As we mentioned in our “what’s new in iOS 9” article, the “improvements” that Apple added to Siri in iOS 9 may be a privacy nightmare (even more than previously).
Let’s start with a few facts:
1. When you talk to Siri, what you are saying is being recorded, and sent off to Apple’s servers.
2. Apple stores those recordings for up to 2 years. For the first six months of the storage of your words, in your voice, the recording is associated with a randomly generated number (so not directly with your Apple ID or phone number); after six months the recording is disassociated from that number, but still may persist in Apple’s archives for up to eighteen more months. (For a great article about this, read Wired’s Apple Finally Reveals How Long Siri Keeps Your Data.)
3. Just this year it was confirmed that Apple shares your Siri voice recordings with 3rd parties.
Guys, I’m telling you, if you’ve said it to your phone, it’s been recorded… and there’s a damn good chance a 3rd party is going to hear it.
“Siri and Dictation If your iOS Device supports Siri and Dictation, these features may allow you to make requests, give commands and dictate text to your device using your voice. When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text and to process your requests. Your device will also send Apple other information, such as your name and nickname; the names, nicknames, and relationship with you (e.g., “my dad”) of your address book contacts; song names in your collection, and HomeKit-enabled devices in your home (e.g., “living room lights”) (collectively, your “User Data”). All of this data is used to help Siri and Dictation understand you better and recognize what you say. It is not linked to other data that Apple may have from your use of other Apple services. By using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and dictation functionality in other Apple products and services.
Curiously, all reference to Siri and dictation has been removed from the iOS 9 user agreement, which suggests to us that it will remain the case that the only way one can get iOS 9 is by upgrading from iOS 8, so you will have already agreed to the sharing of your Siri recordings (either that or Apple legal will update the iOS 9 TOS for devices that ship with iOS 9 on board).
Ok, so now that we have those points out of the way, here is one of Siri’s new functionalities:
Have Siri Search Your Pictures by Location or Date
Yes, that’s right. You can now say things like “Hey Siri, show me my pictures from Burning Man”
And in the blink of an eye, Apple will have stored the fact that you went to Burning Man, and have pictures of it in your camera roll.
And, if you use Apple’s Photo Stream or iCloud storage, well, then those pictures are on their servers too.
And, and this is a very important point, while Apple uses a unique number identifier attached to the Siri recordings instead of your Apple ID, nowhere does Apple say that they don’t have that unique number associated with or cross-reference with your Apple ID.
In fact, why would Apple choose to “disassociate” the recordings from the unique number, after six months, if that number meant nothing whatsoever? So, our money is on that they do in fact have a way to identify you (or at least your device) from that number. For six months. After you say whatever incriminating thing you may have said.
You get the idea.
But wait, there’s more!
Tell Siri how Your Contacts are Related to You
With this nifty little feature, you can tell Apple’s servers (and their subsidiaries, and of course law enforcement agencies) how the people in your Contacts are related to you.
Put this all together and it makes it that much easier to divest yourself of any shred of privacy.
You may be tired of us reminding you of the fact that government agencies don’t need a warrant for any data stored in the cloud for more than 180 days, but it bears repeating here (which is why we just did).
And even if you are sure that you could never be a person of interest to such an agency, someone you have identified as a relative, or who is in your photo library, may be.
Or, even, you may place yourself in a location of interest.
It’s not at all hard to imagine a law enforcement agency asking Apple to give up all Siri records that mention a particular location and/or date.
“Hey Siri, show me pictures of my trip to New York City.”
“Hey Siri, show me photos from September 11th, 2001.”
“Hey Siri, Mohamed is my cousin.”
And suddenly, you are a person of interest.
Even if you can’t imagine a scenario like this (hello, have you heard of our NSA?), do you really want unknown people, “subsidiaries”, and agencies having access to that data?
No, we thought not.
|Get notified of new Internet Patrol articles!
You might also like some of our other articles: