in Meddling, Social Media, X-Geek

Facebook audio snooping almost certainly prompted targeted ad

A story in July’s Consumer Reports discussed the possibility of our social media apps secretly listening to us:

Well, it’s technically possible for phones and apps to secretly record what you say. And lots of people sure seem to think they do.

According to a nationally representative phone survey of 1,006 U.S. adults conducted by Consumer Reports in May 2019, 43 percent of Americans who own a smartphone believe their phone is recording conversations without their permission.

But, to date, researchers have failed to find any evidence of such snooping.

While there might not be any fire yet, there sure as hell is smoke.

I’ve written before about how Facebook seems to be surreptitiously spying on its mobile users through their phones’ microphones. It happened to my friend whose lunch conversation served up an unlikely ad on his iPhone for ignition coils. He was adamant he never typed anything about ignition coils, and I have to say it’s highly unlikely that anyone would type “ignition coils” unless they were in the quite unique position to need them.

Since that incident, and the one where I caught the Facebook app blatantly serving me ads based on photos I had NOT shared, I’d banned Facebook Mobile from my phone and my wife soon did the same.

Sprung into my Facebook feed.

Problem solved, right? Well, not quite. In September, in the presence of my wife’s iPhone, I had a conversation about a home remedy involving Irish Spring soap. An hour later, I get an ad in my Facebook feed for … Irish Spring! In this case, it’s possible that Google saw the page I requested, had an index of it to know that Irish Spring was mentioned on it, and assumed that I must be interested in Irish Spring, right? That’s certainly possible, but …

… there were many products listed on that page. Why was I only shown an ad for the product I had mentioned verbally? More smoke.

The coup de grace came last month at work. During one of my company’s internal meetings, it was announced that we had landed a new customer, whom I’ll call “Spirit Health.” I didn’t think anything of it, aside from the joy of gaining a new customer, until the next morning when I pull up Facebook.

It was a cheerful ad for Spirit Health.

“Spirit Health” Facebook ad that came out of nowhere

I want to stress here that:

  • I had never heard of Spirit Health before it was discussed in my company meeting.
  • I had never typed “Spirit Health” in anywhere. Ever.
  • I had never spoken the words “Spirit Health” before then.
  • I joined the company meeting by way of headphones, so my phone never heard the words “Spirit Health.”

This was absolutely mind-boggling. The odds of this company’s ad simply showing up randomly in my Facebook feed was staggeringly small. I had given my phone no input whatsoever to cue it. I know that for a fact. I’ve been leery of the Facebook/Google/DoubleClick complex long enough to have become hyper-aware of the information I give to them.


Well, it had to know somehow. It certainly wasn’t random. Nothing I had done could’ve summoned the ad. Someone else (or more specifically, someone else’s phone) must have been involved. Following my hunch, I jumped on Slack and quickly polled my colleagues to see what phones they have and what apps they have on their phone.

There were three people in the work conference room that day, tuned into the meeting:

  • Two have Android phones, one has an iPhone.
  • Of those, two have Facebook installed (one Android, one iPhone).

Based on my friend’s ignition coil experience, my working theory is the iPhone of my colleague, Jennifer, was the source of the “leak.” Not only does she have an iPhone, she also has Facebook installed on it. My hunch is this combination – Facebook on iPhone – is the one most likely to spy on verbal conversations. Also, Jennifer’s role in the company is one where she would not need to Google for information on Spirit Health – she would’ve already known about the company.

So, how did the ad appear in my Facebook feed then? Google (or Facebook. Or both) knows where I work. I helpfully told Google this when I labeled my office building in Google Maps. But even more specifically, the technology of geolocation (i.e. being on the same WiFi network) can determine when a group of mobile phone users are together. One phone, hearing a conversation in one room, can be used to target an ad to another person who was nearby. I strongly suspect Google (or Facebook. Or both) likes to show ads to people near a person at the time that person happened to search for something Google has keywords for.

Northeastern University computer science professor David Choffnes and fellow researchers tested 17,000 Android apps and found none of them were secretly recording audio. But this was Android. I would love to see him repeat his testing, this time on the Apple world.

On his way to billionaire-hood, a 19-year old Mark Zuckerberg laughed at his users, saying “they trust me. Dumb fucks.”

The more things change, the more they stay the same.