The remark comes back to each of your aperitifs (or almost): “No, but it’s crazy, I say something, and the next moment my phone offers me that! » Everyone then goes there with their anecdote, more or less strange, and the conversation ends with a very heard: “Of course they listen to us!” Is this an urban legend? Who is hiding behind this “they”? And how do they listen to us? Why ? So many questions we asked Mathieu Cunche, teacher-researcher at Insa-Lyon and Inria, specializing in personal data protection.
Let’s start with the most obvious: the issue of voice assistants. Yes, they listen to us and we know it. The microphones on our phones used for our phone calls are also used by Siri, Alexa, “OK Google” and others to answer our questions ever faster and more accurately. Logically, yes, they are listening to us, even on standby, as they are waiting for the signal to be activated. At this point, the situation is “fairly transparent”but what’s more “vag” according to the expert, these are “false positives”. Pronounced quickly, many words actually sound like “Hey Siri”, “Alexa” or “OK”, and before the recording is triggered.
So what do they do with excerpts of conversations recorded without our consent? “It is likely that they are processed locally, ie by the telephone system, and then discarded, but also that they are analyzed by the company’s servers”, says Mathieu Cunche. Sometimes it is the right people who take care of it and who therefore have direct access to our intimacy. To do what? To improve the artificial intelligence (AI) in the workplace … and precisely to reduce the amount of false positives. But in a corner of scandals, the three giants, Apple, Google and Amazon, indicated in 2019 that they had renounced this practice, either temporarily and locally (Google) or definitively (Apple). “Although it is difficult to know exactly what is going on in these isolated IT ecosystems”nuances the specialist.
But let’s not forget that voice assistants turn on and off. If you do not want to be listened to, then the pairing should be simple. And still. Similar experiences have been seen – even with voice help turned off. ‘But no academic study has managed to prove it at the momenttemperament Mathieu Cunche. We stick to anecdotes. » According to him, the most likely hypothesis is that these “coincidences” are due to the traces we leave behind during our web browsing on our phone. The spy would therefore not only be the microphone, but rather all the applications we download and how they interact with each other.
Apps are “the wild west”
Unlike web browsing, subject to the use of a browser (Chrome, Safari, Mozilla, etc.) and cookies to sort trace elements, the application world would be a bit “the wild west”, according to Mathieu Cunche. For example: your game application A is active, and via a tracker (a small piece of software contained in the app) it has connected to application B, which is your favorite social network. Via this tracker, app A has access to the information in app B. “It is possible that malicious or profit-hungry companies through deficits well buried in the architecture of our favorite apps suck our data and then profile us and target their offerings”, suggests the specialist. Before you qualify: “Legally, to access other apps or parts of the phone, like the microphone, an app has to ask the user for permission, but again, it’s very complicated to control.”
And these security vulnerabilities are numerous, as companies around the world have, on average, been penalized at least twice in the last twelve months, according to a recent study published by Barracuda Networks conducted by 750 Western companies. . .
The National Commission on Data Processing and Freedom (Cnil), the data protection police, is not attacking it head-on – at the moment. The latest recommendations published on the site date from 2011. “Especially since many applications escape French or European law because they are foreign”, adds Mathieu Cunche. The Russian FaceApp application, which is especially known for its “aging” filter, was thus in 2019 accused of not protecting the privacy of its users by exploiting their images – without any way of sanctioning it.
Pay attention to downloads and apps
There is also a conscience with parenting applications: for example, WhatsApp, Facebook and Instagram, which belong to the same group as Mark Zuckerberg, whose financial model is advertising targeting. On WhatsApp, the content of messages is encrypted, but the rest is usable: contacts, frequency of messages, type of messages, sending times, etc. This information, combined with our tastes spread across the two largest social networks in the world, gives a fairly accurate picture of who we are. (It was, moreover, for these reasons that Elon Musk preferred Signal over him). Not to mention Gmail, which has access to the contents of our emails. The result is that Google can cross this content with the documents deposited on Drive (its online office application) and the videos we see on YouTube (owned by Google).
In addition to voice assistants and apps, there is finally the latest software layer: the operating systems on our smartphones, namely iOS for iPhones and Android for almost everyone else. Very schematically, if the publishers wanted to activate our microphone (without telling us so), they could, because they are the only masters on board. “They have all the power”, warns the expert. But according to him, the mechanism would be ” too big “ especially since these companies are already closely monitored.
“Listening” to our phones is therefore, for Mathieu Cunche, more comprehensive and more subtle than we think: ” The amount of data we leave on our smartphone is significant, we tend to underestimate it. And we must not forget that they are combined with the computing power of ever more powerful algorithms, in constant progress. Our suspicion of widespread surveillance is legitimate. »
How do you protect yourself from it?
– When giving access to such an app on such an object (microphone, gallery, camera, etc.), do so punctually by clicking “only this time”.
Use alternative tools for Gafa, of which here are some examples: Protonmail for emails, Framasoft’s for shared documents, DuckDuckgo as a search engine … or at least mix and match from time to time.
– Regularly clean your phone for apps you no longer use, or at least disable access.