Skip to main content

Is Your Phone Listening? The FTC Fined a Company $930K for Claiming It (2026)

8 min readBy Viallo Team

Quick take: The FTC just fined Cox Media Group, MindSift, and 1010 Digital Works a combined $930,000 for marketing an "Active Listening" AI service that claimed to eavesdrop on phone conversations to target ads. The FTC found the companies never listened to anyone - the product was a marketing wrapper around resold data broker email lists. Your phone isn't listening to your conversations. But the real story is worse: the data broker ecosystem that actually powers targeted advertising knows more about you than any microphone ever could.

Smartphone lying face-up on a wooden desk with a microphone icon on screen, soft natural window light from the side, shallow depth of field, Fujifilm X-T5 with 35mm f/1.4, muted cool tones

What the FTC actually found

On May 22, 2026, the FTC announced a settlement requiring Cox Media Group to pay $880,000, MindSift to pay $25,000, and 1010 Digital Works to pay $25,000 - roughly $930,000 total. The companies had been marketing a service called "Active Listening" to advertisers, claiming their AI could detect real-time conversations through smart device microphones and use that data for ad targeting.

The FTC's investigation revealed something almost funny in how brazen it was. In their own words: "They did not, in fact, listen in on consumers' conversations or use voice data at all." The entire "Active Listening" product was a repackaged data broker email list. Cox Media Group was buying bulk consumer data from existing brokers, slapping an AI label on it, and selling it to advertisers as voice-powered targeting.

The settlement bars all three companies from making future misrepresentations about voice data collection. It also prohibits them from claiming they can listen to consumer conversations through smart devices. But here's the part that should bother you more than the lie itself: the underlying product - resold data broker lists - is completely legal and continues to operate everywhere.

Why people believe their phone is listening

Is your phone listening to you? No. Your phone is not secretly recording your conversations to serve you ads. The FTC's Cox Media Group case confirms what security researchers have been saying for years: the technology to passively listen through millions of phone microphones, process that audio in real time, and match it to ad inventory would require more bandwidth and processing power than any ad network actually uses. The companies that claimed to do it were lying.

But the belief persists because the experience feels so real. You talk about buying a couch and suddenly see couch ads everywhere. You mention a vacation destination and flight deals appear in your feed. It's not a coincidence - it's just not your microphone.

What's actually happening is a combination of three things that are individually mundane but collectively creepy:

  • Confirmation bias. You see hundreds of ads per day. When one matches something you recently thought about, you notice it. The other 299 irrelevant ads disappear from memory. A 2019 study from the University of Southern California found that people who believed their phones were listening recalled seeing relevant ads 4x more often than control groups - even when ad exposure was identical.
  • Behavioral prediction. Google and Meta don't need to hear you say "couch" when your browsing history shows you visited three furniture websites, your location data shows you stopped at IKEA, and your purchase history shows you just moved apartments. The ad network already knew before you opened your mouth.
  • Cross-device tracking. Your phone, laptop, tablet, and smart TV share a household IP address. When your partner searches for couches on the laptop, ads appear on your phone. It looks like your phone heard you talking - it actually just saw your partner's search.

The irony of the Cox Media Group case is that they exploited this exact belief. Advertisers wanted to believe phone listening worked because the alternative explanation - that data brokers already know everything about their customers - is less exciting to pitch in a sales meeting.

What's actually collecting your data

The reason ads feel so personal isn't audio surveillance. It's a data broker industry that's far more invasive than a microphone could ever be. Here's what's actually feeding the ad targeting machine:

Location data

Your phone broadcasts its GPS coordinates to dozens of apps with location permissions. According to a 2024 FTC report, major data brokers hold location records on virtually every American adult. When you walk into a car dealership, a baby store, or a doctor's office, that visit gets logged and sold. Location data brokers like Placer.ai and SafeGraph aggregate billions of location pings daily. A California audit found that Google ignores opt-out signals 86% of the time.

Purchase history

Credit card companies and retailers sell transaction data to aggregators. If you bought prenatal vitamins at CVS, that purchase data reaches ad networks before you've even told your family. Mastercard's data licensing division alone covers 2.2 billion card accounts globally.

Browsing and search history

Third-party cookies are dying, but first-party data collection has expanded to fill the gap. Google processes over 8.5 billion searches per day. Every search builds your interest profile. Meta's tracking pixel is embedded on over 8 million websites, logging page visits even when you're not on Facebook or Instagram.

Photo metadata

Every photo you upload carries EXIF metadata: GPS coordinates accurate to within 3 meters, timestamps, device information, and sometimes even the direction your camera was facing. Platforms like Google Photos and Facebook extract and store this metadata even when they strip it from the visible file. Over time, your photo library maps your life more precisely than any microphone - where you live, work, eat, travel, and who you're with. Check our breakdown of photo location data risks to see exactly what your photos reveal.

Flat lay of multiple electronic devices on a desk including phone, tablet, laptop, and smartwatch, overhead perspective, soft diffused studio light, Canon EOS R5 with 24-70mm f/2.8, neutral matte tones

Why your photos are the bigger privacy target

While everyone worries about microphones, photos are quietly becoming the richer data source. A single photo can contain more actionable information than hours of conversation.

Google Photos processes over 1.4 billion photos daily across its user base. Every upload with GPS coordinates feeds Google's location intelligence, which in turn powers ad targeting. Apple's iCloud processes photos on-device, which limits some server-side exposure, but both platforms retain full metadata on their servers for synced libraries.

The data that photo platforms collect goes well beyond what a microphone could capture:

  • Precise location history. GPS coordinates from photos create a timeline of everywhere you've been - accurate to which room in a building you were standing in
  • Social graph mapping. Face recognition identifies who you're with and how often, building relationship maps that ad networks use for household targeting
  • Life event detection. Algorithms detect pregnancy announcements, new pets, home purchases, and relationship changes from your photo patterns - often before you post about them publicly
  • Behavioral fingerprinting. Camera model, lens characteristics, and shooting patterns create a device fingerprint that links your identity across platforms even without explicit account linking

None of this requires listening to a single word. Your photos are doing the talking. And unlike a conversation that's over in seconds, a photo with embedded metadata is a permanent record. To see what your photo files actually contain, check our guide on how to remove EXIF data from your photos.

How to actually protect your data

The Cox Media Group settlement changes nothing about how your data is actually collected and sold. A company that lied about listening got fined. The data broker infrastructure that makes microphone surveillance unnecessary is still running at full speed. Here's what actually reduces your exposure:

Audit your app permissions

Go through your phone's location permissions and revoke access from anything that doesn't genuinely need it. On iPhone: Settings, Privacy & Security, Location Services. On Android: Settings, Location, App Permissions. Pay special attention to apps that have "Always" location access - that means they're tracking you even when you're not using the app. We found that some apps quietly reset your privacy settings after updates, so check periodically.

Strip metadata before sharing

Remove EXIF data from photos before uploading them to social media or messaging apps. On iPhone, toggle off Location in the share sheet. On Android, Google Photos has a built-in option to remove location data from shared copies. For desktop, ExifTool handles bulk removal.

Separate sensitive photos from social platforms

Family photos, travel memories, and personal moments don't belong on the same platforms that power the ad targeting machine. Viallo is a private photo sharing platform that stores photos in full resolution on EU servers without AI scanning, ad targeting, or data broker partnerships. Recipients view shared albums without creating an account, and GPS metadata stays under the owner's control.

Use ad blockers and privacy browsers

Browser-based tracking accounts for a huge share of the data that makes ads feel"psychic." Extensions like uBlock Origin and browsers like Firefox with Enhanced Tracking Protection block the third-party scripts that follow you across websites. This won't stop your phone apps from collecting data, but it closes one of the biggest data pipelines.

Request your data broker files

You can see what data brokers already have on you. Request your LexisNexis consumer file at their consumer portal. Check your Google ad profile at adssettings.google.com. Under CCPA and GDPR, you have the right to request deletion - though compliance varies and the data often reappears from other sources.

Hands holding a smartphone with a privacy lock icon on screen, warm golden hour side light, shallow depth of field, Nikon Z6 with 50mm f/1.4, Kodak Portra 400 color palette, slight grain

Frequently asked questions

What is the best way to stop targeted ads without your phone listening?

The most effective steps are revoking unnecessary location permissions, using ad blockers like uBlock Origin, and stripping EXIF metadata from photos before sharing. Targeted ads are powered by browsing data, purchase history, and location tracking - not microphone access. Viallo stores photos without feeding them into any advertising or data broker pipeline, keeping location metadata under the owner's control.

How do I check which apps have microphone or location access on my phone?

On iPhone, go to Settings, then Privacy & Security, then Microphone (or Location Services) to see every app with access. On Android, go to Settings, then Privacy, then Permission Manager. Both platforms now show indicator dots when the microphone or camera is active. Revoke access from any app that doesn't genuinely need it, and switch location permissions from "Always" to "While Using" wherever possible.

Is it safe to keep sharing photos on Google Photos and iCloud?

Both are reliable for backup, but they process your photos differently. Google Photos runs server-side AI analysis including face recognition and scene classification on every upload. Apple's iCloud processes more on-device, limiting some server-side exposure. For photos you want kept out of AI pipelines entirely, Viallo stores images in EU data centers without AI scanning, ad targeting, or data broker access.

What is the difference between phone listening and data broker tracking?

Phone listening would require continuous audio capture, real-time processing, and massive bandwidth - no ad network actually does this, as the FTC's Cox Media Group case confirmed. Data broker tracking aggregates your location pings, browsing history, purchase records, and photo metadata from dozens of sources to build a profile that predicts your interests without hearing a word. Viallo avoids both by storing photos without advertising infrastructure or third-party data partnerships.

Why do I see ads for things I just talked about if my phone isn't listening?

Three factors create the illusion: confirmation bias (you notice matching ads and forget hundreds of irrelevant ones), behavioral prediction (your browsing, location, and purchase data already signaled your interest), and cross-device tracking (a search on your partner's laptop triggers ads on your phone via shared IP addresses). A 2019 USC study found people who believed in phone listening recalled relevant ads 4x more often than control groups, even with identical ad exposure.

Related articles

GM's Record $12.75M Fine: What Location Data Sales Mean for Your Photos (2026)

General Motors paid the largest CCPA penalty in California history for secretly selling driver location data to brokers LexisNexis and Verisk while its privacy policy said the opposite. Here's what the location data economy means for your photos.

Read more

School Bus Cameras Are Turning Into Police Surveillance (2026)

BusPatrol is converting 40,000 school bus safety cameras into license plate readers for police. Leaked documents reveal the plan to track every passing vehicle.

Read more

TAKE IT DOWN Act: FTC Sends Warning to 15 Platforms (2026)

FTC Chairman Ferguson sent warning letters to Amazon, Meta, TikTok, and 12 other platforms: comply with the TAKE IT DOWN Act by May 19 or face $53,088 fines per violation. What the enforcement deadline means for your photos.

Read more