I had one of these when I worked for Google, I didn’t quite trust it though, so I had it in the bathroom to limit what my employer could listen to.
Imagine discussing a product idea at home with friends, then having that stolen by an engineer at one of these companies (who figured out how to find the interesting conversations) for a promotion or new position.
On a larger scale these might get hooked up with some advertising algorithms that manipulate you further based on conversations you didn’t know were recorded.
I hope for more pressure to move these systems and other devices, that don’t necessarily need to be in the cloud to function, to a local solution or one that is closed to outsiders. Technologically this should be possible in so many cases.
And sure, my phone can function the same (though i specifically have siri disabled on our iphones)
Its just a cost benefit. I can get off the couch and flip a switch or use a remote to turn on a song. I really dont need speach recognition for those functions.
Absolutely agree that the convenience doesn’t make up for the downsides.
I do think that some cases can be covered without putting data out in the wild with some third party. Siri and similar apps don’t do well with complex commands, but just fine with simple things (light switch, calendar entry, alarm) that an offline tool might also understand. Same goes for fitness trackers, note taking apps, etc.
We as consumers should choose such alternatives. As developers and entrepreneurs we should try to enable these solutions, so we don’t have to rely on apps that might monetize differently than advertised or turn off when some company decides it’s not profitable enough.
There’s also work being done on decentralizing analysis and monetizing your own data, but I’m not sure it’s ready yet.
Many of the same benefits can be had without always-listening devices. You can control things from your phone. Or in my case, I usually have a pair of bluetooth earphones around my neck, I push a button and say something and that's all it listens to. The always-listening "okay google" can be disabled.
I unplug my parents' Google wiretap device when I enter the house for holiday parties. For some reason my parents can both know that I know way more about this topic than them, and still totally disregard me and spend hundreds on Google hardware devices because they seem cool. \o/
To me the worst part is you don't need to have constantly-connected-to-the-internet voice recognition. It certainly wasn't a thing until recently. That's why I tend to think of it as an act of malice.
> I had one of these when I worked for Google, I didn’t quite trust it though, so I had it in the bathroom to limit what my employer could listen to.
I don't understand why you just didn't throw it away, or put it in a box powered down.
A possible subtext to what you have written is that your employer (google) was mandating that you keep using the device at home as part of your employment... but that is outrageous and I would like clarification as I feel it cannot be true.
> A possible subtext to what you have written is that your employer (google) was mandating that you keep using the device at home as part of your employment... but that is outrageous and I would like clarification as I feel it cannot be true.
The requirement to use a Google device at home has never been imposed to the best of my knowledge, at least unless this individual was working on the product. Even then they would not be required to have it on unless they were actively working on it. If they were working on it, then they should know its capabilities and trust or distrust would be irrelevant, since they would have actual knowledge instead.
Also, the devices are not recording all the time. Presumably this experiment added the ability to treat fire alarms as a hot word, in support of the feature in question. That doesn't mean that Google has access to recordings of every conversation.
Also, there is no way anyone would ever be permitted to run the type of conversation analysis that the GP proposes. Far more benign analyses are rejected all the time due to privacy concerns. It's unlikely that any single person could even run such an analysis due to various access controls (e.g. the inability to access logs as a person-user, system-enforced requirements to run only checked in, reviewed code over logs). Even if a person could run an analysis like this as a rogue, it would be extremely risky, because they would get terminated immediately if it were ever discovered.
Also! Identifying useful, novel product ideas is beyond even Google's ML capabilities.
It was a new device (already public though) at that time and it wasn’t mandated, I got it for free though.
I did want to test it and see how it works and if it’s useful for me, I just don’t completely trust them and don’t think people should trust large corporations putting microphones in their houses, so I decided to put it in a room where I usually don’t have conversations until I either have a very strong assurance that it is safe and useful enough for me, or give it away to someone who doesn’t have these concerns, which is what I decided to do.
If it were mandated though I would have left Google immediately and news of that policy would have probably made its way to HN, so no subtext here.
There is a big difference between smoke alarm detection built into the wake-up-word circuitry, versus every sound sent to Google's servers for analysis. I am not bothered by the former, but would be aghast at the latter. Does anyone know for sure?
It’s easy enough to test, but I don’t really need to.
Alexa Guard has had this functionality for a while, and I’d expect the folks here at HN to be able to infer a few things from the support link and basic reasoning.
So:
1) if an event is detected, you can listen to a 10 second clip or drop in (2-way call) to listen in or look.
2) Echo devices have relatively small amounts of RAM
3) Echo devices aren’t constantly hammering WiFi connections
From this, one should be able to deduce that the wakeword engine detects events and streams clips to servers only in situations that match events and settings to support these features. Why? Because processing, transit, and storage aren’t free, and one can’t store data in RAM that isn’t there or transmit data over WiFi without the physical layer showing signs of it. Furthermore, Amazon hasn’t cracked the code on hyper-efficient GB into KB lossless compression only to squirrel it away only for use in voice assistants.
Take the number of Alexa devices sold and run the numbers for all of those devices sending audio data to AWS all the time. The costs would be astronomical. The same goes for Google (though not with AWS). They’re no doubt incorporating the detectors into their on-device models.
>Furthermore, Amazon hasn’t cracked the code on hyper-efficient GB into KB lossless compression only to squirrel it away only for use in voice assistants.
They could do speech recognition on the device and then ship off the plain text. I don't think they do this, but it is most certainly within their technical ability.
As a practical example, I have a copy of a 458,045 word audiobook on my computer and I just downloaded a copy of the e-book. The audiobook is just over 1 GiB, while the plain text of the e-book compressed with bz2 comes in at 800 KiB.
What does it matter? The bottom line is that once there’s microphones in your home, Google just has to wait out the normalization of deviance until nobody’s surprised or upset that they transfer everything to their servers for analysis.
If they don’t today, they will one day. They don’t have a choice on the matter because it’s a money maker.
Google did this with “we don’t scan your emails for ads”. Initially, 2009 ish, that was a big line a lot of people cared about but years later here we are, Google scanning emails for targeted ads and that fight is over.
EDIT:
Thanks for the reply exittheone, I see GMail actually stopped this ad scanning practice in 2017[1], likely with google sign in on chrome and so many places it’s very possibly they just don’t that extra info. They still can let third party extensions read your email so I wouldn’t say we’re exactly in a better world...[2]
Most likely, an AI model that detects specific sounds is running directly on those devices. No need to transfer anything to Google's servers for analysis =)
From what I have heard you don't need any fancy AI models for detecting either of these sounds. Some of the older alarms were using classic signal processing to to this decades ago.
Now that the feature is disabled, it's hard to know. Once the feature is enabled, it's pretty easy to tell by looking at the network traffic the device generates. Sending every sound to google is going to be obvious.
The article makes it unclear, but this feature is available right now for all Nest Aware subscribers (if you have any type of Nest camera, you'll have a Nest Aware subscription). The article mentioned that this feature was "accidentally" available to non-Nest Aware subscribers as well, but it's the same existing feature and not some test of upcoming features.
You can toggle glass break and fire alarm detection on any of your Google Home devices in the Home app, and this includes the old Google Home mini pucks and hubs, as well as new Nest branded minis and hubs.
What about transcribing all the audio you get and then sending it as a chunk of stuff every time the Hone is activated. Don't think you could catch that.
How surprised would you be if in 5 years there was a Snowden-type revelation, that yes, the speakers and Facebook/Insta apps, Amazon echo, etc, etc, were listening all the time?
Sorry.
And that there was a secret court ruling that meant all that data was live-streamed to NSA Utah.
Some are for certain. The Samsung TV's for example explicitly do it and they have advised you not to have private conversations where the TV can hear you.
>I mean it's pretty easy to prove that's not true. Just stick it on a network and check the network traffic.
It's pretty easy to hide that network traffic too. Just save/compress everything to the local device and pipe it over when the phone/app is being used. (ever wonder why those apps take up so much memory and use up so much battery?).
For the folks who think your devices aren’t listening try an experiment: start talking out loud about a product you’ve never, ever searched for. Something you’ve never, ever needed or wanted. See how long it takes for ads for that very thing to start showing up in Facebook and in your targeted ads. I’ve done it and Started getting ads in a matter of days.
This happened to me with Google's search suggestions the other day and I didn't even say anything out loud. Should I consider that as evidence that Google has developed mind reading technology, or is it more likely that I just ignore search suggestions unless they're eerily relevant?
First, get a friend or relative to go along with the ride here. Try to have that person not be on your local network of wifi and the like.
Then, go a website that will generate a list of random words: https://www.randomlists.com/nouns . Make sure that you are selecting for nouns or adjectives. Copy the first three words that you get. More is fine too. Just get enough words to be pretty specific.
Then go to amazon or some such online retailer: https://www.amazon.com/ . Search for the three random words you got.
Now, here is an important step, sort the returned list by price, from high to low.
Take the most expensive item as your experimental item. You can do this with a few items if you'd like. You're just trying to get something that is not what you or your demographic would normally look to purchase.
Then, talk about that item around your gadgets, critically, with someone that is not you. Your amazon search history is already corrupted just by searching for this.
Check back in with your friend or relative in about a week. You can set a reminder in your phone to do this. See if they got any ads that were trying to sell them on the random item you chose.
Please add a control for this experiment. There should be another list of products selected that you did the same with, but you didn't talk infront of the gadgets. There might be some signals that the ads networks are getting from you or your friends.
This fails if the ad companies track your online activity, link it to your location, link your friend to your location, and then show the ads based on that.
I've always dismissed this as coincidence. But over the past few months, my wife reported to me several incidents of a relevant Facebook ad showing up a day or two after a conversation she had with me or her friends, and that was not followed up by any on-line searches on the topic. At this point, I'm starting to consider something may be going on after all - it seems to happen too often to be easily explained away as happenstance.
Usually when I see this sort of coincidence, I think that it is a matter of information relevance/leakage.
You read an article about bug spray chemicals and don’t think about it, but start seeing exterminator ads online. If you read the article because you’re looking for pest control, the it feels suspicious. If you’re not, you ignore the ads and go on your way.
I don’t want to discount your experience. I haven’t seen it myself, but maybe I’m not paying enough attention.
My theory is that those friends did search for those topics/products, and Facebook decided it would be wise to advertise them to your wife because of her proximity to the people searching for them. "Proximity" determined either literally with geotracking, or simply with something like chat records.
That's a crappy experiment. There is no way to disprove the result. So, how about instead, you choose 2 products. Flip a coin to decide one them to talk about. Just think of the other one. See how long it takes to see the product you talked about, and how long it takes to see the product you only thought about. Repeat a few times for different pairs of products.
If google is listening, the time for the product talked about should be way shorter then the one you only thought about. If google isn't listening, there shouldn't be a pattern.
Now, it is really important that you flip the coin. Also, do NOT TALK TO ANYONE ABOUT THE PRODUCTS YOU ARE USING. We want to test the microphones, if you make a search for the product, or you tell a friend, and the friend makes a search for the product, that is all information signal that ad companies could be using.
It's just confirmation bias. If this were actually happening then:
a) You'd be able to detect it by sniffing the network traffic, and
b) Some journalist or scientist would have reproduced it and written about it.
It also makes absolutely zero sense that Google would do this. The press would be terrible if they were found it, it's outright illegal in Europe, and they don't need to! They have an amazingly good signal for the things you are looking to buy because you type that into a nice easy to collect search box for them!
I know HN is home to lots of paranoid folks but I thought they were smart enough not to believe this dumb conspiracy theory.
>You'd be able to detect it by sniffing the network traffic,
How? I can very easily come up with a compression/local storage + stream when app is being used mechanism to record whatever the app is hearing and sending it back to the mothership. Why is everyone assuming that the transmission is happening in realtime and not scheduled/hidden with usage?
> For the folks who think your devices aren’t listening try an experiment:
1. Which devices: iOS or Android?
2. Are any apps that have been given the microphone permission in the foreground (for iOS) while the conversation is going on (but the app isn't in an explicit recording mode triggered by the user)?
3. Are any voice assistants enabled to always listen for the activation command words (like "Hey Siri" or "Ok, Google")?
I have my iOS device set only to get typed text input for Siri (no voice activation). I rarely give any app microphone permissions unless the main purpose of the app is to record audio (or video and audio). I've never encountered targeted ads on topics I talk about.
How long until insurers start coercing customers into installing intrusive smart home devices in order to get reasonable premiums? It might not happen tomorrow but if enough people are willing to opt into alarm surveillance you can see how they could lower the liability for insurers.
I'm surprised that people are outraged by this. It's a given that you're losing some privacy by putting one of these devices in your home. Any argument otherwise assumes that the companies manufacturing these devices are trustworthy.
Thankfully the solution to this problem is simple.
Readit News
Imagine discussing a product idea at home with friends, then having that stolen by an engineer at one of these companies (who figured out how to find the interesting conversations) for a promotion or new position.
On a larger scale these might get hooked up with some advertising algorithms that manipulate you further based on conversations you didn’t know were recorded.
I hope for more pressure to move these systems and other devices, that don’t necessarily need to be in the cloud to function, to a local solution or one that is closed to outsiders. Technologically this should be possible in so many cases.
Every now and then i get called paranoid.
And sure, my phone can function the same (though i specifically have siri disabled on our iphones)
Its just a cost benefit. I can get off the couch and flip a switch or use a remote to turn on a song. I really dont need speach recognition for those functions.
I do think that some cases can be covered without putting data out in the wild with some third party. Siri and similar apps don’t do well with complex commands, but just fine with simple things (light switch, calendar entry, alarm) that an offline tool might also understand. Same goes for fitness trackers, note taking apps, etc.
We as consumers should choose such alternatives. As developers and entrepreneurs we should try to enable these solutions, so we don’t have to rely on apps that might monetize differently than advertised or turn off when some company decides it’s not profitable enough.
There’s also work being done on decentralizing analysis and monetizing your own data, but I’m not sure it’s ready yet.
I mean, that is paranoid. You've even admitted it doesn't change your vulnerability.
Uh, this feels like Opposite Day.
I don't understand why you just didn't throw it away, or put it in a box powered down.
A possible subtext to what you have written is that your employer (google) was mandating that you keep using the device at home as part of your employment... but that is outrageous and I would like clarification as I feel it cannot be true.
The requirement to use a Google device at home has never been imposed to the best of my knowledge, at least unless this individual was working on the product. Even then they would not be required to have it on unless they were actively working on it. If they were working on it, then they should know its capabilities and trust or distrust would be irrelevant, since they would have actual knowledge instead.
Also, the devices are not recording all the time. Presumably this experiment added the ability to treat fire alarms as a hot word, in support of the feature in question. That doesn't mean that Google has access to recordings of every conversation.
Also, there is no way anyone would ever be permitted to run the type of conversation analysis that the GP proposes. Far more benign analyses are rejected all the time due to privacy concerns. It's unlikely that any single person could even run such an analysis due to various access controls (e.g. the inability to access logs as a person-user, system-enforced requirements to run only checked in, reviewed code over logs). Even if a person could run an analysis like this as a rogue, it would be extremely risky, because they would get terminated immediately if it were ever discovered.
Also! Identifying useful, novel product ideas is beyond even Google's ML capabilities.
I did want to test it and see how it works and if it’s useful for me, I just don’t completely trust them and don’t think people should trust large corporations putting microphones in their houses, so I decided to put it in a room where I usually don’t have conversations until I either have a very strong assurance that it is safe and useful enough for me, or give it away to someone who doesn’t have these concerns, which is what I decided to do.
If it were mandated though I would have left Google immediately and news of that policy would have probably made its way to HN, so no subtext here.
https://github.com/bjoernkarmann/project_alias
I'd never want an always on mic in my home but if I had to have it I'd be using this.
Alexa Guard has had this functionality for a while, and I’d expect the folks here at HN to be able to infer a few things from the support link and basic reasoning.
Support link https://support.ring.com/hc/en-us/articles/360028205592-Usin...
So: 1) if an event is detected, you can listen to a 10 second clip or drop in (2-way call) to listen in or look. 2) Echo devices have relatively small amounts of RAM 3) Echo devices aren’t constantly hammering WiFi connections
From this, one should be able to deduce that the wakeword engine detects events and streams clips to servers only in situations that match events and settings to support these features. Why? Because processing, transit, and storage aren’t free, and one can’t store data in RAM that isn’t there or transmit data over WiFi without the physical layer showing signs of it. Furthermore, Amazon hasn’t cracked the code on hyper-efficient GB into KB lossless compression only to squirrel it away only for use in voice assistants.
Take the number of Alexa devices sold and run the numbers for all of those devices sending audio data to AWS all the time. The costs would be astronomical. The same goes for Google (though not with AWS). They’re no doubt incorporating the detectors into their on-device models.
I thought kbg archiver solved it eons ago.
They could do speech recognition on the device and then ship off the plain text. I don't think they do this, but it is most certainly within their technical ability.
As a practical example, I have a copy of a 458,045 word audiobook on my computer and I just downloaded a copy of the e-book. The audiobook is just over 1 GiB, while the plain text of the e-book compressed with bz2 comes in at 800 KiB.
If they don’t today, they will one day. They don’t have a choice on the matter because it’s a money maker.
EDIT:
Thanks for the reply exittheone, I see GMail actually stopped this ad scanning practice in 2017[1], likely with google sign in on chrome and so many places it’s very possibly they just don’t that extra info. They still can let third party extensions read your email so I wouldn’t say we’re exactly in a better world...[2]
1. https://variety.com/2017/digital/news/google-gmail-ads-email...
2. https://mashable.com/article/google-reading-your-emails-resp...
You can toggle glass break and fire alarm detection on any of your Google Home devices in the Home app, and this includes the old Google Home mini pucks and hubs, as well as new Nest branded minis and hubs.
Sorry.
And that there was a secret court ruling that meant all that data was live-streamed to NSA Utah.
Not surprised at all, is the answer.
https://imgur.com/Phy1uzX
Stinks cause when I sold TV's for a living I love their products.
The bandwidth required to do that would be immense anyway for basically no benefit.
It's pretty easy to hide that network traffic too. Just save/compress everything to the local device and pipe it over when the phone/app is being used. (ever wonder why those apps take up so much memory and use up so much battery?).
Deleted Comment
First, get a friend or relative to go along with the ride here. Try to have that person not be on your local network of wifi and the like.
Then, go a website that will generate a list of random words: https://www.randomlists.com/nouns . Make sure that you are selecting for nouns or adjectives. Copy the first three words that you get. More is fine too. Just get enough words to be pretty specific.
Then go to amazon or some such online retailer: https://www.amazon.com/ . Search for the three random words you got.
Now, here is an important step, sort the returned list by price, from high to low.
Take the most expensive item as your experimental item. You can do this with a few items if you'd like. You're just trying to get something that is not what you or your demographic would normally look to purchase.
Then, talk about that item around your gadgets, critically, with someone that is not you. Your amazon search history is already corrupted just by searching for this.
Check back in with your friend or relative in about a week. You can set a reminder in your phone to do this. See if they got any ads that were trying to sell them on the random item you chose.
You read an article about bug spray chemicals and don’t think about it, but start seeing exterminator ads online. If you read the article because you’re looking for pest control, the it feels suspicious. If you’re not, you ignore the ads and go on your way.
I don’t want to discount your experience. I haven’t seen it myself, but maybe I’m not paying enough attention.
If google is listening, the time for the product talked about should be way shorter then the one you only thought about. If google isn't listening, there shouldn't be a pattern.
Now, it is really important that you flip the coin. Also, do NOT TALK TO ANYONE ABOUT THE PRODUCTS YOU ARE USING. We want to test the microphones, if you make a search for the product, or you tell a friend, and the friend makes a search for the product, that is all information signal that ad companies could be using.
a) You'd be able to detect it by sniffing the network traffic, and
b) Some journalist or scientist would have reproduced it and written about it.
It also makes absolutely zero sense that Google would do this. The press would be terrible if they were found it, it's outright illegal in Europe, and they don't need to! They have an amazingly good signal for the things you are looking to buy because you type that into a nice easy to collect search box for them!
I know HN is home to lots of paranoid folks but I thought they were smart enough not to believe this dumb conspiracy theory.
How? I can very easily come up with a compression/local storage + stream when app is being used mechanism to record whatever the app is hearing and sending it back to the mothership. Why is everyone assuming that the transmission is happening in realtime and not scheduled/hidden with usage?
Silently write five such things on a piece of paper. Then loudly start talking about one of them.
If you encounter one of the other four, you will realize the confirmation bias trap.
1. Which devices: iOS or Android?
2. Are any apps that have been given the microphone permission in the foreground (for iOS) while the conversation is going on (but the app isn't in an explicit recording mode triggered by the user)?
3. Are any voice assistants enabled to always listen for the activation command words (like "Hey Siri" or "Ok, Google")?
I have my iOS device set only to get typed text input for Siri (no voice activation). I rarely give any app microphone permissions unless the main purpose of the app is to record audio (or video and audio). I've never encountered targeted ads on topics I talk about.
Thankfully the solution to this problem is simple.