this post was submitted on 04 Aug 2024

72 points (95.0% liked)

Privacy

31609 readers

325 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Partner started receiving ads in foreign language they don't speak (infosec.pub)

submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/[email protected]

41 comments fedilink hide all child comments

I'm learning a language, I speak it in public to other people who do. I don't research the language, because I have some old text books on it. My partner doesn't speak it and doesn't research it on their devices. I don't normally have my phone on me in public, but my partner does. It took about 4 months of publicly speaking in the language before they got ads

What do you think this means?

::edit::

It was a Reddit ad and my city has embraced those AI smart cameras, so I assume some of those are Google owned which makes sense with Reddit and Google's recent alliance. This is assuming our devices aren't listening to us without our permission and AI cameras are mining data on passersby

Other theories are that since cellphones are involved it doesn't matter if I nor my partner ever searched for the language, at some point my phone or partner's phone was near someone who spoke that language and the data brokers/ad sellers inferred from there

Seems like the consensus is that I must have posted in the language on some social media or used Google to research it or made some new friends who speak the language and that's why

all 42 comments

sorted by: hot top controversial new old

[–] [email protected] 53 points 3 months ago* (last edited 3 months ago) (2 children)

I think "the microphones are listening when they're off" is still a conspiracy theory at this point. It's not really needed to get enough information.

Are there any ways that Google could find out that you're interacting together?

Do you share an IP address/router?
Do you watch YouTube videos in that language?
Do you use any messaging apps where you speak that language with other people, but also speak with your partner?
Do you access any Google services (with a Keyboard for that language installed) that your partner also accesses?
Do you use location services that could pinpoint both of your locations to the same street address?
Does your partner interact with any of the people you're learning that language with? (E.g., Social media friends, "Contact"s, live in the same geographic region)
Is your device on the same network as your partner's*? (Wi-Fi or Bluetooth)

I'm not saying these are all ways that Google uses, but I believe that each of them are ways that Google would be able to associate that language to your partner.

[–] [email protected] 20 points 3 months ago (2 children)

Yea, that is my problem with the "always listening" theory. I am sure they're capable of that, but don't think they're doing it just because they can get more data with a fraction of the cost by more "traditional" tracking.

In a way, it is scarier than listening - because listening is far easier to understand than the multitude of ways the data is collected and combined.

[–] [email protected] 4 points 3 months ago

Exactly. They definitely could, but there'd also be potential legal issues, and it'd just be much more expensive to analyze sound data.

If it's done on each device, then their battery power would suck, and performance would decline. Sure, they could do that, but I imagine most phone manufacturers would rather sell more phones and make money from app companies (Meta, Google) who pay to have their apps pre-installed on the phone. Or Samsung and Apple, who have their own ecosystems for mining data like Google does.

If they were instead just uploading audio to central servers (which could mitigate legal issues due to "anonymizing" the data), then they'd be paying for the computational power to analyze all that data.

Again, completely possible, and likely in use with things like Alexa and Google Home. But on our phones (and laptops for that matter), they have so many other cheaper ways to get probably the same quality of information.

[–] [email protected] 1 points 3 months ago (1 children)

There is the Near-ultrasonic that can be used to transmit data and it seems that that is always listening so full audio isnt that far. But yeah i recon ur right its too risky when they have plenty of alternative ways to get the same data.

[–] [email protected] 4 points 3 months ago (1 children)

It is not about "too risky". It is about "costs much more in processing power while providing a fraction of the info".

[–] [email protected] 1 points 3 months ago* (last edited 3 months ago)

Tbh, my theory wouldn't be too much more.

My theory is not that they're always listening and sending a live stream of audio back to some dingus in headphones. It has to be always listening for the trigger words, right? That's how it works, you say "yo siri" and she hears you, so it must be listening at least for the trigger word. With that in mind, what's to stop them from using other, secret trigger words, which may even behave differently than the advertised ones? Like say I'm Joe Bridgestone, and I pay google to add "tires" or "new tires" as silent trigger words, and instead of "activating" the google bitch it sends ads for Bridgestone Tires? Why wouldn't that be possible? It'd also be harder to catch them, as opposed to "literally a 24/7 hot mic." Tbh I find it hard to believe that the NSA hasn't at least tried to get this up for words like "bomb" or whatever, too.

[–] [email protected] 3 points 3 months ago (1 children)

Yeah only one that would match would be geolocation, and I'm a pretty offline first person, so no overlap in internet history since my footprint is pretty much Lemmy this summer.

Which makes me think it could be all the AI smart cameras recording interactions

[–] fishos 14 points 3 months ago* (last edited 3 months ago) (1 children)

You have your phone on you, right? And he has his phone on him, right? And your phone's are constantly near each other, riiiiiight? Do you maybe see where this is going?

Your "Internet profile" is being linked to his "internet profile" because they can see you are constantly together. So they assume friends/relatives/coworker. But they also see that you're together at times people who are couples are(late at night while asleep, for example). So with basic time and location data, they've determined you're a couple. And that becomes another metric in your profile. Things that he likes, it will assume you like or are at least interested in, and same for him. All you had to do was type in the other language a few times and your profile got "speaks X" added to it. And him, by dating you, now has "knows someone who speaks X regularly" attached to his profile.

It's really very easy. Now imagine that everything you do is being catalogued like that. Then cross referenced with other people they know more about to flesh out more inferences about yourself("you like x and y? 98% of people who like X AND Y also like Z, so let's advertise Z to them".

It seems like magic but it's just advanced statistics in action.

[–] [email protected] -1 points 3 months ago (1 children)

What I'm saying is I don't have an internet profile like they do. I have never researched this language on the internet and have only purchased books for it in cash without a cellphone on me, so this specific overlap is weird

I'm not saying "oh wow, the NSA has a profile on me, how??", I'm saying, I have kept this specific data private from my direct internet connection, how are the data brokers targeting family member devices

[–] fishos 10 points 3 months ago (1 children)

Says the person with a Lemmy profile. Do you pay bills online? Do you search things? Use maps?

Congrats, you have a shadow profile out there logging all the data about you.

You didn't keep shit private if you're carrying a GPS tracker on you at all times, which you are(your phone). You are VASTLY misunderstanding digital privacy and how statistics works. You don't have to type a single foreign language word for them to know you speak it. Just go to places and hang around people that it knows speaks it and it'll make the assumption. Every person you interact with who shares EVERYTHING is, congrats, basically a snitch on you as well.

It's statistics, like I said.

[–] [email protected] 2 points 3 months ago (1 children)

So your theory is the there is no opsec if any cellphones or anything with GPS are involved?

[–] [email protected] 6 points 3 months ago (1 children)

That sounds legit. If your GPS location is on at all times (assuming this is on your cellphone), then they've got enough geolocation data to associate you to your partner.

And if it's off? Your SIM card is acting like a GPS (though a less-accurate one than your phone). Do you trust your mobile service provider to not be selling this data? (And this would be even more of a factor if they're also your partner's service provider, and/or your ISP)

[–] [email protected] 2 points 3 months ago (1 children)

Yeah, so a mitigation would be to remove the GSM chip and be WiFi only, with a Faraday cage to ensure the WiFi is not on by accident or the software is backdoored. Also would need to remove the mic and speakers to avoid any cross chatter

But at that point might as well just have a laptop with external WiFi only

[–] FierySpectre 2 points 3 months ago

Anddd... You use wifi to connect to their servers, so they'll have your residential ip (unless you got a VPN on at all times... And even then there's probs some way to fingerprint you enough). Partner uses the same wifi network and your profiles are linked again...

There really just is no way to completely escape. Blocking all ads and trackers on a DNS level (using a pi-hole or external service like nextdns[paid, but its pretty good]). Is a good solution though, at least you won't need to actually see ads

[–] [email protected] 27 points 3 months ago (1 children)

This is how I know I'm winning at privacy. When my podcasts inject ads that I can't understand

[–] [email protected] 7 points 3 months ago (1 children)

Yup, isn't that a result of data poisoning?

[–] [email protected] 7 points 3 months ago (1 children)

Most likely just due to the VPN exiting in other countries, but advertisers are the most prolific trackers, so it is still an indication that they don't know who I am. Which is good.

[–] [email protected] 4 points 3 months ago

Isn't that still technically a mild form of data poisoning though?

[–] [email protected] 10 points 3 months ago (1 children)

It wouldn't surprise me if the reason is very obvious when you know why. Something like you both use Facebook and you post in that language and your partner likes the posts, or your partner googled a few words in that language to surprise you, or something equally mundane.

It's also very likely that's it's just a misclassification or just pure chance.

It's highly unlikely that any "ai" cameras are involved especially since Google doesn't make cameras for cities (afaik)

[–] [email protected] 2 points 3 months ago

Google owns Nest, it's just a guess since we know they train AI on this data

We don't post in the language. They don't speak the language. I specifically study only offline and rarely have a cellphone on me. I only speak it in person to strangers since I'm too shy to speak to any friends who speak it and we have no new friends who speak it

Assume I performed my opsec properly, how could they get this information?

[–] glimse 4 points 3 months ago

I haven't been to a Spanish speaking country in 2 decades, don't speak Spanish, and the only Spanish speakers I know primarily speak in English around me.

Yet 50% of the ads I've been getting on SoundCloud for years are in Spanish...

Is it because I faved a bunch of songs in Portuguese? That's not even the same language! Is soundcloud'd ad network racist? The people (me) demand answers!

[–] [email protected] 2 points 3 months ago

Google doesn't need cameras

[–] [email protected] 2 points 3 months ago

I shoud not be a listening, but instead a well knowledge about all your life. So they know that your partner is your partner and then they can send foreign language ads because you are related

[–] [email protected] 1 points 3 months ago (1 children)

https://skeptoid.com/episodes/4851 Had a great write up on this! Also a good informative show overall IMHO.

[–] [email protected] 1 points 3 months ago

Thanks for the suggestion

[–] [email protected] -3 points 3 months ago (2 children)

Real time microphone surveillance. It was proven to exist quite a few years ago.

[–] [email protected] 11 points 3 months ago (3 children)

Any sources on this? We don't use voice activated AI bots like Alexa

[–] [email protected] 5 points 3 months ago (1 children)

Do you use a non degoogled android phone?

[–] [email protected] 5 points 3 months ago (1 children)

Yes. Partner does not

[–] [email protected] 0 points 3 months ago

Then it could be from google assistant listening in the background or speach to text. I would do google takeout if you are really curious, you get a copy of all the data that they have on you. You can find all sorts of stuff depending on your account settings like transcripts of your conversations, locations you visit, …

[–] [email protected] 4 points 3 months ago (2 children)

This was years ago, but I left my phone at home with the Spanish channel on. I planned to do this for a few days, but after 9 hours my Twitter and Facebook feed ads were both in Spanish. I’d be surprised if they stopped scraping that data.

[–] [email protected] 11 points 3 months ago* (last edited 3 months ago)

What kind of TV service / set top box did you have at the time? I remember a lot of talk about providers pushing set top boxes both because it lets them use newer broadcast tech with customers using old TV tuners, but crucially it allows them to have their own software running on the box that you use to switch channels, which let them use out of band communication over the cable network to report what channels you watched, when, and how long, which I don't doubt gets sold and aggregated by ad targeting firms.

It's pretty common for smart TVs to do a similar thing to collect streaming app watch data when using the TVs built in apps.

[–] [email protected] 7 points 3 months ago

Wild, I'll have to try that

[–] [email protected] -3 points 3 months ago (1 children)

The sources I know are in Russian so they won't be useful for you but generally gapps have this feature and idk if it can be fully disabled without degoogling.

[–] [email protected] 2 points 3 months ago (1 children)

I can translate Russian, I'd love to see their research

[–] [email protected] -1 points 3 months ago (1 children)

The first sources I've ever found was this https://piped.video/watch?v=gsZo_I8wIKI and this https://piped.video/watch?v=U0SOxb_Lfps

But since it's a very popular topic, you can find more articles, tests and researches. There's also this video that explains other kinds of tracking https://piped.video/watch?v=gsZo_I8wIKI

I'm bad at searching and I don't follow actual research papers. You can find that yourself I think.

[–] [email protected] 4 points 3 months ago

Yeah I'm more on the actual research paper route, I need science and not opinion or speculation. But with that, I'll probably take a look since community lead efforts can be good too, thanks for sharing

[–] [email protected] 8 points 3 months ago (1 children)

Source:

[–] [email protected] -4 points 3 months ago (1 children)

Already gave.

[–] [email protected] 2 points 3 months ago (1 children)

I don't consider russian youtube videos to be credible sources.

[–] [email protected] -1 points 3 months ago* (last edited 3 months ago)

That's racist. Get reported. Also the Russian video is just a confirmation of the American video (that is in one of the links tpo) that started the whole thing.