Lifestyle
Why your conversations might not be as private as you think they are
Technology: Are your electronics listening to you? Find out why your conversations might not be as private as you think they are.
It started as a rumour two years ago on a Reddit chat room when one user, who worked in a store that had Mumford and Sons on loop, flipped open his smartphone on the way home about found Google Play had recommended he buy a Mumford and Sons song.
“I’ve never mentioned this song on social media or Google,” he explained. “Is Google listening to my phone 24/7?”
Over the next few months, more and more people noticed similar things — leaving your smartphone on the sofa while a foreign film played meant you started receiving ads in Spanish. Chatting about books meant they popped up in a ‘recommended for you’.
One woman was doing some ironing when her mum told her a family friend had been killed in a road accident in Thailand. Her phone was on the worktop behind her — and the next time she used the search engine, up came the name of her friend and the words, “motorbike accident, Thailand” in the suggested text below the search box.
It’s something that I’ve wondered frequently over the past six months — and when I posted my worries on Facebook there were so many comments from friends saying they thought the same thing happened to them. People had been discussing holiday destinations, or even headaches, and found ads ready and waiting when they fired up their phone.
And it isn’t just our phones either. Last week, Wikileaks revealed that the CIA’s “Weeping Angel” programme provided agency hackers with access to Samsung Smart TVs, allowing a television’s built-in voice control microphone to be remotely enabled while the TV was switched off.
“The problem with this method is that it required implanting a TV with malware — and it has to be done in person, meaning the CIA are in your house if they want to do that,” explains Dr Gus Hosein, executive director at rights watchdog Privacy International. “Spooks have been breaking into people’s houses to film and record them for ages. It’s not right but it’s nothing new. What is new is that Samsung itself can — and has been caught — listening to everything you say if you’re in the room with one of its smart TVs.”
Personal assistants like Apple’s Siri and Amazon’s in-house Alexa are designed to listen out for keywords to switch on. Although both companies insist that your voice is not recorded, in March 2017 police in Arkansas collected a murder victim’s Echo speaker (which works with Alexa) as they believed it captured fragments of audio from the murder scene while listening for commands.
“Are companies recording what we say? The simple answer is yes,” says Jacob Silverman, author of Terms of Service: Social Media and the Price of Constant Connection. “Always-on, internet-connected devices could be recording us at almost any time. We simply don’t know what data is collected, where it goes, how it’s parsed, or to whom it’s sold. Companies are constantly buying and selling personal consumer data, forming complex profiles, and investing in ways to manipulate and sell to us with ever more precision.”
“The sticking point — what makes smartphones smart is because they do know a lot about you,” points out Mike Gilkes, senior electronics editor at US consumer organisation Consumer Reports. “That’s what makes them useful. It knows where’s the local eatery, where’s the traffic jam, it knows you’re late and it knows who you call frequently. But the apps that bring this to you ask for privileges that some people don’t deem necessary.”
The range of apps that ask access to our microphone and camera, for instance, is surprising. Twitter and Instagram requests access to your wifi information, your camera and mic, your photos, your SMS, your location, your contacts and your calendar — meaning the apps can take photos, videos and use your mic, access everyone you know, read your messages, remove accounts and track your every movement.
Facebook requests all of the above plus device ID and call info, your identity and device and a pp history. Facebook has issued a firm online rebuttal to accusations that it listens to its users conversations — and referred the Daily Telegraph to that statement. “Facebook does not use your phone’s microphone to inform ads or to change what you see in News Feed,” it states. “We only access your microphone if you have given our app permission and if you are actively using a specific feature that requires audio.”
Which may well be true, says Renate Samson — CEO at Big Brother Watch — but “we know companies sell your data to data brokers in a fraction of a second,” she explains. “These faceless data brokers sit in the background — we think when we engage online only Amazon and our credit card company know what we’re doing. But data brokers know everything you’ve bought and, with identity data, what sort of person you are. They can figure out who we are and what we’re doing, which is profoundly disturbing …”
This is even more alarming when it comes to the “Internet of Things” — smart home devices and wearble accessories all connected online. This year, Samsung debuted its Family Hub fridge that can play music from Spot ify to becoming a TV screen… all operated by voice control. While Ford announced it would equip cars with Amazon’s Alexa. T0 here’s voice controlled smart functionality in everything from baby monitors to door locks and heating controls.
In May 2016, however, researchers at the University of Michigan discovered they could pull off disturbing tricks with these devices — from triggering a smoke detector to planting a backdoor PIN code in a digital lock that offers silent access to your home.
“If these apps are controlling nonessential things like window shades, I’d be fine with that. But users need to consider whether they’re giving up control of safety-critical devices,” says Earlence Fernandes, one of the University of Michigan researchers. “The worst case scenario is that an attacker can enter your home at any time he wants, completely nullifying the idea of a lock.”
Even if hackers don’t show up, there’s very little benefit for you if your TV listens to you or your fridge or your car are connected to the internet, Hosein argues, except commercial exploitation. “It doesn’t benefit you, it benefits the manufacturers. These companies all want to be like Google — they want to know what you’re watching so they can advertise to you. They want to know what’s in your fridge so they can advertise to you. They want to know where you’re going so they can advertise to you.”
I worry about what happens when these devices “understand” almost everything we’re saying
And there’s even more intimate information at stake. Health wearables is a booming market — and with these devices recording sleeping patterns, heartbeat, body temperature and health information you’d want to hope the data was being kept pretty safe. In September 2016, however, researchers at Imperial College London and Ecole Polytechnique CNRS, France subjected 79 health apps listed by the NHS Health Apps Library to security checks and found that around a third were sending personaldetails about health and lifestyle— such as body-weight over the internet with no encryption.
In February 2016, Canadian based Citizen Lab and the Munk School of Global Affairs examined eight popular fitness wearables and found seven leaked personal data whilst giving themselves broad rights to use — and in some cases, sell — consumer’s health data. One in six also sent information to third parties such as advertisers, despite privacy policies not mentioning this could happen.
“I worry about what happens when these devices “understand” almost everything we’re saying,” Silverman adds. “When automated systems can understand what you’re saying at all times, and potentially nudge you with all sorts of offers and suggestions, how can we feel in control?”
Always-on, internetconnected devices could be recording us at almost any time. We simply don’t know what data is collected, where it goes, ... or to whom it’s sold.” Jacob Silverman, author of Terms of Service: Social Media and the Price of Constant Connection