Mobile phone bug suspicion: Targeted advertising doesn't need eavesdropping

The effect is always astonishing: You just talk about a topic, and shortly thereafter social networks or websites, for example on your smartphone, display matching advertising. The immediate temporal proximity suggests that smartphones or smart speakers have been listening in and transmitting the information to service providers. However, this is not necessary at all. Data linking and meta-data are perfectly sufficient for this.

Avast draws attention to the topic in a blog post. The company refers to an explainer video by Instagram boss Adam Mosseri. He apparently even had to convince his own wife that Instagram doesn't eavesdrop on conversations. He explains there that he has often had heated discussions about this and reiterates: "We do not listen to you. We do not use the phone's microphone to eavesdrop on you."

On the one hand, this would be a gross violation of privacy. On the other hand, the phone's battery would drain faster. And the smartphone would also display a small light at the top of the screen indicating that the microphone is on.

Meta-information reveals interests

If highly relevant advertising is displayed, according to Mosseri, it could be because affected individuals have previously tapped on something related to it, or because they initiated a search on a website about the topic. Instagram works with advertisers who try to provide targeted advertising to individuals. So, if you have sought a product on a website, you may be shown advertising for it, as advertisers pay Instagram to specifically address visitors of that page there.

Furthermore, Instagram also shows such advertising to contacts of users whom the company believes might also be interested in the products, Mosseri further explains. This is based on what their friends are interested in or what people with similar interest profiles currently find exciting. So you could be talking to someone who has already searched for the topic, or that people with similar interests have done so in general. A third point is that the advertising has already been displayed but went unnoticed – simply "scrolled past". Such advertising can still be registered by viewers and trigger interest later. Finally, Mosseri actually mentions coincidence – that can happen occasionally.

Tracking: Data collection and linking

The cause is therefore advertising tracking and data linking by advertisers or their service providers. Eavesdropping by smart speakers is also not necessary; they limit themselves before listening in and evaluating to an activation word that initiates this process. To reduce targeted advertising – it certainly cannot be completely prevented – Avast suggests restricting tracking by advertisers. This includes checking app permissions on smartphones and, if necessary, removing rights for microphone or location usage. If personalized advertising can be deactivated in the app, users should also do so. Web browsers focused on privacy can restrict tracking across websites (cross-site tracking). These include, for example, Brave, Firefox, DuckDuckGo, or the Tor browser.

Since advertising systems also group devices that appear to belong to a household or network, the use of shared accounts should be reduced. Browsing in incognito mode should also help reduce data collection. Avast also mentions the Do-Not-Track option, for example in apps and browsers. However, Firefox has removed it again, as it was largely ignored by websites.

It is somewhat ironic that Avast itself is drawing attention to the topic. After all, the company, now part of Gen Digital, had to pay a fine of 16.5 million US dollars for data sharing. The software from its own company was supposed to protect against surveillance on the internet, but it collected and stored browser usage data. The subsidiary Jumpshot sold the data collected from over 100 million users between 2014 and 2020 to over 100 advertising companies. Although pseudonymized, it was apparently identifiable again.

(dmk)