Apple Tells Lawmakers iPhones Are Not Listening In On Consumers (reuters.com)

← Back to Stories (view on slashdot.org)

Apple Tells Lawmakers iPhones Are Not Listening In On Consumers (reuters.com)

Posted by BeauHD on Wednesday August 8, 2018 @01:00AM from the privacy-concerns dept.

An anonymous reader quotes a report from Reuters: Apple told U.S. lawmakers on Tuesday that its iPhones do not listen to users without their consent and do not allow third-party apps to do so either, after lawmakers asked the company if its devices were invading users' privacy. Representatives Greg Walden, Marsha Blackburn, Gregg Harper and Robert Latta wrote to Apple's chief executive Tim Cook and Alphabet chief executive Larry Page in July, citing concerns about reports that smartphones could "collect 'non-triggered' audio data from users' conversations near a smartphone in order to hear a 'trigger' phrase, such as 'Okay Google' or 'Hey Siri.'"

In a letter to Walden, an Oregon Republican who chairs the House Energy and Commerce Committee, Apple said iPhones do not record audio while listening for Siri wakeup commands and Siri does not share spoken words. Apple said it requires users to explicitly approve microphone access and that apps must display a clear signal that they are listening.

11 of 214 comments (clear)

Min score:

Reason:

Sort:

Post the source code by spire3661 · 2018-08-08 01:05 · Score: 4, Insightful

and we will believe you. Until such a time as the code can be verified by third-parties, your word is utterly meaningless. Trust, but verify.

--
Good-bye
1. Re:Post the source code by jellomizer · 2018-08-08 01:21 · Score: 4, Insightful
  
  Why would that prove anything?
  If Apple is going to deceive you in front of lawmakers. Why not release source without the offending code, and compile and send a different branch with it.
  Most of us even hard core open source Linux fans, will not install their applications by compiling the source.
  make clean & make & make install
  We would rather just run the apt-get, download the .deb or .rpm file which has the executable precompiled. Saving you the time and effort of the build.
  Sure some of us will compile our code before we run it. But heck if you are in the business of spying, that could be considered a trade-off.
  If you want to verify what is happening, then you should monitor all the wireless traffic your phone sends. Compare it in a quiet environment and one with talking. See if the data sent from the device is enough for conversations.
  For the most part it is in Apples best interest in not getting caught betraying our trust in its security feature. The easiest way to not get caught is to not do the action.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
2. Re:Post the source code by spire3661 · 2018-08-08 01:44 · Score: 4, Insightful
  
  The point is the option should be there so that a person can look at it and say 'Holy shit, what the hell is this?'. It doesnt matter how many actually do it, what matters is that it represents a logical break. Without any way to look or alter the code, its a black box, forever. You dont trust a black box.
  
  --
  Good-bye
3. Re:Post the source code by Wrath0fb0b · 2018-08-08 02:02 · Score: 4, Insightful
  
  If Apple is going to deceive you in front of lawmakers. Why not release source without the offending code, and compile and send a different branch with it.
  Indeed.
  
  Most of us even hard core open source Linux fans, will not install their applications by compiling the source.
  make clean & make & make install
  First, even those that do will not audit the entire source. I bet you could insert a function send_personal_data_to_kgb_and_nsa(void) and only a small number of people running ./configure && make -j12 install would notice. If you obfuscated the functionality a bit better, no one would notice :-P
  Anyway, even if you did audit the source, that is not sufficient to guarantee that the compiled binary faithfully represents the source files input. To do that, you have to audit the entire compiler/toolchain. And then you have to audit the compiler used to build the compiler.
  
  If you want to verify what is happening, then you should monitor all the wireless traffic your phone sends. Compare it in a quiet environment and one with talking. See if the data sent from the device is enough for conversations.
  But the phone has storage. And it has speech-to-text, part of which happens locally. Both of those features mean that, in theory, the phone could record and process the audit and then dribble it out over the network later when you are doing some other legitimate network activity.
  So if you REALLY want to be certain, you have to fill up the storage (wait, there could be a secret reserve of a few GB that are not user-accessible) and also monitor the supply lines from the battery to ensure there is no heavy speech processing that might be transcribing it to text :-D
  I agree with the sentiment of your post, just like showing that there is no way around having some level of trust in the hardware/software that you use.
4. Re:Post the source code by KiloByte · 2018-08-08 02:12 · Score: 3, Informative
  
  That's why there's the Reproducible Builds project. Packages have .buildinfo files that save versions of dependencies, recompiling against the same deps should produce bit-to-bit identical results.
  It's not yet complete, but 92.8% of packages build reproducibly.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
5. Re:Post the source code by guruevi · 2018-08-08 03:44 · Score: 3, Interesting
  
  Apple has released design/block diagrams on the silicon and how "Hey Siri" is implemented in hardware and doesn't require intervention from either the CPU or the OS. It can be verified by putting some scopes and circuit analyzers on the thing and seeing when and where the 'activity' actually happens.
  It's fairly easy to test whether or not they're lying, if your CPU and SSD keeps waking up whenever there is audio, even if the trigger hasn't been used, you know they're lying.
  Also, you can dump the contents of your iPhone as a developer. So it would also be pretty easy to verify there is no recording lurking somewhere on the drive waiting to be sent to Apple. You could also analyze the traffic that is sent to Apple and see whether it is feasible that audio recordings which would have to be a pretty continuous stream, even encrypted, are being sent without the trigger phrase.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
6. Re:Post the source code by TheFakeTimCook · 2018-08-08 03:53 · Score: 3, Insightful
  
  If you want to verify what is happening, then you should monitor all the wireless traffic your phone sends. Compare it in a quiet environment and one with talking. See if the data sent from the device is enough for conversations.
  For the most part it is in Apples best interest in not getting caught betraying our trust in its security feature. The easiest way to not get caught is to not do the action.
  Exactly.
  And I just can't believe that Slashtards are THAT stupid to not think of that, instead of imagining all sorts of wheels-within-wheels and riddles wrapped in myteries inside of enigmas when it comes to ANYTHING Apple says, does or produces.
  Stupid shits. The whole lot. (Not you, Jellomizer... YOU are among the few that "get it".).
7. Re:Post the source code by TheFakeTimCook · 2018-08-08 04:16 · Score: 3, Interesting
  
  Apple has released design/block diagrams on the silicon and how "Hey Siri" is implemented in hardware and doesn't require intervention from either the CPU or the OS. It can be verified by putting some scopes and circuit analyzers on the thing and seeing when and where the 'activity' actually happens.
  It's fairly easy to test whether or not they're lying, if your CPU and SSD keeps waking up whenever there is audio, even if the trigger hasn't been used, you know they're lying.
  Also, you can dump the contents of your iPhone as a developer. So it would also be pretty easy to verify there is no recording lurking somewhere on the drive waiting to be sent to Apple. You could also analyze the traffic that is sent to Apple and see whether it is feasible that audio recordings which would have to be a pretty continuous stream, even encrypted, are being sent without the trigger phrase.
  Exactly.
  Just make a looped recording that DOESN'T include the phrase "Hey, Siri" (or simply a radio station or TV would work fine), and put the iPhone in front of a speaker playing the sound. Now watch for WiFi traffic from the phone while sleeping.
  So easy to verify without examining a single line of code, and yet all the FOSSies can think to do is pore over a bunch of code that may or may not be what is actually running in the device.
  Idiots.
"without their consent" by houghi · 2018-08-08 03:30 · Score: 3, Informative

With all the opt-in going on, this means that they do.

--
Don't fight for your country, if your country does not fight for you.
As "nobody" reads 100% of the "user agreement"... by squash_me_quickly · 2018-08-08 03:44 · Score: 3, Informative

...before installing an app/program "nobody" has any idea what they are consenting to.

The average person could be giving up their rights to their first born children every time they install a program/app.

Many installations want consent for collecting data to "improve the product" or "improve customer experience"... theoretically, giving all ones data to the NSA to help prevent terrorism is an improvement for the customer.
Just the other day ... by PPH · 2018-08-08 04:30 · Score: 3, Funny

... I was discussing this very subject with my wife. The toaster interjected to state that our fears were unfounded and we had no reason to avoid Apple products.

--
Have gnu, will travel.