We swear we鈥檙e not walking the streets wearing聽tin foil helmets (honestly, we鈥檙e way more into DIY hair bows), but hear us out: It seems like everyone we talk to has recently encountered the same creepy situation 鈥 you鈥檙e聽brunch-picnicking with聽your friends, innocently debating the merits of different donut flavors, and a few hours later, there鈥檚 a targeted ad in your Instagram feed for Krispy Kreme鈥檚 birthday cake donuts (yes, those are real, and yes, they are delicious). It鈥檚 easy to assume that your phone is somehow listening to your conversations, but how likely (and lawful?) is that?聽We needed to know exactly what鈥檚 going down with our digital devices, so we talked with tech security experts Joe Jerome at Center for Democracy & Technology and Rapid7鈥檚 research director Tod Beardsley to learn the truth, and what we can do to protect ourselves.

bottom line 鈥 Instagram isn鈥檛 listening, it鈥檚 Just scary smart

They鈥檙e called targeted ads for a reason.聽鈥淛ust to be clear,鈥 Beardsley says, 鈥淔acebook and Instagram do not sell your information. They offer access to their users,鈥 so any connection you see between your recent conversations and social media ads isn鈥檛 the result of a company listening to you 鈥 but it鈥檚 not a crazy coincidence. It鈥檚 just that companies like Amazon, Facebook, and Instagram have insanely accurate and wide-ranging 鈥渂uckets鈥 that they put consumers into, and then 鈥渁dvertisers pay Facebook and Instagram to run ads to people that fit those specific categories,鈥 Beardsley explains.聽He further describes聽how these companies can even create profiles on you using information based on your friends and groups, all in an effort to identify your periphery interests. If you鈥檙e curious, Beardsley says you can 鈥済o into your advertising settings and get a glimpse of what sort of profile you鈥檙e presenting to advertisers.鈥 Noted.

Listening in would be super expensive. Even if they could listen in, it would be cost prohibitive. Beardsley says, 鈥渋t鈥檚 not cheap or easy to store endless amounts of audio recordings at the moment. If you look at how something like Amazon Echo works, it may be 鈥榓lways listening鈥 for a user to say 鈥楢lexa鈥 and wake it up, but it鈥檚 not always recording.鈥 It just doesn鈥檛 make dollar sense for these companies to try and store all that data for information they can get from you in much simpler (and less expensive) ways.

Facebook and Instagram say no way. There鈥檚 also the fact that companies like Facebook have publicly and definitively said they鈥檙e not listening to you through your cell phone microphone. Which brings us to our next point鈥

It鈥檚 probably illegal (and would be a PR nightmare). Beardsley says, 鈥淚n the long run, ubiquitous microphones and lots of storage combined with machine learning probably will make it attractive for someone to try to capture everything and use it for advertising, but I think that would result in a pretty big privacy backlash, especially if it鈥檚 done surreptitiously in any way.鈥 He goes on to remind us that 鈥渞ecording without clear permission can raise issues with wiretapping laws and could be unfair and deceptive business practice. Accessing a device鈥檚 microphone is almost always a big deal, and users are prompted for permission. Again, look at devices like Echo, and you have lights that indicate when it鈥檚 recording and a big mute button when you want to turn it off completely.鈥

5 ways to Keep your聽cell phone secure

With all that said, it鈥檚 still a good idea to stay on top of your cell phone security, even if no one is listening to your dinner conversations 鈥 and there are lots of easy ways to do it.聽Jerome reminds us, 鈥淚f I own your phone, I own you; it only takes a minute or two to totally compromise an individual if that person鈥檚 phone is unlocked and in the hands of an attacker,鈥 so take care to follow the suggested privacy settings and steps to keep your data secure.

1. Keep your passwords fresh. And this starts with the unlock code for your phone. Jerome says, 鈥淢ost online accounts are a mere 鈥淚 forgot my password鈥 button click away,鈥 since most of us keep our email account apps open on our phones. 鈥淪o, the unlock code to a smartphone should be reasonably secure 鈥 no 鈥1234鈥 or 鈥1111,鈥 please,鈥 he says. Jerome also says it鈥檚 imperative you change it at least once a year (along with your other passwords), since 鈥渇alling in love with a favorite password is a mortal information security error.鈥

2. Forget WiFi networks. While it may be a pain in the butt, don鈥檛 allow your phone to automatically connect to WiFi networks without asking permission first. Jerome says it鈥檚 super easy for scammers to set up 鈥渞ogue鈥 networks with common names like 鈥渪finitywifi鈥 or 鈥渓inksys鈥 that they can use to access your private information once you鈥檙e connected. Additionally, Jerome says it鈥檚 a good idea to 鈥渞outinely prune old networks that are unlikely to be joined again, such as rarely visited hotels or restaurants. In fact, get in the habit of disabling WiFi and Bluetooth automatic association entirely when not in a familiar location.鈥

3. Don鈥檛 get hooked by a phisher.聽Phishing scams prompt you to click on a link via email and can be as easy as a phisher sending an email posing as an app asking you to reset your password. Jerome suggests that 鈥渦nless you have *just* requested a password change in the last couple of minutes, do not ever click on links in an email to change passwords, and avoid third-party marketplaces for app downloads.鈥 Basically, if it feels sketchy, it probably is 鈥 so react appropriately!.

4. Be聽stingy with your permissions.聽Beardsley suggests that 鈥渋f you want to make sure no one鈥檚 listening in on you, you should regularly review the list of apps that have access to your microphone,鈥 and don鈥檛 just hand out permissions to apps for your location, microphone, or contacts.

5. Grab a RF shielding phone case. Okay, so we may be headed into tin foil territory here, but if you鈥檙e truly worried about your security (and radiation levels), Jerome says you can buy special radiation-shielding phone cases聽with built-in copper mesh pockets that basically render your cell phone un-attackable. But Jerome also says this kind of protection is really only necessary for those who 鈥渂elieve they are being actively targeted by well-funded adversaries with access to unpatched vulnerabilities,鈥 and since we鈥檙e not in Homeland, we鈥檙e pretty sure you don鈥檛 have to worry about this one!

Have you ever experienced this freaky phenomenon for yourself? Tweet us @BritandCo and tell us your story!聽

(Photo via Getty)