Way back then I exposed massive data collection from Twitter by Google which made it possible to plot locations at which you used Twitter in Google Maps by simply putting your Twitter handle into the search field. Somehow they knew about these locations even when you opted out of sharing location data with Twitter (I checked) -- so this was only possible by Twitter privately providing this information to Google.
This "experiment" has since then been shut down, but exposing this and many other other forms of activism permanently has cost me my Twitter account, to the point that asking to reinstate it several times because I was permanently suspended for no valid reason led to X Support directly rerouting every attempt to appeal this decision into the digital trash can.
Let's say nothing surprises me anymore.
At the time I am typing this, the title on the page is:
""Your phone isn’t secretly listening to you, but the truth is more disturbing""
Which is presently also the title on this post.
Then as I read it becomes clear that it is merely focusing on Facebook.
However the confusion that may stem from "Your phone isn’t secretly listening to you"
The blog post never attempts to establish that your phone is not listening to you, just that some companies may not be going it.
The truth is that your phone may well be listening to you . There is plenty of malware / spywear that uses exploits to achieve it.
Like the NSO group¹.
Tools to do so can be bouught on the malware market from other sources as well and we must assume that Mossad, NSA, and other major intellitence agencies have tools that exceed what you can buy on the open market.
You phone may aboslutely be listening to you. but probably it is not.
¹
https://www.bloomberg.com/news/features/2023-01-24/nso-group... https://www.britannica.com/topic/Pegasus-spyware https://citizenlab.ca/2016/08/million-dollar-dissident-iphon...
https://newatlas.com/computers/smartphone-listening-conversa...
https://www.bloomberg.com/news/features/2023-01-24/nso-group...
BTW, "smart" TVs send screenshots too. [0]
> "Apps were automatically taking screenshots of themselves and sending them to third parties. In one case, the app took video of the screen activity and sent that information to a third party.”
> Out of over 17,000 Android apps examined, more than 9,000 had potential permissions to take screenshots. And a number of apps were found to actively be doing so, taking screenshots and sending them to third-party sources.
Which permission is that, and how do you detect which apps are doing that and stop them?
People seem to ignore the cost and accuracy aspects of a phone listening to you 24/7. At least with today’s constraints, it is highly unlikely to be happening.
First, the cost to transcribe audio is not free. It is computationally expensive. Any ad network or at scale service would not be able to afford it, especially in orgs where they are concerned about unit economics.
Secondly, the accuracy would be horrible. Most of the time, your phone is in your pocket and would pick up almost nothing. More over, it’s not like you are talking about anything of value to advertisers in most cases. Google is a money printing machine because people search with an intent to buy. The SNR of normal conversation is much much much lower. That makes the unit economics of doing this gets much worse.
Third, it would be pretty hard to not notice this was happening. Your phone would get hot, your battery would deplete very quickly, and you’d be using a lot of data. Moreover on iOS you could see the mic is being used and the OS would likely kill the app if it was using too many resources in the background.
So until we find an example of this actually happening, it’s not worth worrying about.
Television, not phone, but YouTube sure intrigued me at minimum yesterday. First, it revealed pretty clearly that even with history turned off, it will use the history of other accounts accessed from the same IP to serve recommendations anyway. Without history, it turns off the home page recommendations, but when I ran a search, it showed me completely unrelated videos from a rock climbing channel my wife had watched on another account. I have never watched any rock climbing content on this account.
The second incident was the "listening to you thing," though. Not on the phone, but on a smart television. Exterminator was there to do the quarterly spray of my house and I was showing him scars from when I fell off a skateboard trying to bomb a hill I couldn't handle late last year, talking about what happened, and not five minutes later I turn on the television, open YouTube, and the very first recommendation on my wife's account is a video of a guy falling off his longboard at 50 MPH. Not like it's some kind of secret that we both skate and I watch a lot of downhill videos on this account, but I have never once specifically searched for, watched, or even been recommended a video of a crash, until they decide to do so five minutes after I was talking about it in front of that television.
What rot.
Here’s a simple experiment I ran and still works.
Back in the day there was a truly ghastly add for ear wax removal that showed up on YouTube in the UK.
In an experiment, and prank, I told two of my close friends about this, and how this horrid advert would kill my appetite when it came up.
And then I made it a point to repeat “ear wax removal” loudly several times.
Sure enough. A day later my dear friend messaged me with something on the lines of “I hate you”
Their phones were Android and iOS. I believe it was the Android user suffered.
The thing is, it's not even people doing the correlations. Just like transformers can learn most of human knowledge just by trying to predict tokens, I would not be surprised if the ad-serving machine learning systems have learned about people in similar detail.
State of the art about 10 years ago was 4 9s of accuracy predicting click-through rates from the available context (features for user profile, current website, keywords, etc.), which I interpreted as requiring a fairly accurate learned model of human behavior. I got out of that industry so I don't know what current SOTA is for adtech, but I can only imagine it is better. The models were trained on automatically labelled data (GB/s of it) based on actual recent click-through rates so the amount of training data was roughly comparable to small LLMs.
Recent anecdote; three of us were sitting around the kitchen table with our phones out chatting about an obscure new thing that had come up; it appeared in one of our FB ad streams pretty quickly.
My top guesses about how this is possible today;
1) Apps routinely link many third-party data gathering and advertising libraries. Any of these libraries could be gathering enough contextual data and reselling it to make a correlation possible. It's not just obscure thing A that triggers an ad, it's highly correlated mixtures of normal things X, Y and Z that can imply A.
2) other friends may have talked about the obscure thing recently and social network links implied we would be aware of it through them.
Distant 3) the models are actually good enough to infer speech from weird side-channels like the accelerometer when people wave their hands when they talk, etc. Accelerometer sample rate is < 1KHz but over 100Hz which may be enough, especially when you throw giant models at it.
At one of my previous companies we made a moderately popular mobile app SDK that app developers would embed in their apps. We were approached by a company that claimed they had a MIT developed (or was it Bell Labs?) audio recognition technology similar to Shazam, but orders of magnitude more efficient, that would be used to recognize audio from ads and record when a user was exposed to a TV or radio ad for tracking purposes.
I don’t remember the name, that was at least 10 years ago before Apple started enforcing permissions on microphone access and showing an orange dot, but they wanted to do a revenue-share deal in exchange for us quietly bundling their SDK inside ours.
Needless to say we turned them down so we never learned more or tested the veracity of their claims, but there are some really sleazy companies out there. Modern smartphones have sufficient horsepower to do the audio processing on-device so the argument that this would show up in network traffic does not hold.
This partly explains why the recommendations I receive don't feel like mine. Multiple times, it's been obvious that the suggestions were pulled from other profiles and I could even tell whose.
My hypothesis
* The algorithms have linked my account to some others.
* They then serve me the embeddings extracted from those profiles. The near-real-time nature of this has crossed my mind more than once.
It's really unsettling, and afterwards I feel uneasy about any recommendations (all Google services, Netflix seems problematic too, not Amazon).
YouTube seems to have some hidden knobs for tuning this behaviour: after multiple negative feedbacks, the problematic content disappeared from my front page. However, the recommendations on the right-hand side of individual videos remain problematic, and the automatic playlists of YouTube Music are still strangely disturbing (even after multiple negative feedbacks).
This fact is important, because if an app were accessing a microphone and sending the audio to a cloud server for analysis there would be detectable traces of data consumption.
Because that's not how it works and companies like Meta know this when misleading it's users about their privacy.
Speech-to-text transcription is handled on your device. They never transmit the raw audio, there's no need to. A compressed text transcription of your conversation would only generate a few kilobytes of data. You would never notice it.
And the mic needs to be active in order to receive legitimate voice commands. If it can respond to your voice, the microphone is on and listening. That's the only way it can work.
One time my wife and I had a random conversation, utterly random, about cat hamster wheels. Like, why doesn't that exist? I got an ad for it the next day (it exists).
I don't believe that my phone is not listening to me and I challenge you to choose a random word out of the dictionary and say it 100 times in front of your phone.
> User permissions for a large number of apps were all enabled
This says it all. Privacy is not by default, because of souless mega corporations, including HN which has an extremely invasive privacy policy. If you don't actively take steps to improve your privacy, they will continue to exploit it. Use GrapheneOS, it is the most private and secure mobile operating system. Nothing happens without your explicit permission, the way it should have been from the beginning
>Not only does the system know exactly where you are at every moment, it knows who your friends are, what they are interested in, and who you are spending time with
This actually makes sense of an anecdote a colleague uses to say that he thinks his phone is listening to him.
I am a keen skier. He used to ski a lot, but hasn't been for several years. Around the start of ski season this year, we talked about my plans to go skiing that weekend, and later that day he started seeing skiing-related ads.
He thinks it's because his phone listened into the conversation, but it could just as easily have been that it was spending more time near my phone (I had only recently started at that job) on which I regularly search for skiing-related things like conditions reports and directions to ski areas.
> There is no easy way to close this privacy opening
Sure there is.
Hide screenshot taking behind permission and slap down hard apps that refuse to operate without them.
> As far as anyone could understand, the proposed CMG system wasn't listening through a phone's microphone 24/7, instead it was using those small slivers of voice data that are recorded and uploaded to the cloud in the moments after you activate your voice assistant with a "Hey Google" or "Hey Siri" command.
That's not quite accurate. The CMG thing was very clearly a case of advertising sales people getting over-excited and thinking they could sell vaporware to customers who had bought into the common "your phone listens to you and serves you ads" conspiracy theory. They cut that out the moment it started attracting attention from outside of their potential marks. Here's a rant about that I originally posted as a series of comments elsewhere: https://simonwillison.net/2024/Sep/2/facebook-cmg/
The "Hey Google" / "Hey Siri" thing is a slightly different story. Apple settled a case out of court for $95m where the accusation was that snippets of text around the "Hey Siri" wake word had been recorded on their servers and may have been listened to by employees (or contractors) who were debugging and improving Siri's performance: https://arstechnica.com/tech-policy/2025/01/apple-agrees-to-...
The problem with that lawsuit is that the original argument included anecdotal notes about "eerily accurate targeted ads that appeared after they had just been talking about specific items". By settling, Apple gave even more fuel to those conspiracy theories.
I wrote about this a few months ago: https://simonwillison.net/2025/Jan/2/they-spy-on-you-but-not... - including a note about that general conspiracy theory and how "Convincing people of this is basically impossible. It doesn’t matter how good your argument is, if someone has ever seen an ad that relates to their previous voice conversation they are likely convinced and there’s nothing you can do to talk them out of it."
... all of that said, I 100% agree with the general message of this article - the "truth is more disturbing" bit. Facebook can target you ads spookily well because they have a vast amount of data about you collected by correlating your activity across multiple sources. If they have your email address or phone number they can use that to match up your behaviour from all sorts of other sources. THAT's the creepy thing that people need to understand is happening.
My younger bro is convinced phones are eavesdropping on conversations and got particularly paranoid (I thought) a year or so back in regard to talking in earshot of his phone.
His evidence is empirical - Apparently he gets pretty high with friends and shit talks - but when when the search started to suggest some pretty way out things along the same lines, he landed that their conversations weren't private any more.
So I have an understanding of how much tracking is going on so I pressed him on that. But he assured me it was stuff he would not even bother to look up in a clearer mindset and of course smoking recreationally for a very long time knows not to go near some tools that could land himself trouble or awkward explanations. That's probably true he says a lot of stuff that a half decent search would put him straight. In the end I just figured loose permissions of one of the many apps he's installed and that's how they (the app) make their money, selling illegally obtained data to more legal sources.
Permissions are the problem with android phones - there needs to be a specific install route for users, one that the app starts asking for things it should not need have access to, the installer refuses to install and suggests the user look for something better. Camera apps for example really don't need access to communication channels, if it's updates it's need, it can ask - one time access.
Doesn't it have to listen to everything to capture the wake word "hey siri"? How else is it done?
Keep thinking its merely correlation while the US military bans phones from the SCIF…
Pretty much every time I add a new contact to my phone I start to get really strange ads online. I figured it out when I added a guy who's retiring for the army. I started getting retirement ads for soldiers.
Then, I add a guy I loosely know and what do I start seeing? Cocaine rehab ads. I shit you not. It's not hard to argue that this is more than a minor privacy violation.
There's a nation proud of overspinning enrichment turbines with a complicated computer virus that can even work offline. No conspiracy, that's just StuxNet.
So, when you start learning about tech, you get paranoid. If you're not, it's even weirder.
The fact that someone can target you, individually, is undisputable. Whether it will or not, that's another question.
What I can recommend if you think you are being observed, is to avoid the common pitfalls:
Don't go full isolationist living without technology. That is a trap. There is nowhere to hide anyway.
Strange new friends who are super into what you do? Trap.
You were never good with girls but one is seemingly into you, despite you being an ugly ass dirty computer nerd? That is a trap. Specially online but not limited to it.
Go ahead, be paranoid. When an article comes to probe how paranoid you are, go ahead and explain exactly how paranoid you have become.
But live a normal life nonetheless, unaffected by those things. Allow yourself to laugh, and be cool with it.
Hundreds of clone accounts doxxing me? Well, thanks for the free decoys.
Constant surveillance? Well, thank you for uploading my soul free of charge to super protected servers.
Dodgy counter arguments in everything in care to discuss? Sounds like training.
The paranoid optimist is quite an underrated character. I don't see many of those around.
I get all the proximity-based aggregation, and creating graphs of relationships to leak content between personal "algorithms" (dislike that wording but that's the colloquial usage), and tracking between sites + social networks, and all the basic stuff ... but can somebody explain how I immediately get served ads relevant to text typed into (presumably-encrypted) iMessage conversations?
I also have a couple distinct memories of getting served ads for products I've never searched for or never bought before, after I either bought it in a store or, even weirder, literally just picked it up, looked at it, and put it back on the shelf in a store?
I can craft some kind of super-surveillance-state theory as to how you could achieve that, but it feels very unlikely to be deployed at a small CVS lol
Anyways, these might just be coincidences but still perplexing to understand how it's done.
The phone is listening. Services like Shazam and Alphonso are constantly fingerprinting audio from the mics and sending these fingerprints up for "matching".
What are they matching against? Against key "content".
To check if the fingerprints from your phone mic match the "content" they have to do some kind of nearest neighbor search. What if the fingerprints aren't super close but they're somewhat close? To "content" related to certain products? Should we send the ad?
What if employees at Alphonso and Shazam _know_ that the fingerprints from your phone aren't quite close enough to have been generated from key monetizable samples of the "content", but also know that they are close enough to be effective? At targeting potential buyers?
Who decides how close is close enough? What's the ethical threshold here? And what's the most profitable threshold?
I seem to recall that state of the art audio encoding can compress voice to 8kbit/s which is a single packet per second, insignificant compared to how chatty your device is. Trivial to buffer and send during a period of activity. It sums to 1.7MB over the 30 minute window in the article graphs which should be visible if it is actually counted. Why would apple or google actually make it count though? They want to spy on you either for their own benefit or because the government forces them to. You say you found it taking screenshots and phoning them home. Of course! It is a surveillance device. Is it worse? Maybe. You should consider it sends everything home. Every keystroke, every touch of the screen, every sample of the accelerometers, every sample of audio. Perhaps only the sheer quantity of data in video prevents them from sending it all. Might be "remedied" with 5G bandwidth.
Apple settled a lawsuit about Siri ‘unintentionally’ listening. [1] So, yes, they also can likely predict what you want based on all they do openly track… but we can no longer claim that they aren’t listening.
Based on the lawsuit and other sources, my guess is the phones build a word cloud that is then used for targeted advertising. Apple at el aren’t recording and selling the actual audio… but they are listening.
(1) https://www.reuters.com/legal/apple-pay-95-million-settle-si...
If "the truth is more disturbing", then why do people seem to care about "secretly listening" but not about "the truth" (data collection). Perhaps because the US has state and federal laws against wiretapping. Perhaps the difference is consent. Arguably so-called "tech" companies have obtained consent to collect data ("the truth"). But have they obtained consent to "secretly listen" to private conversations.
I’ve said it before and will reinforce it cause once again no one brings it up in the comments. People report the phone is listening to them because they talked about <insert> and now they are seeing ads for it. What they may not realise is they are talking about <insert> because subliminally the ad worked they just never noticed it. Now they have. The ad was there first like a little virus worming in your brain and then you bring it up with friends thinking it an original thought.
It is in fact listening to you, at least if you have an iPhone: https://www.lemonde.fr/en/pixels/article/2025/02/14/apple-ta...
That was a stupid study. Phones know if they are being used - the phones for 3 days around ads is meaningless.
Tracking isn't all the time - that would be tough. They do record stuff when you doing certain things tho...
It's not impossible at all, actually it's rather easy if you have access to their actual online activity too.
Does anyone recall the national discussions surrounding what constituted metadata following 9/11 when ThinThread and Trailblazer were brought to public attention?
I also recall reading about members of the TIA "Total Information Awareness" program leaving to join advisory boards for rising social media platforms, Facebook most notably. These weren't tinfoil opeds in fringe outlets, but regular reporting by journalists published in trusted local newspapers.
Are there any outlets left who aren't part of consolidated media groups that can or do still track and report on movements like this? I've having trouble finding original articles that haven't been "revised for historical accuracy" or hidden behind paywalls of the few entities that remain.
Edit: For context, I was looking for the earliest articles about Google citing legal justification for scanning the contents of emails under a favorable interpretation of metadata that allowed for tokenization by an automated process (ie- the contents were not read by a human or made personally identifiable, which met the letter of the law). It follows that the same justification is not limited to any source or data type, but I couldn't recall any more recent reporting or statements from companies over the last 10-15 years, or, the "don't break Google" era.
If our popular phone operating systems were worth anything and actually acted as an agent for the user that owned them, they'd allow anyone to easily track and prevent this.
Do iOS apps also take screenshots of activity in other apps without consent? Does the platform allow it to, if yes then is there a way to block it?
« The article posits that the uncanny relevance of some ads is due to sophisticated data collection methods. Companies analyze user behavior, online activity, and social interactions to predict interests, making it seem as though devices are listening.
In essence, while smartphones may not be actively eavesdropping, the depth and breadth of data analytics employed by tech companies can create the illusion of such practices.»
A few years ago, I was fairly convinced that Google Voice was listening and punishing me for hitting "political third rail" keywords during phone calls.
On more than one occasion, I would be in a conversation with a friend of mine and things would turn political, and if I spouted just the right combination of anti-left rhetoric/keywords, our connection would drop right away -- boom.
Now why would Voice do this when other Google properties don't? I mean, they don't filter Gmail or Docs or Photos looking for subversive content and censoring it. YouTube comments, maybe.
But I figured that if they wanted, it was completely possible. Because they have proven and deployed live-transcription, and they're best at English. Not to mention, Voice is sort of a deprecated product that they don't really support. So why not throw a little havoc in there for miscreants?
The reason I was using Voice was to place phone calls from a SIM-less tablet. It seems that Voice insists on using my real phone now for routing any sort of call. So I haven't had opportunity to test the boundaries for years now. Nevertheless, I was not sorry about the possibility of censorship, I was duly chastened, and sorry I've been so brainwashed to lapse into mindless talking-point rhetoric.
Never trust these people, always know that something is going on somewhere.
> Even though these ad algorithms are not nearly perfect (try to pay attention to how often you are served ads that are entirely irrelevant to your interests), the simple fact that they are so eerily correct even some of the time is the real conspiracy here.
This could be intentional. Having too many accurate ads is having a bad effect, because you then enter the uncanny valley of noticing what the data collectors all know about you.
Yes my phone is listening. To almost every word, and using that information to serve me ads. I would bet my entire net worth on that, as I'm 100% certain.
it’s just ai llm snooping amd doing big ol compute just like we have access to now. but advertisers had it years ago cuz they paid and at large, ads sold.
became so prevalent no differentiable value so the algos etc sought new omg human public users. magic baby. but just hungry ip sw gobbling up new worlds.
maybe. just thinking outloud.
iPhone will tell me that I have a 25m drive to get to work. Literally why? I know where I work and how long it takes. I have done it enough times for it to learn what I do at 07:30 in the morning. Is it just flexing repeapetedly that it did a simple inference?
bs article paid for by those big corporations.
[dead]
Tl;dr it’s not the microphone… it’s screenshots.
This article reminds me of this excellent tongue-in-cheek piece of writing by Jonathan Zeller in McSweeney's:
Calm Down—Your Phone Isn’t Listening to Your Conversations. It’s Just Tracking Everything You Type, Every App You Use, Every Website You Visit, and Everywhere You Go in the Physical World
https://www.mcsweeneys.net/articles/calm-down-your-phone-isn...