• @Septimaeus@infosec.pub
    link
    fedilink
    211 months ago

    That certainly would make the data smuggling easier. What about battery though? I assume that requires inference and at least rudimentary processing.

    How would a background process do this in real time on a mobile device without leaving traceable evidence like cpu time?

    • @steveman_ha@lemmy.world
      link
      fedilink
      611 months ago

      What if its not streaming? What if its just cached for future access, e.g. next time the user opens the app (and network traffic spikes anyways) maybe?

      • @Septimaeus@infosec.pub
        link
        fedilink
        311 months ago

        That’s possible too, and in general I’d think a foreground application currently in use alleviates most of the technical restrictions mentioned (read: why we never install FB).

        But again we must assume some uncommon device privileges and we still haven’t solved the problem of background energy usage required to record and/or process a real time feed.

    • @BigPotato@lemmy.world
      link
      fedilink
      311 months ago

      Cox also sells home automation bundles which advertise “smart” features like voice recognition which are always plugged into the wall.

    • @BrownTree33@lemmy.ml
      link
      fedilink
      211 months ago

      Can it be implemented on pc? They often turned on and people speak around them too. Cpu activity much harder to trace when there are a lot of different processes. Someone can blame their phone, while it listening pc near by.

      • @Septimaeus@infosec.pub
        link
        fedilink
        411 months ago

        Yeah outside mobile devices I imagine there’s a lot more leeway technically speaking. I’d be far more inclined to suspect a smart TV or a home assistant appliance like Amazon Echo, for example. And certainly there are plenty of PCs out there that are 100% compromised.

        But it’s the phone that people often think of as eavesdropping on their conversations. The idea is stickier perhaps because it’s a more personal violation. And I wouldn’t put it past data brokers by any means. They would if they could. I’ve just yet to hear a feasible explanation of how they can without being caught. Hence my doubt.