this post was submitted on 23 Dec 2023
151 points (90.4% liked)

Privacy

32130 readers
1164 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Septimaeus@infosec.pub 48 points 11 months ago* (last edited 11 months ago) (28 children)

I usually wear the tin foil hat in these debates, but I must concede in this case: the eavesdropping phone theory in particular is difficult to substantiate, from a technical standpoint.

For one, a user can check this themselves today with basic local network traffic monitors or packet sniffing tools. Even heavily compressed audio data will stand out in the log, no matter how it’s encrypted, streamed, batched or what have you.

To get a sense of what I mean, run wireshark and give a wake phrase command to see what that looks like. Now imagine trying to obfuscate that type of transmission for audio longer than 2 seconds, and repeatedly throughout a day.

Even assuming local audio inference and processing on a completely compromised device (rooted/jailbroken, disabled sandboxing/SIP, unrestricted platform access, the works) most phones will just struggle to do that recording and processing indeterminately without a noticeable impact on energy and data use.

I’m sure advertising companies would love to collect that much raw candid data. It would seem quite a challenge to do so quietly, however, and given the apparent lack of evidence, is thus unlikely to have been implemented at any kind of scale.

[–] Fungah@lemmy.world 9 points 11 months ago (9 children)

My own theory is that they tokenize key words and phrases with an AI so that they're not sending the actual audio data. Then it's stored in a form some AI can parse but isn't technically user data so they can skirt legislation around that.

A tokenized collection of key phrases omitting delimiters in text format is going be much, much less than audio, or a transcript.

[–] Septimaeus@infosec.pub 2 points 11 months ago (7 children)

That certainly would make the data smuggling easier. What about battery though? I assume that requires inference and at least rudimentary processing.

How would a background process do this in real time on a mobile device without leaving traceable evidence like cpu time?

[–] BrownTree33@lemmy.ml 2 points 11 months ago (1 children)

Can it be implemented on pc? They often turned on and people speak around them too. Cpu activity much harder to trace when there are a lot of different processes. Someone can blame their phone, while it listening pc near by.

[–] Septimaeus@infosec.pub 4 points 11 months ago

Yeah outside mobile devices I imagine there’s a lot more leeway technically speaking. I’d be far more inclined to suspect a smart TV or a home assistant appliance like Amazon Echo, for example. And certainly there are plenty of PCs out there that are 100% compromised.

But it’s the phone that people often think of as eavesdropping on their conversations. The idea is stickier perhaps because it’s a more personal violation. And I wouldn’t put it past data brokers by any means. They would if they could. I’ve just yet to hear a feasible explanation of how they can without being caught. Hence my doubt.

load more comments (5 replies)
load more comments (6 replies)
load more comments (24 replies)