Have you noticed when ads in your Instagram and Facebook feeds, or website ones in general, start showing tons of t-shirts or electric bikes all of a sudden? Well, I searched a few things online, you say to yourself, and ad cookies did their usual tracking thing, but I'm still looking for this stuff, so I don't mind being served a hidden gem of a deal.
Well, what if you never searched for the things you see in your Facebook ads, and they still pop up right after you had a passionate conversation about that trip to Japan you never did? That's exactly what happened to Vice's Sam Nichols, and it rang a bell. After discussing a much-desired trip to Tokyo in a pub, ads for cheap flights to Japan started popping up in his Facebook sponsored posts. He then went on a quest to deliberately talk about shirts, or sneakers, or university courses around his iPhone, and, sure enough, the sponsored ads started changing with those exact same topics.
Security researchers say that there is nothing abnormal about the fact that phones are always listening. Since they are on alert to hear "OK Google," or "Hey Siri," certain trigger words can be fed in encrypted form to apps that have permission to use them, like Facebook, for instance. The process is rather murky, but it's not that your data is sold directly to advertisers, they just find another way to obtain targeting info. According to Dr. Peter Hannay, a senior security consultant for cybersecurity firm Asterisk:
From time to time, snippets of audio do go back to [other apps like Facebook’s] servers but there’s no official understanding what the triggers for that are. Whether it’s timing or location-based or usage of certain functions, [apps] are certainly pulling those microphone permissions and using those periodically. All the internals of the applications send this data in encrypted form, so it’s very difficult to define the exact trigger.
Another thing to note is that your handset may be tracking your location by default, too, making a more complete advertising picture for the initiated. On iPhones, for example, a feature called Significant Locations, "allows your iPhone to learn places significant to you in order to provide useful location-related information in Maps, Calendar, Photos, and more," says Apple, adding the "Significant Locations are encrypted and cannot be read by Apple" disclaimer.
Granted, you can turn it all off via Settings > Privacy > Location Services > System Services > Significant Locations, and it's probably much less ominous than it sounds, but the fact that you have to constantly whack those tracking moles, for whatever noble reason, is disconcerting nonetheless.