The Citizen's Guide to the Future

Aug. 21 2014 10:03 AM

The Nasty Rumor About a Hurricane Heading to New Orleans

Aug. 29 is the ninth anniversary of Hurricane Katrina’s landfall. This year, thankfully, it’s almost certain that New Orleans can breathe easy, despite rapidly spreading rumors to the contrary.

The latest chapter in amateur weatherperson crazy talk was posted Tuesday night on Facebook under a banner labeled “SHARE IMMEDIATELY IF YOU SEE THIS.” (Pro tip: “Share immediately” in all caps may be a giveaway that perhaps you shouldn’t take the information thereunder very seriously.) Unfortunately, lots of people did “share immediately.” Since Tuesday, the post has spawned numerous media reports (including one from the local Times-Picayune) and is needlessly freaking out people who deserve a chance to not be freaked out by fake hurricane threats after dealing with so many real ones in recent years.

Video Advertisement

Aug. 20 2014 2:22 PM

Why Smart People Fall for Fake News

This article originally appeared in Science of Us.

Earlier this week, Facebook announced a plan to start testing a “satire” tag, which you may soon find affixed to headlines like “Tips for Being an Unarmed Black Man” from sites like the Onion and ClickHole. And although on its surface, the move sounds a lot like a headline from the very satirical sites Facebook intends to warn its users of, the social-networking site may be on to something. 


Because, as the Washington Post’s Caitlin Dewey points out, this isn’t just about satire; it’s also about the problem of purposely false “news” stories. Lesser-known and less obviously joke-y sites like the Daily Currant, Empire News, National Report, and the News Nerd will get the “satire” tag, too. So this could actually be a step toward addressing the problem of hoaxes spreading wildly online, by cutting them off at what has become many people’s main source for news: Facebook.

What Dewey fails to mention, however, is that the Post itself fell for one of these satirical headlines just last year, citing a Daily Currant report that Sarah Palin was joining the news network Al-Jazeera America as a contributor. (She wasn’t.) Palin, for perhaps obvious reasons, is a recurrent figure in fake headlines that tend to trick real news outlets: In 2011, Rachel Maddow fell for a (fake) Christwire column calling for Palin to lead an American invasion in Egypt. About a week later, both Time and US Weekly reported on a fictitious fight Palin was supposedly trying to pick with Christina Aguilera over her botched lyrics to the National Anthem at the Super Bowl that year.

So, why do people—even smart people—fall for fake news? For one, it happens most when we’re not paying close attention, said Dannagal Young, an associate professor of communication at the University of Delaware. (Next month, Young will begin a study on irony comprehension.) “This isn't about ‘shortened attention spans,’” she said in an email to Science of Us. “This is about an overabundance of decontextualized snippets of info.” Facebook headlines and Tweets simply don’t consistently provide the cues one would need to distinguish weird news from fake news, “unless the [source] is consistently ironic,” Young said.

“Think about the drama over Colbert's ‘ching-chong ding-dong’ joke,” she continued. “That joke, in its original context, was ironic satire, juxtaposing the response of the Redskins' owner with an equally offensive and laughably racist gesture made by Colbert.  When Comedy Central tweeted it, without context, people were robbed of their ability to integrate non-verbal and context cues into their processing of the joke ... and they got pissed off. At Colbert. For being racist. Ahhhh, the irony!” 

Hudson Hongo has a bird's-eye view on all this joke-missing as curator of Literally Unbelievable, the Tumblr that catalogues the very sincere Facebook reactions from people who took an Onion headline seriously. He’s noticed that certain “official”-seeming words tend to fool people; for example, one of the Onion articles he saw the most reaction to last year was headlined, “Poll: Majority of Americans Approve of Sending Congress to Syria.” He says, “People just saw ‘poll,’ ‘majority’ and "Syria" and decided it was a story about how Americans wanted to go to war.”

Processing irony requires some complex juggling of new information with old information housed in your memory, all of it filtered through context cues, Young explained. And some people are simply less inclined to want to do that. “For example, people low in need for cognition—folks who tend to dislike thinking too much—would tend to favor simple, likely physical humor over more complex or text-based humor,” she said. “Next, people with a lower tolerance for ambiguity—who are uncomfortable with implicit or unstructured situations—would tend to favor humor that is explicit and unambiguous over that which is more nuanced, like irony.”

On a similar note, another common thread Hongo has noticed is something he calls “political wish fulfillment.” Sometimes, people just kind of want to believe the fake headline. “During the last election, lots of people believed the story ‘Obama: 'Help Us Destroy Jesus And Start A New Age Of Liberal Darkness' because it confirmed the insane things they had suspected all along,” he said. “Same thing with Planned Parenthood's infamous '$8 Billion Abortionplex,' which Literally Unbelievable caught a congressman posting as legitimate.”

Then again, sometimes the fake stories that catch on are unexplainable. “Right now, the story people are falling for is ClickHole's ‘5 Tragedies Weirdly Predicted By Adam Sandler,’” Hongo said. “So who even knows.”

Aug. 20 2014 12:39 PM

Why I’m a Climate Change Alarmist

I’m sick of having to hide it, so here goes: I’m a climate change alarmist.

There, I said it. After years of fighting off Internet trolls and being ridiculed on Fox News for caring about the Earth and its inhabitants enough to make big changes to my life, I’ve had enough. It’s time that we climate change alarmists reclaim this dismissive term and defend ourselves.


Many of us have been lambasted for talking about the fundamental health of the planet. Climate scientist Kerry Emanuel has written “those interested in treating the issue as an objective problem in risk assessment and management are labeled ‘alarmists,’ a particularly infantile smear considering what is at stake.”

Now, I’m also an optimist. I’m convinced that humanity has the ability to tackle the problem and come to international agreement on how to do so in a fair way. It simply must happen. But for something so serious, it seems like there’s a general lack of alarm, a lack of emotion, and—to be blunt—a lack of ambition to act with the scale and urgency the issue requires.

Tragically, there’s a vast mismatch between our actions to date and what’s needed. This isn’t just another big environmental issue. When the ozone hole was discovered decades ago, the world got together and agreed to change the chemical used in making refrigerators cold. In hindsight, that seems incredibly easy compared to this. Climate change cuts to the core of who we are as a civilization and what kind of world we want to create for our kids. Perhaps understandably, that’s meant that a lot of smart people are really pessimistic about our future.

I may be optimistic, but I’m not naive. I know that the vast majority of humans don’t make daily decisions based on analyzing scientific charts and graphs. The climate change alarmism community has made some strategic mistakes by incessantly focusing on the science and expecting grand changes. In my view, to make any sort of real progress, we’ve instead got to embrace our humanity—and yes, that means shedding the occasional tear when the reality of our situation really hits home.

Last year, days after watching his home country, the Philippines, utterly destroyed by Typhoon Haiyan—the strongest tropical cyclone landfall ever recorded worldwide—climate commissioner Yeb Saño broke down in the middle of the United Nations’ international climate change negotiations, saying “we cannot sit and stay helpless staring at this international climate stalemate. It is now time to take action.” His tears motivated an impromptu global movement. At this point, we need fewer lightbulb-changing PSAs and more of this.

As a scientist and journalist, I’m not supposed to have emotions. I’m supposed to calmly report researchers’ findings as if my family and I weren’t also being affected. But looking at the data in as much detail as I have, it’s impossible not to be alarmed. On an average day, I’m also disgusted, terrified, and angry.

So why aren’t more people outraged?

Few things are more important to human life than the environment, but hundreds of generations of experience have baked in a reasonable assurance that the future will be approximately like the past.

For the first time in human history, it won’t.

Save the specter of nuclear war or an Armageddon-style asteroid strike, there’s really not much that could wipe us out as quickly as climate change. Those two things haven’t happened (yet), but global warming is happening, right now.

The biggest problem with responding to climate change is that at the human scale, it’s impossible to fathom what’s happening. The problem isn’t how hot it’s getting (it’s been hotter before for different reasons) but the sheer rate of change. In a sentence, here’s what’s happening: Carbon-storing rocks, gas, and oil that took millions of years to accumulate are being returned to the atmosphere over a period of a few decades—almost instantaneously. That’s producing geologic-timescale changes in the span of a single human lifetime.

If you’re a piece of basalt, maybe you can think on geologic timescales. I can’t.

Within our lifetimes, we’ll almost assuredly enter a climate phase that hasn’t been seen since before humans even existed. And the scarier thing, for me, is what’s needed to get back on track. The scale of the problem demands a revolution in thought and action. Pioneering climate scientist James Hansen, who recently quit his job at NASA so he could protest more effectively, is calling for a “human tipping point.”

A lot of us get a mental short circuit when we think about climate change. It’s so crazy, it can’t possibly be happening, right?

The most visible manifestation of this is the debate between hard-core climate activists and vocal skeptics who deride the scientific consensus. I think this is distracting, so I’ve tried to largely remove myself from it. (Don’t feed the trolls, right?) There’s been a fascinating line of research lately that examines something called “stealth denial.” It’s become clear that vast sections of society—including people who can really make a difference—have largely tuned out climate change. This seems to be happening for three reasons: They believe they don’t contribute to the problem that much, they believe that the problem is so scary that they hope it goes away, or they believe their individual actions to help out won’t matter that much anyway. Here’s what our message should be: You can make a difference. In fact, you’re our best hope.

In last week’s Slate Culture Gabfest podcast, there was a fabulous discussion of talking about the weather. In conversations with friends, it’s clear that there’s a growing realization that something is somehow different. In the Gabfest, Dana Stevens said she thought that weather and climate has recently re-entered public discourse in a way that’s new: “The two things are woven together in ways we can't extricate.” John Swansburg lamented the loss of the traditionally easy conversation starter: “Talking about the weather brings up all these fears and anxieties that maybe it didn’t in the past.” The hard part is turning that fear and anxiety into real change.

It’s clear to me the status quo isn’t working anymore. It’s time to shake things up. Our actions for the next few years and decades will determine if basic things like agriculture and coastal living can continue on for the next hundreds of years in vast stretches of the planet. More importantly, it’s time for us to embrace the range of emotions we feel when confronted with the realization that the planet we’ve known for generations is fundamentally changing. Right now, with calm, clear rationality, big corporations and their friends in Congress continue to claim that they've got everything under control.

And if that isn’t something to be alarmed about, I don’t know what is.

Aug. 19 2014 6:38 PM

Symantec Is Ditching Antivirus for an All-in-One Norton Security Suite

In May, Symantec's senior vice president for information security, Brian Dye, said something kind of amazing. He bluntly stated that antivirus is dead. But he hadn't gone totally rogue, in spite of the fact that he works for an IT security company best-known for its antivirus products. Symantec as a whole was preparing to shift gears. Now Norton Security is here.

If you've always been kind of confused by the difference between Norton Antivirus, Norton Internet Security and Norton 360 (which comes in Multi-Device and Premier Edition versions) you will never have to learn! That's because Norton Security is an effort to merge Norton products into one subscription service. Instead of paying for different components to protect against different things, it'll all be there in one place.


You'll be able to register as many as five devices on your Norton account across desktop and mobile—Windows, Mac, Android, and iOS will all be supported. And if you want cloud storage for backups you can pay more for Norton Security with Backup. That's it.

Norton Security is still in beta, but CNET reports that the ballpark for pricing is around $80 to $100, comparable to current Norton offerings. Hopefully the new product will be a step toward taking cybersecurity out of the dark ages for home users, and providing easier access to new techniques as cyberdefense strategies continue to evolve. It can't be more annoying than the old Norton.

Aug. 19 2014 3:40 PM

Imgur, Reddit Team Up for Web Data Research Platform Aptly Named DERP

Since they have such extensive data access, Internet services experimenting on their users isn't really surprising. But as examples of the practice trickle out, people have felt increasingly uncomfortable. Now Imgur, Reddit, FARK, Stack Exchange, and Twitch are all partnering to create a platform where academic researchers can do transparent and publicly accessible data projects.

And it's aptly named the Digital Ecologies Research Partnership ... or DERP!

It remains difficult to conduct good cross-platform analyses in academic research. By bringing a number of community sites together under a single cooperative effort, we intend to lower the friction of doing so ... DERP will only support research that respects user privacy, responsibly uses data, and meets [institutional review board] approval.

This doesn't preclude companies from keeping a private stash of data if they want to, but DERP is meant as a pipeline for academic inquiries and data requests. A list of DERP fellows includes researchers from Harvard, MIT, Georgia Tech, and other institutions. 

Tim Hwang, Imgur's head of special initiatives, told the Guardian that, “In most cases, the data provided through Derp will already be accessible through public APIs. Our belief is that there are ways of doing research better, and in a way that strongly respects user privacy and responsible use of data.”

Hwang points out that DERP can assist with research into things like social interaction and information sharing on the Web, as in Stanford's altruism study on Random Acts of Pizza (a subreddit) that was published in May.

It doesn't change a company's ability to do what it wants with your data, but at least DERP has a chance of making academic Internet study less, well, derpy.

Aug. 19 2014 11:42 AM

Another Unpronounceable Icelandic Volcano Is Getting Ready to Explode

With a fidgety volcano on their hands, officials in Iceland have begun preparations for what could be a busy week.

An intense earthquake swarm began Saturday deep beneath Bárðarbunga, Iceland’s largest volcano complex. (Here’s how to pronounce it.) As of Tuesday, the Icelandic Met Office cautions there’s no evidence yet of magma moving toward the surface or that an eruption is imminent. Still, Iceland is springing into action, which suggests the threat is real. These people know their volcanoes.


Due to the weekend’s heightened seismicity, on Monday the Icelandic Met Office raised its aviation color code for Bárðarbunga to orange to signify a “heightened or escalating unrest with increased potential of eruption.” (In response, the stock price of Icelandair fell by 4.35 percent.)

Prime Minister Sigmundur Davíð Gunnlaugsson met with civil defense officials on Monday, and roads near the remote volcano have been closed. Iceland Magazine reports that Iceland’s National Commissioner of Police has declared a Civil Protection Uncertainty Phase, increasing surveillance of the volcano and its surroundings. The Icelandic Coast Guard deployed additional seismic monitors by helicopter over the weekend.

[Update, Aug. 20, 2014: Iceland's National Crisis Coordination Center has been activated, and a large uninhabited area surrounding the volcano has been evacuated. The Icelandic Met Office reports that about 1,000 small earthquakes occurred near the volcano on Tuesday. Also on Tuesday, Iceland's Civil Protection raised the nation's threat level from Uncertainty Phase to Alert Phase.]

The Icelandic National Broadcasting Service has positioned a webcam to keep an eye on the volcano.

How likely is an eruption? And how bad could it be?

Bárðarbunga is a big volcano directly beneath Iceland’s largest glacier. Over the past 10,000 years, it has erupted “more lava than any other volcano on the planet.” Still, not much is known about it, mostly because it sits below so much ice. Plus, the last major eruption here was more than 100 years ago.

In a country so defined by its seismicity, even the politicians are scientists. Geologist Ari Trausti Guðmundsson was a presidential candidate in 2012, and he laid out a broad overview of possible scenarios in a blog post Monday:

It is impossible to predict how the processes will develop. A volcanic eruption could start under the ice east or north of Bardarbunga. In this case it would produce ash and pumice but in unknown quantities and with an unknown force. A large flood (jökulhlaup) is not to be ruled out and the flood path would most likely follow the glacial river Jökulsá á Fjöllum in the northeast of Iceland.

An eruption could, however, commence outside of the Dyngjujökull outlet glacier as a lava-producing event. In that case, air traffic disturbance is highly unlikely.

The third scenario would be a combination of the other two.

GPS measurements from a station just north of Bárðarbunga in recent days show movement well beyond the bounds of readings taken over the last year.

Via an email conversation, Gísli Pálsson, an anthropologist at the University of Iceland agreed that even in Iceland, an earthquake swarm like this is raising eyebrows. “There is a risk of false alarm, but on the other hand we should try to be objective and say something immediately. The alarm signal is orange and rescue teams are preparing for eruption. This could either be outside the glacier, with floods to the north, or under the glacier, with risks for air travel.”

Before this week, earthquake activity near Bárðarbunga had been increasing for years. It is near the apex of the Mid-Atlantic Ridge that separates the North American Plate from the Eurasian Plate.

An Icelandic anthropologist at the University of Oslo, Ásdís Jónsdóttir, said that judging by the region’s history, a large-scale event isn’t out of the question:

It is perhaps interesting to note that the theory is that Iceland is formed because a hot-spot and the mid-Atlantic ridge coincide. This part of Iceland (Bárðarbunga-Grímsvötn) is thought to be at the center of the hot-spot. Bárðarbunga and Grímsvötn have fed some of the largest eruptions in Iceland, such as the catastrophic 1783 eruption in Laki (not situated under the glacier) which is the greatest natural disaster in Iceland's history. There are also signs of huge floods from this area in northern Iceland before the settlement—such as the canyons of Ásbyrgi and Jökulsárgljúfur in northern Iceland.

In a post on his blog late Monday, geologist Carl Rehnberg went a step further, saying an eruption is now probable, and a small one may have in fact already begun somewhere deep below the ice. Until we get official confirmation of this, he’s assembled a comprehensive list of ways to track the volcano.

Rehnberg’s (unofficial and admittedly unlikely) worst-case scenario is frightening: “Forget flying for half a year.” His disclaimer? “What I write are just the musings from someone who has read everything ever published on Icelandic volcanism. A lot of what is happening is in unknown territory.”

His team at Volcano Café made a scouting flight over the area on Monday to see what they could see. The photos are stunning.

Projected ash plumes should Bárðarbunga erupt on Tuesday.

Courtesy of NOAA ARL

Should the volcano erupt on Tuesday (and again, there are no official indications an eruption is imminent), upper level winds are aligned such that ash would be transported southwards toward the UK, Ireland, and France. I ran a volcanic ash trajectory model, with results below:

A 2010 eruption of the Eyjafjallajökull volcano shut down most of Europe’s air travel for days. In an interview on Monday with The Conversation blog, British volcanologist Dave McGarvie said a similar eruption today wouldn’t cause nearly as much disruption, thanks to changed guidelines and improved ash forecasting.

He’s been the most active scientist on Twitter covering the volcano:

He also shared some stunning photos from his fieldwork:

Thanks to Ben Orlove at Columbia University for arranging the email thread with the Icelandic anthropologists.

Aug. 19 2014 9:39 AM

Why Do So Many Scams Make It Into Microsoft’s Windows Store?

Sometimes people—like those who work at Slate—make fun of Windows Phone, because Microsoft’s mobile platform has real problems that hold it back. For one thing, the operating system hasn't been able to pick up momentum in terms of attracting developers to submit third-party apps. And it seems that, to try to bulk up the number of apps it does offer, Microsoft has gotten too lax about approvals for the Windows Store. There are scams everywhere.  

In an investigation, How-To Geek points out that searching for services like popular media player VLC turns up a number of scams alongside the real app. And the fakes look really similar. In the case of VLC, some dummy versions cost money—even though the real software is free—and once a user pays, the fake app just leads them to the free download, or might install malware instead.


As How-To Geek notes, "Within half an hour we managed to find fake paid versions of Adobe Flash Player, Firefox, Pandora, IMDB, Candy Crush Saga, Wechat, WhatsApp, uTorrent, Picasa, Bluestacks, Minecraft, Spotify, Google Hangouts, Picasa, Clash of Clans, Blender 3D, and a lot more." These are all apps that are supposed to be free (and if you go to the Windows Store now you can try this experiment for yourself). Microsoft hasn't responded to a request for comment. [Now they have. See update below ]

The worst part: It seems that Microsoft is not only letting these apps through its review process, but has been effectively encouraging them—the company ran a promotion in March 2013, for example, offering developers $100 an app up to $2,000. So if you submitted an amazing app that took you months to create you got $100, and if you submitted 20 lousy scam apps you got $2,000. Not exactly an incentive structure that enourages quality. (How-To Geek points to an page about the promotion; it's gone from Microsoft's own site.)

In April, Microsoft reported that Windows Phone was boasting 400,000 available apps, but if you search around you'll quickly see how many of those aren't genuine. Just for some perspective, Google and Apple's mobile app counts are both hovering around 1.2 million each right now. Plus both Apple and Google tightly control their stores by putting apps through intensive review and removing anything that gets past them that users later report. Maybe Microsoft is bitter because Windows Phone is the butt of a lot of jokes, but maybe those jokes would die down if the company got better at nurturing its developer community.

Update, August 19, 2014, 3:50 p.m.: A Microsoft spokesperson sent me this statement about the Windows Store spam apps:

We strive to make the Windows Store a high-quality experience for customers and also accessible to the broadest audience of developers. Based on customer and developer feedback, we recently took actions to help users discover the specific app titles they’re searching for and improve the overall Store experience. Those updates provide clear guidance to developers and also improve our ability to identify, audit and remove problematic apps. We recognize that there is more work to do and will continue to re-evaluate our policies to strike a balance between the opportunity for developers and the app quality that our customers expect.

Not exactly a targeted action plan, but at least the company is admitting that there's an issue here.

What is even happening here?

Screenshot from the Windows Store

Aug. 18 2014 2:44 PM

Chinese Hackers Accessed 4.5 Million People’s Hospital Records

Hospital operator Community Health Systems admitted on Monday in a U.S. Securities and Exchange Commission filing that it was hacked in April and June. The data compromised in the hack was connected to 4.5 million people.

Community Health Systems is working with cybersecurity firm Mandiant to investigate the breach and respond. The SEC filing describes the hackers as “an ‘Advanced Persistent Threat’ group originating from China”—that's the same language Mandiant used to describe alleged hacking by the Chinese Army last year. The filing goes on to describe a sophisticated malware attack that got around CHS's network security. The company functions in 29 states, operating 206 hospitals.


The stolen data is related to patients who were referred to or from physicians connected to CHS. It's quite the little trove of personal data, too, though it's all non-medical. CHS says that patient names, addresses, birthdates, telephone numbers, and Social Security numbers were all compromised. The company is reaching out to everyone whose information was potentially exposed.

CHS has eliminated the malware and is working on shoring up its defenses. It's unclear what motivated the hack, or why the personal data was valuable to the intruders, since CHS told the Wall Street Journal that this hacker group is typically looking for more general industry information. To check whether you've visited a CHS hospital in the past five years, check this map (an interactive version of the one above). CHS is offering identity theft protection to everyone affected by the hack.

Unfortunately, large-scale data breaches like this feel pretty normal these days. CHS even told the Journal that it doesn't think the hack will affect its financial results. Not a great incentive to make security improvements.

Aug. 15 2014 5:46 PM

Intel Is Launching Fitness-Tracking Earbuds, Hoping 50 Cent Will Make Them Cool

Intel processors are everywhere, but the company isn’t exactly known for lifestyle products. Meanwhile, 50 Cent’s company SMS Audio isn't known for its tech. Bring the two together, though, and what do you have? Well ... another awkward corporate partnership.

The two groups are joining forces to launch earbuds that do biometric tracking and are geared toward fitness. The idea is to reduce the number of gadgets users carry around instead of adding to them with a smartwatch or other wearable. The headphones are wired and draw power through the standard 3.5mm headphone jack to keep the sensors up and running without charging. They measure heart rate and sync to a smartphone app. The price hasn't been announced yet, but other SMS Audio earbuds currently cost between $79 and $399 (unless they’re on sale).


The concept is pretty clever. The headphones use accelerometers to make sure the heart rate data collected by the optical sensor isn’t thrown off by exercise motion, and the app can even choose the songs that come on over the headphones by matching tempos to the user’s heart rate.

"The wearable technology collaboration between SMS Audio and Intel elevates our capability to bring smart exercise to consumers," Brian M. Nohe, the president of SMS Audio, said in a press release.

The Wall Street Journal reports that there isn’t an Intel chip inside the earbuds, but that the company did much of the product engineering and software design. Don't worry, guys, Carmelo Anthony is an investor in SMS Audio. This is gonna be fine.

Aug. 15 2014 4:46 PM

Hackers Could Use Your Smartphone’s Gyroscope as a Microphone to Listen In

No device is too small to be potentially hackable. Sure, it might be useful for a criminal to gain access to your entire laptop or smartphone, but it could be just as valuable to hack your laptop’s built-in webcam or your Bluetooth keyboard, depending on what the end goal is. And each sensor inside a bigger device is a potential battleground. Even the gyroscopes in smartphones can be taken over by a hacker and used for something else.

Researchers from Stanford and from Israel’s Rafael defense group have found a way to turn a smartphone’s gyroscope—the sensor that uses gravity to orient a smartphone—into a microphone for eavesdropping. The group created an app called Gyrophone that analyzes the soundwaves the gyroscope picks up, and on Android phones there's no way to deny an app access to the sensor.


As Wired explains, smartphone gyroscopes have a small plate inside them that moves when the device moves. But this plate also vibrates, and the researchers used a feature in Android to measure the vibrations at 200 hertz, 200 times per second, enough to pick up human voices. The researchers found that if they ran their custom speech recognition software on a stream from a gyroscope, it could correctly identify 65 percent of numeric digits a person said while in the same room as the smartphone.

The clarity obviously isn’t great, but the technique would only need a little improvement to be a serious problem for anyone reading their credit card number over the phone. And it could be used for other purposes, too, as the technology improves. The researchers’ speech recognition software can already tell what gender a speaker is 84 percent of the time.

Stanford computer security professor Dan Boneh, a member of the group, told Wired, “It’s actually quite dangerous to give direct access to the hardware like this without mitigating it in some way. ... there’s acoustic information being leaked to the gyroscope. If we spent a year to build optimal speech recognition, we could get a lot better at this. But the point is made.”

Downloading an untrusted app is one thing, but Wired points out that you could even be at risk by navigating to unsecure webpages in Firefox’s mobile browser. Safari and Chrome for Android limit gyroscope readings to 20 hertz, but Firefox allows the whole 200 hertz.

iOS devices are slightly more protected from the gyroscope hack. iOS still lets any app access the gyroscope without user permission, but apps can only get 100 hertz readings from the gyroscope, which lowers the chance of being able to overhear anything.

The research will be presented at the Usenix security conference next week and could motivate changes in Android if Google feels so inclined. This is fixable! But it certainly feels like there will always be something.