It’s similar with the TSA facial recognition photos. “We delete your photo immediately” but what they don’t say is that they don’t delete the biometrics from that photo.

It's a crime that were compelled to concede our 4th Amendment rights in order to travel.

Literally not compelled in this case, the TSA signage says that the image capture is completely optional.

More generally, having your stuff screened for security to get on a commercial plane isn't a 4th amendment violation, the word "unreasonable" is right there in the amendment for a reason. You're in public in an enclosed flying object bringing your goods onto someone else's plane with 100+ strangers aboard, it is completely reasonable and necessary for the freedoms of everyone involved for the TSA to ensure that your stuff doesn't have dangerous objects aboard.

Don't forget that freedom also involves the freedom of other people to not be negatively impacted by you exercising your "freedom."

Image capture is optional, your other option is something possibly unpleasant and may make you miss your flight

That is not the other option at all. The other option is essentially just the traditional screening process.

> Standard ID credential verification is in place – Travelers who decide not to participate in the use of facial recognition technology will receive an alternative ID credential check by the TSO at the podium. The traveler will not experience any negative consequences for choosing not to participate. There is no issue and no delay with a traveler exercising their rights to not participate in the automated biometrics matching technology.

My goodness this thread is just the most annoying tinfoil hat thread I've seen all day. Y'all are spending too much time online.

> The other option is essentially just the traditional screening process.

I know that, and you know that, but you have to convince the average traveler that nothing bad will happen if they say no. In the mind of the average traveler, it’s safer to just say “okay” to whatever the TSA wants. There needs to be some kind of neutral ombudsman to placate travelers’ fears of reprisal for opting to preserve their rights.

No, the TSA actively threatens you with unspecified additional hassle/delay if you express a desire to opt out.

They are also running facial recognition on all of those round just-above-eye-level camera pods all up and down the concourse.

It's not; I flew every week for months, and across ALL airports, I got an indifferent "OK" from the TSA agent, and was waved along.

Depends on the type of travel right? I took Amtrak weekly for several years and never even had to show ID.

Did this change? Last time I tried to take them (ten+ years ago, because my license expired) they refused my ticket purchase because my id was expired.

Less than 6 months ago I was able to buy a ticket online and board without showing any ID and have done that for 10+ years with no problem.

I don’t remember ever having to show ID with Amtrak.

Same with drivers licenses and passports having a photo requirement too

The TSA photos are worse. They use a stereoscopic camera to take a 3d image of your head, which makes facial recognition up to 10x more accurate.

You can opt out, just say you do (and preferably cover the camera with your hat or bag)

>You can opt out, just say you do

And then be flagged and 10x more targeted because of that

Not how it works

Oh, sweet summer child

WiFi 7 Sensing is bringing similar functionality to consumer routers and many laptops, with the bonus of passing through walls.

For better or worse, we didn’t have to make such hard choices for the first 80 years of aviation. And Greyhound etc require photo ID these days as well

A US pilot certificate itself does not include a photo, but you must have a photo ID to use it. https://www.ecfr.gov/current/title-14/part-61/section-61.3#p...

That’s not a freedom. That’s a restriction that reduces the amount of choices you have for potentially worse ones.

It literally says right on the facial recognition sign that you're free to opt out, just let the TSA employee know

The TSA is - objectively, by their own audits - complete security theater. Why bother to defend them, exactly?

Also, the spirit of the 4th Amendment is most certainly not "here, this is the easy way!" (yes, we are conducting mass surveillance but you can sort of opt out of one piece of it by going through a manual process over here that we will make you feel like you are burdening us by requesting)

correcting disinformation isn't defending something. do you want to live in a world where we dislike someone and so we just make up random terrible things about them that aren't true, and it's fine and encouraged because they're someone we dislike, and people aren't allowed to say "hey that's not actually true, at all"

but we do live in such a world tho?

Yup,people are really good about it in my experience too. I just stand off to the side of the camera, and say "no biometrics please". They take a minute to check my documents and it's done. Try it.

I trust the TSA agents brain to not get hacked in the next 24 hours, a database run by them, not so much.

The purpose is to gather biometric data on people that will be used for future surveillance in our incipient fascist state with the implicit statement that opting out is suspicious and will lead to greater scrutiny.

Amtrak and Greyhound do not require those biometrics, nor does renting a car and driving (or driving your own).

Some of us want to be able to cross the country in an afternoon, and not have to spend days on a slow, uncomfortable train to make the same trip. I don't think that's unreasonable.

> subject to the rules that that private entity seeks to impose.

It's not the private entity taking a 3D face scan, nor are they necessarily wanting for that scan to be taken. It's federal laws and regulations being done by federal agents in spaces controlled by the federal government.

TSA is absolutely a government organization, it's a part of the Department of Homeland Security. It was created by an act of Congress, the Aviation and Transportation Security Act. You might as well argue the IRS or FBI or the US Marshalls aren't a government organization. What about absolutely absurd thing to suggest.

> The Transportation Security Administration (TSA) is an agency of the United States Department of Homeland Security (DHS) that has authority over the security of transportation systems within and connecting to the United States.

https://en.m.wikipedia.org/wiki/Transportation_Security_Admi...

TSA is not government organization as much as Pentagon is not :)

Private and charter aviation exists and is free from those constraints.

Some of us are not billionaires.

Freedom has never been free.

That’s not what that means

You don't have to be to fly charter or private.

Ok, fine, centimillionaire. Maybe even some decamillionaires. Happy?

I wonder what the chances of surviving that trip is, based on walking pedestrian fatalities on highways.

Depends on where you walk the US is amazingly poorly situated for long walks outside of major cities. Sidewalks disappear first then lighting then one is liable to run into major stretches with no safe affordance for walking whatsoever where one is either inches from cars or in a ditch.

> There is so much time spent “debunking” audio recordings being shared

Not really. 99% of the time it's someone claiming that it happens.

And it's always an anecdote, never clear proof that it happened. Let alone that it happened because of the audio and not web activity. And that the conversation was actually the cause for the ad and not the other way around.

Is it technically possible? Sure. But if so many people are so certain that it definitely happens, why didn't dozens of people already prove it with a fresh Google/Apple account and phone?

I observed a clean experiment that showed a friend’s Google Pixel phone listening to us and adjusting news stories on Google app’s home screen.

However:

— IIRC the phone was unlocked,

— this only affected the news feed, and

— this was 5–6 years ago.

We 1) noted how Google app shows some selection of news after opening, 2) talked clearly for a minute about a very random and conspicuous topic in presence of the unlocked phone, and 3) demonstrated that the Google app showing an article relevant to the topic within a few minutes. The article was a few days old, too, so it was clearly boosted out of more recent stories.

The only reason it could be something other than the phone microphone is if I was misled by my friend steering us towards a predefined topic. However, that would require some extensive preparation to rule out the story appearing in the first step and would be very atypical for that person.

I recall seeing an article about Google admitting this and changing their policy to stop, but can’t seem to find it now. I imagine it was bad publicity, though to my friend it was a feature to see personalized content.

This was a coincidence.

That’s why it’s something you observed one time 5-6 years ago, not something that happens repeatedly in a testable way.

Isn’t it more likely it’s not a coincidence though?

How often does someone look at their phone over 5-6 years?

Having one incidence where you’re talking about something and then you also see that something on your phone out of 2000 days of using a phone is definitely more likely to be coincidence.

How often do you think this person did experiments? It is a study with n=1 but the unrelated metric of how many times something else happens does not influence the likelihood of a false positive

Only did it once. The likelihood of coincidence is low, because the topic was specific and unusual.

Here’s something relevant in Google’s current support KB[0], where the combination of the following further supports that the experiment did not have be staged (emphasis mine):

> Web & App Activity saves your searches and activity from other Google services in your Google Account. You may get more personalized experiences, like: <…> Content recommendations

> When Web & App Activity is on, you can include audio recordings from your interactions with Google Search, Assistant, and Maps as part of your activity.

Let’s now go back to the experiment. Given the phone was unlocked, voice activity was enabled, and Google app or search widget was on Google Pixel’s screen (I am certain at least the latter was true) during the experiment, could talking near the phone be counted as “interaction”? If the answer is “yes” then it seems very reasonable for us[1] to expect, per that KB, that the app would listen more actively than what’s required for assistant activation, and that recorded snippets would count as your “activity” designed to affect content recommendations (including the article feed Google app showed to us on its app’s main screen).

No tinfoil hat required.

***

Note that it does not mention ads among personalized experiences[2], and we had not observed any change in the ads either. I didn’t see what exactly counts as “interaction” or whether this blazing-fast content personalization used to include ads previously, but in line with the “move fast” culture of mid-2010s Silicon Valley it could well have been much more lax at some point. If so, I do not envy all the people who have observed it only to be gaslit and mocked by peers and media.

***

As to the article I was vaguely remembering in my original comment, the above makes me think that it was merely about the change of the default to opt-in, which it is as of today:

> This voice and audio activity setting is off unless you choose to turn it on.

[0] https://support.google.com/websearch/answer/54068?hl=en&co=G...

[1] Us tech people; this might not at all align with the intuition of other people.

[2] I rather suspect that ToS and possibly some other KB article would indicate that your activity would, in fact, affect your interest profile and by extension ads, but probably in a much less obvious and more gradual fashion.

Here is an example that just happened today. I talked to my partner about me going to a city directly (via one state) or indirectly (via another state). All I said was "so you want me to go directly to X".

Boom, Illinois tourism ad shows up the next time I hit the internet. Scary thing is I didn't even say the state name, just the destination, and SOMETHING calculated that Illinois is in the middle.

This stuff has now happened far too many times in the last 10 years of my life, it is simply implausible to call it coincidence at this point. You are being listened to by your phone.

Ad firms have no ethical boundaries, and have lied about their data collection over and over.

What is really frightening is that if the ad companies know everything about you, then multiple state actors also know everything about you.

Confirmation bias at its finest

Why would that be even be a good targeted ad? Its simpler and more profitable to show you ads about a place you actually plan to go to..

Not in 2025. I often record long duration meetings and working sessions with iOS voice memos. There’s no noticeable impact.

You could easily record and do a fast voice transcription to gather keywords from a hardware perspective.

> Not really. 99% of the time it's someone claiming that it happens.

It’s never packet captures, reverse engineering of the app, or one of the tens of thousands of employees working for these companies blowing the whistle.

Nobody can even show that their phone app is using background CPU when they talk, utilizing the microphone, or sending packets from that app. All of which are in reach for anyone with Android and some basic skills.

It’s always an anecdote about someone who said something out loud and then saw ad for it later. That’s it. That’s the entire basis for the conspiracy. Yet it persists.

It’s a very good litmus test for people who don’t understand technology as well as they claim to.

On the other hand it might point to something more serious, that the level of tracking Facebook and Google use lets them loosely predict what you are going to think about.

So maybe the microphones are safe and pristine, but we should be worried and appalled the same as if they were actually listening.

I like to think about it sorta thermodynamically: consider your behaviour under the blurred lens of interests, what you buy, what you read, how you react to news, etc, in this model humana have, let's say, n bits of entropy; how many of those bits can Facebook decode?

Not saying this is true, but the amount of time and effort put into saying "no one is listening to you" could be attributed to the novel 1984, where the government is actively listening to its citizens. Enough people could associate the novel with government surveillance that it's what people interpret as the most likely surveillance happening - and enough people don't understand tech that it's lost on them that a) the tech to actively listen to millions of people constantly doesn't exist at the appropriate level to be effective b) there are significantly more and far more effective ways to monitor people with current tech than via microphone. It's truly unfortunate people don't understand tech to realize what's actually possible and what is actively happening vs what they imagine could be happening

Sure it does. You just haven’t seen it.

Download OtterAI. Or run voice memos all day, load it into NotebookLM and it about your day. Hell, setup whisper on your MacBook and you can chug away at pretty significant quantities of audio.

I’ve seen solutions that process audio from hundreds of multi-party meetings and can do all sorts of analysis. In one case, it can do realtime sentiment analysis and alert security when an encounter is getting tense.

We don't "listen" to your audio, the microphone does, and your phone transcribes it to text on your device. You cannot listen to text. Therefore we don't listen to your phone audio.

Except for the fact that if you read the debunkings, they go into great detail as to why that is empirically not the case.

There is a small list of reasons why it needs to be "debunked:"

1. Your phone is gathering data that you don't realize that it gathers.

One of the biggest examples of this is real-time location data that is brokered by cellular carriers and sold as aggregated marketing data. You don't have to give your apps permission to do anything like that because your cellular carrier can get that data regardless of your phone's OS.

2. Your phone is gathering data that you gave it permission to gather, perhaps gathering it in a way you didn't think it would do.

For example, let's say you give an app permission to read your entire photo library so that you can upload a photo. But since you gave it that permission on the OS level, it might be uploading more images than you explicitly select. Another example used to be clipboard data before the OSes asked permission for use of the clipboard. One last example is text that you enter but do not submit.

Another big aspect of this is that people don't realize how these ad networks work in real time. It's not a slow thing for an advertising company to learn something about you and react accordingly, it can happen in a few short seconds.

2. The average person doesn't have any comprehension of how easy it is for data science practices to uncover information about you based on metadata that seems benign or that you don't know exists.

Most people don't understand how your behavior in an app can be used to tell the company things you like and dislike. The TikTok algorithm is a great example, it can tell what you like just by extremely subtle inputs, how you swipe, how long you watch the video. A lot of people don't realize how many things about them aren't particularly unique and how many preferences can be tied to a really specific persona that you fall into.

A real world example of all of this put together is that I was spending a lot of time browsing appliances because I just bought one, and I went to physically visit a friend. We were talking about my new appliance, and later they got ads for that specific appliance. So, the person's reaction would naturally be "it was listening to us!!" but in reality, it is more likely that our cellular carrier or carriers knew we were physically in the same place and reported that piece of information to some kind of data broker. Consider how there are a limited amount of cellular carriers, that location data may not have needed to even exit the cellular carrier to sell this data to someone. I.e., if we both have the same cellular carrier , our company already has that information and it isn't selling it to another company, it's perhaps just telling a data broker that Person A and Person B interact with each other.

Just note that I'm not claiming this is exactly how it all works as I'm not in that industry, but the general ideas here apply. The general takeaway is that literally recording audio with a microphone just isn't necessary to derive hyper-specific things about people.

That's much worse compared to listening for keywords. You're looking up men's enhancement products and everytime you enter a room all ads on everyone's phone change to those products?

While I don't agree with these sorts of industry practices and believe the US needs a universal data privacy law, I don't see how matching up some relatively impersonal metadata could be considered worse than directly listening in to private conversations.

The advertiser trying to sell my friend appliances didn't really get a lot right about them. They're a renter and the advertiser thought they’d like to buy a major kitchen appliance just because we were in the same location.

If they were able to listen in to our conversations they wouldn't have sent them an advertisement at all.

Now this could be a fun adversarial exercise, with more interesting products of course.

This assumes that companies such as TikTok control their timeline up to the individual post, perfectly analyzed in order to extract your unique traits, and they have specifics ads lined up for you. Where - in my view - their timeline is just a bunch of random submissions. TikTik is just trying to sell ads and will try anything to match your profile to one of their active ad compaigns so they can bill their client more.

I'm confused at what you're claiming here. Yes, the submissions are rather random, but TikTok definitely figures out what type of content you like and what advertisements are most effective.

Your feed is almost certainly personalized up to the individual post, but I think if we are making an analogy to human curation it's certainly not working the same way behind the scenes.

Nope, there is no need for this.

Think of it like an attacker (the app) would breach a cryptographic target (you and every other user of the app). The attacker starts to send random messages or try to mess around with signatures/tokens/APIs and listens for errors, timeouts, spam filters, possible side channels until it learns enough to figure out how to predict how the system will behave and maybe even to influence it.

Both in the analogy and with the timeline out does not matter if you mix a few random messages between a test and another as long as you comprehensively keep track of how the target behaves.

Every interaction is a data point, some data points are more useful than others but none is useless

I can just say that I knew an entrepreneur in early post Y2K who developed apps to track music played in clubs in SF for folks like ASCAP, BMI, and SESAC. They gave out "free" phones (these were the small expensive candybars and nice flip/slideups) to the influencers of the day. They compressed the audio for orthogonality, and had a huge number of hashes to match. If they got more than a few consecutive matching hashes at a location that wasn't paying royalties, they got an enforcement call.

So the idea that it takes a huge amount of computing resources, battery life, permissions, or bandwidth to do matching of keywords is hilarious. That's what "siri", "hey google", "alexa" etc are all doing 24 hours a day. Just add another hundred and report them once an hour. You don't need low latency. It's just another tool in the bag!

Of course the cat food example is bad, because if they weren't looking for that you wouldn't get a response. Who would be willing to pay big for clicks on cat food. Now bariatric surgery? DUI? HELOC? Those pay.

>That's what "siri", "hey google", "alexa" etc are all doing 24 hours a day.

You might have just convinced me that the “phone is listening” is total bunk, because these dedicated devices are just so bad at recognizing the very specific, short, phrases when explicitly directed at them that I can’t imagine they are listening for much more. Listening to my in-laws try to activate their Alexa and Google Homes is something the CIA might consider for their next torture method.

You expect 95% accuracy matching activation phrases. You don't need that for ads. It only needs to work some of the time for some of the people, especially if it makes $/click.

>You expect 95% accuracy matching activation phrases.

At this point I don’t even expect 50% (trying twice), and I’m still disappointed.

>It only needs to work some of the time for some of the people, especially if it makes $/click.

So where can one find this market? We know the price of traditional ad clicks. Surely we’d see a market for “voice-driven” ads with higher rates?

> So the idea that it takes a huge amount of computing resources, battery life, permissions, or bandwidth to do matching of keywords is hilarious.

I also knew an entrepreneur who tried this same thing, but with TV shows.

Fingerprinting specific audio is a different algorithm problem entirely. You only need to sample a short section of audio every few minutes and then process the spectral peaks, which are fingerprinted against a database of known samples.

This is how apps that name a song work. It’s not the same as constant full speech to text.

But you’re skipping the key part of the story: They had to hand out phones specifically for this because you can’t get constant audio background processing from installing an app on a modern phone OS without the user noticing.

> That's what "siri", "hey google", "alexa" etc are all doing 24 hours a day.

Again, wake word monitoring is a different algorithm. Monitoring for a wake word is a much simpler problem. They’re not processing everything you say, concerting it to text, and then doing a string compare for the wake word. It’s a very tiny learning model trained to match on a very specific phrase, which might run at a hardware level.

I agree it's a different algorithm, but not a higher powered one. You don't need to know context to get HELOC, Bariatric, or DUI. You also don't need 95%+ accuracy for 95% of the population. You're just doing advertising.

Doing 100 different matches updated frequently is an entirely different problem than matching a single wake word that isn’t changing.

Regardless, this would require so much coordination, network traffic, and on-device code that could be reverse engineered that you’re implying that nobody has every found a hint of it existing and no employees of these companies have ever leaked any hints of it existing.

It’s very much in the domain of conspiracy theories.

Well, actually when you're hash based doing 100 different matches is the easy part. I'm not sure you know how steep FAR/FRR curves are for >99%/95% singe word accuracy, but having seen wake word development it's easily 100x harder than 95%/90% accuracy and none of the heavy calculation other than voice compression needs to be done locally or in a short time period. The network traffic is literally a few hundred hashes downloaded and hundreds of bits of hash matches a day (~1kB).

Even in the article there are multiple reports of it that are dismissed, and even though reverse engineering larger apps on iPhone/Android is certainly possible, with obfuscation searching for yet another hash table matching or simple voice compression is also quite difficult. Where are all the other articles reporting on the reverse engineering the very screencap apps this article talked about? Are they also just more well documented conspiracy theories?

Frankly, your best argument is that nobody is selling this as a product. So maybe there are easier more effective methods, but not because it can't or hasn't been done (since it literally has and it's been reported). It's kinda the opposite of a conspiracy theory. You have to assume that everyone capable with a vested interest won't do it, or that all of them will be caught, or that making money with ads becomes unpopular.

What kind of keywords would you imagine provide an actual, profitable advantage to an ad company? I can't imagine "computer 2", "fridge 3", "egg 4" being all that valuable compared to.. literally my whole browser history and my reaction to other ads/videos (I looked at that short for 10s vs immediately skipping builds a very nice profile). And now add i18n in the picture - even the main AI assistant products suck in anything other than English, so this fancy, advanced technology with low return of value would end up with a low target audience as well.

Also, "Siri" and the like ends up waking the main processor, which is definitely easy to prove/disprove. Just talk to your phone continuously for a long time and see if it wakes.

Low, even very low, return of value is not no return. Therefore, given they make some return, and it has some value, that's enough for them to do it. Ads and ad data are two sides. We are often not the target for an ad, but our data provides stats about how an ad is performing. If more consumers are influenced to spend $1000 on something than not, then it's worth if for them. It's an aggregate cost benefit analysis not how effective it is at the isolated individual level.

Another thing to consider is that we should never fall into the trap of thinking we are immune from influence from advertisers. Firstly, it's basically what advertiser want; it allows more actions like this, more of our data to be sold and secondly because it's easier to influence someone if they think of a decision as their own choice, than if they think they were manipulated into it. We do not remember the ads we see but we can remember that we are all susceptible to influence.

Return of value is with respect to the costs of it. A lawsuit/brand value loss from illegally recording every communication you make (which we would have definite proof if it were happening, given that there our more phones than people on Earth) would far outweigh the tiny benefit (if any? I'm not convinced you would get any extra information in the general case compared to the tracking of the regular usage of your phone)

Also, I don't see the relevance of your second paragraph. The baseline is not "no ads", the baseline is "ads supported by all the tracking that Meta/Google currently does".