FYI: Your browser can pick up ultrasonic signals you can't hear, and that sounds like a privacy nightmare to some Technical folks looking to improve web privacy haven't been able to decide whether sound beyond the range of human hearing poses enough of a privacy risk to merit restriction. People can generally hear audio frequencies ranging from 20 Hz and 20,000 Hz, though individual hearing ranges vary. Audio frequencies below and above …
The microphone is doing the conversion of sound waves to electrical signals, not the browser. It would be best to limit the microphone in Android or iOS, not mess with a spec. While there isn't a snowflake's chance of building a ski slope in hell of it happening, it's a better chance than changing a spec or API.
I found an advertising SDK inside a pre-installed Android app that could:
Determine the users location
Access and read anything the user had copied or pasted to the clipboard
Access and record with the devices microphone
Access the devices text-to-speech functions to both record and vocalize and also access any custom words the user added.
What was even more disturbing is that the advertising SDK was found inside an app that millions of people have installed thinking it would protect themselves from things like this.
I've been crushing permissions on all my apps, anywhere I can, for quite a while now. IMHO there has never been a good reason to allow my browser access to the microphone, my location, my contacts, et al on my phone, and no reason for same on my desktops, so "Off" they go. Yes, that includes Google Play Services. And Firefox on Windows. Plus many, many more.
I keep trying to tell everyone "Only the paranoid survive", but I believe I have grown tired of the repetition.
Either allow the browser, or install a multitude of apps based on customer whims.
Weak.
Assuming you're in a position to need a half-dozen different web conferencing services to be available at a moment's notice on your phone (or even your laptop -- highly likely, that), you enable the mic for the browser at that time, and disable it afterward. Shirley, you could be arsed to do that small amount of setup before your oh-so-important next web conference.
If you can't be arsed, then how did you get to be so important?
>> enable the mic for the browser at that time, and disable
Thinking I'm still safe... for now.
I do use a laptop/browser for meetings occasionally but it's speakers and mic are (should be disabled) and I always use a flip-phone to call in for the audio.
For rare cases, I will use external headphones/mic.
Hello @Someone Else
"how did you get to be so important?". While I'm flattered, I dont think I'm all that important... I do read and use my brain before corresponding with people though.
I was responding to @Snake:
"there has never been a good reason to allow my browser access to the microphone"
Re-read my post. You only need to have one occasion to use the mic for it to be a good reason.
Brush that chip off your shoulder and stop projecting your inferiority complex on to strangers on the internet, then have a lovely weekend and enjoy some outdoor time
I kept running out of RAM on my too old Android phone and noticed a common miscreant was Play Services. So I deleted all its data.
Oh and the Google App has been denied permission to use the microphone from the start. The idea that my phone or anything is constantly listening to me gives me the creeps. I do NOT want.
I don't want a 'smart' TV either. And a lot of the promise is bogus. Predictive text is supposed to learn from you, but mine doesn't. Perhaps because I have a very large vocab and seek to use it and not talk in cliches like a lot of people do. Predictive text has been relegated to offering me suggestions below the line which are frequently useless. It can't even do grammar, offering me ungrammatical options instead of the right one.
I've disabled everything for Play Services except storage and telephone, but when it receives a phone call it sometimes pops up a notification saying Play Services needs some permissions set and underneath there's the list of permissions which are currently denied.
That's just what I need when the phone is ringing.
The next phone will be Sailfish.
The problem is that the browser is the "universal app". You can use the operating system controls to police single-function apps (though not sufficiently), but the browser's access to increasing platform functions makes it increasingly difficult to have the granularity of control you might require, especially given the random origins of most of the scripts in a typical web page.
It would be a start if web-based applications had to be packaged and signed by a publisher with a manifest of permission requests before they could get access to any APIs, though as we've seen from all the malware that makes it into app stores already, this is not in itself enough.
[...]it's a better chance than changing a spec or API.
Hello Brian. I agree that the mic is the source (well, maybe the sink) of the problem. But I'm not sure that fixing the Audio API is actually necessary.
What if the audio codec were to be "adjusted" so that a 24dB/octave low-pass filter were to be engaged at, say 17,500Hz? That would work...but I can just here it now from some so-called "audiophile", "You can't do that, it cuts down my fidelity!" Riiight, On the 1.25-inch "speaker" that is found on the average phone. "Audiophile" retorts: "But I can Bluetooth my signal to my MegaAudiotm 2500W 7.1 soundbar!". OK, maybe you can, but if you own one of those things, you're likely over 40 and can't hear anything above 17.5kHz anyway, or you're using Daddy's system. Either way, you still won't notice any discernible difference.
Point is, You could change the underlying service to be more security-conscious without changing the API. (It's not like slip-streaming features into a service or API hasn't been done before; I'm looking at you, Microsoft....)
Then what happens when they go the other direction and use infra-sonics instead? That's the technique Cinavia uses to watermark audio, and it's blended into the audible frequencies to make them hard to remove. Good luck trying to demand filtering out low frequencies, especially for those "audiophiles" that insist on feeling rather than hearing the music (meaning massive woofers and subwoofers).
And last week, the discussion thread was closed by Raymond Toy, a Google software engineer and co-chair of the W3C's Audio Working Group.
Toy argued that if a developer is allowed to use a specific audio sampling rate, no additional permission should be required – few users enjoy dealing with permission prompts, after all.
Isn't it more like there's no way to phrase the permission prompt that doesn't sound creepy?
Never good to have someone working for Google on the chair of something. They'll push all manner of nonsense through in the name of their employer.
The more devices you have that are controlled by a smaller pool of companies the less chance you have of privacy.
The likes of Brave are fighting the good fight (all be it hopeless) but when you look at what Nation states can do in secret, you have to ask what the likes of Google et al can do hidden in plain sight with the ability to influence and control OS and core APIs when they have no commercial interest in limiting the exposure of user information or privacy.
The US government seem toothless in the face of these US based but global companies that are now financially bigger than many countries GDP and have user bases that are vastly bigger than all countries, are we looking at a geographical country trying to limit the power and control of a virtual country? Who is your money on?
... it would be possible, on a non-rooted phone, to allow permissions on a basis of "yes but ask for every access or at least a log of when which apps ask for which services.
Permissions should also be more fine grained "access to your photos" seems reasonable if you are going to post pictures to Facebook ... But I'm pretty sure it analyses your entire camera roll.
Ideally I would like to give dummy permissions as well. So an app that wouldn't install with microphone access can be given a yes but just receive a silent (or filtered) audio stream; and a GPS "for regional purposes" can be blurred - I can see why an astronomy app might want to know where I am to within the nearest kilometre when I open it it but what I don't want it knowing my location to within 10 metres every second its open (or even worse, running "in the background", another place where Android is deliberately unhelpful as to what is really going on).
At least Facebook is only an app ... Having an entire OS under the control of an advertising giant is never going to be be an optimal situation.
Enable Developer, Settings: Developer: Running Services: Background services.
On startup I have a routine which removes things which automatically load themselves. Why should Text to Speak need to load itself when I have not invoked it? My email apps are set to only download when run and told to. Yet they all load on startup.
I generally hate posts that say "I've done this so I'm OK." But we have to face it, security will always take some effort and most people won't be bothered.
So, on my Android devices I have simply denied access to the microphone to any apps that don't need it in order to work - which is everything apart from the phone, sound recorder and conferencing app. It is hardly very difficult. I have ignored the dreadful warnings that sometimes appear. As I run Facebook in the browser that is also covered.
You must be really fun to hang around with, Charles 9.
You know full well there are many options to thwart things like this, but your predictable response is yet another scare tactic 'What if...' doom scenario suggesting it is futile to resist [insert undesirable thing here].
I guess you can't fix shill.
WRONG! You can fix shill, but you CAN'T fix Stupid OR Murphy. And Stupid is that I have to deal with on a daily basis (and by stupid, I mean someone who's told to look left and looks right, is told to turn around and spins a full 360, I kid you not).
"You must be really fun to hang around with, Charles 9."
Not so much they hanging around with me as I hanging around with them...and not by choice. All those things I'm talking about tend to come from firsthand experience.
Maybe, maybe not.
But I have one sure-fire solution : mute the speakers.
At home, of course, my speakers can be active, especially now that I have somewhat more time for YouTube. But I use uBlock Origin with NoScript on Firefox, so I don't see ads, therefor they cannot spout any ultrasonic anything.
With my laptop, I also use the same browsing configuration but, on top of that, I have my speakers muted. Good luck spouting any noise whatsoever.
So, whether or not an app is listening, I am the deep sea nuclear submarine that passes unnoticed.
to build a little ultrasound broadcasting device, that emits all sorts of random signals just to screw this kind of eavesdropping up. A smart system could even listen for covert ultrasound broadcasts, and either try noise cancelling techniques on it, or (much simpler) do the ultrasound equivalent of Brian Blessed bawling "Blood! Death! War! Rumpy pumpy!!"
Electronic countermeasures, if you like. Icon, well, because of Brian Blessed, of course
Now where is that Arduino kit?
Even better: "Okay Google, blood! Hey Siri, death! Alexa, war! Cortana, rumpy pumpy"
"to build a little ultrasound broadcasting device, that emits all sorts of random signals just to screw this kind of eavesdropping up."
Just do a web search for ultrasonic deterrents. There are many options to choose from which affect different creatures so likely use different frequency ranges. There's even one for deterring human teens which you may prefer, depending on your live-in family demographics.
AFAICS the only reason processing of ultrasound needs to take place is to add harmonics, and therefore "body" to audible sounds, e.g. speech and music. In he absence of any accompanying audible sound, it would be nice if ultrsiasonic frequencies could be discarded. I'm unsure whether this lies within the processing capacity of your average smartphone, though.
High-frequency audio could be used to stealthily track netizens
And lead them in other directions with a whole host of Quite Different Instruction Set Modules for Almighty Heavenly Space to Command with the Almost Perfect Controlling Mix of Adorably Pleasant Assets. Heavenly Outriders Pioneering with Outliers ..... Suitably Combat Hardened against/for the Temptations and Pleasures Arisen whenever Mixing UnEarthly Personal Wealth with God Given Treasures, is one Default to Consider Vital for/in All Advancing Enhanced Security Level Requirement Emergencies ......Current Extremely Troubled Times with Seriously Troubling Personal Spaces .
Surely that is not too hard to follow. How much simpler do you need IT to be? It is not as if the world is not awash and intoxicated with communicating devices and there are no already readily available tools for hire and/or purchase, with both being the result of practically free use.
And that has something which is normally billed and charged for, miraculously appearing out of practically nowhere where forever giving information freely for further intelligence processing to be enabled and rendered enthusiastically accommodating, is Favourite De Rigeur Default Weakness that Delights the Many Flowers in the Perfumed Gardens of the Lands of Milk and Honey with the Monies of Invisible Wealth, .... and is also a Highly Prized Strength in Sensitive IntelAIgent Security Circles and Clouds.
All of that can't be translated further .... so take a carbon copy of it which faithfully transcribes it into any other language and an Almighty Knowledge Spreads, Prized and Beautifully Misunderstood too, and at the Best of Exciting Times in the Service of Stealth for All Fully Understanding, are an Absolute Joy to Behold and Enjoy/Employ and Surrender to. :-)
I read a case report last year where the FBI had loaded audio signals into illegal porn files (for years), so that when they were played the audio would signal other tools (they did not expose them, but I expect MS Defender was one, I expect the Alexa/heygoogle products do also) that would detect the audio signature and report the location and signal/file played. It only makes sense that companies would get in on this tech for other purposes.
And now you know why your dog starts barking when you're at your computer.
How about web browsers going back to the idea that they are user agents instead of agents of the publisher? ...... kwhitefoot
Web browser using agents never abandoned the idea, kwhitefoot, and they are remarkably adept at adapting to and overwhelming markets which try to detain and restrain new information to which they have zero entitlement.
In Firefox you can disable the Web Audio API "AudioContext" to prevent this.
In "about:config", search for "dom.webaudio.enabled", and set it to "false".
To make sure it's properly disabled check the "AudioContext" section on https://www.deviceinfo.me
There's also browser extensions that exist to disable the API, but using the setting directly in Firefox is all that's needed.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
