this post was submitted on 27 Dec 2023
318 points (99.1% liked)

Technology

59495 readers
3114 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Cox deletes ‘Active Listening’ ad pitch after boasting that it eavesdrops though our phones::undefined

you are viewing a single comment's thread
view the rest of the comments
[–] RunningInRVA@lemmy.world 23 points 11 months ago (37 children)

I’m sure it will show HTTPS traffic outbound from your TV.

[–] neurogenesis@lemmy.dbzer0.com -4 points 11 months ago (9 children)

And with DNS requests and timing you should be able to figure whats in those packets.

[–] GenderNeutralBro@lemmy.sdf.org 19 points 10 months ago (7 children)

Sorry if this is a noob question, but...how?

DNS will tell you the server name and address, which would just be some server owned by the company. Nothing weird there unless they have the chutzpah to name it something telling. They could even bypass DNS entirely with hardcoded IP addresses.

Timing wouldn't be a great indicator either if they aggregate requests.

They could slide anything nefarious in with daily software update checks or whatever other phone-homing they normally do, and without deep packet inspection or reverse engineering the software, it would be very difficult to tell.

I don't think Wireshark can do deep packet inspection, can it? Assuming the client is using SSL and verifying certs, maybe even using cert pinning?

Size would be a big indicator if they're sending full voice recordings, but not if they're doing voice recognition locally and only sending transcripts, metadata, or keywords.

I've never actually done this kind of work in earnest, and my experience with Wireshark is at least a decade out of date. I'm just approaching this from the perspective of "if I were a corporate shitbag, how would I implement my shitbaggery?"

[–] whofearsthenight@lemm.ee 1 points 10 months ago

“if I were a corporate shitbag, how would I implement my shitbaggery?”

In this case, it would be pretty hard. We have wiretap laws, which would mean you have to tell the user you're doing this. Even though no one reads the ToS, someone does, and it would be news if someone was doing this.

Even then, it would be a hard enough problem that companies would think twice about it for a few reasons. Number one, processing 24/7 of all audio in your home is going to be rather difficult/expensive, so you'd have to go with something like keyword-triggers-processing the way that your phone listens for "hey google/siri" or Amazon listens for "Alexa." It works kinda like game video sharing - they are always listening and recording for a short time frame* but they only send the data somewhere if they hear the trigger phrase. That's not easy in itself, they've spent a ton of time getting the right algorithm so that it correctly hears the right trigger phrase and you don't get a ton of false positives to varying degrees of success. And keeping in mind these are companies that are best suited to it, they still struggle sometimes with even that. The ad companies would have to listen for dozens/hundreds/thousands of triggers...

And then you get to the data retention policies. Google is an ad company, Apple is not. One of the reasons that Apple can tout privacy as a feature is simply that they don't need the data, so they don't collect nearly as much, and they save even less. They get the bonus of not dealing with law enforcement and all that.

So, assuming they solve that, solve some big issues with the laws of the land and physics, now we're to the point where they have to think about network traffic. Which is going to be trivially easy for nerds to figure out and circumvent, so they would have to have their own ad-hoc network which comes with another 137 or so difficulties.

load more comments (6 replies)
load more comments (7 replies)
load more comments (34 replies)