125 comments

[ 3.7 ms ] story [ 125 ms ] thread
This is an opt-in feature, and is for the Android app.
So it will add up to your GPS data..
Is it just me or is it _beyond_ creepy ?

Location, sound ... soon they will be collecting biometric data as well, "just to get room temperature, promise".

As long as it's opt-in I don't find it that creepy to be honest.
Mh true. But will it remain opt-in ?
Facebook has a history of starting with opt-in and then making it opt-out and then over time making it harder to opt-out. It is a well established pattern.
Do you, or someone, have any data to back this up?

Honest question, I don't use Facebook so I can't tell from experience.

Facebook Messenger vs the main Facebook iOS app, for example?
(comment deleted)
You mean that time when "having the newsfeed app forces you to use the messaging app and vice versa" started out as forced, and then opt-out, and then opt-in? That seems like the /opposite/ of forcing people to use a given feature :P

(I see what you're trying to say, that people are forced to install two apps instead of installing one - I just disagree that having two separate apps is "forced" while having apps bundled together is "choice")

It's like the quick login feature on mobile, I enabled it once to try it, I can't manage to turn it off since then. It means when ever Facebook App is installed it will always automatically login ... So I end up installing it just when I need it.
I just fear that it will quickly become something that users just click "Okay" on automatically. A little like "Share your location". The minute something doesn't work as expected because the user didn't share a bit of information people will start just clicking on the "Ok" button.
And of course the "no" button is labelled "Later". And there is no option to mute it forever. Google Play is trying to make me enter my mobile phone number on every single app update. Android is trying to let me scan all apps for security each time I use F-Droid. Those dialogs always appear and I can only discard them again and again until one day I might accidentally click "OK". Google is evil.
Well, if your friend is with you and he/she enabled this "feature"...
How long, you think, for ON by default ?
Look, I know that nowdays it's popular to pay attention to security and privacy, and I understand that it's important. But can we for once not immediately assume ill intentions?

I mean come on, do you seriously believe that programmers at facebook are rubbing their hands and laughing at how smart they are, figuring out how to turn on your mike for 15 seconds? Is that really what you believe is going on?

Or is it just trendy to scream "creepy! surveilance!" on every occasion?

My thoughts were that this is probably quite similar a technology to Shazam and other song identification apps. The usage is a bit different, and as long as they're really, really clear about when they're listening (for example, Shazam has an "auto-shazam" feature that highlights a big red bar on my iPhone), I would be okay with this.
Look, I know that nowdays it's popular to pay attention to security and privacy, and I understand that it's important. But can we for once not immediately assume ill intentions?

Not really. If I find it important to mention what I am watching or listening too, I can add it myself.

Obviously, the goals is not surveillance, since 15 seconds would be a too small amount of time. The goal is getting an even more fine-grained idea of your preferences for advertising.

A company who knows more and more about me, removing privacy one small step at a time, is creepy.

I see your point, it's just.... Sometimes people do things simply to add a nice convenient feature.

People distrust big corporations, and that makes sense to a degree. But if I imagine a team of programmers that work on that stuff, when I visualise actual human beings that make the decisions, I have very hard time believing that this is the kind of thoughts that go through they heads.

Sure, maybe there's some manager somewhere who literally thinks "lets decrease people's privacy so we could squeeze extra few cents out of our users", I just believe that in 95% of cases it's just people like you and me, trying to do good things and build a new fun feature.

I understand your concern about the remaining 5%, but it seems unlikely to me in this case.

People who work at facebook probably have enough money to not be desperate about earning more, and to be free to focus on just making cool things. I think it's bad when everything google/apple/facebook/etc does is met with hostility, and in this particular case that reaction seems to be the result of group think, it isn't warranted by the information that we have.

The thing I think you are missing is that once the feature exists, it can be misused, even if unintentionally by Facebook. A malicious employee could abuse their trusted position, a government level actor could intercept the transmission, a hacker could break in and dump them, etc. These are all very real scenarios that have happened before.
It isn't that complicated.

Facebook's whole business model is predicated on collecting vast amounts of personal data and selling you advertising. Every feature they add is a means to that end. All of them.

> People who work at facebook probably have enough money to not be desperate about earning more, and to be free to focus on just making cool things.

But Facebook as a company is under tremendous pressure to boost earnings! Facebook stock has a Price/Earnings ratio of about 70; that means that at the current rate of earning, it will take them 70 years to justify the value of the share price. There's no way shareholders are going to be willing to wait that long. Strong market forces are pushing Facebook to quickly grow profits, and in that process, privacy just happens to be an externality that's not worth protecting.

All employees will definitely feel the pressure (directly or indirectly) to contribute to profits, because Facebook management "owes" that to shareholders who've funded this whole operation (under current market ideology).

People who work at facebook probably have enough money to not be desperate about earning more

Based on casual observation of my surroundings, some of the highest earners I know are also the ones that are the most desperate to keep and grow their earnings.

I don't believe the programmers at Facebook have evil intentions - I think they're just trying to build something that's technically cool. The problem is the MBAs will trying to build something businessy out of it and won't care whether it requires evil if it might possible make them some money.

There can also be a temporal factor. Today there might be no evil intentions but in a couple years someone might find that "we have this whole data set we could do X with".

So you think the engineers are innocent and altruistic, and the MBAs are evil, huh?

What an incredibly naive viewpoint. Which one is Mr. Zuckerberg? I recall him have a few choice words for the "suckers" who sign up for his service and hand over their data.

Of course not - I'm skeptical of everyone's intentions and specifically think through how to best protect my own privacy (I don't have a Facebook account). Of course, Facebook didn't choose "Don't be evil" as their slogan so you can assume the standard "Make money by any means possible" slogan. Yes, I'm appropriately jaded.

In any case, the comment I responded to was pretty specific in asking us to trust that the programmers motives were pure. I wanted to point out that things could turn creepy later in the business life-cycle even if the original motives were non-evil.

It reminds me a bit of http://wiki.lspace.org/mediawiki/Leonard_of_Quirm from the Discworld series by Terry Pratchett. A brilliant engineer who is absolutely naive as to the harm that could be wrought using his inventions. So I'd agree the engineers in Facebook aren't rubbing their hands and laughing but this doesn't mean they aren't part of a larger more ominous trend of technological advancement and privacy invasion.
I hate crowds. If everybody went to the left, I'd go to the right. I'm a natural contrarian.

But you are asking for some really heavy lifting here. You're positing that we have two choices: assume ill intent on the part of Facebook or assume it's all good.

These are not the only choices, and they're not opposites of each other. Most likely is that FB folks are actively trying to help posters as much as they can. Most likely is that the average poster enjoys all this cool stuff. Most likely is that this is a terrible feature that should have never seen the light of day because of where it's taking the industry -- deeper down a pit of the surveillance/security state. Most likely a lot of folks complain about it simply because it's trendy.

All of these things can be true at the same time.

So I'm not really sure what to say. Sucks to work at Facebook, I guess. Too many developers and a mission to own the planet. Maybe they should have just stuck to "pictures of people you know and what they've been doing lately"

Programmer at Facebook? No. Investors and advertising partners and government surveillance agents? Maybe.
It's unhealthy to choose to not be skeptical because you're annoyed that it's becoming popular to care about security and privacy.

It's a good thing that people care about privacy and security. It's a good thing that people question new free features and the motivation behind them.

Facebook exists to gather data about you so it can target advertising at you better than the rest and get paid more by advertisers using it's platform. Facebook will use this feature in any way it can to gather more data about you, and that's creepy and literally surveillance even if only for the time you're writing a status update.

That is really not the point, firstly they are been underhanded by misrepresenting the fact that conversations maybe stored in a datacentre without their permission.

Secondly, as with the Snowden leaks - say the engineers at FB are well intentioned, having that data travel over the air exposes more than the user is aware.

>But can we for once not immediately assume ill intentions?

IMHO we should always assume ill intentions. Always.

>But can we for once not immediately assume ill intentions?

Sure, but what if we're wrong? Once Facebook and it's advertisers have access to this information there's no way to be sure that they've deleted everything, just because you asked nicely.

When it's impossible to undo an action it's best to proceed with caution.

It's not really about their intentions, it's about the possibilities. Even if everyone involved right now has good intentions, who's to say everyone in the future will? The problem with collecting big swathes of data, or setting things up such that it easily could be collected, is that you're enabling future evil.
I looked through a few of the related questions. Is there any mention of whether or not the snippets are stored beyond the time of analysis?
If you're not in the USA or Canada, then your contract is with Facebook Ireland, which falls under EU Data Protection law. One thing this means is that Facebook is required to give you a copy of all personal data it has on you, if you ask for it.

If/When this feature is available outside the USA, then one could use it and then make a data protection request to find out if they keep it.

"Are you recording my conversations, Facebook?"

"Of course not, silly! We don't listen to your conversations, we just identify the things you're listening to, of course!"

0_O

That was my reaction too. If there are conversations going on in the background, then YES! Yes... they will be recorded as a result of this. :/
It's less ambiguous than this even. "Do you record my conversations?" "No, but we do listen to them sometimes"
I'm not saying I'm comfortable with this either way, but I do see a difference between recording a conversation with the intent to keep that recording and extract the spoken content, and processing the audio "on the fly" for certain parameters to identify a limited set of things.

Of course the problem is you can't control or check which of the two was done with the audio that got uploaded, and that is the scary part and reason enough not to allow anyone to record audio. But you can't just claim that facebook does in fact "listen" to your _conversation_ in any way we would understand as listening.

The problem is that the choice as to whether they actually "listen" to my uploaded processed audio is up to them, not me. At this point the only assurance is "we don't listen."
At the end it comes down to trust, laws and maybe occams razor. We can't personally check what exactly they do with our data (not limited to this particular feature), so either we trust in what facebook assures us, or trust that they follow laws that only allow certain usage, or at least assume that there is no orchestrated plot to record me farting on the sofa and that they really only do what they claim to do because that is the simplest explanation.

That can change if someone has hints or factual proof that they don't. So far I have only seen asumptions that were not in any way connected to any objective argument or fact.

Of course we can reason about why keeping as much information private as possible is a good idea, how users need to be in control of their data etc, and I agree with all of that stuff. I'm not a fan of facebook at all. For me opening facebook is a horrible experience filled with content I don't care about. And of course privacy is always an issue.

But I can't see what is gained by making unfounded statemets that in essence claim "facebook is lying, of course they record our conversation".

So I have to ask permission of my friends to send the ongoing conversion to FB, if I want to use this feature, when typing my status surrounded by them?

Or every stranger in a bar, that happens to be around me, when I post my silly "I'm wasted beyond believe" status?

In my mind, there are ramifications beyond believe there. And I am not really sure, what to make of this.

And this might actually be insanely illegal in areas where recording conversations requires consent of both involved parties.
There's no might about it.

This would definitely be illegal in the UK.

What UK laws are being broken?

EDIT: I'm not saying it's okay. I'm just asking what law is being broken.

It's not illegal to record a conversation between two parties. However if you share this recording with a third party (in this case Facebook) then you have to obtain the consent of the other party.
Under what law?
All of those apply to phone calls. In this situation we have people in a semi-public space (eg, a Pub) talking, and one person using a mobile phone to send background noise (which will include that conversation) to Facebook or Shazzam who process the noise, identify any music, and then discard the noise.

Your law would prevent people in busy offices from making any phone calls.

RIPA http://www.legislation.gov.uk/ukpga/2000/23/contents

> It shall be an offence for a person intentionally and without lawful authority to intercept, at any place in the United Kingdom, any communication in the course of its transmission by means of—

> (a)a public postal service; or > (b)a public telecommunication system.

That doesn't feel relevant.

Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699) http://www.legislation.gov.uk/uksi/2000/2699/contents/made

Also not relevant. This is about businesses recording calls, and how they can do so and stay within law.

The Telecommunications (Data Protection and Privacy) Regulations 1999 http://www.legislation.gov.uk/uksi/1999/2093/regulation/1/ma...

Again, not relevant. And also covers temporary use of data, so if anything it allows the Facebook use.

The DPA isn't relevant unless Facebook is storing the data beyond the immediate identification of music in the background.

> we just identify the things you're listening to, of course

...by recording the conversation so it can be uploaded to the server that does the recognition, because nobody is doing this kind of processing client-side.

Just like the idea that "streaming" is somehow different than "downloading", the commonly-repeated claims that this kind of technology is only "processing" without mentioning where the data is processed is a carefully constructed lie designed to frame the discussion.

The use of propaganda to confuse how their product works suggests that Facebook (et al) knows there would be resistance if they offered the same features plainly. In my opinion this should count as mens rea.

> because nobody is doing this kind of processing client-side.

This is a half truth at best. Audio recognition can be based on one of two techniques. The first is audio watermarking which is completely client side (albeit not applicable for this FB feature) or fingerprinting. They'll likely use the latter which records a segment of audio, does the rough audio equivalent of a hash on it and then send it the server for an optimised pattern match. It's somewhat unlikely they'll send raw audio to their servers although that's an assumption.

I mean, it's an assumption that's got some known counterexamples. For example, Google Now stores the raw audio from every time you activate it / dictate a question on an Android device. It's not out of the question to expect that Facebook might be keeping raw audio data to process later / test.
Android is in desperate need of allowing users to change permission for app. It's ridiculous that the application decides what it has access to (and android it is not making it easier with a bad permission granularity). And I believe this functionality was in some pre-release 5.0 versions. They removed it because apps would just crash if permissions were removed. However, there are apps that solve this (for rooted phones) by providing dummy (null) data on API calls that you blocked.

For example, there is absolutely no reason my facebook app should ever have access to a microphone.

Android 6.0 has the functionality you describe - there's a warning if you try to disable it for certain apps (presumably for older API levels) though that it may cause them to crash. I imagine this'll go away with time.
Good to hear. Too bad one usually has to buy a new device to get an update.
One does? Hasn't been an issue yet on my almost 2 years old (so, 2 major-revision updates) nexus 5 yet.
Out of 5 android devices I've owned only one received major version update (and it didn't work). So, anecdotally, one does. But I believe my case is more common than yours.
Just to be fair, are the 5 android devices non-nexus devices? If so, that's because of the carriers and that's why it's a common problem.
They are. But only one of them was bought through a carrier (so it's "branded"). Others are "OEM", so could be updated by the manufacturer.
Welp, that just sucks. I doubt the manufacturers have as much desire to update as carriers do.
I just got a Motorola Moto G to replace an aging iPhone 5s. I do like Android, but there are so many features of it that I find just completely irksome.

For example, Google release Android 6.0 but I can't upgrade until Motorola decide when and if I can update my phone. Why can't I upgrade at the same time as everyone else, like on iOS?

Second is the abysmal permissions system which grants access to everything and anything - else you can't talk to your friends on Whatsapp.

>> Why can't I upgrade at the same time as everyone else, like on iOS?

Because Google doesn't control updates for your phone and most likely neither does Motorola, complain to your carrier. The carrier has the option to offer a vanilla Android that can be updated whenever new versions are available, but most don't to offer their own customized versions.

I bought the phone from Amazon, SIM-free, so I'm not sure if Vodafone are the right people to complain to here?
Nope, you're probably on your own in that case.
> Nope, you're probably on your own in that case.

Right, and this is the very problem with Android.

I am currently running Android 6 (Marshmallow), the official version pushed to my phone as an OTA update, and I am able to turn on and off individual permissions for apps. When installing a new app, it initially has zero permissions enabled.

Let's see how this works in practice, but so far I am hopeful that this is in fact solved in Android. (Modulo actually disseminating the fix)

This is in Android Marshmallow (6.0). Unfortunately, it will take a couple of years before the majority of Android users has this :/.
Definitely, considering there are still 2.x devices out there. I have Android 4 on Samsung and on Motorolla, both of them really not that old (released on 07/2013 and 05/2014 respectively). And no sign of an update...

However, I was forced to update my Nexus 7 to 5.x, and the device became absolutely unusable. So I wonder whether I want the upgrades if even Google can't handle them properly.

How were you forced to update your Nexus 7? I have a Nexus 7 and every update it's ever received had to be approved by my clicking on the button saying I wanted to update. Can you not do a system restore to get it back to its original version when you purchased it?

I know it's pointless to say that my Nexus 7 runs Android 5 just fine though, just to counter your comment about Google not handling updates properly.

There was a permanent notification that I could not get rid off. I consider that forcing an upgrade.

It was the 2012 version of Nexus 7 and while not everyone had these issues, it was a pretty common problem and I consider it a huge failure on Google's part. As far as a I know, there is no way to downgrade without rooting the phone. Some people reported that factory reset helped with the performance. I haven't used it for several months and then installed CM - not as fast as the 4.x was, but somewhat usable.

Ah, you were annoyed into updating. I understand your point now.
Which is why I use almost 0 application on my telephone. I prefer to use website which do not have creepy permissions to spy on me.
Cyanogenmod had this for a long time now.
Ironic, because the Facebook graph API actually has excellent granularity on what you can access. They've even taken steps to limit data leaks from your profile - e.g. you can't access someone's friends' status information anymore.

Do you need mic access to record video with sound?

and i still won't use facebook.
That's one very scary invasion of privacy masked as a "feature".
Phone - meet soldering gun. I am becoming more serious about installing physical breaker behind the mic and camera on whatever device I get my hands on.
That wouldn't be a very useful phone anymore.
It will be - I just connect a slider when I want it turned on
A soldering gun is a plumbing tool. It's far too big for working on phones, and it's likely to damage them with induced current. You need a soldering iron or a hot air rework station.
I wonder whether the reaction to this differs based on location of the user. Are European users more worried about this than US-based users?
They introduced similar feature with football (soccer) this weekend, or earlier and I didn't notice.

When one of the teams I like is playing a match, the placeholder for post status is replaced with something asking my opinion about the match and a football icon is added.

Which is a decent idea to get more people updating their statuses and posting more.

Regarding privacy, etc. Eh, damn, it gets boring when so many comments are about how facebook is stealing your data and what not for every post like this. Yes, we all know that and no need to remind about it every time.

There's a difference, though: you explicitly told Facebook what you like, and it's acting on it. You pressed "like" on your team, and Facebook can check if it's playing right now. However, this is different: you didn't tell Facebook "hey search what show I'm watching".

Regarding the "it gets boring": yes, it's boring, but until it changes we will continue pointing it out. Because if you don't do it, people forget. We end up taking it for granted. Tell me how many people on Facebook know "Facebook steals their data" and how many of them actually act on it. What actually happens is that people have a vague idea of the privacy issues but, because "we all know it" and "it's boring" it doesn't get discussed and we end up accepting it.

>>> What actually happens is that people have a vague idea of the privacy issues but, because "we all know it" and "it's boring" it doesn't get discussed and we end up accepting it.

After the Snowden leaks, pretty much everyone on HN is aware of the issues. So some are strongly against it and are vocal, and others silently accept it and don't think it's possible to convince them otherwise.

But anyway, thank you for your nice, calm response to my semi-raging post :)

So Facebook recorded your ambient audio, uploaded it to their servers, processed that recording to discover what you were watching, all so they could prompt you with a football icon and an opinion poll?

Did they get your explicit permission before turning on that microphone and uploading what it recorded? Or did they hide it behind a button? Did they explain in a way most people would understand about what they were doing with the microphone and where the feature was actually implemented?

No, he most probably has liked his team on Facebook and FB is smart enough to know a game is on (or his friends have posted similar statuses).
Yup, 'one of the teams I like' meant 'I like their page on facebook'.
I actually think it's pretty cool that they can identify what you're watching on TV
And people wonder why I use the browser version!
This seems to be kicking up a fuss over nothing, and any controversy disappears once you read how to use the feature in question:

Using your microphone and music apps lets you share the TV and music you’re currently playing to your posts.

To identify and share what you're listening to or watching:

1. Tap Status on your News Feed or tap Write Post on your Timeline.

2. Wait for us to identify what you're listening to or watching. You'll know if we're searching for audio matches if you see [an animated icon] moving.

3. Once a match is found, tap [an icon] to select the thing you'd like to share and then fill in your status update.

4. Tap Post.

https://www.facebook.com/help/android-app/710615012295337

The fuss is about the data sent to Facebook's servers for "identification". You can make the decision to post it or not, but Facebook knows it in either case.
>The fuss is about the data sent to Facebook's servers for "identification". You can make the decision to post it or not, but Facebook knows it in either case.

But it's OK for Shazam or Soundhound?

At which point is a feature just what it says on the tin?

Their main functionality is that data, which user knows before installing the app.
So, without opt-in, they record, upload, and match the content of my conversations, without previously getting consent from all parties that might have been involved?
>So, without opt-in

From the article: "If you choose to turn on this feature..."

You choose to turn on the feature.

The people around you have no choice at all if they are recorded or not.

>You choose to turn on the feature.

>The people around you have no choice at all if they are recorded or not.

How's that different to literally any application that sends microphone recordings across the 'net?

It’s not very different, except usually you have to turn it on manually for every single recording. If you record without permission, it is illegal.

Here a user turns it on once, and it will record every time you write a status update, and they might even forgot they turned it on – it poses a liability issue, and it leads to people being less able to find out if they are recorded or not.

In the end, probably it will be the users that end up in court, not Facebook.

It is no different, any application that does this makes you subject to liability depending on local laws. If it is illegal in your area to record someone without their consent and you hold up your phone in a bar while using something like Shazam you may be breaking the law. While the odds of you being prosecuted for it may seem unlikely, doesn't change the potential liability.
How is this different from Shazam? I don't think very many people are paranoid about their conversations being recorded when someone in a bar holds up their phone to identify what's playing.
Because here you have to opt in once, and it will record in the future every time when writing a status entry. People holding up a phone to identify what’s playing are at least noticeable.

Same reason why recording video with a phone (for which you have to hold it awkwardly, or you’ll just record the ground) is different from recording with Google Glass (at first, no one notices if you record or not)

What if someone logs into facebook during a murder, could it be considered surveillance?
No. As of right now Facebook is not a government entity.
Anyone who has a facebook account deserves this kind of spying.
Is that also true of anybody who is in the same room as those with facebook accounts?
Indeed. There is a reason I chose not to have a Facebook account, and the continued attempts by organisations like Facebook to make my own friends and family spy on me on their behalf are infuriating and, apparently, becoming increasingly intrusive.
Yes. If you don't block facebook on your network then you get what you deserve. If you have friends or acquaintances who openly use facebook next to you then you get what you deserve.
> If you don't block facebook on your network then you get what you deserve.

Also should I run a cell phone jammer?

> If you have friends or acquaintances who openly use facebook next to you then you get what you deserve.

I think I just got trolled here.

Privacy concerns aside, I'd be very interested on how they're doing this on a technical level. Does anyone know if they've published a post on how this is done yet? Or have any ideas on how they think it's being done?
It's called "audio fingerprinting" and it basically converts a snippet of audio from your phone is something similar to a hash of that audio. Then, using some clever algorithms, it can be quickly matched against a database of existing hashes. Because of the way the algorithm works the match doesn't have to be either 0% or 100%, because realistically whatever is recorded on your phone will never exactly match the original.

Disclaimer: I used to work at a company that built this type of technology.

That is interesting, I didn't know it had a name. Now I have something to look for, Thanks!
And people complain when aliens use rectal probes. Facebook's ultimate game is to keep you entirely within its universe, know everything you know, and ensure the advertisers have exclusive access to you and your information. It's the only way to grow revenues for a free service and justify a crazy stock price.
Naturally, anyone within earshot of an idiot with a smartphone has opted in as well?
Just turn off microphone access for the Facebook app, or don't give it access to begin with. Even with android, you should have that option in the latest version.
Although I agree with the general concerns raised in this thread FB is not sending raw audio to its servers and thus is not "listening" to you. The majority of work is done on the client-side. Specifically, a short audio sample is analysed client-side and turned into an audio fingerprint (the rough audio equivalent of hashing a value). That fingerprint alone is sent to the server for matching. Note that there is no way to reverse that process (hence the hash analogy) to get audible sounds out of it. Of course, this is all based on the assumption that Facebook is telling it like it is but given the fact that the difference in bandwidth use is an order of magnitude that's very easy to check.
Interesting that it's only enabled in the United States right now, could this be due to stricter privacy laws in other parts of the world?