The Great Hack

I agree Mike you make some excellent points here.

Thanks Simon for taking the time to explain.

1 Like

It depends on the meta data… I wish it was easy… sadly it isn’t … or on the other perspective it is a good job it isn’t… context and situational awareness can help, but the complexity increases with the degree of how disparate the sources are.
Of course this is why honey pots, such as social media services are great targets, as the data is collocated.

Exactly as per my points. If legal you will have needed to have given your consent… and this may be in T&Cs that I am sure many don’t read… though you need to positively opt in now… but consumer beware. In the U.K. such data can only be lawfully held for specific reasons.
Otherwise in the UK it is illegal… clearly that is of little comfort if the disclosure is made within a country with different legislation, or the data is stolen…

What does genuinely surprise me is how much trust people put into foreign internet web services, including social media and commerce sites… though there is some anecdotal evidence I have heard that the younger generations are getting more savvy with this.

Again, not sure I agree. The collection of facial data is being done without consent. There are no T&Cs as regards this and nor is there any regulation or a body with oversight. It may be illegal in the UK but it is happening. Airport security. Shop and street CCTV and so on. Not sure a distinction between UK and non-UK is even relevant. It ought to be but it isn’t.

Take a look at your iOS or Android device. Look at the option for background updates on various apps. Download a good data tracking app. Wake up the next morning and check out how many of those apps sent data out overnight. The volume of apps and the amount of data is astonishing. Then compare the T&Cs for those apps (if you can find them) to their privacy statements (if you can find them) to the data you input when creating an account. Several mags have run these tests and your contacts; location; social media data and much more are being harvested outside of those apps; sent to servers all over the place and then sold without regulation.

The description I read recently was that facial recognition is plutonium. No positive purpose (read Schneier on this. He’s excellent) and needs regulation and banning. A good analogy I think.

It would be interesting to see the T&Cs for the hosts of this forum. I suspect it would scare the living daylights out of people.

I disagree, biometric recognition can be useful (finger scan, retina, facial, DNA, gate, vocal, etc) and even life saving in the right hands and controls and with the right regulation. I can only speak from my own professional experiences here. But it is good to have the debate and get it in the open… it’s when its hidden and covert suspicions are aroused.
As with all technology it can be mis used as well so as to cause harm, just like a vehicle to run down pedestrians… but we don’t say ban all vehicles or ban all pedestrians.
The key thing is legality, and cross referencing biodata to personal databases, this then becomes ‘sensitive data’ … Most of these biometric personal ‘sensitive data’ databases that I am aware of are government or government agency controlled. It is this cross referencing that is key (no pun intended). Facial or other biometric data that is not cross referenced and standalone is effectively anonymous and is like meta data… though this is where there are some grey areas I believe, hence my interest in the ICO investigation on Argent.
Clearly if you volunteer personal correlations on public web services such as Facebook then you should expect that to become public domain unless you are confident it won’t.

Mike, Naim’s Privacy Policy can be found here;

1 Like

Last night I was speaking very quietly in the house, my husband asked me why. I told him Mark Zuckerberg might be listening. He laughed, I laughed, Alexa laughed, Siri laughed.


I need to be clear that I’m talking exclusively about facial recognition as regards my comments to now and below. Biometric data in general terms is a different beast in some ways but identical in others.

The key points being that firstly there is zero regulation and hasn’t been in the 12 years or so it’s been a visible technology. As it fits the government and security services profile of the need for a surveillance society there’s little impetus for that to happen. It’s not really a matter of whether it’s hidden or covert. The misuse covers both covert and overt use.

Literally the only scrutiny at the moment is diligent individuals and the media picking up on what will get them some impressions and income. It is effectively the Wild West and 1984 rolled into one. At this point I would post the link to the Luke Stark article which labelled facial recognition as plutonium i.e. wholly toxic with no positive purposes at all and in need of similar levels of regulation as regards sales etc. Unfortunately it seems to have been locked down as gated research.

Easy enough to find others commenting on it though such as

Secondly, it’s owned and run by companies who don’t open their algorithms to public scrutiny. Facial recognition is already known to be great on white people but poor on the rest of the population so discrimination is inbuilt.

The uses you describe Simon have two problems. The first is that of not knowing either whether the relevant algorithms exhibit bias. The second is that it’s not clear they even do what they say they do.

So, for example, there’s little evidence that scans at airports are any more efficient or accurate at identifying anything we might want to know more efficiently than human beings or travel documentation. It has largely resulted in more false positives and the actual intent is to build a database rather than identify potential illegality or harm. We also now know that all the uses you list - retina, facial, viral etc. can be faked and relatively easily.

I’m not first why you maintain the fallacy that there is data which stands alone. Are you able to give an example? All data is gathered to be cross referenced even when we don’t know it. It’s truly disturbing stuff.

It’s interesting to read the Naim privacy policy as referenced by @Richard.Dane. It neatly examples some of the issues. I must emphasise at this point that I highlight these only because they’re at hand. Having spent some time writing privacy statements this past year the Naim one is exemplary. It’s not hard though to see how what we think of as a closed forum spreads much further than we might want to think about.

“To create anonymous, aggregated statistics. - we may use your birth date, location and other information to analyse the users to help inform decisions and marketing.”

“If you register to participate on our discussion forum your information will be held on servers located in the UK by third party service providers, Amazon Web Services, Inc and Linode LLC. and accessed by Naim Audio ltd. for the purposes of administering the forum.‘

“Transactions for records purchased from Naim Records will be handled by a third party provider, Bleep Stores.

Here is a link to their Security Policy:

which says

“Information we collect about you

With regard to each of your visits to our sites we may automatically collect the following information:

technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Information we receive from other sources

We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, [advertising networks], analytics providers, search information providers, credit reference agencies) and may receive information about you from them.”

Interesting and civilised discussion. Thank you.

By the time people have finished the thread they could have watched The Great Hack and in some ways learned much less.

Seems very civilised. Just the sort of policy one might expect Naim to engage with.

But don’t buy records from them on line !

They’re not listening in that way but they have an algorithm that can listen to your internet chatter.
I appreciate your attempt at humour and I also used to laugh when people said ‘they must be listening to me, I was just talking about Nike trainers and then I got an ad for Nike trainers sent to my phone’.

True, they themselves only listen for their activation keyword - to do anything else would be contrary to data protection and/or freedom of information legislation in both the EU and the USA, and the misuse of computers act in the UK (and equivalent in the EU), and various pieces of federal security law in the US. The devices (and software running on them) don’t listen noting everything, they do however interpret everything through their voice decode algorithm in order to listen for specific keywords.

However the apps that people run on them are sometimes administered from jurisdictions other than the EU and the US; these apps are free to listen for other keywords. The data thus collected can be sold through 3rd party brokers (also in non EU and US jurisdictions) and the data stripped of information identifying the jurisdiction under which they were gathered, they can then perfectly legally be sold on to other brokers in the EU and US and ultimately bought by companies who cannot know the legality of the gathering of the data, only knowing that the source form whom they bought the data did indeed acquire it legally.

The first part of this process neatly bypasses the jurisprudence of the EU and US courts whilst the second part legitimatises the acquisition of the data. Data laundering: analogous to money laundering!

Xanthe, indeed with Amazon’s Alexa, it’s not so much the listening in, as the word activation processing is necessarily optimised to an utterance source, and so unless you have hacked the Alexa device to bypass the Amazon processing functions it can’t sit there capturing everything and forward on fir capture, or at least I can see no way of doing that…
However the personal data gained from using a particular app and service from an unscrupulous or unlawful service provider is effectively off platform, and can be sold or forwarded as you say.
Again it goes to what I always say, only use web and internet services that you need to personally associate with where you trust the service and app provider.
An app with a funny logo and delivers a quirky or amusing feature, but from a company you have never heard off, might be doing more than you think.
Would you invite a stranger you saw in your high street into your house and leave them alone?
It makes me think of the children catcher in the film Chitty Chitty Bang Bang… and many people are like children with toys in the world of information technology.

1 Like

Our Alexa will wake up if I mention a former leader of the Scottish National Party…Alex Salmond!

Fortunately, no Nike trainers were involved.

A couple of weeks ago I was sitting in a friends house. We were discussing a specific item that he might need. His Samsung phone was sitting unused on the table between us. Later, when he picked it up, he opened a browser and saw an ad for the exact item we were discussing. It was something he didn’t know existed until I suggested it, so unless you believe in coincidence…

1 Like

I’m not sure if this is a serious or well-researched response. I say that with no intent to insult. I’m just a little taken aback.

There have been multiple reports of constant activation and revelations about ongoing recording, to say nothing of the recent stories of staff listening to said recordings for purposes of “accuracy”. How about we then add in the already conceded truth from research that the voice recognition triggers in response to white male voices but constantly fouls up female voices and anyone with an accent which doesn’t fit any of the above. This despite the profile of Alexa being created by a woman!

Some light reading.

Mike it’s fairly simple… if you follow the development guides you can see what you can can not do currently with Alexa… the circular buffer does indeed constantly listen, and then passes out for verification to Amazon once it thinks it has a trigger to wake up.

Only 36 replies from 10 people on a subject that could have already been effective in manipulating the democratic process in countries as globally important as the U.S, India and the U.K. We can only guess at how China and Russia are using similar methods to keep their own governments in power.
Perhaps it’s just not as interesting as a Naim Fraim or Perhaps this is the wrong place to try and start this type of debate or perhaps we’ve been bombarded with so much political b******* over the past few years that a real apathy has set in.

Bob, to be fair, as I understand it, you would have to be a Netflix subscriber to be able to see the documentary in question, so not everyone will have done so.

Speaking personally, I haven’t been able to see it yet - I can’t reliably stream video here so Netflix et al. are a waste of time and money - but I definitely will as soon as it’s available on either disc or terrestrial TV broadcast.

Your probably right Richard and I do recommend you watch it when you can, even though it does have some inconcistencies it’s still a compelling documentary.
If our members are interested and do have broadband capable of streaming then Netflix’s 30 day free trial is open to all new members or previous members with a different e-mail address.