from aviation_hydrated@infosec.pub to privacy@lemmy.ml on 04 Aug 2024 14:49
https://infosec.pub/post/15778487
I’m learning a language, I speak it in public to other people who do. I don’t research the language, because I have some old text books on it. My partner doesn’t speak it and doesn’t research it on their devices. I don’t normally have my phone on me in public, but my partner does. It took about 4 months of publicly speaking in the language before they got ads
What do you think this means?
::edit::
It was a Reddit ad and my city has embraced those AI smart cameras, so I assume some of those are Google owned which makes sense with Reddit and Google’s recent alliance. This is assuming our devices aren’t listening to us without our permission and AI cameras are mining data on passersby
Other theories are that since cellphones are involved it doesn’t matter if I nor my partner ever searched for the language, at some point my phone or partner’s phone was near someone who spoke that language and the data brokers/ad sellers inferred from there
Seems like the consensus is that I must have posted in the language on some social media or used Google to research it or made some new friends who speak the language and that’s why
#privacy
threaded - newest
Real time microphone surveillance. It was proven to exist quite a few years ago.
Any sources on this? We don’t use voice activated AI bots like Alexa
This was years ago, but I left my phone at home with the Spanish channel on. I planned to do this for a few days, but after 9 hours my Twitter and Facebook feed ads were both in Spanish. I’d be surprised if they stopped scraping that data.
Wild, I’ll have to try that
What kind of TV service / set top box did you have at the time? I remember a lot of talk about providers pushing set top boxes both because it lets them use newer broadcast tech with customers using old TV tuners, but crucially it allows them to have their own software running on the box that you use to switch channels, which let them use out of band communication over the cable network to report what channels you watched, when, and how long, which I don’t doubt gets sold and aggregated by ad targeting firms.
It’s pretty common for smart TVs to do a similar thing to collect streaming app watch data when using the TVs built in apps.
Do you use a non degoogled android phone?
Yes. Partner does not
Then it could be from google assistant listening in the background or speach to text. I would do google takeout if you are really curious, you get a copy of all the data that they have on you. You can find all sorts of stuff depending on your account settings like transcripts of your conversations, locations you visit, …
The sources I know are in Russian so they won’t be useful for you but generally gapps have this feature and idk if it can be fully disabled without degoogling.
I can translate Russian, I’d love to see their research
The first sources I’ve ever found was this piped.video/watch?v=gsZo_I8wIKI and this piped.video/watch?v=U0SOxb_Lfps
But since it’s a very popular topic, you can find more articles, tests and researches. There’s also this video that explains other kinds of tracking piped.video/watch?v=gsZo_I8wIKI
I’m bad at searching and I don’t follow actual research papers. You can find that yourself I think.
Yeah I’m more on the actual research paper route, I need science and not opinion or speculation. But with that, I’ll probably take a look since community lead efforts can be good too, thanks for sharing
If your partner has their phone on them it is always listening so it can activate if you say “okay google” or whatever.
Source:
Already gave.
I don’t consider russian youtube videos to be credible sources.
That’s racist. Get reported. Also the Russian video is just a confirmation of the American video (that is in one of the links tpo) that started the whole thing.
I think “the microphones are listening when they’re off” is still a conspiracy theory at this point. It’s not really needed to get enough information.
Are there any ways that Google could find out that you’re interacting together?
I’m not saying these are all ways that Google uses, but I believe that each of them are ways that Google would be able to associate that language to your partner.
Yeah only one that would match would be geolocation, and I’m a pretty offline first person, so no overlap in internet history since my footprint is pretty much Lemmy this summer.
Which makes me think it could be all the AI smart cameras recording interactions
You have your phone on you, right? And he has his phone on him, right? And your phone’s are constantly near each other, riiiiiight? Do you maybe see where this is going?
Your “Internet profile” is being linked to his “internet profile” because they can see you are constantly together. So they assume friends/relatives/coworker. But they also see that you’re together at times people who are couples are(late at night while asleep, for example). So with basic time and location data, they’ve determined you’re a couple. And that becomes another metric in your profile. Things that he likes, it will assume you like or are at least interested in, and same for him. All you had to do was type in the other language a few times and your profile got “speaks X” added to it. And him, by dating you, now has “knows someone who speaks X regularly” attached to his profile.
It’s really very easy. Now imagine that everything you do is being catalogued like that. Then cross referenced with other people they know more about to flesh out more inferences about yourself(“you like x and y? 98% of people who like X AND Y also like Z, so let’s advertise Z to them”.
It seems like magic but it’s just advanced statistics in action.
What I’m saying is I don’t have an internet profile like they do. I have never researched this language on the internet and have only purchased books for it in cash without a cellphone on me, so this specific overlap is weird
I’m not saying “oh wow, the NSA has a profile on me, how??”, I’m saying, I have kept this specific data private from my direct internet connection, how are the data brokers targeting family member devices
Says the person with a Lemmy profile. Do you pay bills online? Do you search things? Use maps?
Congrats, you have a shadow profile out there logging all the data about you.
You didn’t keep shit private if you’re carrying a GPS tracker on you at all times, which you are(your phone). You are VASTLY misunderstanding digital privacy and how statistics works. You don’t have to type a single foreign language word for them to know you speak it. Just go to places and hang around people that it knows speaks it and it’ll make the assumption. Every person you interact with who shares EVERYTHING is, congrats, basically a snitch on you as well.
It’s statistics, like I said.
So your theory is the there is no opsec if any cellphones or anything with GPS are involved?
That sounds legit. If your GPS location is on at all times (assuming this is on your cellphone), then they’ve got enough geolocation data to associate you to your partner.
And if it’s off? Your SIM card is acting like a GPS (though a less-accurate one than your phone). Do you trust your mobile service provider to not be selling this data? (And this would be even more of a factor if they’re also your partner’s service provider, and/or your ISP)
Yeah, so a mitigation would be to remove the GSM chip and be WiFi only, with a Faraday cage to ensure the WiFi is not on by accident or the software is backdoored. Also would need to remove the mic and speakers to avoid any cross chatter
But at that point might as well just have a laptop with external WiFi only
Anddd… You use wifi to connect to their servers, so they’ll have your residential ip (unless you got a VPN on at all times… And even then there’s probs some way to fingerprint you enough). Partner uses the same wifi network and your profiles are linked again…
There really just is no way to completely escape. Blocking all ads and trackers on a DNS level (using a pi-hole or external service like nextdns[paid, but its pretty good]). Is a good solution though, at least you won’t need to actually see ads
Yea, that is my problem with the “always listening” theory. I am sure they’re capable of that, but don’t think they’re doing it just because they can get more data with a fraction of the cost by more “traditional” tracking.
In a way, it is scarier than listening - because listening is far easier to understand than the multitude of ways the data is collected and combined.
Exactly. They definitely could, but there’d also be potential legal issues, and it’d just be much more expensive to analyze sound data.
If it’s done on each device, then their battery power would suck, and performance would decline. Sure, they could do that, but I imagine most phone manufacturers would rather sell more phones and make money from app companies (Meta, Google) who pay to have their apps pre-installed on the phone. Or Samsung and Apple, who have their own ecosystems for mining data like Google does.
If they were instead just uploading audio to central servers (which could mitigate legal issues due to “anonymizing” the data), then they’d be paying for the computational power to analyze all that data.
Again, completely possible, and likely in use with things like Alexa and Google Home. But on our phones (and laptops for that matter), they have so many other cheaper ways to get probably the same quality of information.
There is the Near-ultrasonic that can be used to transmit data and it seems that that is always listening so full audio isnt that far. But yeah i recon ur right its too risky when they have plenty of alternative ways to get the same data.
It is not about “too risky”. It is about “costs much more in processing power while providing a fraction of the info”.
Tbh, my theory wouldn’t be too much more.
My theory is not that they’re always listening and sending a live stream of audio back to some dingus in headphones. It has to be always listening for the trigger words, right? That’s how it works, you say “yo siri” and she hears you, so it must be listening at least for the trigger word. With that in mind, what’s to stop them from using other, secret trigger words, which may even behave differently than the advertised ones? Like say I’m Joe Bridgestone, and I pay google to add “tires” or “new tires” as silent trigger words, and instead of “activating” the google bitch it sends ads for Bridgestone Tires? Why wouldn’t that be possible? It’d also be harder to catch them, as opposed to “literally a 24/7 hot mic.” Tbh I find it hard to believe that the NSA hasn’t at least tried to get this up for words like “bomb” or whatever, too.
I haven’t been to a Spanish speaking country in 2 decades, don’t speak Spanish, and the only Spanish speakers I know primarily speak in English around me.
Yet 50% of the ads I’ve been getting on SoundCloud for years are in Spanish…
Is it because I faved a bunch of songs in Portuguese? That’s not even the same language! Is soundcloud’d ad network racist? The people (me) demand answers!
Oh but they totally are, it gotta make sure you didn’t ask voice bots something. Anyway, its something you don’t opt out of because that would require a totally de-googled device using lineageos or something and avoiding voice things, also it goes off IP rather than device. For example, my dad visited my house and started to complain about getting youtube ads in Tamil and then being amused by some of the ads and going down a youtube Kollywood wormhole. I do watch a lot of foreign film where my phone can hear me, so every once in a while I’ll get an ad of the language of the last film watched, which is sort of funny ngl.
This is how I know I’m winning at privacy. When my podcasts inject ads that I can’t understand
Yup, isn’t that a result of data poisoning?
Most likely just due to the VPN exiting in other countries, but advertisers are the most prolific trackers, so it is still an indication that they don’t know who I am. Which is good.
Isn’t that still technically a mild form of data poisoning though?
It wouldn’t surprise me if the reason is very obvious when you know why. Something like you both use Facebook and you post in that language and your partner likes the posts, or your partner googled a few words in that language to surprise you, or something equally mundane.
It’s also very likely that’s it’s just a misclassification or just pure chance.
It’s highly unlikely that any “ai” cameras are involved especially since Google doesn’t make cameras for cities (afaik)
Google owns Nest, it’s just a guess since we know they train AI on this data
We don’t post in the language. They don’t speak the language. I specifically study only offline and rarely have a cellphone on me. I only speak it in person to strangers since I’m too shy to speak to any friends who speak it and we have no new friends who speak it
Assume I performed my opsec properly, how could they get this information?
Google doesn’t need cameras
I shoud not be a listening, but instead a well knowledge about all your life. So they know that your partner is your partner and then they can send foreign language ads because you are related
skeptoid.com/episodes/4851 Had a great write up on this! Also a good informative show overall IMHO.
Thanks for the suggestion