this post was submitted on 05 Sep 2024
28 points (86.8% liked)

Technology

35125 readers
166 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
top 13 comments
sorted by: hot top controversial new old
[–] theshatterstone54@feddit.uk 13 points 3 months ago* (last edited 3 months ago) (1 children)

Somewhat misleading title. What's actually happening is an ad company that worked with Big Tech had tried to pitch the idea to their Big Tech partners (claiming devices are already listening so why not use it for ads), at which point the Big companies tried to distance themselves from the ads people (in theory). In practice,

Google removed CMG from the Partners Program after a review.

With no mention of whether the removal was related to the evil practices described above.

[–] yogthos@lemmy.ml 4 points 3 months ago (1 children)

the important part is that if ad companies can listen then three letter agencies almost certainly are

[–] CameronDev@programming.dev 10 points 3 months ago (1 children)

Not disputing the three letter agencies, but there is zero evidence that that ad company ever had the tech or ability. They were/are just full of shit.

[–] ganymede@lemmy.ml 4 points 3 months ago* (last edited 3 months ago) (1 children)

well they're an ad company, so being full of shit is pretty much mandatory.

but i'm not aware of any evidence they're actually 100% full of shit on this exact issue or not? can you explain a little more how you know for certain they're full of shit. or you just meant "they're most likely full of shit"?

[–] CameronDev@programming.dev 1 points 3 months ago (1 children)

The capability they were claiming to have would make a three letter agency very excited. If they truely had the ability to listen to your microphone, transparently without notifying the user, they could sell that tech to every regime that wants to snoop on people, for millions of dollars.
Instead they claim to be using it for Ad-tech, where if it existed, would make it trivial to discover and flag as malware.

Apple and Google would also be very keen to find and squash whatever loophole let's them record without showing the notification.

Its just an extraordinary claim, which if true would have been exposed/validated by security researchers long ago.

[–] ganymede@lemmy.ml 4 points 3 months ago* (last edited 3 months ago) (1 children)

Not disputing the three letter agencies

The capability they were claiming to have would make a three letter agency very excited.

sorry i didn't understand. didn't you say you don't doubt TLAs likely already have this capability?

oppressive regimes

most (all?) of whom are operating outside typical legal constraints and likely already have access to the million dollar exploit trade which already exists.

further, i'm not sure how this changes the landscape anyway? its not without precedent that variations on capabilities can be useful to more than one market segment concurrently?

trivial to discover and flag as malware

can you explain further what you mean by this? i'm not sure there's anything trivial about conclusive analysis of the deep complexities and dependencies of modern smart devices

Apple and Google would also be very keen to find and squash whatever loophole let’s them record without showing the notification.

historically we've seen google can take over half a decade to address such things, afaict (welcome correction on this) apple's generally been faster to respond, and i do agree apple's current public image attire would be contrary to be seen to enable this. [not simping for apple btw, just stating that part of their brand currently seems to be invested in this]

in reality there are a confluence of many agendas and there's likely ALOT of global users running non-bleeding edge or other variations on the myriad of sub-system components, regardless of what upstream entities like google implement. if you are aware of any conclusive downstream binary analyses please link

which if true would have been exposed/validated by security researchers long ago.

i agree the probability of discovery increases over time. and the landscape is growing more hostile to such activities. yet i'm not aware that a current lack of published discovery is actual proof it's never happened.

tbh we have our doubts this leak is directly connected to solid proof "they are listening".

but we're not currently aware of any substantiated reasons to say with certainty "they're absolutely not listening"

[–] CameronDev@programming.dev 2 points 3 months ago (1 children)

The capabilities TLAs have costs hundreds of millions of dollars to develop, and once caught, are worthless. TLAs are extremely careful with their toys to avoid them being caught.

This Adtech company is claiming to have something at that level, which they are deploying everywhere. If it existed, it would have been found the day after they announced it, the security researcher industry would be all over it. They are very intelligent people who do understand those devices inside and out, if it existed they would find it. Remember, these are the same researchers who frequently out actual TLA tools.

You can't prove a negative, so it definitely is a probability thing, but I put the probability at basically 0 that they have what they claim.

https://arstechnica.com/gadgets/2023/12/no-a-marketing-firm-isnt-tapping-your-device-to-hear-private-conversations/

[–] ganymede@lemmy.ml 4 points 3 months ago* (last edited 3 months ago) (1 children)

happy to get into into these subtopics, but it's also possible i may not be understanding you properly because i agree with alot of what you just said.

what are you attributing the close to 0 probability to?

if you wanna say "whats the probability that CMG was at least partly talking out their arse about their capabilities (and especially any claim they were currently in possession of that capability)?"

i'd also give it like >90% probability they (CMG) are full of shit. in which case you could say i agree with you (to within say 10% error margin).

if you're instead saying the probability is ~100% that audio surveillance capability cannot possibly currently exist outside TLAs because "someone would've published it already" then i really cannot agree. (and afaict that ars article does not support that stance either)

[–] CameronDev@programming.dev 1 points 3 months ago (1 children)

Any idiot and chatgpt could knock up an overt always listening app in an afternoon. I have no doubt shady apps already can do this. Its not hard or expensive. (Backend storage and audio processing costs are a different kettle of fish, and I think those make this fairly prohibitive as well, but that's a funding problem, not a technical problem.)

But as soon as they make the claim that it doesn't trigger the microphone LED on iOS and Android, across all devices, then that's a "technically hard" problem. That's multiple zero days across multiple devices. Its just not feasable for an ad tech firm. They would never be able to recoup that investment.

I'm happy to be proven wrong, but so far all the researchers in the world have found nothing.

So I'm attributing near 0% chance that anyone outside of nation states have the later tech (device agnostic covert audio recording).

[–] ganymede@lemmy.ml 2 points 3 months ago (1 children)

why does it need to be device agnostic?

[–] CameronDev@programming.dev 1 points 3 months ago

That's just what CMG claimed to have.

But to be useful for an advertising network, it kinda needs to be installable on everything. And if it failed to suppress the mic LED on a single device, it would be very easily noticed?

[–] monobot@lemmy.ml 7 points 3 months ago (1 children)

We all had experience with ads showing up after we talked in person with someone about topic. I don't need some random person ir media telling me something obvious is happening. And for some time already.

[–] deranger@sh.itjust.works 13 points 3 months ago* (last edited 3 months ago)

I really doubt they’re listening to your microphone. Constantly uploading your audio would be noticeable in bandwidth and constantly analyzing audio on device would kill your battery - at least currently.

What this demonstrates is how good tracking by other methods is getting. You don’t need to listen to someone’s microphone when you know what they and their friends/coworkers are looking up online and likely bringing up in conversation. It’s trivial to fingerprint someone and track near everything they’re looking up online, and even if you’re privacy conscious, many of those you associate with share their contact list with every app that asks for it. This makes suggesting things your friends are looking up pretty easy. Add a bit of confirmation bias to the mix and you’ve got this “listening to the microphone” theory, because you’re not counting the number of times an ad isn’t something you’ve been recently discussing.