In September, I was using reddit, had an iPhone, etc. I was generally aware of digital privacy, probably moreso than the average person, but by no means was I knowledgeable.

I was running a beta on my iPhone at the time, for context. I had a short conversation with my roommate while my phone was in my pocket. I took it out to text my partner and pressed the dictation button. My phone proceeded to type out the majority of the conversation I had had maybe five minutes earlier with my roommate. Literally ruined my ignorance is bliss and now I have a Pixel with grapheneos and use almost exclusively open source software with a major focus on privacy. Obviously this is an anecdote from some idiot online and I can’t verify what I’m saying at all, but the experience definitely shook me.

I’ve literally seen advertisements for products that I was talking about but explicitly did not search for or type or anything on any device. All I did was talk about it in real life.

It’s literally a thing that happens, I have seen it happen first-hand.

“Is it Apple though, probably not…”

Can I ask, why are you so ready to performatively forgive them here? Apple is not your friend, Apple and Tim lined up to donate the million like the rest of those greedy, transactional cowards.

Apple doesn’t “do” it per se, instead Apple shares certain data with third party partners for the purposes of “improving your product experience” the data is then laundered 17 times through middle layers and added to a shared digital fingerprint of you and your household’s web of connected devices. You and your family are then sold on a marketplace as advertising targets actively interested in X category or product (Apple is also subsequently a customer in that marketplace). You then either receive that advertising or your family is targeted with it so that they can then casually mention the product back to you (company knowing you were already interested) so it feels organic and “I was just thinking the same thing!” and boom, you’re buying that new set of pots and pans.

We’re already living in the matrix, you’re just a little drone being pinged around according to other people’s will, to support the pursuit of endless growth. So yes, in a way companies are spying on you… After you’ve given them individual permissions to access your microphone and permission to share “certain data” about you with third parties, in a carefully orchestrated dance - so that they have plausible deniability and so you don’t have to threaten your parasocial relationship with their brand and can continue saying “probably not Apple though…”

I used to think the same. I’m all for digital privacy, but listening to a microphone? That’s ridiculous, the legal ramifications would be enormous. Plus, encoding and sending all this data? Not practical, and of course, we are fully aware of confirmation bias and selective memory so for sure those personal anecdotes must be coincidences.

Then it happened to me. I use a VPN, all my devices have a billion types of ad blocking, private DNS, JavaScript disabled by default and so on. Then I mention a product next to my girlfriend, a product that only interested me and I had recently discovered, nothing she was ever aware of… and while I was still right next to her, five minutes later, her phone is showing up ads for said product. Her phone, not mine. The product is not Coca-Cola, it’s not something that often pops up.

What other explanation could there be? The coincidence of the year? They are listening.

This is a great case of confirmation bias, too. The one time your ad happens to match a conversation you had earlier, you’ll be convinced forever, and tell everyone you know about it. The ten million other times you have a conversation that doesn’t appear in your ads will go unnoticed.

The worse part is, they don’t really need to bug your mic to figure out what you are talking about to target ads to you. The best sales leads are the family and friends of your existing customers. So say you talk to you coworker about how they switched to this new diaper rash cream for their baby. You might not have a baby but you talked about it and somehow you got ads for diaper rash cream. What really happened though is that your coworker bought their cream on Amazon and that brand purchased target ads for everyone whose location data was nearby them. Or they bought it for everyone whose phone was connected to the same IP address. We have so much data tracked about us that they can guess what we are talking about without actually having to tap our phone lines

Using your search data is bad enough

I once worked in a charity providing mental health services to people without insurance, or who wanted to not have their insurance record the service for whatever reasons.

I once had a homeless man that I would see regularly. We set up each appointment at the end of the preceding appointment, because the only other way to get a hold of this person would be to call the fast food place he worked at, during his work hours, which weren’t consistent. This man did not own a phone, or any other electronic device. His facebook, and all of his online activity was done at his local library. I emphasize this because I need it to be stressed that there was no way any algorithm could connect his location to mine. There was no way for a system to recognize that his device was near mine, because he did not have a device. There was no way for any of his online habits to be algorithmically connected to mine, at all.

One session, we’re speaking. The only devices in our small, sound proofed room, were my cell phone, a digital clock not connected to any system, and a digital camera, turned off, and also not connected to any system. He mentions that he’s been contacted by someone who wants him to move to the Phillipines. We briefly discuss flights and work in the Phillipines. Then we move on to other things, yadda yadda, end session.

By the end of the day, I’m getting ads on Facebook for flights to the Phillipines. Freaked me the fuck out because those sessions are HIPAA protected. From then on I kept my phone turned off, and in a completely different room in our building than any of my sessions with any patient. Never ever had it happen again.

The comments here show the real problem, adverts dont have to say why they’ve been selected.

All online ads should have to say which filters they matched to advertise to you. The advertising in most cases now is centralised into Google or Facebook, this is absolutely technically possible.

Calm Down—Your Phone Isn’t Listening to Your Conversations. It’s Just Tracking Everything You Type, Every App You Use, Every Website You Visit, and Everywhere You Go in the Physical World

It’s well possible and previously tv mic had been used as bugging device. The problem is, way too many security researchers look in system level software of iOS and even other components of the device that such practice will be too risky for apple (same applies for mainstream android products). Also processing realtime audio, finding potentially unrealiable topic from it and doing realtime ad is actually too much work as of today’s tech (might change sooner than you think though).

What, I think, is more practical is to use the whole query after the wake word to show ad, and potentially use other app tracking data, which is way much reliable than voice for targeting purpose. Voice data is useful for bugging purpose, primarily (ab)used by nation states and LE.

I bet in the medical procedure case mentioned in the blog the user searched/talked about that in other apps and average people aren’t good to notice these privacy leaks.

People always talk about getting served ads after they talk about something. I think it’s the other way around. The ads put the thought into your brain and then you start talking about it and notice after you’ve already been thinking about it for a while.

I’ll tell you my story, believe it or not.

I had a Samsung phone. got sick and tired of getting not just targeted advertising about shit I had spoken about, buy also targeted emails as well. really freaky shit.

I switched phones. got a fairphone with e/os.

it’s been about 2 years now. my old Samsung is a phone I use strictly for work. it only exists inside my office and is never taken outside of the room.

ALL my ads and emails are about work related topics now.

I could talk about stuffing cheetos up my rectum outside my office and never see an ad for chester cheetah. as soon as I say anything about it in the office, boom!

Sure, Google, or Amazon, or Facebook may not be listening to you…but that doesn’t mean Samsung someone isn’t listening and selling them that information.

I don’t think that most of the big tech companies are listening to your microphone (I’m not ruling it out entirely, and I’m certainly there are some smaller sketchier companies that are doing it)

But I think most of the time most of the time they don’t need to

They know what ads you’ve seen on your phone/computer, what you’ve been googling, the websites you’ve visited, where you’ve used your credit card, what shows and movies you watch, and where you’ve been (from gps locations, or from what wifi networks and Bluetooth devices you’ve been near or connected to) and what ads, playlists, stores, products, etc. you were exposed to while you were there, and of course who you talk to and all of that same information about those people.

That’s all going to influence the things you think and talk about, they probably have a pretty good idea what kind of conversations you’re going to have well before you do.

And don’t get me wrong, that’s creepy as fuck.

I think most of it comes down to people not even realizing how much data about ourselves we put out there and all of the ways it can be collected and used to build a profile about you.

And honestly I think they can probably get better data from that most of the time than from trying to filter out background noise and make sense of what you’re talking about through your microphone.

Instagram showed me an ad for a medical condition I only discussed out loud, in person, in my doctors office.

Instagram was immediately uninstalled that day.