back to article Apple says sorry for Siri slurping voice commands of unsuspecting users

Sorry seems to be the hardest word for some - Apple has finally apologised to customer weeks after it emerged contractors had been asked by the company to listen to recordings of people using the Siri digital assistant. More importantly, Apple said it is changing the way it does things. Apple, which is at pains to convince …

  1. Anonymous Coward
    Anonymous Coward

    More like sorry for getting caught

    It seems to be an emerging trend to apologise after being found out rather than not doing whatever it was that needs an apology in the first place, which does beg the (rhetorical) question of what they would have done if they hadn't been found out...

    1. This post has been deleted by a moderator

  2. Danny 2 Silver badge


    I don't want anyone else hearing me having sex with my partner, not even my partner. I was brought up in an age where we had to keep quiet so as to not alert parents so I am silent, but...too much information.

    The most beautiful girl I ever had sex with would say 'No' when she was reaching climax. I was raised a feminist so no means no, and I'd stop to check she was okay. She tried to explain she didn't mean no, but I couldn't get past no means no. I tried to get her to say Yes or God or anything, but my worst love life ever.

    Edit: I was a contractor at her company and I didn't know if she fancied me because I had a big company car and told her bosses what to do, so I quit my job to find out. It was the job. I kind of knew, but I was thinking of proposing so I had to find out.

    1. Solarflare

      Re: No!

      ...What the hell did your coffee get spiked with?

    2. Bronek Kozicki

      Re: No!

      too much information, mate.

      1. Danny 2 Silver badge

        Re: No!

        I don't believe in "too much information". I think as a general rule of thumb I've had too little information when making decisions. I'm posting here anonymously to you lot, a bunch of strangers I'll never meet, so I feel I need to post honestly.

        I could tell you a story, but you don't want that information apparently, about my first hand experience between the pre-internet porn generation and the post internet porn generation.

        My first reaction was look at how they have been conditioned into. My second reaction was look at all the hang ups we had that they don't. We are a far more sexist society today than in my youth but it seems to be shifting back to betterment.

        Most, well several folk here, in your profession probably, will be "on the spectrum". A euphemism for autistic type folk. That is a huge spectrum from people who cannot function alone to people who behind the scenes keep society functioning.

        There is never too much information, just too much for you to process. Oh, and by the way you are complaining about me being naked here. This is a nudist beach. This is a sweat lodge. This is a communal Finnish sauna. You can keep your clothes on if you want but try to be cool. You are not meant to be wearing clothes here.

        1. This post has been deleted by a moderator

    3. Chairman of the Bored

      Re: No!

      Wouldn't worry too much. As long as the train got into the station and everyone got off, it's all good.

      1. Danny 2 Silver badge

        Re: No!

        Train certainly got into the station, never reached the end of the platform, all the passengers had to walk back home. No one got off, mostly. I have some great stories good and bad and true but I don't want to be banned here so recommend a spy-free blogging site and I'll post this story there.

        It is difficult to be honest without being libellous. Being honest and factual is no defence against libel. If you have a huge spot on your nose, and I print you have a huge spot on your nose, you could sue me for libel.

  3. Anonymous Coward
    Anonymous Coward

    Random identifier

    I bet even after six months it can be re-associated if they really wanted to. Being a random identifier doesn't stop it being a reference to a person, a device and everything else they've done or stored.

    1. JohnFen

      Re: Random identifier

      This is a common bit of trickery from companies that want to continue spying on you -- to claim that you're OK because they don't use an already existing personal identifier and instead assign you a new personal identifier. It's utterly nonsensical.

      1. fidodogbreath Silver badge

        Re: Random identifier

        Indeed. "Anonymized user data" is a fiction that big data created so they can continue flogging everyone's private bits to world+dog.

    2. Anonymous Coward
      Anonymous Coward

      Re: Random identifier

      How would they re-associate it? It is just a recording of someone asking Siri something, unless you say your name or address in the recording, how is it going to know it is you asking "where's the nearest prostitute?" versus me or Donald Trump?

      The way data can be "de-anonymized" normally is because the name is removed but demographic data like age, sex, education, city of residence, etc. is kept which can narrow it down to only a few or one possible candidate. That's not the case here.

      Besides, it is OPT IN - true opt in where you have to deliberately go to settings to enable it, not what most companies consider "opt in" where you agreed to something buried in 56 pages of T&Cs.

      1. eldakka Silver badge

        Re: Random identifier

        How would they re-associate it?

        Because each recording has a unique identifier assigned to it as it traverses - and sits inside - their systems.

        It could, for example, be a hash of the device/account ID plus sequence number (or some other salt). But for that hash to not be anonymous for the first 6 months, it either has to be reversible (e.g. a weak MD5 hash) or, more likely, there is an index (database) somewhere that maps the hash back to the account ID and sequence number. Therefore if you have the hash, you also have a reference that can be used to get the account ID, and from the account ID you now have a reference to all that accounts personal data. To anonymize it after 6 months, in the first instance they'd have to delete the hash from the recording metadata entirely since it is reversible, in the latter case they'd have to delete the mapping they've stored in the index.

        The problem is, what about the backups? Where do they backup the recordings, and the index, to? So if they delete the hash from the recording, could you go into the backup systems and restore a 5 year-old backup of the recording that still has the reversible hash in it? The same is true for the index, could an index be restored from before the mapping was deleted, again say a 5 year old backup?

        What about the resulting transcript itself? Do they do the same (attach a hash) to the transcript that has the same issues? Maybe they include the original hash from the recording in the transcript, so even if the recording itself is 'anonymized', have they also removed that hash from the transcript?

        1. doublelayer Silver badge

          Re: Random identifier

          If they're doing what they say they're doing, the random identifier is just that, a random string assigned when the request comes. In that case, it wouldn't be attached to any other data, not by hash or anything else. Then, after six months, the key with the random string is deleted so anyone looking at the data couldn't be connected with other recordings from the same source. And if they did that, things would probably be fine subject to some extra considerations like the aforementioned backups storing strings for longer, which wouldn't identify users but would allow collating recordings for a device.

          But we have no way of knowing whether they are keeping to that. And they have to have known previous to this that having people listen to recordings is dubious at best, but they didn't stop doing it until right now. If they do what they say they're going to do, then I'm quite a bit happier with them. And so far, they haven't lied about not doing something they are really doing, but haven't been particularly proactive in determining when something they admit they're doing is problematic. We'll have to watch them; if they decide to do something like this again, we have to nip it in the bud.

          1. JohnFen

            Re: Random identifier

            "In that case, it wouldn't be attached to any other data, not by hash or anything else"

            If that's actually what they're doing, then there's no point in having an identifier at all. The entire purpose of an identifier is to allow you to correlate different bits of data as belonging to the same set.

      2. Anonymous Coward
        Anonymous Coward

        Re: Random identifier

        How would they re-associate it? It is just a recording of someone asking Siri something, unless you say your name or address in the recording...

        Incorrect. It is not recording someone asking Siri something. It is a recording of everything after a deliberate or accidental "Hey, Siri" command is triggered.

        Source:" They are tasked with grading the responses on a variety of factors, including whether the activation of the voice assistant was deliberate or accidental...Accidental activations led to the receipt of the most sensitive data that was sent to Apple."

        1. Anonymous Coward
          Anonymous Coward

          Re: Random identifier

          Same thing though. If you accidentally activate Siri while talking about your penis enlargement surgery, unless you say your full name or address there's nothing to connect it to you. Its obviously something you don't like having "out there" but there's no way to link it back to you personally.

          1. This post has been deleted by a moderator

  4. chivo243 Silver badge

    First thing

    Was to disable siri on iAnything... Second is to laugh out loud...

    1. BebopWeBop

      Re: First thing

      You mean you turned it on to begin with?

      1. chivo243 Silver badge

        Re: First thing

        No, unfortunately, when you start a new iThing, it asks if you enable to use siri, I say no! So, that is the first thing? Maybe I was having one of those "it's obvious" moments that happen only in ones head.

    2. dnicholas

      Re: First thing

      Haha, you think not enabling something is the same as turning it off? ;)

  5. Anonymous Coward
    Anonymous Coward

    Reality distortion alert!

    > We created Siri to help them get things done, faster and easier, without compromising their right to privacy.

    No, Mr. Apple. You did not create Siri. You bought Siri.

    1. jsmith1030

      Re: Reality distortion alert!

      You created Siri first, so that your products will look cool, secondly so as to gather as much data as possible, and finally so that you wouldn't be left behind. Most people could get things done before quite nicely, thank you.

  6. Franco Silver badge

    Trying very hard not to day I told you so to all those people who think that Apple are "better" than Microsoft and Google and Amazon and don't do things like this. Of course these people will insist that this is a one-off and not the norm.....

    Fuck it, told you so!

    1. Anonymous Coward
      Anonymous Coward

      Well, the whole thing of only apologising after getting caught, and not being all that honest up front, certainly isn't better. Nor, does it seem, were the original practices.

      A more interesting question is whether the response (the practical response, not the words) is better. The whole identifier nonsense doesn't seem any better; undoubtedly somewhere at Apple there is a database with a table containing both the GUID and either an IMEI or Apple ID or some other key that is unique to a customer. And "dissociating" the data from that GUID doesn't help anyway because there are sure to be backups. So a thumbs-down on that one. Nor, I would say, does it matter whether the person reviewing the data is a contractor or an employee. That's a legal distinction that really means nothing in terms of privacy. However, the ability to opt out *a priori* (rather than "deleting" the data after the fact) is a major improvement and seems superior to others.

      That said, at least on macos Siri has always been opt-in, which is best of all. If you don't turn it on, none of this stuff matters.

      Better? I dunno. Probably a little. Not enough to make me even think about turning the silly thing on to begin with.

      1. Lord Elpuss Silver badge

        "That said, at least on macos Siri has always been opt-in, which is best of all. If you don't turn it on, none of this stuff matters."

        Siri is opt-in on iPhone as well.

    2. Lord Elpuss Silver badge

      Apple is genuinely focused on user privacy, and made a mistake here which they owned up to and fixed.

      How anybody can compare that with a straight face to Google and Amazon’s data rapery is utterly beyond me.

      1. Anonymous Coward
        Anonymous Coward

        You're making assumptions about intent, based on your personal decision to trust corporation A and not corporation B. It's much more reasonable to evaluate the capabilities and the written policies of each vendor's offerings, whether because corporations are inherently trustworthy or because they are subject to changes in ownership and management. By that standard, Apple is a little better but not all that much. I give them credit for making an actual apology instead of the blatantly insincere non-apology that corporate PR flacks have perfected, for allowing (we are told but cannot prove, as we do not have the source code) Siri to be entirely disabled, and to opt out of audio collection. It's a long way from offering some nice words and some moderately better terms to being trustworthy or "genuinely focused on user privacy".

        That's how I compare them with a straight face. I can recognise that one seems a little better for the moment without deluding myself about any of their intentions. Fundamentally they are all the same: they will do whatever they think they can get away with, as long as they think it will make them more money. Right now, Apple seems to think that trying to get away with slightly less will make them slightly more money. Perhaps they're right.

        1. Lord Elpuss Silver badge

          A fundamental component of Google and Amazon’s business model is harvesting, marketing and monetising your personal data. You are the product.

          For Apple, and to a lesser extent Microsoft (depending on your service choice), this is not the case. In fact Apple’s business model depends on precisely the opposite; if they marketed your data in the same way Google or Amazon does they would lose their differentiation and would enter a race to the bottom competing against much cheaper Androids.

          There’s nothing altruistic in Apple’s motives; it’s all about the money - and this means it’s in their financial interests to safeguard privacy.

          1. Anonymous Coward
            Anonymous Coward


            It WAS their policy for many years that you were the customer, but I guess they realized they couldn't grow any further in their current line of business. They looked for ideas on what they could do to grow in new lines of business and saw Apple on the one hand making a lot of money selling high end hardware at nice margins, and Google on the other hand making a lot of money collecting personal information and using it to sling trillions of ads a fraction of a cent at a time, and thought "hey, why not do both?"

            So now they sell high end hardware like Apple, and collect personal information to advertise to you like Google. They aren't as good at hardware as Apple, and aren't as good at monetizing personal information as Google, but they are still collecting as much personal information as they can get their hands on. Windows 10 seems to be designed with that in mind, though so far you can turn it off.

            Probably someday you will no longer have the option to turn off the data collection. Maybe you'll be able to buy a higher end version that preserves that option, because they know the vast majority will stick with the "free" version their PC comes with.

            1. Aitor 1 Silver badge

              Re: Microsoft

              No data free collection version.

              The data selling model assumes that you have a mix of low value and high value targets in the group.

              The low value targets are valuable only because you cannot identify without doubt the high value ones.

              If you offer a more expensive version without the data slurp, you are removing most of the value from the mix, so you will be able to charge way less from the mass surveillance, so it makes little sense to do so.

              That is the reason you don´t see a pay for version of Facebook, for example.

              1. Anonymous Coward
                Anonymous Coward

                Re: Microsoft

                The enterprise version doesn't try to collect any data.

          2. elaar

            "and this means it’s in their financial interests to safeguard privacy."

            You make it sound like a simple "mistake" by Apple. Harvesting/storing voice data (which is probably THE most private data we have), and employing people to specifically listen to said data without informing users is a huge assault on privacy.

            How can you seriously consider a company to "safeguard privacy" when they do this? By comparing to what Google/Amazon do doesn't make it any less serious.

            1. Lord Elpuss Silver badge

              ”How can you seriously consider a company to "safeguard privacy" when they do this?“

              Human grading is an absolutely essential part of improving voice response systems like Siri, Alexa and Google Assistant; so the fact that a company does this isn’t wrong per se. And any data used for training is anonymised hence ‘private’, however Apple did make 2 mistakes; not explicitly asking permission first, and having this data processed by a third party. They have apologised, severed the relationship with the third party and changed the process to be opt-in and processed only inside Apple.

              They made a mistake here, but as a rule their track record on user privacy is good; they have a history of doing the right thing. Because of this, I’m inclined to give them the benefit of the doubt and accept it was a genuine mistake.

              1. JohnFen

                "Human grading is an absolutely essential part of improving voice response systems like Siri, Alexa and Google Assistant"

                All the more reason to avoid using any of these things, period.

                "And any data used for training is anonymised hence ‘private’"

                The only way to actually "anonymize" data is to collect it in the aggregate and delete the individual data collection completely. I don't think Apple is doing this, therefore it's not really "anonymized".

                "and having this data processed by a third party"

                I don't think this was a major mistake. There's no reason to think that the privacy problem is any better if the recordings are listened to by actual Apple employees rather than contractors.

  7. fidodogbreath Silver badge

    At least they apologized

    And not one of those bullshit "if we somehow offended you, we're sorry" non-apologies.

    That's more than Microsoft, Amazon or Google did over this issue.

    1. fidodogbreath Silver badge

      Re: At least they apologized

      With that said -- I don't trust any of these "voice assistants." I reluctantly enabled Siri (but not on the lock screen) because Shortcuts doesn't yet support placing a call on speaker, and I call my employer's conference line "on speaker" several times a day. As soon as I can do that by tapping a shortcut icon, the name, "Siri," shall never be spoken by me again...

  8. Mark 85 Silver badge
    Black Helicopters

    Why have these "things" at all?

    Seems that just by the fact you have one these "things" means you've handed over your privacy to strangers. And privacy is one of things that's slowly disappearing in the world with cameras on street corners, phone calls being recorded (for "quality purposes" of course <rolls eyes), and various agencies slurping everything they can from the Internet.

    I'm not sure why they're "needed". Maybe it's "nice" not to have to leave note on paper for family or something.

    1. Lord Elpuss Silver badge

      Re: Why have these "things" at all?

      If you start looking seriously at what's needed, there's very little in life that's actually 'needed'. Most things fall into some category of Want - because it makes life easier, more pleasant and so on.

      Of course digital assistants aren't needed - but then neither are mobile phones, supermarkets, clothes designed for anything besides warmth, coffee, cars, the Internet, banks.... the list is endless. Removing all 'wants' and reducing to actual 'needs' means humanity will regress to a subsistence society, and pretty much all 'development' will grind to a halt.

      1. JohnFen

        Re: Why have these "things" at all?


        Supermarkets aren't "needed"?

        They certainly are if you both enjoy eating and live in an urban setting where you can't grow your own food.

  9. FatGerman


    I'm not sure I believe that this is a case of them getting caught doing something they knew was naughty and then apologising for it, as many have suggested.

    I think it's a case of them getting caught doing something they didn't think was naughty in the first place.

    And that's worse.

  10. not.known@this.address

    possible scenario

    Scene; iWannaKnow HQ, the Boss's Office. Those present: Dave, the Pointy-Headed Boss. Frank, a representative Customer. Hal, the Technical One.

    Dave: "We want to generate a unique identifier for every customer. If only there were some alphanumeric string we could use that would be totally unique so we would know we were tracking the same customer's voice to ensure consistency."

    Hal: "We could use the device serial number but that would break privacy laws."

    Dave: "Oh. Hey, I know, we could cut the serial number in half, reverse each half, and stick them back together! Let's do that!"

    Hal: "..."

    Dave: "We also need it to only last 6 months, then we need to allocate a new unique identifier to that customer. Hey, I know, we could deallocate the number I just thought of and add it back to the pool of random unique identifiers, and allocate the customer with the latest unique identifier number that has been freed up!"

    Frank: "That sounds like a great idea! Can we teach Siri to lip-read as well?"

    Hal: "I still have the greatest confidence in your honesty and integrity, Dave..."

  11. This post has been deleted by a moderator

  12. This post has been deleted by a moderator

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022