Some weeks ago, I saw an ad (sponsored post) on Instagram that surprised me. It was about a product I never googled, shared, liked, or talked about on any social network even in direct messages. I had a bad intuition: the only time this product came up was in a random chat with a couple of friends in a cafe. And the only way for Instagram to know about this was to listen to my real life conversations with the microphone.

Last week, I did an experiment to confirm this and the result is just as scary as you can imagine.

UPDATE: after reading the post, check the Part 2 here.

Context

I speak spanish, french and english. I usually mix these three languages: my roommate is from Argentina, my family is mostly spanish, my co-workers and friends speak french, and I use english for the rest. It’s important to understand the context because I want to show how much technology is involved in this experiment.

Experiment

I was in Spain with my family and we went hiking: from 7am to 3pm, 2300m altitude, very partial 3G, and my phone was in my backpack (iPhone 7 Plus, in low battery mode).

At some point I was talking with my cousin (in spanish) about a product I would like to buy: a micro projector connected in Bluetooth to share videos on a wall from my phone. I know that I never googled it, shared some ideas about it, or wrote it on any digital platform. It was a total random discussion. I remember saying stuff like:

It could be amazing to share some videos of our hike to the ones who didn’t come on a wall.

And my cousin replied saying that such products exist and we should try one.

That was a five minutes talk. Then we talked about other topics. It was a 6h hike and many conversations happened. But the one about the micro-projector was the only one referring to a specific product.

Result

I actually forgot about this discussion and went back home. The day after in the morning, I checked my Instagram and guess what, I saw a perfect micro projector ad on my feed. I mean, exactly the one I wanted:

Remember the context: 2300m with partial 3G in the mountains, low battery mode, and many discussions with five people, some in french and other ones in spanish.

Please Instagram, explain to me how you’re doing this. I’m a developer, I know how iOS and networks work, and I’m still very curious about the technology you’re using.

Conclusion

My iOS “Privacy” Settings were like this:

My first obvious conclusion is that Instagram is taping you when the app is in the background. The audio stream is translated to text on the phone (offline), and some patterns are extracted (offline). The final payload is probably smaller than the audio stream and can be sent by 3G. I was switching between french and spanish all day long. That means they have a lot of internal libraries to detect languages and do this audio processing. Maybe that’s why the Instagram app is 77 mo?

During the hike I remember trying to call someone on WhatsApp and the audio quality was so bad that I had to switch to text. I mention this because at this point the Instagram app couldn’t send a “raw” audio stream to a server.

Or: the audio is stored locally in chunks and then synchronised in the background to a server when the network is better (3h after the hike).

In any of the two conclusions: the microphone is used to record your environment. Today I’m 100% sure about this.

It’s honestly f***ed up.

Guys, what’s going on here. I’m not a kid and I know that most of the biggest companies today are doing crazy stuff with our data. But we are talking about nearly real time analysis of our private conversations without any warnings about this. At least, I haven’t seen any legal stuff mentioning that Instagram was allowed to use my microphone in the background to listen to me. If you know more about this (like this article), let me know.

For the moment, just turn off the microphone access in your settings and turn it on only when necessary.

UPDATE: after reading the post, check the Part 2 here.

Bisou.