• MajorHavoc@programming.dev
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    3
    ·
    3 months ago

    Security researchers would’ve noticed this.

    They did notice. Malicious apps that use everything they can to spy on you are old news.

    To your point - this isn’t confirmation that any of the big players are listening directly. That would probably have been caught by security researchers, although it would be really difficult in Google’s or Amazon’s case, as they run proprietary software at a very low level.

    The news here is two fold;

    1. Cox got caught buying that data, and when confronted about it, Google, Amazon, and Meta all failed to deny that they also buy that data from those malicious app makers.

    2. This is strong evidence that someone is routinely collecting that data. That’s news. We’ve suspected for awhile that, at minimum, the malware apps do. Occam’s razor says at minimum, we should now assume many malware apps are using microphone to collect speech and submit it elsewhere for analysis.

    The unprovable part of this that smells much worse is: a kid in a basement writing malware does not have the computing power to turn tons of raw voice recordings into useful correlated data.

    That kid needs an ally with a lot of computing power. Google, Meta, and Amazon all have a motive here and have the necessary computing power.

    And all three worded their denials pretty carefully, I noticed.

    • bdonvrA
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      3 months ago

      Cox got caught buying that data, and when confronted about it, Google, Amazon, and Meta all failed to deny that they also buy that data from those malicious app makers

      But what is that based on? This paragraph?

      A spokesperson for CMG told Newsweek that “CMG businesses have never listened to any conversations nor had access to anything beyond third-party aggregated, anonymized, and fully encrypted data sets that can be used for ad placement.”

      I don’t think that explicitly means they had datasets made up of clandestinely recorded conversations in the wild.

      third-party aggregated, anonymized, and fully encrypted data sets that can be used for ad placement.

      Really could describe ANY possible set of tracking data… Unless you put this quote into a clickbaitey article and strongly imply it’s something sinister.

      • MajorHavoc@programming.dev
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        edit-2
        3 months ago

        You’re not wrong to give the benefit out the doubt and believe their PR person isn’t lying.

        But I’m not inclined to give that benefit of the doubt. I don’t trust these folks farther than I can throw them. I don’t, myself, need proof, to believe they would try this crap.

        And this is definitely evidence.