why does it need to be device agnostic?

happy to get into into these subtopics, but it’s also possible i may not be understanding you properly because i agree with alot of what you just said.

what are you attributing the close to 0 probability to?

if you wanna say “whats the probability that CMG was at least partly talking out their arse about their capabilities (and especially any claim they were currently in possession of that capability)?”

i’d also give it like >90% probability they (CMG) are full of shit. in which case you could say i agree with you (to within say 10% error margin).

if you’re instead saying the probability is ~100% that audio surveillance capability cannot possibly currently exist outside TLAs because “someone would’ve published it already” then i really cannot agree. (and afaict that ars article does not support that stance either)

Not disputing the three letter agencies

The capability they were claiming to have would make a three letter agency very excited.

sorry i didn’t understand. didn’t you say you don’t doubt TLAs likely already have this capability?

oppressive regimes

most (all?) of whom are operating outside typical legal constraints and likely already have access to the million dollar exploit trade which already exists.

further, i’m not sure how this changes the landscape anyway? its not without precedent that variations on capabilities can be useful to more than one market segment concurrently?

trivial to discover and flag as malware

can you explain further what you mean by this? i’m not sure there’s anything trivial about conclusive analysis of the deep complexities and dependencies of modern smart devices

Apple and Google would also be very keen to find and squash whatever loophole let’s them record without showing the notification.

historically we’ve seen google can take over half a decade to address such things, afaict (welcome correction on this) apple’s generally been faster to respond, and i do agree apple’s current public image attire would be contrary to be seen to enable this. [not simping for apple btw, just stating that part of their brand currently seems to be invested in this]

in reality there are a confluence of many agendas and there’s likely ALOT of global users running non-bleeding edge or other variations on the myriad of sub-system components, regardless of what upstream entities like google implement. if you are aware of any conclusive downstream binary analyses please link

which if true would have been exposed/validated by security researchers long ago.

i agree the probability of discovery increases over time. and the landscape is growing more hostile to such activities. yet i’m not aware that a current lack of published discovery is actual proof it’s never happened.

tbh we have our doubts this leak is directly connected to solid proof “they are listening”.

but we’re not currently aware of any substantiated reasons to say with certainty “they’re absolutely not listening”

well they’re an ad company, so being full of shit is pretty much mandatory.

but i’m not aware of any evidence they’re actually 100% full of shit on this exact issue or not? can you explain a little more how you know for certain they’re full of shit. or you just meant “they’re most likely full of shit”?

honestly i think this is due to unplanned voice calls essentially being broken technology now.

imagine we had 2020s email spammers while mail servers had 1990s spam filters, that’s basically where we’re at now with unplanned voice.

you make excellent points, but not sure i can agree with your conclusion

if we had full source a variety of automated analysis and hardening tooling could be applied which is much much more efficient compared to parsing the arch docs.

cos nothing proves “microsoft <3 opensource” like releasing a project over ⅓ of a century old

great news, openai keeps getting more open by the minute

/s

out of interest, how would that hostile SMS URL work with those SMS preview things alot of mobile SMS messaging implementations use?