9
submitted 1 month ago by zerozaku@lemmy.world to c/privacy@lemmy.ml

(I know many of you already know it but this incident I experienced made me so paranoid about using smartphones)

To start off, I'm not that deep into privacy rabbit hole but I do as much I can possibly to be private on my phone. But for the rest of phones in my family, I generally don't care because they are not tech savvy and pushing them towards privacy would make their lives hard.

So, the other day I pirated a movie for my family and since it was on Netflix, it was a direct rip with full HD. I was explaining to my family how this looks so good as this is an direct rip off from the Netflix platform, and not a recording of a screening in a cinema hall(camrip). It was a small 2min discussion in my native language with only English words used are record, piracy and Netflix.

Later I walk off and open YouTube, and I see a 2 recommendations pop-up on my homepage, "How to record Netflix shows" & "Why can't you screen record Netflix". THE WHAT NOW. I felt insanely insecure as I was sure never in my life I looked this shit up and it was purely based on those words I just spoke 5min back.

I am pretty secure on my device afaik and pretty sure all the listening happened on other devices in my family. Later that day, I went and saw which all apps had microphone access, moved most of them to Ask everytime and disabled Google app which literally has all the permissions enabled.

Overall a scary and saddening experience as this might be happening to almost everyone and made me feel it the journey I took to privacy-focused, all worth it.

top 50 comments
sorted by: hot top controversial new old
[-] ElectroLisa@lemmy.blahaj.zone 51 points 1 month ago

Most likely the website you pirated your movies from stored cookies in your browser which then were picked up by Google/YouTube.

[-] LodeMike@lemmy.today 31 points 1 month ago

That's not how that works. There were likely ads on the page which brings in Google cookies and shows the page the user is on.

OP make sure all third party cookies are blocked. They're not needed anymore.

load more comments (8 replies)
[-] donuts@lemmy.world 47 points 1 month ago
[-] Tehdastehdas@lemmy.world 3 points 1 month ago

A phone can notice when it’s in the hands of a security expert and start acting normal. Before dieselgate, Volkswagen cars had been emissions tested for years without finding anything suspicious. Turned out VW used the car’s sensors to detect when it was being tested.

load more comments (1 replies)
load more comments (14 replies)
[-] otp@sh.itjust.works 37 points 1 month ago

Yet again, someone mistakes an anecdote for evidence. And evidence is also not the plural form of anecdote.

I'm sure we have people here who are tech-savvy enough to have actually examined the kinds of data that their phone is sharing.

If you have something like Google Home or Amazon Alexa, then yeah, those would be sending voice data back, and yeah, they could probably use it for advertising. But as far as I know, there is no evidence that phones are "always listening" and "always sending information back" when they're idle.

[-] synapse1278@lemmy.world 32 points 1 month ago* (last edited 1 month ago)

This may be a simple coincidence. Maybe you had similar YouTube suggestions in the past but you didn't pay attention because they come at random times. Like if you drive a Honda Civic, you tend to spot all the Honda Civic in the street.

There would be an interesting experiment to make though:

  1. Take a snapshot of your YouTube recommandations
  2. Choose a subject that has nothing to do with any of the recommandations, let's say "travel to the Bahamas"
  3. Hold a conversation with someone with both your phone's present, mention several time going to the Bahamas.
  4. Check YouTube again, si if the topic of Bahamas is appearing.
  5. Choose another topic not covered by your recommendations, let's say collecting stamps
  6. Put your phones away, have a conversation about collecting stamps
  7. Check YouTube recommandations
[-] Kanzar@sh.itjust.works 4 points 1 month ago* (last edited 1 month ago)

The problem comes is the suggestion of travelling to destination X (in your case, the Bahamas) doesn't just pop up out of thin air - friends may have travelled there recently, perhaps there has been a recent advertising push, etc.

Another family member looking up some destinations to travel, then speaking with you later - same external IP of the home wifi being reported, bam you get advertised the destinations they looked at the most.

Choosing a "random" topic again also doesn't come out of thin air.

load more comments (1 replies)
[-] Ilandar@aussie.zone 31 points 1 month ago

Person in a privacy community using YouTube and multiple Google accounts thinks the only way they are being tracked is through phone microphones...you can't make this shit up.

load more comments (6 replies)
[-] scytale@lemm.ee 30 points 1 month ago

No, your phone doesn't listen to you 24/7. With that out of the way, there are a number of places where youtube may have gotten that info. One possibility is that someone in your household looked up the movie and maybe checked if stuff ripped from netflix is indeed full HD. And since everyone in your family is using the same NAT IP, then it's easy for youtube to target recommendations at everyone in that household.

[-] beefbot@lemmy.blahaj.zone 7 points 1 month ago

I don’t doubt you, but it’s worth asking if your reasons for stating that our phones don’t listen to us 24/7 haven’t changed since you first formed the opinion.

Lots of things are meso-facts (a true fact at rhetorical time we learn it, but no longer true later). Tech moves quickly. It’s worth not assuming anyone is right here, & asking: under what conditions could our phones be listening (enough to produce what OP experienced)?

[-] Quail4789@lemmy.ml 5 points 1 month ago

The mere bandwidth cost to listen everyone's mics at all times when people voluntarily give up profiling data already would be dumb as fuck on Google's part.

[-] beefbot@lemmy.blahaj.zone 3 points 1 month ago

But again, what I’m getting at here is, are we so sure it takes all that much anymore. Processing could take place in a shorter way now, more than it could when our current opinion was still true.

[-] Quail4789@lemmy.ml 3 points 1 month ago

No need to get all Descartes about this. It'd be really trivial to prove mics are on 7/24.

[-] Chozo@fedia.io 5 points 1 month ago

Watchdog groups have been monitoring these services for years now and have yet to find the "your phone is listening 24/7" smoking gun.

load more comments (1 replies)
[-] scytale@lemm.ee 2 points 1 month ago* (last edited 1 month ago)

The conditions would be that all the controls that are in place to prevent it from happening are bypassed, which no one has proven yet. For example, Apple has developed their devices (assuming not jailbroken) in such a way where the camera and microphone usage indicators are hardwired and can't easily be bypassed by software hacks. So if your phone was listening to you all the time, then the microphone indicator light would always be on. Listening 24/7 would also drain the phone's battery and use up so much data it would be noticeable. Another example is Siri. It is actually designed in a way where there are 2 components. The first one is local on the phone and separate from the actual Siri component. It is what's actively listening for you to call it. Once you call it, it then activates the actual Siri that transmits your voice inputs online.

load more comments (2 replies)
[-] Charger8232@lemmy.ml 25 points 1 month ago* (last edited 1 month ago)

First off, if you're concerned about phone privacy, consider a custom OS for your phone that respects privacy such as GrapheneOS.

It's easy to figure out that your device isn't listening to a constant audio stream 24/7, since that would drain battery and send a lot of noticeable data over the network. However, it is entirely possible to listen for certain keywords as you mentioned, and send them encrypted with another seemingly legitimate packet. There's no way to be 100% certain, but it is possible in theory without draining too much battery.

The steps you took are good, making sure that apps don't have any permissions they don't need. Privacy is a spectrum, so it's not "all or nothing". As I mentioned before, if you're seriously concerned about mobile privacy and want a solution, you can get a custom operating system that can remove any privacy invasive elements. GrapheneOS also allows you to disable the camera and microphone system-wide (although this functionality is present on some other Android builds).

If it eases you any, a lot of these advertisements happen to be coincidence and trigger confirmation bias. It could be that those ads happened to show up by coincidence, or that advertisers managed predicted your interests, or that you got tracked by some other means while downloading the movie. The possibilities are nearly endless.

[-] bruce965@lemmy.ml 10 points 1 month ago

You should install Rethink and see how much garbage your phone constantly transmits and receives. And this is not even a kernel-level firewall, so who knows how much data Google actually exfiltrates...

I don't know about a constant audio stream, nor about keywords, but I noticed that Google Keyboard sends out some data every time you type anything. It's not even that subtle.

[-] Charger8232@lemmy.ml 8 points 1 month ago

If anything, I love GrapheneOS for its "Network" permission toggle. It's nice knowing that my keyboard (or any other unnecessary apps) can't phone home.

[-] bruce965@lemmy.ml 3 points 1 month ago

GrapheneOS is certainly on my wishlist too, but Pixels are quite pricey. I guess Rethink is the poor man's version. Just a per-app firewall.

[-] EngineerGaming@feddit.nl 3 points 1 month ago

Maybe Divest/Lineage could be an option instead. Although you have to choose a device wisely (and even among supported ones, some have trouble unlocking the bootloader), there is a chance you'd find a suitable cheaper one.

Personally no regrets spending $300 on a Pixel 7a but still painful to hand over this much.

[-] Chozo@fedia.io 25 points 1 month ago

Listening to audio would be the least effective and most expensive method of data collection for advertisers. It's not happening. They already have literally over a million data points on you, there's nothing useful for them to glean from your audio that they don't already have ad nauseum.

You see thousands of ads and recommendations every day. You finally found one that was relevant to you. It's not that deep.

[-] Rolando@lemmy.world 16 points 1 month ago

The youtube algorithm determined the following: people who watch the kind of videos in your history, are also interested in recording netflix shows. And it was right, because you are in fact interested in that (general) topic. This is another possible explanation.

[-] xionzui@sh.itjust.works 10 points 1 month ago

I’ve gotten ads for things I’ve just thought about. Never said anything out loud about or did any searches related to. It was something in a video I’ve watched dozens of videos about in the past. But on this occasion, I happened to think that I kind of want one for the first time. And I just so happened to start getting ads for them right after, also for the first time. They know way more about you than you think and don’t need to listen to you.

[-] Boomkop3@reddthat.com 9 points 1 month ago
  • A family member might have searched it
  • An ad network might have reported on your piracy (especially now with privacy sandbox)
  • Your media player might just be doing some tracking and/or insecure searching for metadata
  • Siri or something might have popped open
  • You googled to get to the piracy website
  • You may have just looked up the movie, and the movie was popular with pirates

Don't get too paranoid

[-] ShortN0te@lemmy.ml 8 points 1 month ago

And how often. have you said stuff that you have not received advertising for? You will notice it when you get a positive match but not on a negative.

Data collecting companies can predict/rate your behavior for more then 20 years based. Since then. it has been perfected. They know that you are interested in those topics without having the need to waste resources on recording and analyzing every single audio stream.

[-] davel@lemmy.ml 6 points 1 month ago

Reporter: [REDACTED]
Reason: BS

Maybe I should have removed this post, because it is ridiculous.

load more comments (2 replies)
[-] TranquilTurbulence@lemmy.zip 5 points 1 month ago

Here’s a fun little experiment you can try. Make a list of random topics and have a discussion about each of them on separate days. Make sure each topic is something that could result in creepy suggestions or ads on YT. If even one of these topics produces the expected result, you could be on to something.

[-] otp@sh.itjust.works 4 points 1 month ago

Fun, sure, but not an experiment that would actually be meaningful.

The data from your phone's microphone doesn't magically appear in Google's advertising servers. It would have to go through a lot of steps before it gets there, and one of the first steps is in your home (if you're on WiFi). One can analyze the traffic/data that leaves their phone.

It's good to be cautious, but worrying about your phone's microphone is potentially like worrying about your windows while leaving your front door open.

[-] zephorah@lemm.ee 5 points 1 month ago

In addition to all the GrapheneOS recommendations, there are also faraday bags. Drop the phone in while at home or wherever.

[-] LostXOR@fedia.io 4 points 1 month ago

That doesn't really help unless the bag is also soundproof; it could just as easily store what you say and send it off later.

[-] Broken@lemmy.ml 4 points 1 month ago

I'll second the recommendation for GrapheneOS. One of the available options I use is to keep mic, camera, and location off at all times until I need them. That simple toggle ability changes your privacy stance greatly.

[-] DieserTypMatthias@lemmy.ml 2 points 1 month ago* (last edited 1 month ago)

Root your phone and degoogle it if it doesn't have LineageOS image. If it does have LineageOS image, then flash it. Oh, and don't use Google and YouTube. Use Brave/Vivaldi for web search and Tubular for YouTube.

[-] foremanguy92_@lemmy.ml 3 points 1 month ago

I've seen a lot of people using Vivaldi as "private" browser. What is the point here?

load more comments (10 replies)
load more comments (3 replies)
load more comments
view more: next ›
this post was submitted on 30 Oct 2024
9 points (53.1% liked)

Privacy

32482 readers
729 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS