Big Tech isn’t that clever

Some people are convinced that Meta is eavesdropping on them through the Facebook app.

Rumors like these bother me and not because I’m a supporter of Meta. Rather, it’s because it delivers Meta way more power than they deserve and leads to despondent sentiments like this:

What’s the point? They have all my data anyway.
I’ll just accept that they’re listening to everything I say.

This kind of eavesdropping would be hilariously difficult to implement and conceal. Believing such rumors is like submitting to the Dark Side before realizing that Darth Vader’s lightsaber is made of plastic.

Meta, like most of Big Tech, acquires its power by exploiting money and the law. Not because they’re super geniuses with out-of-this-world technology¹.

Why eavesdropping would be hilariously difficult to get away with

When most people think of the Facebook app accessing the microphone, they probably have an image like this in their heads:

fb-to-internet-1

Already, this simplified architecture shows a weakness. It’s possible to turn the tables and eavesdrop on the Facebook app when it tries to communicate with Meta servers, as many have done already².

fb-to-internet-packet-sniff

But let’s look at the other side. Can the Facebook app actually access the microphone like that and conceal that it’s doing so?

If you make electronics, you probably use Digikey. A quick look at their microphone selection shows 1,821 results spread across 31 manufacturers.

The reality is more like this:

fb-app-microphone-chaos

That’s a ridiculous amount of work, even for Meta. Android and Apple, to make things easier on app developers, abstract away those details.

fb-to-app-platform-to-mic

And this is why it’s insanely difficult for Meta to pull this off. They have to go through the middleman that is Google or Apple’s phone operating system.

For one, it’s possible to swap the middleman for a modified one that exposes more information about what the apps are getting up to³.

Second, Google and Apple frequently regulate what apps are allowed to do.

Google has dropped functionality that apps were abusing.
Apple restricts access to sensitive APIs to protect user data.

If you don’t trust their motivations, know that they’re not regulating apps only out of the kindness of their hearts. That user data is valuable: Google and Apple both use it to sell targeted ads. Why would they let a third party app take it for free?

Not pessimistic or optimistic

Does this mean we have nothing to worry about? No: the USA does have a problem with monopolies. It’s suffocating competition and innovation⁴ and sucking the fun out of software engineering.

But what I am saying is: don’t engage in criti-hype and become paralyzed and awestruck by power that they don’t have.

References

Cory Doctorow’s ordinary mediocrities tag links to a ton of great posts on this subject. ↩
Here’s a news report featuring an EFF researcher demonstrating packet sniffing and an article tallying up data usage ↩
See TaintDroid ↩
RIP diapers.com , their product was better and Amazon didn’t like that. ↩