this post was submitted on 27 Dec 2023
318 points (99.1% liked)

Technology

59495 readers
3114 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Cox deletes ‘Active Listening’ ad pitch after boasting that it eavesdrops though our phones::undefined

top 50 comments
sorted by: hot top controversial new old
[–] RunningInRVA@lemmy.world 58 points 11 months ago (3 children)

I’m confident this is built in to many smart TVs these days.

[–] neurogenesis@lemmy.dbzer0.com 37 points 11 months ago (1 children)

Well. Wireshark would confirm that if it were true.

[–] RunningInRVA@lemmy.world 23 points 11 months ago (12 children)

I’m sure it will show HTTPS traffic outbound from your TV.

[–] gravitas_deficiency@sh.itjust.works 25 points 11 months ago (14 children)

I’m sure it will show no traffic whatsoever if you don’t connect your TV to your network

[–] LWD@lemm.ee 1 points 10 months ago* (last edited 10 months ago) (1 children)
[–] lud@lemm.ee 3 points 10 months ago (1 children)

Source?

Either way, open networks are very uncommon in residential areas (and honestly in general)

[–] LWD@lemm.ee 1 points 10 months ago* (last edited 10 months ago) (7 children)
load more comments (7 replies)
load more comments (13 replies)
[–] hasnt_seen_goonies@lemmy.world 9 points 11 months ago (2 children)

It would show the encrypted out bound traffic right? You wouldn't be able to identify it by reading the bits, but you could by the volume and not doing anything else.

load more comments (2 replies)
load more comments (10 replies)
[–] grahamja@reddthat.com 2 points 10 months ago* (last edited 10 months ago)

I dont add it [edit: smart tv] to the wifi or drop a cat 5 cable to it and my smart phone will still see it in the house and ask if I want the two devices to connect. I miss when TVs were a bit thicker and easier to take apart so you could easily take out the wifi and Bluetooth cards.

[–] whofearsthenight@lemm.ee 1 points 10 months ago (1 children)

If it were, it would be pretty common knowledge and there would be several news cycles about it. I don't doubt that they could bury it in the terms of service, but we have wiretap laws in enough places that are two-party consent that it would have had to come out by now. Not to mention nerds like me running pi-hole and monitoring their traffic, repair people who could easily regonize a mic in the device, etc.

[–] BearOfaTime@lemm.ee 2 points 10 months ago* (last edited 10 months ago)

The privacy agreement in them covers it, just like Alexa.

Check yours, if you don't agree to the privacy agreement, things like cable and broadcast channel recognition don't work.

It also breaks Automatic Content Recognition, which enables the manufacturer to monitor what you're watching.

Granted that's not the same as listening, but it's close enough. And we know Google employees have been caught listening/watching people. There was another article just the other day of another company caught doing the same.

Just because something's illegal doesn't stop people from doing it.

As for catching it with monitoring... We know Microsoft has hard coded domain names into certain DLL's since XP, so you can't block the domains with a hosts file. There's some talk in the Pihole community about smart tv's being able to bypass your DNS with hard-coded IP destinations - they only need one to be able to then deliver their own DNS.

Some smart TV's will connect to others via wifi if they don't have connectivity, yet another way to bypass our efforts to block their connections.

That manufacturers are so blatantly adversarial makes it pretty clear they'll try to get away with anything they can. And anything I can think of, surely their dedicated teams of engineers thought of it long before me.

Edit: then there's apps like Netflix, Prime, Peacock, Hulu, YouTube, etc, that make encrypted connections to home. It would be trivial to permit those apps to deliver alternative name resolution for the entire OS on TV's since we don't control the OS.

[–] redcalcium@lemmy.institute 37 points 11 months ago (1 children)

Chance that it's just marketing people talking out of their asses again, but then again, we have a lot of cheap smart devices with dubious firmwares so it might be possible on those sketchy devices.

[–] TheFriar@lemm.ee 2 points 11 months ago* (last edited 11 months ago)

I mean, it’s possible on any device with a microphone that’s connected to the internet. But can people advertising a service just lie? That’s when the law actually works, when it’s a company hurting another company. So if false advertising laws were ever going to be enforced, it’d be against a claim like this. I don’t think they’d take the chance of the bad PR of this getting out and the potential suit if they weren’t able to do it when a different deep-pocketed entity took them to court over the false claims to get their business.

It’s fully possible, there’s no question about that. The government has been using cell phones to do this for a long time, as evidenced by the Snowden leaks. There were CIA “broken eagle” leaks (if I’m remembering that correctly) claiming any smart tv was a possible bug, but this was back when it seemed like there were unreasonable hurdles in the way for them to actually achieve it when, now, it’s all the more possible as we connect more “smart” devices that have become cheaper and cheaper. Have you read the privacy policy on all of the different smart device apps? Because I don’t use any of that IOT bullshit but i read the policy for my new ear buds last month and I ran those fuckers back to the store as fast as I could. The allowances have become genuinely insane.

So, it’s technically possible, we’ve become way more lax as products have become cheaper and more permissive with the permissions we allow them (have you noticed how everything needs access to your location now? Like…to use Bluetooth or Wi-Fi, I’m told I need to give it access to my location. What’s that shit?), and the privacy policies state they can have access to pretty much any information the product has the potential to gather.

So…are they doing it? I can’t be sure. But it is entirely technically possible and they’re asking permission to do it and there is widespread anecdotal evidence that it’s happening and they’re now claiming they’re doing it…so…at what point do we just have to accept that they’re doing it?

[–] iforgotmyinstance@lemmy.world 31 points 11 months ago

Many companies already do this, but advertising it is unpalatable. Just be like Google and Facebook. For awhile the Facebook app was so bad about it that it caused significant battery drain and the only way to avoid it was to remove the app.

[–] AnneBonny@lemmy.dbzer0.com 26 points 11 months ago (2 children)

I don't know why anyone would believe anyone would like that.

[–] patchexempt@lemmy.zip 37 points 11 months ago

I've worked with marketers for years. many of them have a blind spot for what they create: they can realize something is irritating, or invasive, but not when it's their marketing, which is obviously superior and what people want to see. it's some sort of artist+marketer brainrot.

sorry to generalize, I've just seen it a lot over the years.

I imagine this is something like it: we'll reach them with the perfect message, it'll be exactly what they want! won't that be delightful?

...completely ignoring how horrifying it is.

[–] JoBo@feddit.uk 13 points 10 months ago

This was a pitch to their customers. They just forgot that we could hear them too.

[–] patchexempt@lemmy.zip 20 points 11 months ago (5 children)

this was such a weird claim, and I never really understood how it could be true specifically for phones, where they aren't in control of system software. there's like a gradient of possibility here:

  • Android phones from major manufacturers, and Apple phones: doubt it. those things are too heavily scrutinized, someone would've found it, and the companies that make them don't have the impetus.
  • official "smart" voice devices from Amazon, Google, et al: doubt it, same reasoning as above
  • Android phones from small players, heavily subsidized models, etc.: sure, could be
  • smart TVs from major manufacturers: probably not? medium "maybe"? I bought one of these with a hardware mic switch so I guess that shows my paranoia
  • other smart TVs: I dunno, feels highly likely

so: I'm careful about what I use so my risk felt pretty low, but I also feel like if this were true security researchers would've discovered it. let alone the fact that what they describe is bandwidth and battery intensive (off-device or on-device respectively, I don't remember what they claimed as I read the 404 media report some weeks back) but it still makes me wonder: what led them to make these claims then? fascinating, pretty scary.

[–] KeepFlying@lemmy.world 8 points 10 months ago (1 children)

It's especially weird when the existing targeting can be so effective for much cheaper.

For tvs for example, they can see what you watch, when, what ads you mute and which you don't, what you display over HDMI (content ID), the other devices on your network, your location, your accounts for every streaming service, what you search for. Then if you install their companion app they learn the other apps on your phone, your location habits, the media you play on your phone (looking at you Bose connect app...), bluetooth and network devices you are near (connecting you to other profiles they know), and probably a lot more.

[–] patchexempt@lemmy.zip 1 points 10 months ago

content id is a wild one that I only discovered a year ago: I had always used my own Chromecast when traveling, and I plugged it into a Roku TV which kept saying "did you know you could watch [content that I was currently watching] on Roku" which really freaked me out, so I looked into it. honestly not sure why they tipped their hand like that: I found the setting and turned it off. otherwise I would've been none the wiser.

creepy af though. the amount of tracking you implicitly accept by using random devices out in the world is staggering. even if you read every privacy policy and opt out of everything (I do) you have no chance.

[–] GenderNeutralBro@lemmy.sdf.org 8 points 10 months ago (2 children)

The spying that's openly admitted in terms and conditions should be alarming enough — if anyone actually read and understood all the legalese. Consider this: https://time.com/5568815/amazon-workers-listen-to-alexa/

I've seen Android phones activate Google Assistant seemingly at random many many many times. They're only supposed to activate when called by a specific phrase like "okay Google", but there are plenty of false positives, and every time that happens, an audio recording gets sent to Google. Same deal with Alexa and Siri. This is, of course, allowed by the terms and conditions.

At least Android makes it visible to the user when this happens. I wouldn't bet on smart TVs doing the same.

At this point there's not much you can do about it. Even if I secure my own devices and my own home network, that all goes out the window the second anyone else walks in my door with their own smartphone.

That said, I agree that the claim is likely false with third-party apps on modern smartphones from major brands. It's not easy for background activities to access the camera or microphone without the user's knowledge on iOS or Android. First-party and second-party spying is hard to avoid, though.

[–] t3rminus@lemmy.world 8 points 10 months ago (1 children)

Except Siri processing is actually done on your device, as of iOS 15. Which kind of blew my mind when it was announced.

Nothing is sent to Apple unless you request an online service (such as weather, maps, etc.) or unless you allow your recordings to be sent.

Try it: in airplane mode on an iOS 15 device: Siri still works at a basic level. Language processing happens locally.

[–] GenderNeutralBro@lemmy.sdf.org 2 points 10 months ago

Thanks for the correction. More details here: https://www.macrumors.com/guide/ios-15-siri/

[–] Saik0Shinigami@lemmy.saik0.com 2 points 10 months ago

They’re only supposed to activate when called by a specific phrase like “okay Google”, but there are plenty of false positives, and every time that happens, an audio recording gets sent to Google.

And you can even do Google takeout and see all the recordings they took of you. Many of which you'll notice doesn't have you asking or doing anything remotely related to a voice search.

[–] dan_linder@lemmy.world 6 points 11 months ago

My take is two fold: 1- Marketing over selling their product (common practice) 2- The "always listening" devices are mainly their Smart Remotes that have a microphone built in.

#2 Seems the most likely as is a device fully in their control and can pull as much ad marketing / information gathering details from it as they want.

[–] Quexotic@infosec.pub 2 points 10 months ago (1 children)

Wouldn't be bandwidth intensive if the device had onboard TTS. Seems pretty doable to me.

[–] patchexempt@lemmy.zip 1 points 10 months ago

that's fair.

[–] whofearsthenight@lemm.ee 1 points 10 months ago

Android phones from major manufacturers, and Apple phones: doubt it.

Bold added for emphasis, Apple claims privacy as a feature and OS control of the mic to prevent this exact sort of thing. Not only would someone have found it, it would be a news cycle on the mainstream news, and basically just the wallpaper for any tech-centric website.

I mean, fucks sake, iFixIt alone would find mics in places they shouldn't be and this would be a story.

Unfortunately, the truth is more boring, and basically pretty much every app/website most of us use are tracking us in some way unless you really seek prevention. They don't need the mic.

[–] scytale@lemm.ee 3 points 11 months ago (1 children)

Their claim was bullshit from the beginning:

Update: Cox Media Group responded by saying that it uses “third-party vendor products powered by data sets sourced from users by various social media and other applications then packaged and resold to data servicers. Advertising data based on voice and other data is collected by these platforms and devices under the terms and conditions provided by those apps and accepted by their users, and can then be sold to third-party companies and converted into anonymized information for advertisers. “CMG businesses do not listen to any conversations or have access to anything beyond a third-party aggregated, anonymized and fully encrypted data set that can be used for ad placement,” the company added. “We regret any confusion and we are committed to ensuring our marketing is clear and transparent.”

So typical advertising mechanisms, not “active listening”. Someone from marketing was too eager to sell their service.

[–] EatATaco@lemm.ee 1 points 10 months ago

Yeah but I already believe they are listening because one time I talked about something and it advertised it to me, and let's ignore all of the hundreds of things I also said just that day alone that it didn't advertise to me, so this was clearly "saying the quiet part out loud." And now they are just trying to cover their asses.

load more comments
view more: next ›