318
Cox deletes ‘Active Listening’ ad pitch after boasting that it eavesdrops though our phones
(www.fastcompany.com)
This is a most excellent place for technology news and articles.
I’m sure it will show HTTPS traffic outbound from your TV.
And with DNS requests and timing you should be able to figure whats in those packets.
Sorry if this is a noob question, but...how?
DNS will tell you the server name and address, which would just be some server owned by the company. Nothing weird there unless they have the chutzpah to name it something telling. They could even bypass DNS entirely with hardcoded IP addresses.
Timing wouldn't be a great indicator either if they aggregate requests.
They could slide anything nefarious in with daily software update checks or whatever other phone-homing they normally do, and without deep packet inspection or reverse engineering the software, it would be very difficult to tell.
I don't think Wireshark can do deep packet inspection, can it? Assuming the client is using SSL and verifying certs, maybe even using cert pinning?
Size would be a big indicator if they're sending full voice recordings, but not if they're doing voice recognition locally and only sending transcripts, metadata, or keywords.
I've never actually done this kind of work in earnest, and my experience with Wireshark is at least a decade out of date. I'm just approaching this from the perspective of "if I were a corporate shitbag, how would I implement my shitbaggery?"
In this case, it would be pretty hard. We have wiretap laws, which would mean you have to tell the user you're doing this. Even though no one reads the ToS, someone does, and it would be news if someone was doing this.
Even then, it would be a hard enough problem that companies would think twice about it for a few reasons. Number one, processing 24/7 of all audio in your home is going to be rather difficult/expensive, so you'd have to go with something like keyword-triggers-processing the way that your phone listens for "hey google/siri" or Amazon listens for "Alexa." It works kinda like game video sharing - they are always listening and recording for a short time frame* but they only send the data somewhere if they hear the trigger phrase. That's not easy in itself, they've spent a ton of time getting the right algorithm so that it correctly hears the right trigger phrase and you don't get a ton of false positives to varying degrees of success. And keeping in mind these are companies that are best suited to it, they still struggle sometimes with even that. The ad companies would have to listen for dozens/hundreds/thousands of triggers...
And then you get to the data retention policies. Google is an ad company, Apple is not. One of the reasons that Apple can tout privacy as a feature is simply that they don't need the data, so they don't collect nearly as much, and they save even less. They get the bonus of not dealing with law enforcement and all that.
So, assuming they solve that, solve some big issues with the laws of the land and physics, now we're to the point where they have to think about network traffic. Which is going to be trivially easy for nerds to figure out and circumvent, so they would have to have their own ad-hoc network which comes with another 137 or so difficulties.