Apple Tells Lawmakers iPhones Are Not Listening In On Consumers

An anonymous reader quotes a report from Reuters: Apple told U.S. lawmakers on Tuesday that its iPhones do not listen to users without their consent and do not allow third-party apps to do so either, after lawmakers asked the company if its devices were invading users' privacy. Representatives Greg Walden, Marsha Blackburn, Gregg Harper and Robert Latta wrote to Apple's chief executive Tim Cook and Alphabet chief executive Larry Page in July, citing concerns about reports that smartphones could "collect 'non-triggered' audio data from users' conversations near a smartphone in order to hear a 'trigger' phrase, such as 'Okay Google' or 'Hey Siri.'"

In a letter to Walden, an Oregon Republican who chairs the House Energy and Commerce Committee, Apple said iPhones do not record audio while listening for Siri wakeup commands and Siri does not share spoken words. Apple said it requires users to explicitly approve microphone access and that apps must display a clear signal that they are listening.

Post the source code

[spire3661]

and we will believe you. Until such a time as the code can be verified by third-parties, your word is utterly meaningless. Trust, but verify.

Re:Post the source code

[jellomizer]

Why would that prove anything?
If Apple is going to deceive you in front of lawmakers. Why not release source without the offending code, and compile and send a different branch with it.

Most of us even hard core open source Linux fans, will not install their applications by compiling the source.
make clean & make & make install
We would rather just run the apt-get, download the .deb or .rpm file which has the executable precompiled. Saving you the time and effort of the build.

Sure some of us will compile our code before we run it. But heck if you are in the business of spying, that could be considered a trade-off.

If you want to verify what is happening, then you should monitor all the wireless traffic your phone sends. Compare it in a quiet environment and one with talking. See if the data sent from the device is enough for conversations.

For the most part it is in Apples best interest in not getting caught betraying our trust in its security feature. The easiest way to not get caught is to not do the action.

Re:Post the source code

no problem with posting the source code....

It is a hardware feature.

passphrase : actually

Re:Post the source code

[Luthair]

If you're going down that road, how can you trust source code? It might be different than what is deployed to devices. Heck, maybe its in firmware somewhere....

Re:Post the source code

[spire3661]

The point is the option should be there so that a person can look at it and say 'Holy shit, what the hell is this?'. It doesnt matter how many actually do it, what matters is that it represents a logical break. Without any way to look or alter the code, its a black box, forever. You dont trust a black box.

Re: Post the source code

[spire3661]

Not by me or to my standards, and you have provided no links or other data to backup your statement.

Re:Post the source code

[Wrath0fb0b]

If Apple is going to deceive you in front of lawmakers. Why not release source without the offending code, and compile and send a different branch with it.

Indeed.

Most of us even hard core open source Linux fans, will not install their applications by compiling the source.
make clean & make & make install

First, even those that do will not audit the entire source. I bet you could insert a function send_personal_data_to_kgb_and_nsa(void) and only a small number of people running ./configure && make -j12 install would notice. If you obfuscated the functionality a bit better, no one would notice :-P

Anyway, even if you did audit the source, that is not sufficient to guarantee that the compiled binary faithfully represents the source files input. To do that, you have to audit the entire compiler/toolchain. And then you have to audit the compiler used to build the compiler.

If you want to verify what is happening, then you should monitor all the wireless traffic your phone sends. Compare it in a quiet environment and one with talking. See if the data sent from the device is enough for conversations.

But the phone has storage. And it has speech-to-text, part of which happens locally. Both of those features mean that, in theory, the phone could record and process the audit and then dribble it out over the network later when you are doing some other legitimate network activity.

So if you REALLY want to be certain, you have to fill up the storage (wait, there could be a secret reserve of a few GB that are not user-accessible) and also monitor the supply lines from the battery to ensure there is no heavy speech processing that might be transcribing it to text :-D

I agree with the sentiment of your post, just like showing that there is no way around having some level of trust in the hardware/software that you use.

Re:Post the source code

[jellomizer]

However the black box for the most part is sending and receiving open specification type of data.
If Apple is going to hide that they are sending your conversations to some mega server somewhere they are going to do it. Source Code will not stop that one person to question the code. If that code isn't there.

However the open specification will allow people to see the output from that black box.
 

Re:Post the source code

Trust, but verify is inherently a security weak concept and who will review this source code? How do I trust what YOU say about it? I may not know how to read it myself. So who will teach me? But then, again I trust the teacher? I can't see what they're thinking, their motives, what pressures may or may not be on them to give me accurate educational teaching? Open source isn't always the answer, because open source requires expertise to be useful. 99.9999999999999% of people are not going to become educated in programming to review the source code and if we're not going to trust a company I'm certainly not going to trust someone like Richard Stallman or Linus Torvalds to tell me what their code does.

Re:Post the source code

[KiloByte]

That's why there's the Reproducible Builds project. Packages have .buildinfo files that save versions of dependencies, recompiling against the same deps should produce bit-to-bit identical results.

It's not yet complete, but 92.8% of packages build reproducibly.

Re:Post the source code

[grondak]

My charger has a light that shows when the battery is charging. When the battery is charged, the light turns off.

The charger light turns on when the TV or music is loud. It switches off not quite as fast as a scope would show activity, but soon enough to know that something draws more current when there is significant audio input.

I bet a phone with a dead battery could be used to track audio spying pretty easily.

I love your point about storage. Some apps queue their data for upload on reconnect.

Re:Post the source code

[gweihir]

Why would that prove anything?
If Apple is going to deceive you in front of lawmakers. Why not release source without the offending code, and compile and send a different branch with it.

Indeed. The source is valuable if a) somebody really digs through it and b) it is that basis of the installation you do. Otherwise, it is just a heap of code lines without much meaning.

Re:Post the source code

[drinkypoo]

If Apple is going to deceive you in front of lawmakers. Why not release source without the offending code, and compile and send a different branch with it.

This is why clauses which require that the user be able to actually build and then furthermore actually install and use the code they compiled are necessary. What good is source code, Mister Anderson, if you are unable to compile and use it?

Most of us even hard core open source Linux fans, will not install their applications by compiling the source.

As long as someone is testing it, we have reasonable assurance that it works. Sure, individuals could be delivered different code than that, if Apple wanted. But it's still better than nothing, and it would offer the opportunity to compile your own.

If you want to verify what is happening, then you should monitor all the wireless traffic your phone sends.

Sorry, I left my Stingray in my other pants.

Re:Post the source code

If you have a black box that radiates information *you have no way to tell who else is listening to that information.*

Not that I have any reason to distrust Apple or any inclination to look at the code or the executables, but there are well-known attacks on air-gapped systems that work.

Re:Post the source code

Without any way to look or alter the code, its a black box, forever. You dont trust a black box.

But even if they provide the "source", it is still a black box, because there is no way to verify that the source provided is what was used to compile the app on the phone. jellomizer mentioned that in literally the third sentence of their post.

If you disagree and believe that there is a way to verify that the source provided matches what was used to compile the app on the phone, then say so and explain why. Don't just ignore their core argument and post a rebuttal to something else entirely.

Re:Post the source code

[MachineShedFred]

Yeah, because lying to Congress is a fantastic plan, and they would totally do that to... what end?

Posting the source code isn't going to happen. They would let government auditors in under NDA long before that happened. Get real.

Re:Post the source code

[MachineShedFred]

Are there well known attacks on AES?

Sure, it's not perfect, but you can severely limit "who is listening" based on proper HTTPS. Use signed certificates, require them to be valid, and use HTTPS end-to-end, everywhere.

Re: Post the source code

Wtf? Apple lies all the time. Steve jobs claimed ogg vorbis was an illegal codec at one point of time and half of their advertising in the past Implied osx couldn't get viruses.

During antenna gate it took them almost to the point of getting sued to admit the issue.

Yes. Apple should prove themselves

Re:Post the source code

[guruevi]

Apple has released design/block diagrams on the silicon and how "Hey Siri" is implemented in hardware and doesn't require intervention from either the CPU or the OS. It can be verified by putting some scopes and circuit analyzers on the thing and seeing when and where the 'activity' actually happens.

It's fairly easy to test whether or not they're lying, if your CPU and SSD keeps waking up whenever there is audio, even if the trigger hasn't been used, you know they're lying.

Also, you can dump the contents of your iPhone as a developer. So it would also be pretty easy to verify there is no recording lurking somewhere on the drive waiting to be sent to Apple. You could also analyze the traffic that is sent to Apple and see whether it is feasible that audio recordings which would have to be a pretty continuous stream, even encrypted, are being sent without the trigger phrase.

Re:Post the source code

[TheFakeTimCook]

and we will believe you. Until such a time as the code can be verified by third-parties, your word is utterly meaningless. Trust, but verify.

It's called a Packet Inspector. Can't snitch on the User without causing network traffic. And an iPhone tries to avoid using Cellular data when WiFi it is allowed to connect-to is available. So, all someone has to do is packet-sniff iPhone traffic while it is connected to a WiFi network.

Simple. Idiots.

Boy, Slashtards are deliberately obtuse. Anything to impugn Apple, right?

Re: Post the source code

It should still work, since you can compile the code to binary and do a comparison of an on device file

Re:Post the source code

[TheFakeTimCook]

If you want to verify what is happening, then you should monitor all the wireless traffic your phone sends. Compare it in a quiet environment and one with talking. See if the data sent from the device is enough for conversations.

For the most part it is in Apples best interest in not getting caught betraying our trust in its security feature. The easiest way to not get caught is to not do the action.

Exactly.

And I just can't believe that Slashtards are THAT stupid to not think of that, instead of imagining all sorts of wheels-within-wheels and riddles wrapped in myteries inside of enigmas when it comes to ANYTHING Apple says, does or produces.

Stupid shits. The whole lot. (Not you, Jellomizer... YOU are among the few that "get it".).

Re:Post the source code

Most of us even hard core open source Linux fans, will not install their applications by compiling the source.
make clean & make & make install

That isn't really safer than running apt-get.
Unless you look at the source you have no idea what it is doing.
Heck, the source could be fine but the clean command in the makefile might "accidentally" omit a file or folder.
If someone have problems with it they can just admit that there is a bug in the makefile and suggest that the user manually removes those files and run make again.
It's not like you need to catch every fish when you go on a fishing expedition.

Re: Post the source code

Sure you could packet sniff... What would that accomplish?

Unless they are fucking retards, all traffic is encrypted. They could easily sneak data in with, say, store updates

Re:Post the source code

[TheFakeTimCook]

The point is the option should be there so that a person can look at it and say 'Holy shit, what the hell is this?'. It doesnt matter how many actually do it, what matters is that it represents a logical break. Without any way to look or alter the code, its a black box, forever. You dont trust a black box.

It is a black box with an internet-sized HOLE in it, you stupid FUCK.

Which is more betterer: Poring over Source code to try and find some obsfucated "snitching/spying" functions; or simply watch network traffic out of the fucking PHONE?

Idiots.

Re:Post the source code

Most of us even hard core open source Linux fans, will not install their applications by compiling the source.

Sounds like someone never got their Gentoo beanie!

Re:Post the source code

[TheFakeTimCook]

However the black box for the most part is sending and receiving open specification type of data.
If Apple is going to hide that they are sending your conversations to some mega server somewhere they are going to do it. Source Code will not stop that one person to question the code. If that code isn't there.

However the open specification will allow people to see the output from that black box.

Again, Exactly.

Re:Post the source code

[TheFakeTimCook]

My charger has a light that shows when the battery is charging. When the battery is charged, the light turns off.

The charger light turns on when the TV or music is loud. It switches off not quite as fast as a scope would show activity, but soon enough to know that something draws more current when there is significant audio input.

I bet a phone with a dead battery could be used to track audio spying pretty easily.

I love your point about storage. Some apps queue their data for upload on reconnect.

Since your charger has a light on it, I am assuming you DON'T have an iPhone.

Therefore, your entire post is moot.

Re:Post the source code

Bullshit. Blind sheep like you will keep your heads up apple ass; too afraid to question anything.

Re:Post the source code

[TheFakeTimCook]

This is why clauses which require that the user be able to actually build and then furthermore actually install and use the code they compiled are necessary. What good is source code, Mister Anderson, if you are unable to compile and use it?

You F/OSS fanbois really take the cake!

What you are proposing is that NOBODY can have Private IP anymore.

No thanks, Comrade!

Re:Post the source code

Yeah, because lying to Congress is a fantastic plan

Sometimes it is.

If whatever you done will put you in so much shit that it outweighs the risk of lying then yes, lying to Congress is a fantastic plan.

Or do you really think AG Jeff Sessions spoke the truth when he told the Congress "I don't recall" on over 80 questions in his hearings?
It is completely safe for him to lie about that because it is almost impossible to prove that he doesn't suffer from very selective dementia.

If you have Apple amount of money then the Congress will not raise any fuzz about your lies. After all they are on your payroll.

Re: Post the source code

[TheFakeTimCook]

Wtf? Apple lies all the time. Steve jobs claimed ogg vorbis was an illegal codec at one point of time and half of their advertising in the past Implied osx couldn't get viruses.

During antenna gate it took them almost to the point of getting sued to admit the issue.

Yes. Apple should prove themselves

Citation on the Ogg quote, cuz I'm not finding it?

Show me a true, self-replicating virus on macOS or iOS.

It's been over TWENTY years for OS X/macOS, and ELEVEN for iOS. Where are all the viruses? Trojans don't count.

Re: Post the source code

[TheFakeTimCook]

Not by me or to my standards, and you have provided no links or other data to backup your statement.

Tough shit.

Re:Post the source code

[TheFakeTimCook]

Yeah, because lying to Congress is a fantastic plan, and they would totally do that to... what end?

Posting the source code isn't going to happen. They would let government auditors in under NDA long before that happened. Get real.

Exactly. A Special Master would be appointed to review the Source and Report to Congress.

But so what? Just packet sniff the output for a day or two, and that will tell you FAR more than any stupid "review" of a million or so lines of code.

Idiots.

Re:Post the source code

Why would that prove anything?

Seeing the code doesn't cause you to suddenly think of the device as being reasonably trustworthy, but it is nevertheless a prerequisite for it ever becoming thought of as reasonably trustworthy.

Obviously the next step after you have the code, is to compile it and install it, but we can deal with that later. First, you have to have the code.

Until then, no reasonable person would suspect that it's not listening. Why wouldn't it be listening? It should be listening. So that's why Apple is having to talk to Congress at all: because the default expectation is that it should be listening and the only reason it wouldn't be listening, is if Apple deviated from common sense for some inexplicable reason So it all makes sense, and that's why Apple's having to give their word and explain why they didn't do the obvious thing.

Re:Post the source code

[TheFakeTimCook]

Apple has released design/block diagrams on the silicon and how "Hey Siri" is implemented in hardware and doesn't require intervention from either the CPU or the OS. It can be verified by putting some scopes and circuit analyzers on the thing and seeing when and where the 'activity' actually happens.

It's fairly easy to test whether or not they're lying, if your CPU and SSD keeps waking up whenever there is audio, even if the trigger hasn't been used, you know they're lying.

Also, you can dump the contents of your iPhone as a developer. So it would also be pretty easy to verify there is no recording lurking somewhere on the drive waiting to be sent to Apple. You could also analyze the traffic that is sent to Apple and see whether it is feasible that audio recordings which would have to be a pretty continuous stream, even encrypted, are being sent without the trigger phrase.

Exactly.

Just make a looped recording that DOESN'T include the phrase "Hey, Siri" (or simply a radio station or TV would work fine), and put the iPhone in front of a speaker playing the sound. Now watch for WiFi traffic from the phone while sleeping.

So easy to verify without examining a single line of code, and yet all the FOSSies can think to do is pore over a bunch of code that may or may not be what is actually running in the device.

Idiots.

Re:Post the source code

[nagora]

Why would that prove anything?

Because we could then compile and install the code ourselves without Apple having any further input; they could just update their gitLab repo every so often instead of releasing sealed and obfuscated binaries as they do now.

I'm not sure what your problem is with someone actually having to back up absolute claims of security.

For the most part it is in Apples best interest in not getting caught betraying our trust in its security feature. The easiest way to not get caught is to not do the action.

Brilliant! You've logically disproven the existence of crime! Think of how much money we can save on cops.

Re:Post the source code

After market charger?

R O

Re:Post the source code

[Muckluck]

OK - adding to this... Dead battery aside, what is stopping anyone from breaking the power in line to the camera, attaching a wire to the power supply line putting an LED inline with the physical camera? Attach a capacitor inline (to maintain steady voltage to the camera) and the LED will light when the camera turns on. This is different than the "part of the camera" LED that can be bypassed in certain camera firmware in that it is inline with the power so if the camera is powered on when you didn't intend it to be powered on, it alerts you. I'm sure you can do something similar with the MIC power lead. Analyze the network traffic on each and see what you see...

It involves some work, but it can be done...

Re:Post the source code

And "a" should actually be:
"You personally dig though it, and have superior code auditing skills to the code obfuscation skills of your hypothetical bad actor"

So in practice the source is not actually valuable for verifying trust except in trivial cases.

Re:Post the source code

Because cryptographic signatures are a thing. If you release your source code (and build environment), then anyone can trivially tell if you are using a different source to create your binaries. If you use open source tools for your build, then they too can be verified as secure. Sure, not everyone who uses open source software rolls their own, and fewer still inspect the code, but there is a chain of evidence linking the behaviour of a binary to the intent of the author.

With closed source software, you just have to hope that the publisher has no malicious intent, and that none of the tools that they used (or the tools that they used etc) had anything untowards in mind.

I'd say that I wasn't worried about it, because historically the massive loss of credibility that people and companies who were caught outright lying suffered was enough of a deterrent to keep them to the not-quite-lies of weasel words, telling omissions and half-truths, but these days lying for profit is apparently presidential, facts are "fake news" and objective reality is a liberal conspiracy.

Re: Post the source code

People have gotten so fucking stupid they donâ(TM)t know how to work with hardware anymore. Your words are mysterious to most; they just want to know how you can do that in python or javascript.

Re: Post the source code

[jimbo]

Some Apple *users* claimed they couldn't get viruses. Zealots exists for any platform. Apple have always been quite honest with their marketing. Here is an advisory from Apple from the wayback machine:

        Last Modified: July 30, 2008
        Article: HT2550

        Old Article: 4454

Summary

This article describes the antivirus utilities that are available for the Mac OS.
Products Affected

Consumer Software, Intego VirusBarrier X4, Virex, Norton Anti-Virus for Macintosh

Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one program to circumvent, thus making the whole virus writing process more difficult. Here are some of the available antivirus utilities:

Intego VirusBarrier X4
Publisher: Intego
License: commercial

Norton Anti-Virus for Macintosh (formerly SAM)
Publisher: Symantec
License: commercial

Virex
Publisher: McAfee
License: commercial

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.

Re:Post the source code

[grondak]

Yes.

Re:Post the source code

[tlhIngan]

If you want to verify what is happening, then you should monitor all the wireless traffic your phone sends. Compare it in a quiet environment and one with talking. See if the data sent from the device is enough for conversations.

For the most part it is in Apples best interest in not getting caught betraying our trust in its security feature. The easiest way to not get caught is to not do the action.

And knowing the publicity it would generate, it wouldn't surprise if me people have already done that. Since Apple is a big name and it would get you lots of publicity, I'm sure everything an iPhone does is heavily scrutinized. Every packet that is sent or received is analyzed for purpose, etc.

And I'm pretty sure they've done it using fake cellular networks too in order to capture any cellular data usage and packets as well.

One packet out of place and it'll be front page on all the mainstream media within the hour, and Tim Cook hauled in front of Congress in 2.

This is especially so since I think even Siri is doing less and less in the cloud and more and more on device

Re:Post the source code

Again; stupid blind faith in apple

Re:Post the source code

Yet this can be verified with a network sniffer...

Re:Post the source code

Awww are we not blindly following or listening enough to apples lies for you two.

Maybe you should request a transfer and go be the apple police somewhere else.

Re:Post the source code

[HiThere]

You may be a bit too skeptical. Unlike Google, Apple does not derive funding directly from advertisers. (Indirectly, yes, but that *is* different.)

So there is much less motivation for Apple to wantonly infringe your privacy than there is for Google.

OTOH, Apple is much more likely to want to block you from exporting your data. They've often imposed roadblocks in the past (though admittedly the times I'm thinking of date back to the original Macintosh).

OTOH, I haven't studied their phones eco-system, so I don't know whether they have the same motivations.

Re: Post the source code

Falsetimmycrook has little or no tech skills; just blind foolish devotion to apple

Re:Post the source code

[drinkypoo]

"What you are proposing is that NOBODY can have Private IP anymore."

Total nonsense. What I'm stating is that non-Free software is harmful to users. You can have private IP and use it in house without doing harm. But closed source software is not trustworthy by definition.

Re:Post the source code

[TheFakeTimCook]

"What you are proposing is that NOBODY can have Private IP anymore."

Total nonsense. What I'm stating is that non-Free software is harmful to users. You can have private IP and use it in house without doing harm. But closed source software is not trustworthy by definition.

And, considering the number of DECADES-long bugs found in F/OSS, the "many eyes" meme is just that. A meme.

OSS is only marginally more transparent than closed-source.

That's why I said: "Don't verify the Source. That's worthless. Verify the OPERATION."

Re:Post the source code

[drinkypoo]

"And, considering the number of DECADES-long bugs found in F/OSS, the "many eyes" meme is just that. A meme."

Okay, now tell me how closed source software is supposed to be more secure when you can't see the code and have no idea how many vulnerabilities are just waiting to be exploited.

"That's why I said: "Don't verify the Source. That's worthless. Verify the OPERATION."

That's worthless without the sources, because you can't expect it to behave the same way every time if you can't check the sources to look for special cases.

Re:Post the source code

I would trust (cr)apple (or Google) about as far as I could throw the Empire Stare building! Of course they are spying and collecting customer data to sell.

Re: Post the source code

Don't bother answering him. He's an Apple fanboy. No matter how many times you prove him wrong he will double down on stupid.

Re: Post the source code

So it basically boils down to "we are Apple, trust us"

And that's good enough for you?

Sorry the rest of us aren't blindly following Apple.

Re: Post the source code

What about traffic that's encrypted?

Re: Post the source code

[TheFakeTimCook]

Don't bother answering him. He's an Apple fanboy. No matter how many times you prove him wrong he will double down on stupid.

Log in and fight like a man; or STFU and FOAD.

Re:Post the source code

[TheFakeTimCook]

"And, considering the number of DECADES-long bugs found in F/OSS, the "many eyes" meme is just that. A meme."

Okay, now tell me how closed source software is supposed to be more secure when you can't see the code and have no idea how many vulnerabilities are just waiting to be exploited.

"That's why I said: "Don't verify the Source. That's worthless. Verify the OPERATION."

That's worthless without the sources, because you can't expect it to behave the same way every time if you can't check the sources to look for special cases.

What "Special Case" would be practical for something that is supposed to be logging and repeating your every utterance?

And how is the phone supposed to know you aren't just watching some Spy movie, FFS?

You people make no sense.

Re:Post the source code

... because they're going to barf it immediately? No, it will happen later, and not at all for developers. Come on, 1980's era anti-piracy technology is so 1980's.

Re:Post the source code

[jellomizer]

If they are lying about spying. What would be the test for it. You are making a bold claim about it so it is up to you to prove guilt.
I don’t have the time. I’ll need to take Apple at its word. Not from blind faith but because I haven’t receive evidence of such a conspiracy.
Have I been wrong before? Yes. Have I been right more then I have been wrong? So far yes.
Just because we can’t find proof, it doesn’t mean there is some devious secrets to hide it. Also lying to lawmakers if caught means jail. They would have waffled a response vs just outright lied about it.

Re: Post the source code

So the source code inspection arguement does not hold water. Even a little bit. Read Ken Thompsonâ(TM)s 1984 acceptance speech for the ACMâ(TM)s Turing Award where a security vulnerability persisted through multiple attempts at source code inspection.

Thereâ(TM)s something more than 10 different processors in a phone, and any one of them is a potential security risk. Eg the baseband processor doing cellular networking is completely separate from the CPU running the OS,

Whilst there are occasions in which limited source inspection can be useful (but thereâ(TM)s very few people who can do it well), in practice black box analysis and looking what it does operationally is more informative.

Appleâ(TM)s a public company - the consequences for them (and the individuals in the company) lying to congress are severe - across multiple factors: criminal charges against individuals, damage to corporate reputation etc

Supporting the asserting they are lying needs stronger proof than an assertion that its the default unless a negative needs to be proved.

Re:Post the source code

What you are proposing is that NOBODY can have Private IP anymore.

No, you definitely don't understand.

What's he's proposing is that nobody should buy private IP, or at least they shouldn't do it very often or pay much. But you can have it.

If it's used for anything important, then either it should either be: 1) user-maintainable or 2) super-disposable (it must be very cheap, since it can break any time and you wind up ripped off) or 3) not purchased; just say no.

If you were to suggest someone shouldn't follow those rules, I'd have to assume you're trying to gain some power over them. Are you attempting fraud, perhaps? Why would I pay for unmaintainable stuff? I don't like getting ripped off. Are you sure you're different? You like getting ripped off, really?

Re:Post the source code

Should not have admitted to that. Falsetimcook has probably reported you to apple.

Re: Post the source code

Double down again fanboi. We know you like to emulate your golden calf apple by never admitting you are wrong but give it up. You just look dumb and dumber.

Re:Post the source code

LOL apple is the IHOP of waffled responses.

Re:Post the source code

[jeremyp]

Ok so you build and install the software from scratch Having done a full audit. Who is to say that it is the only software on the phone? What if the manufacturer has some hidden hardware or software that you can't detect?

Your only real protection is the knowledge that Apple's business model is to sell expensive smart phones and being caught stealing your data is going to hurt that model.

Re:Post the source code

It doesn't matter what the phone "hears". What matters is what it tells its maker. The light activity is probably just your phone's processor dealing with the ambient noise/tv dialog/music etc it hears looking for the trigger phrase. That would be pretty intensive work.

Re: Post the source code

[guruevi]

Encrypted traffic is still traffic. If you expect a phone to be radio-silent yet continues to stream (the minimum usable compressed audio is ~5kB/s which isn't trivial to hide).

Re:Post the source code

[guruevi]

Storage space on-die is going to be limited, you can simply wait it out, at some point the buffers will have to flush. If you want to surreptitiously record anything, you're always going to leave a digital fingerprint.

Re:Post the source code

[Demena]

No. I will believe them because I know it to be true. I do not even need to check the code. Because technology is not magic. Where is this "listening" going? Where is the data? If you do not know where your traffic is going and what that traffic is you just are not even competent to manage your own bills.

If you want to make a liar and a fool out of yourself, all we'll and good. But you cannot be looking good to anyone with half a brain. Why didn't you check? Jesus, I hope you don't work in IT.

Re:Post the source code

[Demena]

Thank you!

For your information and for the education of spire661, I point out that the traffic you speak of is non-existent. Since the traffic does not exist apple does not do this. Simple, except to anti-apple factoid fuctards.

Re:Post the source code

[Demena]

Or in your case, perhaps blind and stupid antipathy for Apple? The evidence is in; Apple do not "listen". There is no traffic that suggests it does. Yet you are willing to believe that it does because someone tells you so. That is pretty blind and definitely stupid so your comment does nothing to show your quality.

Re:Post the source code

[drinkypoo]

What "Special Case" would be practical for something that is supposed to be logging and repeating your every utterance?

Obviously, looking for specific users, or subsets of users. Or for activity which will disguise the network traffic.

And how is the phone supposed to know you aren't just watching some Spy movie, FFS?

Obviously, voice printing.

Re:Post the source code

[drinkypoo]

Your argument boils down to believing that only perfect solutions are helpful, but perfect is the enemy of good. One step at a time.

Re:Post the source code

[TheFakeTimCook]

What "Special Case" would be practical for something that is supposed to be logging and repeating your every utterance?

Obviously, looking for specific users, or subsets of users. Or for activity which will disguise the network traffic.

And how is the phone supposed to know you aren't just watching some Spy movie, FFS?

Obviously, voice printing.

You forgot the sarcasm tag; because you couldn't possibly be serious...

Re:Post the source code

[Waccoon]

It's already pretty well known that phones send tons of data. People have attached them to firewalls and can clearly see how much crap is going out every second. The problem is that there's so many packets going to so many different IPs for so many different purposes and it's all encrypted. It happens constantly even when the device is idle. My Win 7 PC does the same, despite all my attempts to shut off any telemetry and useless services. Is the device spying or is it just doing "normal maintenance"?

More importantly is that data doesn't have to be sent in realtime. Any spying can simply be stored in a queue and uploaded on a schedule. You can't associate transmission of data with a specific action or command in that case.

I hate it with a passion, but massive amounts of traffic is just the norm these days, and it's here to stay. Judging a device based on the quantity of data sent, or even when data is sent, is not feasible.

Re: Post the source code

> Are there well known attacks on AES?

In the context of HTTPS, a good one is "capture the key exchange", reducing AES to some public key thing that is vulnerable to more clever math than is known, or advances in quantum computing. Even if that doesn't exist now, certainly someone could record entire sessions.

Re:Post the source code

The easiest way to not get caught is to not do the action.

I really like this quote

Re:Post the source code

[gweihir]

No. Trusted third parties exist. No need to be mindlessly paranoid.

Re:Post the source code

[TheFakeTimCook]

It's already pretty well known that phones send tons of data. People have attached them to firewalls and can clearly see how much crap is going out every second. The problem is that there's so many packets going to so many different IPs for so many different purposes and it's all encrypted. It happens constantly even when the device is idle. My Win 7 PC does the same, despite all my attempts to shut off any telemetry and useless services. Is the device spying or is it just doing "normal maintenance"?

More importantly is that data doesn't have to be sent in realtime. Any spying can simply be stored in a queue and uploaded on a schedule. You can't associate transmission of data with a specific action or command in that case.

I hate it with a passion, but massive amounts of traffic is just the norm these days, and it's here to stay. Judging a device based on the quantity of data sent, or even when data is sent, is not feasible.

Just because ONE Phone (or mobile Platform) does it, does NOT mean they ALL do it.

I have always wondered why a Windows computer will CONSTANTLY access the Hard Drive, even when it is ostensibly at Idle, with no Applications running (except Explorer.exe). THAT'S the kind of stuff that is super-creepy to me, and it has been going on for YEARS.

But you can only cache so much data for so long, and then it has GOT to be uploaded. And just like with ANY SIGINT, just because you can't read the actual DATA, doesn't mean that you can't tell WHO is talking to WHOM. And THAT CANNOT be hidden or obsfucated, no more than the Address on the outside of a sealed snailmail envelope.

And it becomes REALLY non-trivial to transmit THAT much data (remember, the longer it waits, the more data HAS to be flushed!) without raising eyebrows, especially over time, and especially when a device is ostensibly IDLE for long periods of time. We're not talking about a "blip", checking on a server to see if there are OS Updates, etc; we're talking about pretty significant streams of data.

Sorry; but it CANNOT be hidden for any appreciable length of time. There are PLENTY of nerds with nothing better to do than to let their phone sit for a day or two and watch the WiFi traffic OUT of the Device. SOMEbody would have spotted this behavior with iOS devices by now. Period.

Re:Post the source code

[Plumpaquatsch]

My charger has a light that shows when the battery is charging. When the battery is charged, the light turns off.

The charger light turns on when the TV or music is loud. It switches off not quite as fast as a scope would show activity, but soon enough to know that something draws more current when there is significant audio input.

So does your charger also light up any time you actually ask Siri something? Or only when (presumably that`s what you are claiming) your iPhone sends audio recordings to Apple whenever your TV is on loud.

Re:Post the source code

[Plumpaquatsch]

And how is the phone supposed to know you aren't just watching some Spy movie, FFS?

Obviously, voice printing.

And how would it do that, you stable genius? First download a "voice fingerprint" for all people on Earth, so it can report which people it can hear?

Just answer this: is the world flat or hollow?

Re:Post the source code

[BranMan]

Idiots. Of course there is - scan the memory of the App on the phone, record the binary. Compile the App from the supplied source code, then load that on the phone. Scan the memory again. Same binary, there's your proof. Different binary, different source. What's so hard about that?

Re:Post the source code

[drinkypoo]

And how would it do that, you stable genius? First download a "voice fingerprint" for all people on Earth, so it can report which people it can hear?

I really can't figure out if you people are trolling, stupid, or just trying to suck off Apple. The voiceprints are generated from a corpus of samples produced when you use the device. Or, if in concert with the feds, from listening in on interstate calls. They can then be delivered to all devices as part of an update.

It took me about five seconds to think of a way to pull this off. Surely if you spent five minutes, you could manage it too. Instead of, you know, reflexively defending a corporation which doesn't give one shit about you.

Just answer this: is the world flat or hollow?

The world is round, your head is hollow.

Re:Post the source code

[TheFakeTimCook]

...For your Head is Hollow, and I have Touched the Sky...

(with apologies to Rik Vollaerts)

And how would it do that, you stable genius? First download a "voice fingerprint" for all people on Earth, so it can report which people it can hear?

I really can't figure out if you people are trolling, stupid, or just trying to suck off Apple. The voiceprints are generated from a corpus of samples produced when you use the device. Or, if in concert with the feds, from listening in on interstate calls. They can then be delivered to all devices as part of an update.

It took me about five seconds to think of a way to pull this off. Surely if you spent five minutes, you could manage it too. Instead of, you know, reflexively defending a corporation which doesn't give one shit about you.

Just answer this: is the world flat or hollow?

The world is round, your head is hollow.

Do you REALLY hear yourself, drinkypoo?!?

Perhaps you have had one too many of your namesake beverages...

Just give up on this. You lost.

And lay-off the sauce!

Re:Post the source code

[TheFakeTimCook]

Stable Genius: In the words of Stable Genius, Jr: "I Love it!"

Re:Post the source code

[drinkypoo]

Just give up on this. You lost.

The very last thing that would make me give up is an iFanboy shitting on the chessboard and declaring victory.

Re:Post the source code

[Plumpaquatsch]

And how would it do that, you stable genius? First download a "voice fingerprint" for all people on Earth, so it can report which people it can hear?

I really can't figure out if you people are trolling, stupid, or just trying to suck off Apple.

That's because you are dumb. I merely pointed out the insanity of your posting. And you can't tell, nor do any other options for "us people" pointing out you are insane.To a normal person I would say: "Think about that" - but that would be pointless with you.

Re:Post the source code

[Waccoon]

I have always wondered why a Windows computer will CONSTANTLY access the Hard Drive, even when it is ostensibly at Idle, with no Applications running (except Explorer.exe). THAT'S the kind of stuff that is super-creepy to me, and it has been going on for YEARS.

No need to wonder. You can use a utility like Process Monitor to see what's going on. But then, this is on a PC without all these newfangled "security enclaves" so it's not hard to figure out what's what. Can't do that easily on a phone.

Interestingly, I also noticed recently that my PC hard drive goes almost constantly as well, but it does this when looking at the machine's firmware screen. I have no idea if this is normal behavior of the hard drive controller or if the firmware is doing some hidden stuff in the background, but I do know for a fact that Windows is not always responsible for hard drive activity. It may be the drive firmware doing some weird stuff on its own.

Sorry; but it CANNOT be hidden for any appreciable length of time. There are PLENTY of nerds with nothing better to do than to let their phone sit for a day or two and watch the WiFi traffic OUT of the Device. SOMEbody would have spotted this behavior with iOS devices by now. Period.

I'd like to believe that, but there's more than one CPU in most phones (and PCs) these days, and they work independently of the OS. Just getting the OS source or monitoring it is not enough -- you have to have access to all the firmware and ROM in the chips to know exactly what's going on, and all of that stuff is encrypted in hardware. It's not like the old days where only the main CPU and OS kernel were in total control. Case in point, people are still trying to figure out exactly how Intel ME works, even though it's been around for many years.

Re:Post the source code

[TheFakeTimCook]

I have always wondered why a Windows computer will CONSTANTLY access the Hard Drive, even when it is ostensibly at Idle, with no Applications running (except Explorer.exe). THAT'S the kind of stuff that is super-creepy to me, and it has been going on for YEARS.

No need to wonder. You can use a utility like Process Monitor to see what's going on. But then, this is on a PC without all these newfangled "security enclaves" so it's not hard to figure out what's what. Can't do that easily on a phone.

Interestingly, I also noticed recently that my PC hard drive goes almost constantly as well, but it does this when looking at the machine's firmware screen. I have no idea if this is normal behavior of the hard drive controller or if the firmware is doing some hidden stuff in the background, but I do know for a fact that Windows is not always responsible for hard drive activity. It may be the drive firmware doing some weird stuff on its own.

Sorry; but it CANNOT be hidden for any appreciable length of time. There are PLENTY of nerds with nothing better to do than to let their phone sit for a day or two and watch the WiFi traffic OUT of the Device. SOMEbody would have spotted this behavior with iOS devices by now. Period.

I'd like to believe that, but there's more than one CPU in most phones (and PCs) these days, and they work independently of the OS. Just getting the OS source or monitoring it is not enough -- you have to have access to all the firmware and ROM in the chips to know exactly what's going on, and all of that stuff is encrypted in hardware. It's not like the old days where only the main CPU and OS kernel were in total control. Case in point, people are still trying to figure out exactly how Intel ME works, even though it's been around for many years.

What does that have to do with examining Source Code?

You're right. Nothing.

Re: Post the source code

It's amazing how loud you announce how dumb you are. You think Apple developers are so good, but have no faith in them for a tiny bit of obfuscation? You make it sound like they need to report back in real time for there to be spying going on. That makes you the idiot. Seriously, stop running your mouth off on everything you know nothing about.

Re: Post the source code

Having a fake alias and arguing on the Internet is "fighting like a man"? Fuck dude, that's the pussiest thing I think I've ever read. You're more and more like apk every day (fuck off with random capitalized words).

Re: Post the source code

Holy shit. Microsoft recommends running one anti virus program at a time, Apple expects you to run three or more!

Re: Post the source code

Oops, misread. At least two.

Re: Post the source code

Malware is aggressive because it needs to spread and infect as many hosts as possible before detection and prevention. That makes it easier for detection because of immediate and obvious traffic. If you don't need to spread to another device and you don't need the data in real time, it makes sense to piggyback the wanted information through other means, like update checks or NTP updates or something. There's plenty of malware that lays dormant for days, weeks and months. There's malware that detects when it's in a VM or emulator. Malware that is enabled with the right key words, etc. There's plenty of ways to hide exfiltrated data. You keep thinking data will be obvious in a day or two is asinine. Seriously, just fucking stop, you're embarrassing yourself by being so naive and simple minded.

Re: Post the source code

I never understood why people think Apple is any different than Google. They want your data just as much so they know what you want and how to sell it to you. They just cut out the middle man. And they know better how to hide it than in the beginning.

Just remember, CarrierIQ.

Re: Post the source code

You missed the Snowden docs that talked of malware that was dormant until activated. They could specify the amount and type of data and the user.

For decades, TV and movies had American operators listening on all phone calls listening for key words like "bomb". It's trivial to save recordings that included key words only.

For decades, we joked that the US was sniffing all traffic but it would be so expensive and require a shitload of servers, that it wasn't thought practical. That is until you hear the budget and see pictures of the enormous fucking datacenter.

Both Apple and NSA have the resources and the knowledge to do what they want.

Re: Post the source code

[Demena]

1. Anything dormant was not what we were talking about, in fact it is the opposite of what we were talking about. Neither does the NSA have anything to with targeted advertisements. So strawman arguments.

2. Neither Apple nor NSA have the resources and knowledge to break laws of physics. Stretch them maybe, but not break them.

People are asserting traffic that does not exist. Show me the traffic or even indicate to me what possible mode of communication might be involved in such traffic and I might give some credence except; Why would Apple sell target information to google? If iPhones are leaking in that manner (and mine is not) then it most likely Facebook or some Google application that is doing it. I cannot see Apple having much to do with it.

Android does

iPhones don't.

Re:Android does

Right. Of course we can trust Apple. Obviously.

Re:Android does

[TheFakeTimCook]

Right. Of course we can trust Apple. Obviously.

A LOT more than we can trust an ANONYMOUS, COWARD, don'tcha think?

Re: Android does

We should all use our real names, like you do.
You are very angry today.

Re: Android does

Id trust an anonymous coward long before your lies.

Why believe them?

I, for one, refuse to welcome our would-be privacy-monetizing, viewpoint-censoring overlords.

Re:Why believe them?

[jellomizer]

Posted from your Android Phone, Made by a company who makes most of their money selling targeted ads based on your data views.
Vs.
Apple who makes its money from selling higher margin devices.

Re: Why believe them?

[UnknowingFool]

Don't forget cables and dongles. :) People seem to about business models. Without a doubt Apple will sell you the highest priced items that they can get away with selling; however, the vast majority of their business model is to sell hardware. Things like media is so that you will buy their hardware. For example, Apple took a stand against DRM in music because the public was against it and it benefited Apple not to have it. They have DRM in movies and shows because the public is fine with it.

Re:Why believe them?

Posted from your Android Phone, Made by a company who makes most of their money selling targeted ads based on your data views.
Vs.
Apple who makes its money from selling higher margin devices.

When was the last time you heard about someone greedy saying "Nah, I already make enough money."?

If you think Apples higher profit margins will stop them from exploiting their customers even more then.. well, I don't have a bridge to sell you because I don't roll that way, but I am sure that your friends at Apple have a couple of features and services they will gladly make you pay for.

Re:Why believe them?

[TheFakeTimCook]

Posted from your Android Phone, Made by a company who makes most of their money selling targeted ads based on your data views.
Vs.
Apple who makes its money from selling higher margin devices.

;-)

Re: Why believe them?

[TheFakeTimCook]

Don't forget cables and dongles. :) People seem to about business models. Without a doubt Apple will sell you the highest priced items that they can get away with selling; however, the vast majority of their business model is to sell hardware. Things like media is so that you will buy their hardware. For example, Apple took a stand against DRM in music because the public was against it and it benefited Apple not to have it. They have DRM in movies and shows because the public is fine with it.

Oh, just FUCK OFF.

Seriously.

FUCK THE FUCK OFF.

Re: Why believe them?

Having a hard day recruiting new apple zealot? Maybe time for a vacation

Re: Why believe them?

Yup. apple charges more and sells your info. Classic double dip for apple.

Re:Why believe them?

[shilly]

Jesus fucking wept, you people are stupid. Obviously, Apple doesn't pursue every possible avenue for profit, because some routes to profit offer minor short term benefit for lots of long term downside. For example, Apple doesn't sell access to consumers' data because it wants to sell devices to consumers, and consumers' trust for Apple is worth a shit load more than their data.

Re: Why believe them?

[UnknowingFool]

Dude, chill out man. If you don't think Apple doesn't sell the highest priced item they can, you haven't bought a $30 cable when you can pay much less.

Re: Why believe them?

[TheFakeTimCook]

Dude, chill out man. If you don't think Apple doesn't sell the highest priced item they can, you haven't bought a $30 cable when you can pay much less.

And you haven't bought that same cable from another computer OEM, either.

Don't single-out Apple EVERY SINGLE TIME, when the entire INDUSTRY does the EXACT SAME FUCKING THING!!!

Now, FUCK OFF.

Seriously.

Re: Why believe them?

People tell me apple actually plan and makes their cables to fall apart quicker the other companies. That is why i don't buy apple

Re: Why believe them?

[jeremyp]

Except they don't sell your info.

Re: Why believe them?

[UnknowingFool]

Why does stating facts seem to piss you off?

Re: Why believe them?

Apple product are overpriced. Period.

The rest of the industry is also selling stuff at a high-margin price... but nothing compare to the margin on Apple stuff. Most of their cables and devices cost less than other things on the market to build, and they usually sells it at a higher price than others.

And when you change country, you can see the same element at double the price, because in that country people are willing to pay the price.

We won't "fuck off" just because the industry does it. They need to be called out for it. But hey, at least they are not making profit selling your data, which was the point here.

Re: Why believe them?

[TheFakeTimCook]

Why does stating facts seem to piss you off?

Because these particular "Facts" are being SPUN to make them look like they are a behavior/policy/business-model that is EXCLUSIVE to Apple.

Every. Single. Time.

But even this SLIGHTEST effort will show them to be anything BUT Apple-Exclusive behaviors/policies/business-models.

For example: Since we were talking about Adapters (so-called "Dongles"), these were found in about 5 minutes of Googling, and I didn't even have to try hard AT ALL (my search term was [mfg] USB-C Adapter:

https://www.cdw.com/product/De...

https://www.amazon.com/Dell-DA...

https://www.dell.com/en-us/sho...

https://www.dell.com/en-us/wor...

So, where's the Outrage at Dell?

https://store.hp.com/us/en/pdp...

https://www.amazon.com/HP-USB-...

https://store.hp.com/us/en/pdp... ...and IMHO, the MOST egregious:

https://www.amazon.com/HP-N2Z6...

So where's the outrage at HP?

I could probably go on an on with other laptop OEMs; but I think (hope) you get the point.

I'll take my apology now...

Re: Why believe them?

Im sorry your wrong and an idiot.

They pulled a Billy

[volodymyrbiryuk]

They are not listening in like Billy did not have a sexual relationship with 'that' woman.

Re:They pulled a Billy

[unrtst]

Exactly. This is like when someone says, "you're not listening to me", but you did hear everything they said.

I would like them to clearly state what is sent where, and what things get feeds of what data. I strongly suspect it is:
* The microphone is always on
* A local daemon is constantly watching that data stream for signals that appear to contain "Hey Siri" using a limited pattern recognition algorithm.
* The stream is buffered, so it can rewind a little (how far is TBD)
* When something that might contain "Hey Siri" is detected, the stream is rewound by XX seconds, and then sent onto servers somewhere (where TBD).
* Servers process the stream and perform advanced speech-to-text. If "Hey Siri" is not found in the first XX seconds, it stops streaming and tells the phone to drop the stream.
* If "Hey Siri" is found in the first XX seconds, it does its magic on it and sends the results back to the phone, logging the resulting audio and text to a secure location (TBD).

I would find it very very unlikely that they constantly stream everything. The data from every iphone in the world all streaming to servers all at once 24x7x365 would simply be too much for the operators and users not to notice.

I don't think it's all that hard to lay that out in plain english for people to understand. Masking the actual operation and saying, "iPhones do not record audio while listening for Siri wakeup commands", is disingenuous. That may be technically true because it's not "recorded", per say, but it's certainly buffered, and if it's always listening for wake up commands, then the mic is always on and data is being written somewhere (buffer, at minimum). Maybe it's not always listening for wake up commands, and that may be true, but whenever it is, that is listening IMO, and not simply hearing.

Re: They pulled a Billy

[UnknowingFool]

When they say Siri commands are not being recorded I assume they mean that no permanent audio file is saved. Buffering can happen in memory or temp files though I doubt it is more efficient to save files. Now I don't doubt the Siri content and meta data is being saved at the server but not the audio.

Re: They pulled a Billy

Pretty sure i remember reading that they keep voice assistants data for a few months.

Re:They pulled a Billy

[TheFakeTimCook]

* A local daemon is constantly watching that data stream for signals that appear to contain "Hey Siri" using a limited pattern recognition algorithm.

It's dedicated hardware, not a daemon, stupid.

The rest of your paranoid Slashtard rant is just that: Paranoid.

Re:They pulled a Billy

[Strider-]

This has actually been done. There is a separate IC/DSP/Controller (whatever you want to call it) that listens for the "Hey Siri." When it hears it, it wakes up the main CPU and the rest of the process starts running. It would be far too power intensive for the main CPU cores to stay awake to analyze a constant stream of noise. This is also why the iMac Pro, and similar computers contain some of the chipset from the iPhones.

Oh My God, reverse psychology

So Apple Iphones DO listen in on customers for the governement !

passphrase : choosing

So

[AHuxley]

PRISM was with the users consent?
PRISM was another approved third-party app?
Do governments get that explicitly approved microphone access?
Hey NSA?

Re:So

[TheFakeTimCook]

PRISM was with the users consent?

PRISM was another approved third-party app?

Do governments get that explicitly approved microphone access?

Hey NSA?

Other than one highly-suspect PPT slide, there is ZERO proof that Apple ever participated in PRISM.

Re: So

Oh yes apple was a innocent bystander. BULLSHIT. apple was probably first in line for a extra buck.

Re: So

Other than, yea no proof. Just that one slide that pretty much says they were involved.

Other than that, nahhhh not apple.

Fucking slashdots resident Apple partisan cocksucker back at it.

Re: So

That makes them look so much worse if they could pillage Apple's network and not get caught or need their help getting persistent access. You don't think about these things , do you? You're fucking clueless in everything.

Before or after installing FBI backdoor?

Just asking?

That's a very selective No

[rayzat]

I've had several experiences where random run ins with people I don't know have started yielding lots of ads related to obscure topics we've talked about. For example in an elevator I ran into someone wearing the shirt of a small college I was looking at but passed on, we talked about 1 minute about the school then went our separate ways. Within 15 minutes I started seeing ads for the school even though I lived 1000 miles away and ran into the guy 2500 miles away. It might very well be an option I clicked through on an app, but it's happened on multiple occasions at this point.

Re:That's a very selective No

[grondak]

Today I created a list of nouns from a physical dictionary to use as honey-pot terms. I think the right thing to do is mention the terms aloud and log the time/date. Capture the ads as the terms show up --as screenshots.

Re:That's a very selective No

Same type of experience here. In fact, I had a conversation with someone about an airplane model I used to build over and over when I was a kid just a couple weeks ago. Ads for that particular airplane model started showing up within about a half hour. That was spoken word, not typed in anywhere. That's not the first time that's happened. Somebody's definitely listening, and I never give permission to anything but my direct recording app to use the microphone. I use the recording app to record guitar snippets when I'm coming up with ideas for new songs.

Re:That's a very selective No

[Gilgaron]

Do you have Facebook installed and able to know your location? I understand that it will apparently try to link you to people it knows you've been in proximity with. There was an article a while back about how this was a problem for escorts that maintained separate social media profiles. Now I'm wondering if using ad blockers is hiding how much I may be being tracked from myself...

Re:That's a very selective No

[TheFakeTimCook]

I've had several experiences where random run ins with people I don't know have started yielding lots of ads related to obscure topics we've talked about. For example in an elevator I ran into someone wearing the shirt of a small college I was looking at but passed on, we talked about 1 minute about the school then went our separate ways. Within 15 minutes I started seeing ads for the school even though I lived 1000 miles away and ran into the guy 2500 miles away. It might very well be an option I clicked through on an app, but it's happened on multiple occasions at this point.

Brains look for patterns.

That's why Conspiracy Theories work so well...

Re:That's a very selective No

[HiThere]

While you are correct, there's a sound evolutionary reason for doing so ... to successfully avoid predators.

FWIW, I think the above comment someone made about Facebook may provide sufficient answer without needing to invoke Apple lying. And I have no strong belief that Apple wasn't lying.

Re:That's a very selective No

[TheFakeTimCook]

While you are correct, there's a sound evolutionary reason for doing so ... to successfully avoid predators.

FWIW, I think the above comment someone made about Facebook may provide sufficient answer without needing to invoke Apple lying. And I have no strong belief that Apple wasn't lying.

Like a true Trumpian, you attempt to use a double-negative to lie about your lie.

What you MEANT to say was "I have a strong belief that Apple IS lying."

FTFY.

Moron.

Re:That's a very selective No

And your constant defense of apple on here is such an important task. Is this a divine calling handed down by the all-mighty apple itself?
You idiot apple worshipers are such bullshit hypocrites.
Maybe you should back away from the keyboard. No one cares to hear your lies.

Re:That's a very selective No

[HiThere]

No. I suspect Apple are telling the truth, and that Facebook has tracked people who have interacted with them, and sold the information (or possibly just used it). This wouldn't require that Facebook record their conversations, just where they were when interacting and the same for the person they were interacting with. They've demonstrated the capability in the past. And Apple would, in that case, be a ... I can't really say non-participating party, as their phone is hosting the Facebook app, but the participation on Apple's part would be innocent.

That said, I wouldn't be really surprised to find that they lied, even though that's not what I expect.

Re:That's a very selective No

[rayzat]

Nope, no FB or FB owned apps installed, which still doesn't mean another app isn't part of the larger FB ad network. I also have location services turned off for most everything, I don't run very many apps. I'm not saying it was Apple. I really have no theories on how it happened.

Re:That's a very selective No

[rayzat]

I agree with what your saying and I'm not saying it was Apple. I will say that when I've noticed it the topics were so unique there has to be something more to it then randomness. With the college example, it wasn't an ad, it ended up being a week of ads plastered everywhere.

Re:That's a very selective No

[TheFakeTimCook]

I agree with what your saying and I'm not saying it was Apple. I will say that when I've noticed it the topics were so unique there has to be something more to it then randomness. With the college example, it wasn't an ad, it ended up being a week of ads plastered everywhere.

As Tim Cook said recently, "It is really creepy when you look at something on the internet, and all of a sudden there are ads for it everywhere." And in fact, I seem to remember that Apple is putting something in Safari to try and stop that (I don't know how, though). So, I really don't think it is Apple.

But I agree: That is VERY odd...

Here's the Slashdot Article about what the real Tim Cook (;-) ) said:

https://apple.slashdot.org/sto...

..and here's an article about Safari using ML to block those ads:

https://www.huffingtonpost.co....

And since the HuffPost article was from a year ago, one would assume that has already been added to Safari; since I believe Apple has already released its "Core ML" Machine-Learning Framework. In fact, it is already at "Core ML 2":

https://developer.apple.com/ma...

Re: That's a very selective No

That was Facebook.

It's always the same problem:

Old folk not understanding technology. Meanwhile people are living in cardboard boxes under the overpass.

Does not record = cannot recognize speech

If the answer is "does not record", then that's wrong by default. It would be incapable of recognizing speech, since every instant there is speech must be analyzed in the context of the speech just before or after it.

At best, it's something like "only records for the duration of the current word".

Re:Does not record = cannot recognize speech

Uhm, Actually.... it never records, unless instructed by the ASN, though it does constantly transcribe what you say, then transmits it for further analysis pertaining to your persona.

passphrase : poured

Re:Does not record = cannot recognize speech

[HiThere]

It probably hinges on the definition they are using for "record", as you're clearly right that you can't parse "OK Google" without recording to RAM. And given what I've heard about "state of the art" it probably even requires sending the stuff over the net to be analyzed elsewhere. Possibly what the actually mean is "there's no permanent record"...for some definition of permanent. How reasonable that definition is would be a good question. So would "What steps are taken to prevent it from being intercepted?".

Re:Does not record = cannot recognize speech

It probably hinges on the definition they are using for "record", as you're clearly right that you can't parse "OK Google" without recording to RAM. And given what I've heard about "state of the art" it probably even requires sending the stuff over the net to be analyzed elsewhere. Possibly what the actually mean is "there's no permanent record"...for some definition of permanent. How reasonable that definition is would be a good question. So would "What steps are taken to prevent it from being intercepted?".

You can if you have a custom ASIC chip on the phone that is non-reprogrammable and can only do one thing. Listen for the words "hey Siri" and send a signal to the cpu stating "it happened".

Oh wait, such a thing exists. It is in the iPhone!

Re:Does not record = cannot recognize speech

[HiThere]

I don't believe you can actually do that. You could do that for a few voices and accents, but to handle a large population I think you need net access.

That said, I'll admit I'm not an expert in this area...but why should I believe you are?

Lawyers....

..were very careful to be told this officially by the representatives of the company

I don't know one way or the other on this one....

[jm007]

...but these types of responses are carefully -- and I mean very carefully -- worded to lead a reader to think something that isn't so

for example, "... Siri does not share spoken words..." could very well be true; but what if it converts the 'spoken' word to text and then shares it? see how that works? you're supposed to think they don't share info, but what they're really saying is that they don't share info *in a specific way*

and I bet if you asked anyone involved with this fuckery, they'd all swear up and down that they're a good person and go to church and give to charities, are good parents, etc.; never once would they hold the same standards of deceit and treachery for themselves that they hold for others

Of course they do!

How would they recognise the "Ey, siri!" command if they are not listening? What they do with the audio that doesn't match the Ey siri command we don't know. As users we'll have to trust whatever they say, and however they implemented it... and I think trust is not enough.

Re:Of course they do!

[TheFakeTimCook]

How would they recognise the "Ey, siri!" command if they are not listening? What they do with the audio that doesn't match the Ey siri command we don't know. As users we'll have to trust whatever they say, and however they implemented it... and I think trust is not enough.

Stupid fuck.

They have custom silicon that recognizes that "Trigger Phrase" LOCALLY. Nothing is recorded. Nothing is sent until that phrase is recognized.

Boy, you're stupid.

Re: Of course they do!

Some would say (and by some I'd say all) you are stupid for blindly trusting a company who gives 0 shits about you.

Re: Of course they do!

Not exactly true; im sure he is on apples payroll under Trolls and Other expenses

Re: Of course they do!

[Demena]

Stop wanking yourself in public. Inserting the word "blindly" destroys your comment. You are asserting something you can have no knowledge of. I, for example, do not trust apple particularly as I think and I check for facts. Android? I have seen enough shit with Google and Android that I know they are trying to screw me. For Apple, there is nothing evidential (and I still check).

I still think running Facebook (et al.) on an iPhone needs to be examined (I don't use facebook etc) as I have not tested that.

Re: Of course they do!

What? Are you new here? Your comment makes no sense, he is talking about FakeTimCook, where you can point to hundreds of posts of his cheerleading. He makes so many assumptions of how he thinks things work but doesn't know much. "Blindly" is fucking easily demonstrated by look at a dozen of his posts.

In high school English, we'd only need to cite three examples to back a claim. With FakeTimCook, you have hundreds of examples.

Re: Of course they do!

[Demena]

What? Are you new here? Your comment makes no sense.....

I am not new enough of silly enough to make a comment about "new" here. You do not seem to know enough to check a user id.

.... he is talking about FakeTimCook, where you can point to hundreds of posts of his cheerleading. He makes so many assumptions of how he thinks things work but doesn't know much. "Blindly" is fucking easily demonstrated by look at a dozen of his posts.

I do not follow anyone as I do not use twitter. So I comment only on what is in this thread. In this case (at least) the FakeTimCook is quite correct. "Hey Siri" is purely local. There is no traffic involved at that point (and this can be, and is) measured. So, not "blindly" at all.

In high school English, we'd only need to cite three examples to back a claim. With FakeTimCook, you have hundreds of examples.

Well, I didn't go to your high school and am probably relieved about that. I wouldn't want to go to a school that deems "Come with" as a sentence. But that is probably because I went to and English Grammar School where they actually taught English not the pidgin language that Americans falsely appropriate and declare as English. My English teacher would have told you that that 'three cites' rule was a bad joke. Far, far too rigid. There are many levels of speech and discussion and what is appropriate would vary vastly between them. Quality of cites makes a difference too.

All of this you ignore in attempt to "win" an argument, ignoring the fact that anyone who "wins" a discussion in the manner of attack/defend loses by default. But then, if you had anything valid ti say you would not be an AC.

Megacorporation denies political impact of product

[Drethon]

We will also be discussing cigarette companies denial that cigarettes cause cancer and big oil companies denial that fossil fuels contribute to global warming, news at 11.

Seriously though, whether or not they actually are, do we expect Apple to say anything different if it can't be proven (or possibly even if it can)?

How do we get in on this?

[grondak]

How do we tell the advertising companies that I want to target people who said certain words aloud?

I bet they will easily sell you "this person is interested in term X...." but not "this person said term X aloud."

they always miss the obvious one...

They always forget to get an on-the-record answer to: are the service providers (Verizon/etc) doing speech-to-text and then selling the text to brokers or advertisers? This would be a round-about way to get directed advertisements on social media. In my tests, the turn-around is about 24 hours.

No microphone, but...

[marquis111]

I can't help but wonder if they are strictly telling the truth: i.e. no microphone access, _but_ they are reading something else that gives the same result. This is a pie-in-the-sky idea, but could the built-in accelerometer be read while speech is impinging on the phone? Would that yield intelligible results?

OH SHIT, I RTFA, I FAIL IT!

[Thud457]

Apparently they're inspired by David Cronenberg eXistenZ

biomechanical creatures called Leapers that attach to people through a bio-tether proboscis and induce hallucinatory visions of an imaginary world

OMGWTFLOLBBQ

Re:OH SHIT, I RTFA, I FAIL IT!

[Impy+the+Impiuos+Imp]

Apparently they're inspired by David Cronenberg eXistenZ

biomechanical creatures called Leapers that attach to people through a bio-tether proboscis and induce hallucinatory visions of an imaginary world

OMGWTFLOLBBQ

Please tell me that tech will be available soon!

Re:OH SHIT, I RTFA, I FAIL IT!

On my list of one of the best sci-fi movies ever...

captcha: pleasure

Translation From Apple Speak

[Zorro]

We are listening and recording.

Re:Translation From Apple Speak

[TheFakeTimCook]

We are listening and recording.

Translation from Slashtard-speak:

Everything is a Conspiracy.

Re:Translation From Apple Speak

Translation from blind apple follower-speak

Leave poor apple alone. Wahhh

USA = scumbags

All this talk of Russians spying/hacking US makes me laugh because compared to CIA, FBI, and NSA they are nothing. These disgusting organizations from US are literally spying on you 24/7 through consumer devices and the US media won't even mention it. Snowden knew wassup and left this shithole.

"without their consent"

[houghi]

With all the opt-in going on, this means that they do.

Re:"without their consent"

that's the bit that's being glossed over by the apologists and deniers.

Re:"without their consent"

[shilly]

None of the opt-ins give permission to Apple to do this.

Re:"without their consent"

Also, whose to say that consent isn't defined in the EULA? Has anyone ever read Apple's?

"without their consent"

Consent being written into the legalese of the EULA.

troll

[dfghjk]

Why stop with phones? This logic applies to literally any device. A designer's word is utterly meaningless so post complete documentation of every detail of design or conclude that it is unsafe and intends to harm you.

Do without a phone if you are so paranoid. Better yet, go live in the wilderness...or admit that this is nothing more than an open source troll.

The rest of us understand that some level of trust must always exist, that absolutist arguments like this are worthless, and that companies have good reasons to protect intellectual property.

Re:troll

[TheFakeTimCook]

The rest of us understand that some level of trust must always exist, that absolutist arguments like this are worthless, and that companies have good reasons to protect intellectual property.

Precisely.

Re:troll

BULLSHIT apple has little or no intellectual property that is hasn't stolen from other companies.

As "nobody" reads 100% of the "user agreement"...

[squash_me_quickly]

...before installing an app/program "nobody" has any idea what they are consenting to.

The average person could be giving up their rights to their first born children every time they install a program/app.

Many installations want consent for collecting data to "improve the product" or "improve customer experience"... theoretically, giving all ones data to the NSA to help prevent terrorism is an improvement for the customer.

Not without consent...

... because everyone reads the ToS for every app they blindly install and never bother to remove or check if it's running in the background...

Why government asking? Smokescreen?

With all the problems the government got into once it was revealed they spied on citizens why are they making all this action over businesses doing the same? Are they just trying to make themselves less the bad guy? I guess senators and congress supposedly didn't know about the CIA NSA spying, and maybe they are looking out for their voters? Or it is more like, hey, are you spying on them and not giving us the information, bcause we are OK with spying if you share?

Ya but...

apple lies a lot. So they probably are.

Sure apple

you also were not slowing down iphones. Well until you got caught slowing down iphones. But then you made up a great lie to cover it up.

Re:Sure apple

[Demena]

But they are not slowing down the phones and never have. When the battery has aged it cannot support an overload and will crash. Apple put software in to prevent this which dropped the CPU frequency (talking loosely here) momentarily to prevent the phone stopping and rebooting to allow it to continue running. It only drops that CPU frequency while in overload.. The phone in general is not slowed, only a single task for a brief moment.

Re:Megacorporation denies political impact of prod

[TheFakeTimCook]

We will also be discussing cigarette companies denial that cigarettes cause cancer and big oil companies denial that fossil fuels contribute to global warming, news at 11.

Seriously though, whether or not they actually are, do we expect Apple to say anything different if it can't be proven (or possibly even if it can)?

Fucking just watch for network traffic out of the phone while it is ostensibly asleep.

Easily verified, moron.

Just the other day ...

[PPH]

... I was discussing this very subject with my wife. The toaster interjected to state that our fears were unfounded and we had no reason to avoid Apple products.

Re:Just the other day ...

One evening, three friends spent the night in Russian hotel. One decided to sleep early, but was kept awake by his friends. They had decided to drink, and as they got more drunk, they began to tell politically charged jokes. Fed up, the first man gets up and goes out for a smoke. On his way back to the room he stops by the clerk's desk and asks to have a tray of tea sent to their room.

Upon returning to the room, he sits down, grabs a flower vase, and says very clearly into the flowers, "Comrade Major, could you please send up a pot of tea." His two friends laugh raucously, but when five minutes later a tray of tea arrives, they go quiet, and everybody goes to sleep.

The next morning, the man wakes up to find his two friends gone. He goes back down to the clerk and asks what happened. "Well," says the clerk, "in the middle of the night, some KGB agents arrived and took them away without explanation." The man was shocked, and wondered aloud why he was spared. The clerk merely shrugged and said, "It turns out the Comrade Major quite liked your tea joke."

Re:Megacorporation denies political impact of prod

Someone always slipped. With the certainty and voracity that Apple has parroted this standpoint . . . I trust them.

If it's not true, it will eventually come out and they are DONE with people like me.

The problem, then, is, where do we go? Some will give them a mulligan . . . I'll probably go back to a candybar phone with 3 functions.

Trust

I actually do trust Apple A LOT more than other companies.

What does Apple stand to gain from listening all of the time? It's not like they are trying to sell us everything (Amazon) or even sell us (Google). Apple just wants to sell us more overpriced cheaply made products.

They also refuse to allow a back door into the encryption on their devices for government access.

I have no issue beleving what they claim.

Re:Megacorporation denies political impact of prod

[Drethon]

We will also be discussing cigarette companies denial that cigarettes cause cancer and big oil companies denial that fossil fuels contribute to global warming, news at 11.

Seriously though, whether or not they actually are, do we expect Apple to say anything different if it can't be proven (or possibly even if it can)?

Fucking just watch for network traffic out of the phone while it is ostensibly asleep.

Easily verified, moron.

And when the phone prefers to limit network traffic by compressing the data stream and only piggybacking the transmissions on phone calls? Not going to convince a conspiracy theorist anyway.

Beside, I never said they were doing it. My original comment is more about, if they are doing it or not, is a denial of something that will get the company in hot water really news? To me the accusation is the news, the denials is more of a footnote. The news doesn't even need to wait for the denial and could just about immediately publish, Apple expected to deny accusation...

Question and verify

Which is worse? Google did not even try to deny. Apple denied with a method to lock down apps, but no source to verify.

I actively use use and secure Apple products so my opinion may be a little slanted opposite of most here. Frankly, this is very easy to verify without source. Frankly I doubt this will get rated any further than a 1.

Re: HILARIOUS

If you use a modern motherboard youre subject to numerous blackbox chips and bios code. Then there's the NSA's OS inside Intel.

That this moran is +4 says soooo much about this shithole website.

Re: You sound fun & happy

I bet your life is just filled with love and family.

SAD.

Re: HILARIOUS

[pgmrdlm]

Don't like the web site, go away. Simple answer for quite obviously a very simple mind. If you even have one

1st Option...opt out

[ElitistWhiner]

Tim Cook didn't make it possible to protect yourself explicitly by " Opting Out" of any and all microphone usage.

Re:1st Option...opt out

Tim Cook didn't make it possible to protect yourself explicitly by " Opting Out" of any and all microphone usage.

There is exactly such an option on iPhones.

Physical privacy switches

[myid]

Apple should add privacy switches to iPhones - physical sliders that physically disable the camera and microphone. If I slide the camera or mic slider to "OFF", then the camera or mic can't work. Regardless of the user preferences, software, or what I say, the camera or mic is physically unable to work again, until I move the slider back to "ON".

With privacy switches, Apple can remove fears that their phones are listening or taking pictures when they shouldn't. Apple can take the cover off of an iPhone, letting you see the iPhone's camera and mic. Then they can make a movie of someone sliding the privacy switches back and forth, and show the movie to Congress - "Look, when you move the mic (or camera) privacy switch to "OFF", see how the mic (or camera) is physically disabled."

Privacy switches might be a good idea on all phones and computers, not just Apple's.

Re:Physical privacy switches

What cave have you been living in?

Apple and other manufacturers are removing buttons/switches because it is something else on the device that can break or fail.

Re:Physical privacy switches

Finally one commenter that proposes the correct solution to this whole frustrating problem. Yes, every phone should have a physical kill switch that is guaranteed to kill both the microphone and all cameras inside the phone (though hardware, not software, since you can never, ever, truly trust software). And guess what - there is a phone that will do just that (provide hardware kill switches for the camera, microphone, WiFi/Bluetooth, and Baseband). The phone is called Librem 5 and the company is called Purism. I'm not in any way affiliated with that company but it IS going to be my next phone when it becomes available in the first quarter of 2019. Forget iPhone, forget any Android-based phone, forget even the supposedly more secure Blackberry (which is now powered by Android anyway). There is no phone on the market today which truly protects your privacy. I think the Librem 5 will be the first phone that will come as close as possible to protecting your privacy. I want my privacy back and I think a lot of others want it too. If anyone reads this and wants to protect their privacy, then go and check them out. One other really important feature that you need to understand, otherwise there is no way to secure the phone no matter how you design it: the main CPU MUST be separate from the Baseband processor. Why? All your baseband are belong to us :)

Re:Physical privacy switches

[Demena]

Or if you are that stupidly paranoid you can buy a case that obscures the camera and puts a pad over the microphone. I mean do you really thing the misandroids would believe the switches worked? To the misandroids it would be "just another lie.

As trustworthy as Pai

[sdinfoserv]

We believe a corporate oligarch hell bent on profit over people (as proven by work force conditions in Foxconn plants) less than we believe an appointed government official / ex-lobbyist when he says his department's public feedback was taken down by an attack .. oops.
https://www.theguardian.com/te...
https://arstechnica.com/inform...

But you have to consent to use the software

So it's moot. They listen when they want to. You agreed to it. So far they couldn't care less about most of us, but that could change at any time.

Wrong take on the event

Follow-up question from lawmakers: "Why not?"

We live in the post-Bill-Clinton world...

where the basic meanings of words like "is" are up for debate.

Of COURSE those phones are not listening in without the user's consent - every user accepts a huge pile of terms and consents to lots of crap as part of the process of activating the product!

Basically, the tech giants say: you cannot use our stuff without accepting every bit of nastiness we can think to pout in the agreement, and we reserve the rights to add more garbage later and stop your service if you do not accept any of those future changes. Like a mobster, Apple makes the user an offer he cannot refuse -- and then uses the user's acceptance as an excuse to Congress "we do not spy without our customer's consent".

Members of congress might be more upset by all this, but many of them love their iPhones and many either own Apple stock or dream of being given seats on Apple's board and stock options (aka the Al Gore deal).

IMO

IMO, the fact that Siri triggers at weird moments, like when I drop a can of soda on my table, makes it easier to believe them. Their algorithm included on the phone isn't really good, and doesn't get much better with time if you don't update your phone. Maybe they are sending themselves random bit that trigger the phone to make the code better... but an all-time recording ? God they fail at data analysis if they do.

Funny

[Plumpaquatsch]

Funny that Apple gets attacked for answering the question, while Google and Amazon get a pass for not answering.

Re: Megacorporation denies political impact of pro

Why don't you sign off as TheFakeTimCook instead of calling yourself a moron all the time? Kinda makes you look... like a moron.