Computers

Facebook isn’t secretly listening to your conversations, but the truth is much more disturbing

How does Facebook occasionally deliver such disconcertingly timed advertisements? Is it really listening to users through their smartphone microphones? Or is the truth much more unsettling?
How does Facebook occasionally deliver such disconcertingly timed advertisements? Is it really listening to users through their smartphone microphones? Or is the truth much more unsettling?
View 3 Images
Android data consumption over 30 minutes compared to the volume of data the Google Voice Assistant uses across the same time period
1/3
Android data consumption over 30 minutes compared to the volume of data the Google Voice Assistant uses across the same time period
iOS data consumption over 30 minutes compared to the volume of data Siri uses across the same time period
2/3
iOS data consumption over 30 minutes compared to the volume of data Siri uses across the same time period
How does Facebook occasionally deliver such disconcertingly timed advertisements? Is it really listening to users through their smartphone microphones? Or is the truth much more unsettling?
3/3
How does Facebook occasionally deliver such disconcertingly timed advertisements? Is it really listening to users through their smartphone microphones? Or is the truth much more unsettling?

Perhaps one of the most pervasive longstanding technology conspiracy theories is that your smartphone is constantly listening in on your private conversations. Almost everyone at some point has felt the eerie synchronicity of seeing an ad served up on Facebook that exactly corresponds to a recent conversation. It’s certainly unnerving, and the most simple explanation is one of direct surveillance. Of course Facebook is listening in on your private conversation with friends, catching key words, and then serving you tailored advertisements. And of course Facebook would deny this is happening.

The problem is, outside of anecdotal cases, no one has ever been able to find clear evidence that this is actually happening. Mobile cybersecurity company Wandera recently conducted a series of experiments which again prove your smartphone is not consistently listening in to your private conversations. So, while this urban myth has again been debunked, the truth about how companies like Facebook sometimes serve up such disturbingly accurate advertisements turns out to be much more complex, and unsettling.

Facebook admits listening to private conversations

In early August 2019, Bloomberg News published a story revealing how Facebook had contracted an external company to transcribe audio conversations conducted through the Facebook Messenger app. The process was engaged to test the accuracy of an automatic transcription algorithm Facebook was rolling out, and the company claimed all users who opted in to the transcription service were aware of the potential human review system. While some reports questioned how transparent Facebook’s notification process actually was, the story rapidly spread across media outlets, with a vast of array of headlines dramatically affirming, “Facebook admits it was listening to your private conversations.

To the average headline skimmer, whose primary knowledge of news comes from glancing across headlines that pop up in social media streams, this was enough to reanimate years of conspiratorial assumptions. The news story was akin to throwing gasoline on the burning embers of a myth that had been almost extinguished.

Even the media outlet that broke the original story made a somewhat disingenuous link between the old microphone-ad conspiracy and this new revelation, referencing Mark Zuckerberg’s testimony to US congress in April 2018 as if presenting a "gotcha" moment of lying. Responding to Senator Gary Peters who questioned whether Facebook listened in on user’s microphones to generate targeted ads, Zuckerberg replied, “You’re talking about this conspiracy theory that gets passed around that we listen to what’s going on on your microphone and use that for ads. We don’t do that.”

In fact, Facebook has been denying for years that it listens to user conversations to generate targeted ads. Way back in mid-2016 the company first tried to debunk that conspiracy.

“Facebook does not use your phone’s microphone to inform ads or to change what you see in News Feed. Some recent articles have suggested that we must be listening to people’s conversations in order to show them relevant ads. This is not true. We show ads based on people’s interests and other profile information – not what you’re talking out loud about.”

The data doesn't add up

Most recently Wandera, a mobile cyber-security company, set out to test the “phone-snooping” theory, saying its customers seem constantly worried about the issue. Wandera's experiment was pretty simple. Place an iPhone and a Samsung Galaxy in a room, then play an audio loop of pet food ads for 30 minutes a day, over three days.

User permissions for a large number of apps were all enabled, and the same experiment was performed, with the same phones, in a silent test room to act as a control. The experiment had two main goals. First, a number of apps were scanned following the experiment to ascertain whether pet food ads suddenly appeared in any streams. Secondly, and perhaps more importantly, the devices were closely examined to track data consumption, battery use, and background activity.

The results will probably surprise no one. No pet food advertisements showed up on any app following the test. Even more telling, there was virtually no difference in data consumption, battery use, and background activity between the audio room tests and the silent room tests. This fact is important, because if an app were accessing a microphone and sending the audio to a cloud server for analysis there would be notable traces of data consumption.

Android data consumption over 30 minutes compared to the volume of data the Google Voice Assistant uses across the same time period
Android data consumption over 30 minutes compared to the volume of data the Google Voice Assistant uses across the same time period

“We observed that the data from our tests is much lower than the virtual assistant data over the 30-minute time period, which suggests that the constant recording of conversations and uploading to the cloud is not happening on any of these tested apps,” says James Mack, a Wandera engineer working on the test. “If it was, we’d expect data usage to be as high as the virtual assistants’ data consumption.”

iOS data consumption over 30 minutes compared to the volume of data Siri uses across the same time period
iOS data consumption over 30 minutes compared to the volume of data Siri uses across the same time period

The lack of evidence of any data consumption in these tests is probably the most significant smoking gun debunking the longstanding myth. Antonio Garcia-Martinez, an ex-Facebook product manager, has been vocally critical of the company for several years after leaving it in 2013. However, in 2017 he penned an incredibly succinct editorial for Wired summing up why Facebook isn’t listening to you through your smartphone microphone. Like Wandera, Garcia-Martinez suggests the level of data consumption needed for microphone surveillance would make the technique not only improbable to execute, but also virtually impossible to hide.

"To make it happen, Facebook would need to record everything your phone hears while it's on,” Garcia-Martinez writes. “This is functionally equivalent to an always-on phone call from you to Facebook. Your average voice-over-internet call takes something like 24 kbps one way, which amounts to about 3 kBs of data per second. Assume you've got your phone on half the day, that's about 130 MBs per day, per user. There are around 150 million daily active users in the US, so that's about 20 petabytes per day, just in the US. To put that in perspective, Facebook's entire data storage is 'only' about 300 petabytes, with a daily ingestion rate of about 600 terabytes.”

Some counter that argument by suggesting Facebook can simply scan audio for keywords coming into the microphone on a device. This means it wouldn’t need to constantly stream an open audio channel from your microphone into the cloud. But Garcia-Martinez also pushes back on that idea suggesting not only does Facebook have millions of targeted ad keywords it would need to track, but the strain on your phone’s CPU would be immediately noticeable. And again, nearly impossible to hide.

"Then we started seeing things we didn't expect"

In early 2017 Jingjing Ren, a PhD student at Northeastern University, and Elleen Pan, an undergraduate student, designed a study to investigate the very issue of whether phones listen in on conversations without users knowing. Pretty quickly it became clear to the researchers that the phone’s microphones were not being covertly activated, but it also became clear there were a number of other disconcerting things going on.

“There were no audio leaks at all – not a single app activated the microphone,” says Christo Wilson, a computer scientist working on the project. “Then we started seeing things we didn’t expect. Apps were automatically taking screenshots of themselves and sending them to third parties. In one case, the app took video of the screen activity and sent that information to a third party.”

Out of over 17,000 Android apps examined, more than 9,000 had potential permissions to take screenshots. And a number of apps were found to actively be doing so, taking screenshots and sending them to third party sources.

“That has the potential to be much worse than having the camera taking pictures of the ceiling or the microphone recording pointless conversations,” says David Choffnes, another computer scientists working on the project. “There is no easy way to close this privacy opening.”

So, your phone may not be listening in to your conversations, but it has the capacity to track you in so many other ways. And it is this massive trove of trackable data that is how companies like Facebook are able to serve you targeted ads that occasionally seem frighteningly accurate.

“Everything that makes your phone useful, like knowing where you are, taking photos, enabling online shopping and banking – these are exactly where the potential weaknesses and vulnerabilities are,” says Mike Campin, VP of engineering at Wandera. “The more useful your phone is, the more attractive it is to advertisers, hackers, or anyone who wants your data.”

And it is here where the truth behind Facebook’s occasionally unsettlingly targeted ads becomes much more creepy than any microphone surveillance conspiracy theory.

The harsh truth

“The harsh truth is that Facebook doesn’t need to perform technical miracles to target you via weak signals. It’s got much better ways to do so already,” writes Garcia-Martinez. “Not every spookily accurate ad you see is a pure figment of your cognitive biases. Remember, Facebook can find you on whatever device you’ve ever checked Facebook on. It can exploit everything that retailers know about you, and even sometimes track your in-store, cash-only purchases; that loyalty discount card is tied to a phone number or email for a reason.”

So you may adamantly claim Facebook must have listened in on your private conversation yesterday about a friend’s wedding and then served you an ad for tailored wedding suits because you have not googled anything wedding-related in years. But there are scores of other data points the system has on you to determine what you should see at any given point. Not only does the system know exactly where you are at every moment, it knows who your friends are, what they are interested in, and who you are spending time with. It can track you across all your devices, log call and text metadata on Android phones, and even watch you write something that you end up deleting and never actually send.

The deeply disconcerting implication of all this is that the rich vein of data constantly being gathered can be crunched by an algorithm to essentially predict what you and your friends are talking about, and serve you an ad that is perfectly tailored to your current needs. Even though these Facebook ad algorithms are not nearly perfect (try to pay attention to how often you are served ads that are entirely irrelevant to your interests), the simple fact that they are so eerily correct even some of the time is the real conspiracy here.

It is almost impossible for a human mind to understand how these complex algorithms work. How they crunch vast volumes of person data to decide now is the right time to serve up an ad for fried chicken is possibly beyond the comprehension of even the engineers designing the algorithms. In many ways, it makes sense so many people still believe in the microphone conspiracy. It is so much easier to understand how Facebook served you up that prescient ad if we imagine it simply overheard the conversation you had yesterday with friends. But as with many things in life, the truth happens to be much more complicated, much more inscrutable, and much more disturbing.

15 comments
Mzungu_Mkubwa
The bigger culprit for conversation monitoring is Google' assistant (and the other comparable systems like Alexa). The danger doesn't lie in how they target ads. True danger comes when ideological differences drive those in power/possession of this data to exert control and/or maintain that power. We have gladly welcomed this comprehensive & pervasive surveillance infrastructure into our intimate lives. All it will take is the "flip of a switch" for it to become an incredibly powerful tool for control. For example, I can't imagine what the Communist Party in China is doing with this capability in that country. [Got this screen shot yet, Google Chrome? 😂]
Matt Fletcher
Excellent, well written detailed article, doubt many other news sources will cover this information at all, let alone in detail. I deleted the Facebook App from my phone months ago but now I will officially be deleting it this weekend and a number of other apps as well. Those who don't understand and value the Right to Free Speech (includes privacy: the right not to have everything you say heard) and the Right to Protect oneself and others (1st & 2nd amendment) before long won't have either. Thanks for letting us know.
guzmanchinky
I don't mind if I see ads that target me, it's much better than ads for something that has nothing to do with me. And there is a broad gap between "advertising" and "hacking". One wants to sell me something, the other is nefarious, and I don't think they should be used in the same sentence. I guess what I'm saying is I don't care if marketers know about me and my interests, but I do care if security holes allow hacking. One should be doable without exposing the other.
MarkmBha
Big Brother is....
Zubin Grant
This article is adeptly written but still has a few general assumptions. First, sending uncompressed, or heck, even compressed audio streams do take a lot of data, over the past couple years, both Google (with their Assistant) & Apple (thanks to their acquisition of Shazam) have software included in phones that is able to transcribe speech into words/buzzwords that can then be fed as 'terms' to personalize the ads shown to you. Softwarsles such as this are bundled as products such as Shazam, for eg., you can ask Assistant to identify music too. And Google has their call transcribing service coming soon too. Aka, they're making a list of terms you talk about, while in convo with a friend or solo. This equates to nothing as huge text files are still only a few kilobytes in size. Second, this article ignores the usage of social buttons such as 'like' that grace most websites, heck there's a sign-in with FB option on New Atlas itself. This allows FB to track you even when you don't have their website open. Granted, that has been common knowledge for a while, clearly it wasn't enough to satisfy the whims of advertisers. Google is kind of a mixed bag here. In account settings, you can turn off ad personalisation which disables showing you ads based on interests & you'll start getting more generic ads. However, nowhere does it say that they'll stop collecting data, they still do & keep it in their records, just that you don't have to be paranoid about seeing such relevant ads. If you've been keen to notice, battery life has definitely taken a hit since Lollipop/Marshmallow days, yet CPUs continue to get more efficient & we're fitting bigger batteries than ever. This is because the microphone hardly consumes any energy but having it on with analysis software running 24*7 does. In fact, I'd go as far as to say, that is what the low power cores were included in octacore SOCs. You do not need 4 damn cores to check for notifications & calls while phone is inactive, which is the usual front, the explanation given.
Expanded Viewpoint
As I have said many times before, cell phones are the planetary IQ test, and only a very few will be able to pass it. I am smart enough to be able to structure my life so as to not need one to survive. Huh, survive. The data mining that goes on and what is done with that data after it is collected, is the absolute LEAST of our worries with those devices. The ill health caused by the microwave radiation that they emit every two to three seconds to keep a link with the towers far outweighs being given an opportunity to spend some money on some product or service. If you can't control your spending habits, that's your own fault. When I see that someone had a fourth of their outer ear sawed off and a patch of keloid scar tissue the size of my hand on their neck and scalp. or a woman die of ovarian cancer or breast cancer due to where she stored her cell phone, or bladder cancer and kidney disease, or even just a bald patch of skin on a thigh the EXACT size of a cell phone, I have all of the evidence that I need to see to know how dangerous those things are. My own opinion of cell phones, is that they are the Chlorine being dumped into the shallow end of the gene pool. You have been warned once more. Randy
Edna Perez-Cardona
Julian Assange warned about how Facebook, Google, Yahoo were allowing the CIA to access user data.
misty45
Besides disabling Locations Services, deleting the apps, what else can you do? Does a VPN help?
Troublesh00ter
While I do NOT use Facebook, I am more than a little concerned about the whole Google business. I have to wonder, though, at least in the case of my own phone, whether Google is awake when the rest of the phone is asleep. Further, I keep it in a belt pouch, which would muffle any verbal communications that much further. The whole issue of privacy in the 21st century has done nothing but become more muddled, and I for one don't see a whole lot of people trying to un-muddle it.
Wolf0579
Corporations are evil. They have zero morals. They have zero conscience. Dump Facebook. It's destroying democracy.