't protect yourself

but what are you protecting yourself from? What's the threat model?

[batch12]

I understood this to mean the amount of information they have is enough to uniquely fingerprint you and associate that with your derived wants and needs.

[hiatus]

> The ad companies being able to know things about you without actually listening to you is even more scary.

This has been true for years to the extent that the nature of your purchases can tell a lot about you. https://www.forbes.com/sites/kashmirhill/2012/02/16/how-targ...

[Brusco_RF]

I mean showing you ads for diapers because you googled "best diapers" falls under that same category and I daresay isn't evil at all

[munk-a]

I am pretty convinced that modern advertising - from the most inane and innocent to tracking users 24/7 pretty clearly falls under evil. Gone are the days of advertising trying to raise product awareness and convert purchases - that field now exists to create demand. It induces desires in the recipients that play on psychological factors like FOMO to create customers out of thin air - and that process causes we the consumer to pay a constant attention tax and suffer higher levels of stress in our daily lives.

Advertising is evil.

[sublinear]

You do realize all forms of media embed advertising directly into the content going right back to the beginning, right? There's nothing modern about it. Showing you a product when you actually want to see it is the most effective way to induce demand. All your favorite shows, movies, youtube personalities, etc. still do this.

[andrepd]

I'm not a radical about many subjects, but I'm certainly radically anti-advertising.

[iraqmtpizza]

Advertising is nudge theory without the do-gooder mystique

[kelnos]

Advertising, by its very nature, is emotional manipulation with the goal of getting you to give up some of your money for something you most likely don't really need and won't improve your life all that much, if at all. To me, that's evil.

Sure, there are varying degrees of this evil, but IMO even the least-objectionable advertising out there still can't be called "good".

In my experience, the case where advertising gets you to buy something that ends up being materially useful, that you would not have bought (or found a substitute for) without that advertising, is the exception, not the rule.

Oh, and to address your specific example: if you search "best diapers", and get shown ads for diapers, that absolutely is evil, because some ad-presentation algorithm is pushing you toward whatever diapers will generate the most money for the ad network, likely not toward which diapers are best. Not to mention that "best" often means different things to different people, and the ad networks only care about that insofar it increases their profit.

[myshpa]

> Advertising, by its very nature, is emotional manipulation with the goal of getting you to give up some of your money for something you most likely don't really need and won't improve your life all that much

I've heard somewhere that ads are rich people screaming "give me money".

(i know, i know, but i like it)

> To me, that's evil.

Bill Hicks on marketing: https://www.youtube.com/watch?v=tHEOGrkhDp0

[charcircuit]

>you most likely don't really need and won't improve your life all that much, if at all

People are spending money because they see that they are getting value from something. If people didn't want it or thought it was worthless they would not buy it.

[scarface_74]

I don’t have any ethical concerns with ads. My concern is that it ruins the experience of whatever content I’m trying to consume.

Surprisingly though, for some reason I don’t find podcast ads to be as offensive.

[RHSeeger]

Sure, if you take the most benign examples, it doesn't sound so bad. But it's so much worse than that. Going back to 2012 for "acting on data analysis gone wrong"

Target Sends Coupons to Pregnant Girl and Unawares Dad Explodes

https://www.workplaceethicsadvice.com/2012/02/target-sends-c...

> Pole had identified about 25 products that, when analyzed together, allowed him to assign each shopper a "pregnancy prediction" score. More important, he could also estimate her due date to within a small window, so Target could send coupons timed to very specific stages of her pregnancy.

And things just get worse from there, as companies figure out more and more ways they can extract information from the information they have about you, and share it with each other.

[lazyasciiart]

But that story was made up. (Not that Target does data analysis - the specific "teenage girl had sex!" anecdote).

[_factor]

No no no. First we start with trusted brands you know and love. We use the trust you have in them to slowly build a market around them. With our ad strategy, you’ll start seeing our product as related to Trusted Brand A. You will start seeing comments and reviews for our Brand in the same browsing contexts more and more until our Brand is now correlated enough to Trusted Brand A to remove purchase inhibitions.

After that, we just wait. We know we have you. It’s just a matter of time till you need a product like ours (you’re already our target demo), or an impulse buy occurs.

Without evening knowing it. You’ve been manipulated into trusting our brand, and you’ll think it was all an organic choice.

Nothing malicious or dangerous here.. move along.

[Rygian]

Those two categories are really far away from each other.

Googling X is a voluntary act to search for X.

Speaking about X with a friend, while the phone sits in a bag nearby, has exactly zero connotations of wanting to search for X.

[afavour]

Two different things. The popular conspiracy theory is that the phone listens to and presumably transcribes your conversations, sending them to a third party. The example the OP gave is specifically listening for TV content: they’ll have hashes of known ads/shows/whatever to compare against rather than do something like live transcription.

Don’t get me wrong it’s shitty and gross. But they are different things.

[ehsankia]

Both iOS and Android show when your microphone is active so the whole conspiracy theory about it always listening to you and sending it back is pretty bullshit. And no one has yet found evidence of such network traffic either.

[SketchySeaBeast]

True, but the theory is far older than the indicators. So maybe Facebook stopped being sneaky once those controls came in? Not saying I believe them, but there's still room for doubt there.

[ummonk]

Facebook doesn't have to be the one doing it - a 3rd party that controls an app on users' phones could be selling transcribed data to companies that want to run individually tailored ads on Facebook.

[AlInGaP_Diode]

except it's always listening for you to say "siri" or "google assisstent". Some androids also show what music is playing nearby. You can thankfully opt-out but the ability to is still there.

[ta988]

They do that with local processing. For the music thing it calculates a hash locally and send it to their servers.

[salawat]

...They don't even need to hash content. Advertisers can just add ultrasound beacons to the audio track.

Imperceptible to human hearing, but readily picked up by a listening mic. In fact, there are static analysis tools for picking out apps that access such API's in FDroid, along with taking measures to feed said apps dummy data. At least for Android anyway.

[tjoff]

The only reason they don't do that is because our devices aren't powerful enough to do it all the time.

[ikekkdcjkfke]

A dedicated chip?

[tjoff]

Yes?

I'm just glad we are not there yet.

[afavour]

I don’t disagree with you but the fact remains: they aren’t doing it.

[spiderice]

Your phone notifies you when an app accesses the microphone. If this is happening so much, how is it not blatantly obvious?

[alyandon]

Android phones that are 8 major versions out of date because the OEM won't support them probably don't have that feature.

[ehsankia]

8 major versions, that is surely less than 5% of the Android population. I'm sure the security flaws in those non-updated phones is far more serious than the lack of microphone indicator.

[onli]

According to https://source.android.com/docs/core/permissions/privacy-ind..., the microphone indicator is only in there since Android 12. Android 12 and 13 cover only 50% of Android phones, according to https://gs.statcounter.com/os-version-market-share/android/m.... There were some "access to the microphone is restricted for background apps" changes earlier, reported for Android 9. But I wouldn't rely on them, and even if those restriction always worked, that still made ~10% of Android phones vulnerable.

[Aeolun]

Ice Cream Sandwich was the best android, and nobody can tell me otherwise.

[alyandon]

I was being a bit tongue-in-cheek with the 8. However, it is just as valid to talk about unpatched security flaws.

[mike_d]

Why do you think iOS and Android now prompt for microphone usage?

[spiderice]

iOS has prompted for microphone usage since 2013

[thejazzman]

Nielsen has sent me about $30 so far begging me to wear a microphone that records me all day. They repeatedly call and have started fedexing me letters instead of USPS.

I open them to get my increasing amount of cash.

That data must be valuable???

[midoridensha]

Put the microphone on your cat while you're gone for the day.

[vkou]

Fly-by-night ad networks might engage in this. Ad networks that are in the sights of regulators, and can be slapped with $X billion fines, that may well exceed the marginal revenue produced by improved tracking[1] are going to be a bit antsier around doing that sort of thing.

[1] How much more money will a $100B ad business make if they improved tracking accuracy by %1? It's some positive number, but significantly less than $1B.

[consumer451]

Would a top tier ad network be exposed to any liability if the fly-by-night did the sketchy work, then the top tier bought that “anonymized” data?

[vkou]

Probably not direct legal risk[1] if they weren't the ones collecting the data, but integrating with all that shit has the incredible risk that your counterparty might just go up in smoke next week, while leaving you with a busted product, and all the reputational damage fallout.

It's picking up pennies in front of a steamroller. You'd have to be a truly desperate PM to consider it.

[1] Still all the legal risks of holding that data, but they are easier to mitigate.

[luma]

So instead they buy that data from the fly-by-night operators and carry on as usual. That's the key problem here, this data only needs to be collected by one shady operator, "the market" will handle the rest.

[cryptoz]

That was an official feature of the Facebook app at one point. Like 10 years ago. It's absurd that anyone would deny this. It was right there as a feature! Default off I think. But it was definitely there.

[scarface_74]

I can’t speak for Android. But exactly how does a mobile app turn on your microphone on iOS without you giving it explicit permission?

I just did a virtual visit with a doctor that used a video conferencing service that work without an app on iOS and just used Safari. I had to give the page explicit permission to use my microphone

[ummonk]

What makes you think they don't get permission from the user?

[iforgotpassword]

And that all this information gathering for targeting absolutely matters.

[BLKNSLVR]

Adtech is psychological manipulation. Radicalisation uses the same techniques: Create the perception of a vacuum and then provide the solution to fill it.

One is actively censored and you can go to jail for, the other isn't even on the legislative agenda. There are semi-understandable reasons, but it's far from entirely non-hypocritical.

- Do you trust your constituency to make up their own minds or not?

- Who are you trying to protect?

  - From what?

  - From whom?

And this is without even mentioning online advertising as a (seemingly increasing) vector of scams, frauds, malware and viruses.

[rcfox]

When I worked on audio firmware for the BlackBerry, one of the external devices I had to support was called a "security plug", which just shorted the headset mic and headphones to ground. It always seemed kind of silly to me because there was still the handset mic on the phone that could be activated separately.

[extraduder_ire]

Did an external mic not stop the internal one from working? I assume the plug was a box-checking exercise more than anything.

[rcfox]

I think the default audio routing was setup to stop the internal mic, but if you used the mixer API, you could do weird, custom things.

[1vuio0pswjnm7]

"Adtech is such a thoroughly gross field."

Someone else on HN called it "elegant" last week.

https://news.ycombinator.com/item?id=36975056

[sph]

> "The current movement to avoid tracking is an extremely powerful centralizing force."

What a biased, myopic comment. As if ad companies are a grassroots movement against centralisation. As if ad tech is not in the hands of the powerful few tech companies.

They have defended ads in 2021 as well. I wonder where they work. I mean, somebody must be writing the backend for all these ad companies.

[antoniojtorres]

I work in ad tech and elegant is not a word I’d use. It’s very, very loosely coupled and has a grave transparency problem.

[Raed667]

So your app already had microphone/audio permission granted for legitimate reasons or were they going to do the pop-up after the update?

[ericd]

Nah, we didn’t ask for any permissions at the time iirc, except gps if/when people wanted to use that to hop the map to the right spot.

[comboy]

Why broadcasted ads which are the same for everybody? Is it trying to track effectiveness of these ads?

[lmm]

Probably to target an ad for the same product/service at someone who was in the same room as a TV ad. About 10 years ago I worked for an ad targeting company and we got ~50% more click-through on a web ad just by showing it shortly after a TV ad aired in that location (just using the geoip timezone and hoping they might've been watching the right channel), if you could do that only for people who've actually been exposed to the TV ad there's the potential for huge uplift there.

[comboy]

Oh, that's clever.

[jrockway]

Why not? Your cable company would like to charge you extra if you mute the ads or use the bathroom during ad breaks. That's just capitalism.

[codedokode]

Exactly. Going to bathroom during ads is just a display of disrespect to creators and marketing people. You could go during the show instead.

[uhtred]

so this really does happen then? Because I used to be convinced it wasn't a coincidence when I saw ads online for some niche uncommon topic I had recently talked out loud about.

[gregschlom]

This matches the audio signature of the TV ad - basically, it's like Shazam, but for TV ads.

It's currently not economically possible to listen to user's conversations, transcribe them to text, and serve ads based on that. It would cost orders of magnitude more in processing power than you could get from the extra sales.

This might change in the future, of course

[ericd]

Yeah, my understanding was that it was audio fingerprinting tv ads, not transcribing anything, but I wouldn’t be surprised if they were trying to vacuum up other stuff. That said, I think it should be feasible to do basic low-accuracy transcription on-device, especially with all the neural engine hardware making inference more efficient.

[jabradoodle]

Wouldn't cost that much if the transcribing is done on device

[camdat]

This would be immediately obvious in a cursory analysis of performance. On-device transcription is not only computationally infeasible, it would also require model capabilities far beyond what is currently SOTA.

Google had (and has afaik) significant challenges implementing multiple wake-word detection for precisely this reason.

Transcribing a couple of words accurately on-device without a major performance penalty (so that it can be running in the background always) is just _barely_ coming out now.

[jabradoodle]

I would have to take your word for it but my phone is able to transcribe speech with no problem and no internet connection.

Of course running it 24/7 in the background would ruin my battery, you would have to be smarter than that.

[ct520]

rewind.ai has entered chat.

[yomlica8]

There's this weird narrative I see that "computers just aren't powerful enough" to do things I remember them already doing on Pentium 1 class machines in the 90s.

[lobocinza]

> It's currently not economically possible to listen to user's conversations, transcribe them to text, and serve ads based on that.

Anedoctally I belive Meta does something like that because I consistently get ads on Instagram about topics I talk with a friend on Whatsapp and sometimes that is done completely via audio messages. Though I might be wrong and leaked the topics in text messages among other possibilities.

I think it can be economically feasible. They can have a model optimized for their topics which can be orders of magnitude faster than general-purpose speech recognition. Low accuracy probably wouldn't be an issue as they are able to fine tune the user topics of interest via its interactions with the ads (e.g. click rate, time spent before scroll).

[tommica]

Man, being offered $11k for an extension would be hard to say no to... With that a down payment for a house is a much smaller problem. It's always a good idea to consider where the line is for ones own ethics.

[Cthulhu_]

In a sense, poverty encourages corruption / corruptability; it ties in with the saying that everyone's for sale at the right price.

I have a website, I'm sure it's worth money to someone. If someone were to offer me $1000? Piss off, i've paid more than that in hosting costs in the 15 odd years I've run it. 10K? Sounds compelling, I'll have to think about it. $1M? Fuck all of my online friends, I'm taking the money and cutting contact.

It would be shit and I'd probably regret it, but it's a lot of money. But this kind of corruption is everywhere, and worst of all, it's permeated in politics. But subtly, in the form of campaign contributions, lavish parties and vacations, connections (i.e. lavish positions in company boards during or after a tenure in politics), never in the form of wads of cash passing hands.

[delfinom]

In the US, $11k may only cover submitting three months rent + security deposit to rent an apartment.

[pr0zac]

I am not at all surprised to see one of the emails you got matches exactly (other than the extension name) one from the linked post. Definitely a lot of this crap is heavily automated.

> I'm a fan of [extension name] and I really like how convenient and useful it is.

> Have you considered offering promotional spots to those interested in promoting their products on your extension? I'm interested in promoting my own extension on [extension name] and would love to discuss this possibility with you.

> Let me know if you're open to this.

[aopell]

Interesting, I've received this same exact message recently as well. I've maintained an extension with a few hundred thousand users for the last few years and I've received way more messages like this in the last year than ever before. Can't say I'm that surprised though.