Is Instagram Really Listening to Our Conversations?

We’ve all experienced ad tracking in action. You ask Google a question (e.g. ‘How long should I hold a plank?’) and browse through a few of the search results. Soon enough, your feeds get peppered with ads for things like protein supplements and gym memberships.

Sometimes, those searches can feel a little too close for comfort. Like when you meet with friends and start talking vacations. Someone mentions Mexico, and as if by magic, a guide to Cancun’s top ten places to stay pops up on your phone as a suggested read.

So what’s going on with targeted ads? Here’s a quick explainer…

Are Google or social media apps listening to my conversations via my phone mic?

The answer to this is no (or at least, not that we know of).

There are those situations where you haven’t searched or clicked on anything relating to a product. Nevertheless, you might have talked about it in real life. If you’re shown an ad relating to that product, you might think there’s only one explanation: your phone is secretly listening to you.

There are two good reasons why this theory doesn’t hold up:

Practical barriers

According to Welivesecurity, on average, we each produce around 430 megabytes worth of data each day through our speech.

A platform such as Instagram has around 800 million regular users. If it wanted to send targeted ads on the basis of some kind of rolling eavesdropping, it would need to be recording and storing an estimated 355 petabytes (10 bytes a day). After capture, if it’s going to be of any value to advertisers, all of that data would also have to be analyzed and contextualized in real or near-time.

In terms of feasibility, the computational and storage requirements of this whole approach make it very difficult indeed. Facebook can’t be listening to you all the time.

The law

In every country with a functioning legal system, it’s against the law for Google, Facebook or anyone else to covertly record your conversation and use it for ad tracking.

Now as we all know, the fact that something breaches the privacy rules doesn’t necessarily stop the big tech players from doing it. Take Facebook for instance: two years ago, the company was hit by a record $5 billion FTC fine for failing to protect data from third parties, serving ads through phone numbers provided for security, and for lying to users about the default settings on its facial recognition software.

So what’s different about speech-based ad tracking? Well, playing fast and loose with personal data is one thing. The big players can probably afford a slap on the wrist for it. However, if it turned out that a company had been covertly recording user conversations for ad tracking, it’s a whole different ball game. Fines and reputational damage would be catastrophic.

So basically, recording your conversations to serve you with ads is both too complex and too risky. And most importantly, the big companies don’t actually need to do it. They have other tracking tricks up their sleeve which can be just as effective…

Tracking basics

Tracking refers to the pieces of software and other techniques companies use to follow you online. The aim is to build a picture of your behavior and preferences to serve up more relevant advertising material.

Here are the most common ad tracking techniques you need to be aware of...

  • Cookies: snippets of code saved by your browser and stored on your device. They help companies build up an advertising profile on you as you move from site to site. Once popular, third-party tracking cookies are now being phased out. Safari and Firefox have already stopped supporting them. Chrome will also get rid of them by the end of next year.
  • Location tracking: with location tracking enabled on your phone or in a specific app, it opens the door to data-gathering companies to collect detailed information about the places you go. It’s valuable data for advertisers.
  • Device fingerprinting: this technique captures detailed information about your device’s characteristics (e.g. browser version, operating system, configurations and installed plugins) to build up a unique profile. From this, it’s possible to distinguish your device from others.
  • Advanced ‘privacy friendly’ tracking: super trackers that can browse your activity across all sites. Based on machine learning, you are automatically assigned to groups of people that share similar interests. Advertisers can then buy into these groups; so (in theory) you’re targeted as an ‘anonymous’ group member rather than an individual. Google’s leading the way on this with its new Federated Learning of Cohorts (FLoC) concept. You can read about it in our article.

So why does it feel like someone’s eavesdropping?  

Advertisers can easily build up a lot of information about you: e.g. demographics, buying history, device usage habits and interests.

And don’t forget: this includes geolocation data. So let’s say your phone is regularly in the same location as another phone. It’s a safe bet that you’re in the same social group.

So let’s take that Mexico example from the top of the page again. You didn’t search for Cancun holidays. But your friend probably did. The trackers ascertain that the two device owners are in regular contact with each other. In some way, you probably influence each other’s decisions and share similar interests. That’s why you get targeted with similar content.

This sounds bad. How can I stop it?

Turn off those trackers - especially location tracking. And opt for a privacy-focused browser: Firefox with uBlock Orgin, Brave and DuckDuckGo, Tor ​some options. To learn more about security, privacy and anonymity on the Internet take The Complete Cyber Security Course.

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Nathan House

    Nathan House is the founder and CEO of StationX. He has over 25 years of experience in cyber security, where he has advised some of the largest companies in the world. Nathan is the author of the popular "The Complete Cyber Security Course", which has been taken by over half a million students in 195 countries. He is the winner of the AI "Cyber Security Educator of the Year 2020" award and finalist for Influencer of the year 2022.

  • Blas González Rodríguez says:

    Great Content Nathan!

  • Carlos L. says:

    Thank you for sharing Nathan. Most people do not have this kind of knowledge and information, me included.

  • >