back to article Shhh! Shazam is always listening – even when it's been switched 'off'

A security researcher has discovered that when the Mac version of Shazam is switched off, it simply stops processing recorded data. The recording itself continues. The music identification service admits the behaviour but says it only keeps recording purely for technical reasons. Patrick Wardle, a former NSA staffer who heads …

Page:

          1. Charles 9

            Re: Overreaction?

            "Maybe you can't please everyone, but giving the user the option to choose whether to leave the mic on would go a long way.as would being transparent about it."

            But there are people out there who don't like choice, or even the appearance of choice: Information Overload. Like I said, there's just no pleasing some people.

        1. Francis Vaughan

          Re: Overreaction?

          "What can you do?"

          Hinted at in above comments. Simply tell the user exactly what is happening, and provide choice.

          A. Actively listening and identifying what is happening.

          B. Passively buffering the last five seconds of sound so that it can avoid missing the music.

          C. Off. Not doing anything.

          Easy. They could even add a config option "remember x seconds of sound" for B. And add the usual disclaimers "app does not retain any sound longer than the xxx seconds. Doing so may reduce battery life." Nobody would care and indeed many people would probably turn the buffer up to whatever the maximum is.

        2. bombastic bob Silver badge
          Unhappy

          Re: Overreaction?

          "But what happens when the sound you want to search happened five seconds ago?"

          someone else already suggested they add an option for that "feature". You know, on, pause, off; or perhaps, on, off, "no, seriously off". whatever.

          And the audio may not be tracked by *THEM* but a back door trojan horse application *COULD* perhaps 'hook' it and leverage the user's cluelessness with respect to having the microphone on whenever that application is left running...

          [maybe we can blame the "TSR"-ness of phone applications, too? Must they REALLY 'stay running' all of the time?]

        3. Queasy Rider

          Re: any number of those, "Damn, just missed!"

          If that is happening that often, then just leave the damn app running, after all, as has already been pointed out today, all your personals have already been slurped by multiple entities, led by Google.

          1. Anonymous Coward
            Anonymous Coward

            Re: any number of those, "Damn, just missed!"

            Drains the battery when you do that. I need it to be able to start recording immediately after I press "Listen," not take three seconds fiddling like crazy by which time the song's ended.

  1. Greg D

    Can see why, but they should be up front about it

    To be fair, the reasons they gave are acceptable from a technical standpoint - it really would make song recognition less good at its job when people want to identify a song - I know what the scramble is like when the song's about to finish :)

    However, they should be clear about the behaviour as some people won't want that - the power draw on mobile devices is the first issue that comes to mind, followed closely by privacy concerns by would-be attackers using it as a potential attack vector.

  2. cd

    Click Uninstall...Shazam, it's removed.

  3. bish

    Meh

    Honestly, if you have serious privacy concerns and you're using a service like Shazam, you're a fool. However much they process (a handful of FFTs, I assume, with some proprietary nonsense seasoning) and encrypt the audio, you're still taking your personal audio and sending it over the Internet. The idea that such a service could be made 'safe' just creates a false sense of security. If you're worried about someone listening in, don't install software designed to listen in. Shazam probably ought to have been more upfront about how its software works, but come on - surely if you're really concerned about privacy, that takes precedence over your desire to find out what's playing on the radio?

    1. pSy

      Re: Meh

      I generally couldn't give a fuck about what's playing on the radio. My privacy, as and when I choose it to be my privacy, is a tad more important than some hit parade melody. Regardless of context.

    2. bombastic bob Silver badge
      Meh

      Re: Meh

      "surely if you're really concerned about privacy, that takes precedence over your desire to find out what's playing on the radio?"

      well, might be easier to:

      a) look on the 'what is playing' section of the station's web page [a lot of them do this]

      b) if it's internet streaming radio, you'll see the ID text displayed [probably]

      c) who really cares, since RIAA only excretes CRAP these days, with rare exceptions

      and anyway, Shazam probably wouldn't recognize anything _I_ listen to, from JPop to old jazz. Except, maybe, for decent 'more modern' stuff like Muse or Metallica.

      1. Charles 9

        Re: Meh

        "a) look on the 'what is playing' section of the station's web page [a lot of them do this]"

        Not that handy to do when you're on the go, especially if you don't know WHAT station is playing, or even if it is a radio (it could be a dedicated stream personalized for the shop, so no playlist), and then by the time you open up the website and look it up, it could already be on the next song and they keep no history.

        b) if it's internet streaming radio, you'll see the ID text displayed [probably]

        Unless it's a PRIVATE stream. See (a).

        c) who really cares, since RIAA only excretes CRAP these days, with rare exceptions"

        What about stations playing older music, say from the 50's through the 80's? If you're going to say this music is crap, either you have a tin ear or you just don't like music, period.

        PS. Shazam and the like are actually QUITE good with older music since it tends to be pretty popular. Foreign music may be another matter unless the music provider keeps an international database.

  4. NanoMeter

    Removed Shazam

    from my Android phone. Just in case...

  5. Sam Therapy
    Thumb Down

    Weasel words

    Taking privacy seriously is *not* the same as respecting it and ensuring it.

    The problem with language, particularly English, is that it's so malleable it's possible to imply many different things by saying nothing of the kind.

  6. anonymous boring coward Silver badge

    " the user's decision not to leverage our app's functionality"

    Is that the same as "the user's decision not to use our app"?

    Or does "leverage" have some magic meaning I don't know about? Makes you a manager if you utter it enough times, perhaps?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like