It is absolutely not unexpected. Any vestiges of privacy are being eroded. Not that recently, inside of the car was relatively safe from eavesdropping. Cell phones and Alexa devices changed all that.
What I do find odd, however, is the weird distribution of those devices. In my immediate social circle, its either old people who want to show they have something cool and hip and young tech enthusiasts. My sample may be completele skewed as I am not the most social person ever though. The trend may be much more pronounced.
Still, it boggles my mind. Why would you voluntarily do it? My parents only invited trusted friends to ensure nothing 'questionable' made it to the authorities ( former soviet republic ). People today brazenly broadcast it.
If I become bedridden, I will welcome a smart speaker. Until then, nope. Even if it wasn't about privacy issues, being too lazy to get up and turn a knob is terrible for one's health.
I've also considered one for my shop, so if I get pinned under the car or something I can yell for 911. But I'd only turn it on if I was about to do something dangerous. I might also get one if I decide I'm at risk for "I've fallen and I can't get up". (That happened to a relative, it took her 2 days to inch across the floor to get to the phone.)
Just FYI, there are devices specifically designed for this. It's basically a phone you hang around your neck, and it detects falls and uses an audio prompt (calling 911 on your behalf if you don't respond in 60 seconds, or something). My grandmother uses one since she's had a lot of falls.
I accept disability of some sort as a valid reason to use it. I know I would. You already have to make hard trade-offs. But an average person? I just don't get it.
And that does not even touch the corporate world. How does a company protect against disclosure of things that are otherwise a corporate secret ( especially in today's increasingly WFH world )?
> old people who want to show they have something cool and hip
These are always pretty amusing. I went on vacation with a girl I was dating one summer, and her parents brought their Alexa with them. Her dad thought it was so cool, and he loved to show me by saying "alexa, play <music>" three times until he got frustrated enough to just do it with his phone. Then, he'd say "hey alexa, you're a b*tch," and laugh when it responded by telling him that was rude.
I only know one person that actually uses the "smart" feature on one of those speakers.
I wonder if in a lot of cases, for the people it is not actually about the smart stuff (that might be a plus or just out of curiosity), but convenience and aesthetics. Most people I know, don't have a traditional sound setup at home anymore and instead just use a bluetooth speaker. But the ones made for outdoor use look pretty ugly indoors, whereas the smart speakers are more designed to disappear in the home decor.
Personally I think, bookshelf speakers with bluetooth functionally would be a better option for most, but from what I have seen people are often not even aware of their existence and the ones with good audio as well a modern look (in case you don't like the classical black or brown boxes) tend to be in higher price classes than the smart speakers.
I know your statement is accurate, but my immediate question is that of why. The information is there. If it is there, it is going to be used. Why wouldn't an average person be worried? Because it did not affect them yet? It is not part of the culture?
> Still, it boggles my mind. Why would you voluntarily do it? My parents only invited trusted friends to ensure nothing 'questionable' made it to the authorities ( former soviet republic ). People today brazenly broadcast it.
> I honestly do not get it.
Perhaps the important differences between us and the USSR are having a democratic legislative process and a fair judicial system, and the relevant extent of our surveillance apparatus is a secondary concern.
(Obviously, there are problems with our legislative and judicial systems - the point is that they are better than the former soviet republics'.)
It's about convenience. Cooking while having full control over what's playing in the background. Following along with recipes. Asking random questions you might usually take out your phone to Google. Coming home after a long day, sinking into your couch, and able to say "play some relaxing music" to soothe your mind.
Not saying that the privacy aspects aren't valid concerns or that convenience should outweigh them, but quite a few people here seem to not be able to see any upsides.
To each it’s own, i find all that tech for just listening music stressing, also add the maintenance aspect of it (accounts, passwords, updates, create playlists, share) for me there’s nothing like selecting a vinyl pulling it out, put in the player and just listen to it in my old Hi-Fi.
Not only do users violate their own privacy, they make it harder for everyone else to keep their own. At least in the US, its getting harder to have a screen/computer-free home audio setup! Receivers all have embedded streaming devices; many speakers do too. Playback devices are all becoming niche, and eventually even the used market will eventually dry up, too.
You underestimate the power of social status and conspicuous consumption[1]. I would say it's been the fundamental driver of our society for quite some time now (maybe since early 1920's?, briefly paused for WW2)
I think that may be a factor, but I also remember that Mark Zuckerberg goes to some lengths to protect his privacy ( https://nypost.com/2020/07/04/mark-zuckerberg-accused-of-col... ). It would appear that true power can buy privacy, while gadgets are for the hopeful arrivals.
I can tell you why I personally don't care. First off here in Germany I'm pretty sure it's not legally possible for authorities to request my voice commands randomly and due to GDPR I can delete all my recordings at any point, and turn off personalisation meaning they wouldn't use my individual data.
Secondly I just don't say anything in my home that's super secret, I live in an apartment and I'm pretty sure the neighbours can hear me talking on my balcony, and I'm in voice chats most of the day these days due to covid which probably accidentally means more people listen in because I forget to press mute than some guy at Amazon.
Legality wasn't really an issue for authorities in Germany before, even if it contradicted our basic law. Of course it was for national security. It is my goto excuse too if I break any laws.
There is a lot of room between paranoia and being extremely naive in context of state powers.
> Secondly I just don't say anything in my home that's super secret
Then why would the state need capabilities to get this not super secret data?
I honestly expected more from Germany in this regard, especially with the experience of the past.
After years of listening to ex-soviets speaking nostalgically about how things were better under the Soviets, the people in the West have unconsciously fallen for the full spectrum mommy state and our overlords are merely addressing this unspoken popular demand to live in a surveillance state. This state of affair naturally reflects the West's advancement relative to other parts of the globe. So "resistance is futile but if you join early you can have a short id!". So don't lose your place in the line bothering yourself over triffles such as overwhelming asymmetries of your social existence. The future is now comrade, buck it up [bsts: /s]
Yep, I have a few google minis (freebies, hmm...), I'm thinking about tossing them, honestly. Beyond asking about the weather or setting a kitchen timer they just aren't very useful.
And I fully believe such devices are going to be used (if they aren't already) to identify persons engaging in "wrongthink" by listening in on the private conversations in peoples' homes.
To my understanding, these smart speakers only phone home when you say the keyword, right? They aren't storing or sending everything they hear throughout the day. So the cases where this could be abused by police has to be small. Seems like it would likely be used to verify that someone was home when they said they were because they asked Alexa a question at that time.
In other words, I don't think Amazon ever receives the "wrongthink" Alexa hears, unless you say it directly to Alexa.
I haven't seen evidence either way and I don't own one. It should be pretty easy I'd think. You can measure the traffic volume when nobody is there + 8 hours or so and when you're having lively conversation + 8 hours or so (in case there's some kind of delay)
I know lack of evidence doesn't mean it doesn't exist, but if that came up empty then it'd be hiding pretty good.
Although honestly I'd delay transmission until user interaction and then hide in that noise - it'd be the first thing I do.
> To my understanding, these smart speakers only phone home when you say the keyword, right? They aren't storing or sending everything they hear throughout the day.
Yeah, but there are mistriggers as well - I think you should see them in myactivity.google.com with Assistant filter enabled.
> To my understanding, these smart speakers only phone home when you say the keyword, right? They aren't storing or sending everything they hear throughout the day.
1) There has been various cases of such devices being triggered incorrectly and uploading chunks of recordings
2) It's all implemented in software. It's extremely easy for the vendor to enable more keywords or record for longer times.
3) It's impossible to prove that 2 is not happening already in limited cases
4) There is a proven long history of very effective global surveillance programs targeting every electronic device (phones, cell towers, carrier-grade routers, PCs, servers).
To echo izacus's comment, they are very sensible and there's dozens of variations of the keywords that they accept.
We have a Nest Hub, and saying Google twenty times a day was a deal breaker so we all use some other variation that works 99% of the time, and looking at history it accidentally triggers itself a few dozen more times during the day.
It has a real value for us for now, but privacy issues are real in my opinion.
I've taken a more cautious approach to assistants and only tend to use Alexa if it requires a physical keypress first, e.g., a Fire TV 4K rather than having bespoke Echo devices throughout the house. There's _some_ value on the home automation side of the offering until I can make everything closed-circuit around here.
The Google Mini that Spotify sent me, however, went straight into a pile.
>> To my understanding, these smart speakers only phone home when you say the keyword, right? They aren't storing or sending everything they hear throughout the day.
This is the intended behavior.
But - there is a non-zero rate of false positives (when the device detects something that it thinks is the wake word, but is not), in which case, the audio is streamed to the cloud. This audio could (should?) be used for model training to improve the future precision of wake word detection. But, it could also potentially end up being subpoenaed by a law enforcement agency.
The wake-word is different in different regions/languages right? That suggests they either have special silicon for each language (unlikely) or it's programmable. Is it reprogrammable over-the-air? Even if it can't be given more than one wakeword, it could presumably be reprogrammed to use a very common word, like 'the.' When in this surveillance mode it would remain quiet unless you also said the traditional wake word.
No, someone (Google I think) admitted that they collect more than the audio around recognised keywords because in order to use ML to improve their voice recognition they need the data. More than just false positives. But guess what, they have to have humans to determine that, so they have people sitting around listening to very concerning things (the article said suspected domestic violence) and then having PTSD from it.
And if one of them is doing it, they all are, they all think the same and have the same incentives. This entire play is about the data.
I use them to play music. I can ask it to tell me who the artist/track is. I use it as a radio, I can play FM stations around the country. I use it to set a timer, countdown, alarm. I use it for a calendar. I ask it to read bedtime stories, or to entertain the kids, what sound does a horse make, etc. You can do a lot with it, but it's really worrisome too. Sometimes I turn it off, but I hate that I have to walk over to it. I'll like a switch I can control from my phone or an external device...
We use them extensively in our house- but we listen to music with them 95% of the time, and having multiple groups makes it easy to do.
That, and lists (shopping list, costco list, etc), are our two main uses. I hardly ask it the weather, and only use it as a kitchen timer 1/3 the time too.
I'm not saying you're wrong. Here was always my take on having them. They are an indicator that someone might be listening. Everything can listen now, you're phone, your computer, your tv. Heck even your car. Things most people don't think about. I find them to be fun gadgets that I use and make life more convenient in certain things. I also keep them around for another reason. Everyone knows they have mics that listen. To me they are also a visual indicator that something you might say could be recorded.
In 1984, they got caught because they thought no one could hear them. That was their mistake. What I learned from it (well ok many things), but what that taught me is to be careful if you are going to do something you shouldn't. Never assume that someone isn't watching when you're doing something illegal. I'm just posting signs for everyone else in the house, this area isn't secure.
We will see the same social cooling effect[1] with smart devices.
We will only listen to the right thing on smart speakers, watch the right thing on smart TVs, smoke the right thing on smart cigs, and of course, drink the right coffee on our smart coffee maker.
> Consider a potential suspect who can’t prove where they were at 11 pm on a Thursday, because they live alone. Something as simple as ordering pizza through a speaker would show the time and location of the request and, if voice recognition is enabled, who made the request. “It might be benign information that someone was ordering a pizza, but it might also be an alibi for somebody,” Orr says.
Got it — have a timed recording of my voice order a pizza while I'm out kicking puppies.
I suppose it would be tougher to prove it was the suspect placing an order and not someone merely placing it from their home (or to their address.) Not justifying this data collection, just pondering how the police will justify it.
I understand the concern, but what makes a smart speaker any different from a smart phone? They also have a microphone that can eavesdrop on conversations, are harder to monitor for unexpected traffic and also provide location information.
How many people that refuse to have a smart speaker also refuse to have a smart phone?
There’s a clear difference in power limitations between phones and speakers. Phones are almost always on battery, so what they can gather is limited. Speakers always have full power, so keeping the electronics active all the time has no downside.
Phones only listen when you use them. Speakers listen all the time. Phone calls are usually not transcribed where speaker recordings are, and can be searched back in time as well. Phone calls are not recorded, though metadata is.
So basically a “smart speaker” is like having 24/7/365 surveillance in your home.
Maybe a Google engineer can correct me but I'm pretty sure there is no meaningful distinction to be drawn between the Google Assistant running on the Home devices and the Google Assistant running on phones.
Having a "smart phone" is also like having 24/7/365 surveillance in your home.
Both the phones and smart speakers start listening on wake words. I haven't seen any thing to suggest the smart speakers are constantly listening and sending everything to Amazon/Google/Apple. But both clearly could be constantly recording, not just when you're making a phone call. They're the same threat model, in my opinion. Plus the phone goes with you to places the speaker doesn't.
The speakers are always-listening in exactly the same way that most smartphones are always-listening: They are always passively listening for the wake-word. Without the wake-word (or at least something that sounds like it) they do not record or transmit audio data. All the major smart speaker brands clearly indicate when they have been activated with lights and/or sounds. For the truly paranoid there is generally a switch to disconnect the microphone.
Orwellian doublespeak. If they have microphones in them, they're not "speakers'. Customers are paying for the privilege of a 24/7 wiretap, which isn't 'smart'.
Even if they don't by default record everything they could trivially be told to and our lovely government or any arm thereof could order the oem to update to a firmware that enabled cop mode.
Our nation is working hard to pass legislation that would make such orders legal right now.
The market for smart speakers boggles my mind. Are people really willing to sacrifice their privacy for a minor upgrade in usability? Is it really that hard to just tap play on your smartphone instead of yelling out "Alexa play Despacito"?
It boggles the mind the people would carry around always-on personal trackers that not only perfectly pin-point your location, know who your family and friends are, and can also listen to your conversations.
Smart speakers are not all that scary if you know how they work and that information, in detail, is all out there. They go to a low-power mode waiting for the keyword and only then do actually turn on the main CPU and do any processing.
They may the safest least privacy leaking Internet device you actually own. Your TV is probably taking screen shots of what you're watching. Your phone is leaking data to dozens of different entities all the time. Your computer is constantly sending stuff out. A smart speaker is tame by comparison.
It's not mind-boggling; we've just forgotten what it's like to buy and carry physical maps (or give/remember directions, or a stand-alone GPS device), have a physical address/contact book, use a tape recorder, etc. Now those things are all in one device. It is extremely convenient, but in general none of those features need to exfiltrate data from your device.
If you ask me, device owners should have unimpeachable control over what data, if any, is sent from their devices.
I assume the strawman you are propping up is a mobile phone. There is a significant difference there of course, which is that the phone performs a function impossible to obtain in any other way, namely mobile telephony. The "smart speaker" performs functions trivially replicated in other ways.
Considering the speakers are dumb like pretty much all "smart" devices, I’d always avoid using the voice interface. When possible. It’s extremely convenient while, for example, cooking with no clean hands free.
I have a friend who owns an Alexa, and this is the one use case I agree is very nice. I would buy a non-networked device with only this functionality, or an app (with no network permission) that does the same.
I bought my HomePod mainly for its value as a speaker first -- at $199 I don't think any Sonos or Harman competitor can produce such high-fidelity sound.
I also put more trust into Apple/Siri than I do with Alexa or Google. Their differential privacy and anonymized Siri requests have limited the speaker to few features which in my experience work well with the latest 13.x OS.
I had a roommate who I told, if he ever got an Amazon assistant, I'd smash it with a hammer. I don't get it either. There are open source alternatives if you want to setup your own assistant that doesn't transmit all your data back to Google/Amazon/Apple.
The one caveat, I do know someone who is blind who uses the speech-to-text on her Google device a lot. She has all the fonts set to their maximum size, high contrast colors, and various other accessibility features enabled. Speach to text helps her greatly.
> There are open source alternatives if you want to setup your own assistant that doesn't transmit all your data back to Google/Amazon/Apple.
Really? The Mycroft project claims to be just that, and it shows promise, but it still seems really clunky. And right now, as far as I can tell, you need to set up an account on their service so it can do things like voice recognition, which is a pretty critical component to this type of thing.
It really depends on what devices you use. For example, I have Homebridge set up on a Raspberry Pi to link my array of unsupported 'smart' devices to Apple's Homekit. I tried using Home Assistant (Hassio), but found the lack of support for several brands a dealbreaker. I wish the dev communities communicated more, between the two.
Readit News
What I do find odd, however, is the weird distribution of those devices. In my immediate social circle, its either old people who want to show they have something cool and hip and young tech enthusiasts. My sample may be completele skewed as I am not the most social person ever though. The trend may be much more pronounced.
Still, it boggles my mind. Why would you voluntarily do it? My parents only invited trusted friends to ensure nothing 'questionable' made it to the authorities ( former soviet republic ). People today brazenly broadcast it.
I honestly do not get it.
I've also considered one for my shop, so if I get pinned under the car or something I can yell for 911. But I'd only turn it on if I was about to do something dangerous. I might also get one if I decide I'm at risk for "I've fallen and I can't get up". (That happened to a relative, it took her 2 days to inch across the floor to get to the phone.)
And that does not even touch the corporate world. How does a company protect against disclosure of things that are otherwise a corporate secret ( especially in today's increasingly WFH world )?
The apple watch has fall detection, it will automatically call emergency services if it detects a fall and you don't cancel the SOS.
Of course, either way, it's only really helpful if you're able to speak.
These are always pretty amusing. I went on vacation with a girl I was dating one summer, and her parents brought their Alexa with them. Her dad thought it was so cool, and he loved to show me by saying "alexa, play <music>" three times until he got frustrated enough to just do it with his phone. Then, he'd say "hey alexa, you're a b*tch," and laugh when it responded by telling him that was rude.
Why would anyone pay money for that???
I wonder if in a lot of cases, for the people it is not actually about the smart stuff (that might be a plus or just out of curiosity), but convenience and aesthetics. Most people I know, don't have a traditional sound setup at home anymore and instead just use a bluetooth speaker. But the ones made for outdoor use look pretty ugly indoors, whereas the smart speakers are more designed to disappear in the home decor.
Personally I think, bookshelf speakers with bluetooth functionally would be a better option for most, but from what I have seen people are often not even aware of their existence and the ones with good audio as well a modern look (in case you don't like the classical black or brown boxes) tend to be in higher price classes than the smart speakers.
> I honestly do not get it.
Perhaps the important differences between us and the USSR are having a democratic legislative process and a fair judicial system, and the relevant extent of our surveillance apparatus is a secondary concern.
(Obviously, there are problems with our legislative and judicial systems - the point is that they are better than the former soviet republics'.)
Not saying that the privacy aspects aren't valid concerns or that convenience should outweigh them, but quite a few people here seem to not be able to see any upsides.
You underestimate the power of social status and conspicuous consumption[1]. I would say it's been the fundamental driver of our society for quite some time now (maybe since early 1920's?, briefly paused for WW2)
[1]: https://en.wikipedia.org/wiki/Conspicuous_consumption
edit: added link
I can tell you why I personally don't care. First off here in Germany I'm pretty sure it's not legally possible for authorities to request my voice commands randomly and due to GDPR I can delete all my recordings at any point, and turn off personalisation meaning they wouldn't use my individual data.
Secondly I just don't say anything in my home that's super secret, I live in an apartment and I'm pretty sure the neighbours can hear me talking on my balcony, and I'm in voice chats most of the day these days due to covid which probably accidentally means more people listen in because I forget to press mute than some guy at Amazon.
Legality wasn't really an issue for authorities in Germany before, even if it contradicted our basic law. Of course it was for national security. It is my goto excuse too if I break any laws.
There is a lot of room between paranoia and being extremely naive in context of state powers.
> Secondly I just don't say anything in my home that's super secret
Then why would the state need capabilities to get this not super secret data?
I honestly expected more from Germany in this regard, especially with the experience of the past.
And I fully believe such devices are going to be used (if they aren't already) to identify persons engaging in "wrongthink" by listening in on the private conversations in peoples' homes.
In other words, I don't think Amazon ever receives the "wrongthink" Alexa hears, unless you say it directly to Alexa.
I know lack of evidence doesn't mean it doesn't exist, but if that came up empty then it'd be hiding pretty good.
Although honestly I'd delay transmission until user interaction and then hide in that noise - it'd be the first thing I do.
Eh, look at the traffic anyway
Yeah, but there are mistriggers as well - I think you should see them in myactivity.google.com with Assistant filter enabled.
1) There has been various cases of such devices being triggered incorrectly and uploading chunks of recordings
2) It's all implemented in software. It's extremely easy for the vendor to enable more keywords or record for longer times.
3) It's impossible to prove that 2 is not happening already in limited cases
4) There is a proven long history of very effective global surveillance programs targeting every electronic device (phones, cell towers, carrier-grade routers, PCs, servers).
We have a Nest Hub, and saying Google twenty times a day was a deal breaker so we all use some other variation that works 99% of the time, and looking at history it accidentally triggers itself a few dozen more times during the day.
It has a real value for us for now, but privacy issues are real in my opinion.
The Google Mini that Spotify sent me, however, went straight into a pile.
This is the intended behavior.
But - there is a non-zero rate of false positives (when the device detects something that it thinks is the wake word, but is not), in which case, the audio is streamed to the cloud. This audio could (should?) be used for model training to improve the future precision of wake word detection. But, it could also potentially end up being subpoenaed by a law enforcement agency.
Voice recognition is 'on' all the time as it needs to recognise 'keyword'. All you need then is simple transcription into text.
Without it being open source, there's no guarantee though?
And if one of them is doing it, they all are, they all think the same and have the same incentives. This entire play is about the data.
Of course you can't completely trust it. But make it hard for them.
Also I pretty much only use it to listen to the radio.
That, and lists (shopping list, costco list, etc), are our two main uses. I hardly ask it the weather, and only use it as a kitchen timer 1/3 the time too.
In 1984, they got caught because they thought no one could hear them. That was their mistake. What I learned from it (well ok many things), but what that taught me is to be careful if you are going to do something you shouldn't. Never assume that someone isn't watching when you're doing something illegal. I'm just posting signs for everyone else in the house, this area isn't secure.
We will only listen to the right thing on smart speakers, watch the right thing on smart TVs, smoke the right thing on smart cigs, and of course, drink the right coffee on our smart coffee maker.
[1]: https://news.ycombinator.com/item?id=24627363
Got it — have a timed recording of my voice order a pizza while I'm out kicking puppies.
Only he wasn't kicking puppies.
Just because someone didn't order pizza or something during that time while at home alone, doesn't mean that they were not at home.
How many people that refuse to have a smart speaker also refuse to have a smart phone?
So basically a “smart speaker” is like having 24/7/365 surveillance in your home.
Having a "smart phone" is also like having 24/7/365 surveillance in your home.
They respond to "Hey Siri" or "Hey Google".
There is absolutely zero difference between a phone and a smart speaker in this regard.
I don't know why you think anything would be more detectable on a phone.
"He thought of the telescreen with its never-sleeping ear."
https://en.wikipedia.org/wiki/Telescreen
Our nation is working hard to pass legislation that would make such orders legal right now.
Smart speakers are not all that scary if you know how they work and that information, in detail, is all out there. They go to a low-power mode waiting for the keyword and only then do actually turn on the main CPU and do any processing.
They may the safest least privacy leaking Internet device you actually own. Your TV is probably taking screen shots of what you're watching. Your phone is leaking data to dozens of different entities all the time. Your computer is constantly sending stuff out. A smart speaker is tame by comparison.
If you ask me, device owners should have unimpeachable control over what data, if any, is sent from their devices.
But the utility is too great to ignore. My smartphone is integral to how I communicate, travel and even run my business.
Smart speakers are just gimmicks
I also put more trust into Apple/Siri than I do with Alexa or Google. Their differential privacy and anonymized Siri requests have limited the speaker to few features which in my experience work well with the latest 13.x OS.
The one caveat, I do know someone who is blind who uses the speech-to-text on her Google device a lot. She has all the fonts set to their maximum size, high contrast colors, and various other accessibility features enabled. Speach to text helps her greatly.
Really? The Mycroft project claims to be just that, and it shows promise, but it still seems really clunky. And right now, as far as I can tell, you need to set up an account on their service so it can do things like voice recognition, which is a pretty critical component to this type of thing.