Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gizmodo: Don't Buy Anyone an Amazon Echo Speaker (gizmodo.com)

Posted by msmash on from the take-note dept.

Adam Clark Estes, writing for Gizmodo: Three years ago, we said the Echo was "the most innovative device Amazon's made in years." That's still true. But you shouldn't buy one. You shouldn't buy one for your family. [...] Your family members do not need an Amazon Echo or a Google Home or an AppleHomePod or whatever that one smart speaker that uses Cortana is called. And you don't either. You only want one because every single gadget-slinger on the planet is marketing them to you as an all-new, life-changing device that could turn your kitchen into a futuristic voice-controlled paradise. You probably think that having an always-on microphone in your home is fine, and furthermore, tech companies only record and store snippets of your most intimate conversations. No big deal, you tell yourself. Actually, it is a big deal. The newfound privacy conundrum presented by installing a device that can literally listen to everything you're saying represents a chilling new development in the age of internet-connected things. By buying a smart speaker, you're effectively paying money to let a huge tech company surveil you. And I don't mean to sound overly cynical about this, either. Amazon, Google, Apple, and others say that their devices aren't spying on unsuspecting families. The only problem is that these gadgets are both hackable and prone to bugs.

42 of 259 comments (clear)

  1. Good grief by fyngyrz · · Score: 5, Insightful

    You already own one of these you carry everywhere — your cellphone. A microphone (and camera!) you take everywhere, and is connected everywhere, including in your home.

    The Echo and its brethren are not a sudden influx of a listening device that can be hacked. You swallowed that bait a long, long time ago.

    --
    I've fallen off your lawn, and I can't get up.
    1. Re:Good grief by Scottingham · · Score: 5, Insightful

      Presumably though cell phones have a power constraint, the battery. If it were constantly sending full audio and video back to the mothership battery life would nose-dive.

      Plugged in smart hubs though? Buying one is probably considered opting in to full time surveillance.

      1984 seems so quaint now. Relatedly, I'm pretty sure GIFs are the 21st century Newspeak.

    2. Re:Good grief by Aaden42 · · Score: 5, Insightful

      Scope matters.

      If my cell phone was recording everything around me and transmitting it, my pocket would be on fire, my battery would be dead before lunch every day, and my bandwidth allowance would be toast by the end of the first week every month. At home, there's essentially infinite power, no bandwidth limitation, and I can hardly tell the difference between a small hockey puck that's idling & one that's active just by looking at it or touching it. Tolerances for cooling aren't nearly as tight as a phone.

      The limitations of a mobile platform provide a degree of safety, or at least verifiability. The laws of physics are on your side in this case.

    3. Re:Good grief by Anonymous Coward · · Score: 5, Insightful

      Look at your routers usage logs. Are they constantly sending full audio back to the mothership? No? Then stop spreading this paranoid bullshit and actually try contributing to society sometime.

    4. Re:Good grief by jareth-0205 · · Score: 2

      Not really, if they were doing that then I don't think battery is an issue anymore. See Pixel 2 phones that are able to constantly monitor and recognise songs to an on-device hash list. I think we have to assume it's possible now.

      Having said that, given the size of Google and Amazon etc, I think there would be leaks, someone would let slip that bad stuff was being done. That this has not happened at all, is encouraging. There is trouble ahead though, for sure.

    5. Re:Good grief by MightyYar · · Score: 2

      your cellphone.

      If anyone doubts this, and uses Android, go see your voice and audio activity. It's pretty eye-opening when you hear your own voice from several years ago. It includes times that you clearly meant to trigger "OK Google" and times that it mistakenly picked up random conversations.

      On the other hand, if Google is honest about this being the data that they collect, then bravo for being so open and transparent. They also offer the ability to delete. Do Amazon or Apple provide such access to the audio data they have collected from you?

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    6. Re:Good grief by jareth-0205 · · Score: 4, Insightful

      The Pixel 2 phones can now listen and recognise songs in the background with no noticeable battery effect. They also can recognise the "OK Google" wake phrase. They're not actively transmitting this, though. But if they wanted to be nefarious and record this, and only transmit certain sections of audio, perhaps based on "bad keyword" recognition, I really don't think you'd notice.

    7. Re:Good grief by Waffle+Iron · · Score: 5, Insightful

      If my cell phone was recording everything around me and transmitting it, my pocket would be on fire, my battery would be dead before lunch every day, and my bandwidth allowance would be toast by the end of the first week every month.

      Not really, at least for audio. I still have one of those little voice recorders that people used before smartphones were around. It can record a couple of days of audio in its 2005-era flash storage, with just the power from a pair of alkaline AAA batteries.

      A rogue app on your phone could probably do the same to some file you wouldn't even notice, and upload it whenever you connect to WiFi without you noticing that either.

      At any rate, there seem to be no power issues with phones running the microphone 24x7 and constantly processing the data to look for "OK Google". That would probably be at least as power-intensive as just making a recording.

    8. Re:Good grief by Radish03 · · Score: 5, Insightful

      Or the device could just record and store all the audio temporarily, then transmit only when the phone is charging when the phone gets hot already. Depends if you want to do real-time surveillance or not.

    9. Re:Good grief by chispito · · Score: 2

      I think that's a false equivalency, for several reasons.

      1. Your phone's mic does not have to be always-on. Smart people don't do that. An Echo's mic, by contrast, must be always on; that is its intended purpose, and it's not useful otherwise.

      You have the ability to audit your Echo's data usage. You do not have that ability with your phone. That means that while in both cases you must take the word of the tech company that the Echo does not transmit audio unless it hears the wake word and that your phone doesn't transmit all audio arbitrarily, you can actually conclusively verify with the Echo (or at least spot-check).

      2. Yes, any device with a mic can be hacked, or subverted by a state actor. However, I've read the iOS security architecture document, and I'll bet it's a much harder target than an Echo.

      The iPhone is a way bigger target than the Echo. There are far more of them and they would be far, far more useful when compromised. That means it gets more security focus, from the company providing it and from bad actors.

      3. The phone has significant benefits to me which outweigh the risks. The Echo is a novelty that has no such benefits, in my opinion. Others may differ.

      I completely agree with this general statement, though I think the Echo is low enough risk as to be in line with the benefits (again, when compared to the phone, which is seriously a hacker's/evil state's dream)

      Bottom line: the phone is better tested and documented tech, over which you have far more control, and which confers significant communication benefits. I see no such case for the Echo or its ilk. They're all downside as far as I'm concerned. I can order soap with a keyboard and operate light switches manually just fine, thank you.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    10. Re:Good grief by sobachatina · · Score: 5, Funny

      I just got a google home when they went on sale a couple weeks ago.

      I already had a chromecast and audio chromecast.

      My kids, who don't have phones, now say "Hey Google, play Christmas music on the family room speaker" And it happens. "Goodmorning" and it tells me the weather and my commute time while I eat breakfast. "Add eggs to my shopping list" as I'm walking through the kitchen thinking about it. "Turn off the Christmas trees" as I walk upstairs to bed.

      All of these tasks could be done with my phone. Most of them are much faster and convenient to just say. There are some things I still use my phone for- like picking specific radio stations or tv episodes to cast. It's been a fantastically useful tool.

      I suppose the trade off is that I now have to refrain from planning my murders or insurrections in my kitchen.

    11. Re:Good grief by Rick+Schumann · · Score: 3, Insightful

      You already own one of these you carry everywhere — your cellphone.

      Not all of us. Some of us see so-called 'smartphones' as a 'dumb' choice because of security and privacy issues, as well as being gouged for dataplans by greedy wireless companies. The $50 plastic LG clamshell phone I do have is turned off at least 90% of the time, and since I'm an electronics person, the GPS is even disabled in hardware (antenna grounded). Furthermore I regularly recommend to people that they think carefully whether they really need a smartphone or not, and if not, get rid of it and get a basic cheap phone that's good at being a telephone and leave it at that.

      Furthermore I have a dim view to say the least of people like you who tell others to 'give up and give in' to having their privacy and their lives invaded by shitty corporations and shitty governments who want to stick their little brown noses in people's private business. You can be a coward who allows all this to be done to you all you want, and I'll look down my nose at you and everyone like you, but do NOT go around telling people to be like you. Privacy is still a Thing, it's worth protecting and fighting for, and it's criminal so far as I'm concerned to tell people otherwise.

    12. Re:Good grief by freeze128 · · Score: 2

      So you don't need a home pod or echo, just use an old cell phone that is plugged into a charger.

    13. Re:Good grief by interkin3tic · · Score: 2, Interesting

      The panopticon wasn't really the main problem in 1984 though. It was that the vast majority of that society unquestioningly accepted the government made truth over reality. Only 38% of our society does.

    14. Re:Good grief by ScienceofSpock · · Score: 3, Insightful

      This is LITERALLY the single most stupid comment I have seen on slashdot.

      Let me get this straight: You think that these IoT devices, that have problems with their own security, are going to hack your router and "fog" your log files? Then you go all internet-tough-guy and threaten to "smash-face" someone because he actually explained how you can monitor and see how much traffic your IoT devices are actually sending back.

      Worst. Troll. Ever. 0/10

    15. Re:Good grief by Radical+Moderate · · Score: 2

      Yes, but the transmitting would be noticeable...unless it stored the data then uploaded in bursts when you had a wi-fi connection, so not data usage on your cell plan. Heck, it could upload only when charging, so no battery hit at all. Which would be totally doable. Damn.

      --
      Never let a lack of data get in the way of a good rant.
    16. Re:Good grief by ScienceofSpock · · Score: 2

      I think your threshold is probably set too high to see the comment I was actually referring to.

    17. Re:Good grief by ShanghaiBill · · Score: 2

      If it were constantly sending full audio and video back to the mothership ...

      Nobody is saying cellphones are doing it "constantly". Monitoring a microphone requires very little power, and it could then only record when a human voice is detected. Lossy compression works well for voice, and can vastly reduce transmission size. The phone can also wait until it is on a charger to transmit.

      Also, a cellphone does not require malicious intent from the manufacturer. A malicious app can have full access to the microphone and camera. Amazon Echo doesn't work that way. It has third party apps, but they do not have access to the microphone. They only get specific "trigger" phrases that follow the "Alexa" keyword.

      If the security issues with the Echo were a candle, issues with a cellphone would be the midday sun. Only the paranoid survive, but you need to be paranoid about the right things.

    18. Re:Good grief by citylivin · · Score: 2

      ""Hey Google, play Christmas music on the family room speaker""

      Go to shoutcast.com type in christmas, select any number of options. Bookmark your favourite .pls file for later.

      " "Goodmorning" and it tells me the weather and my commute time while I eat breakfast."

      I look outside for weather, and i take a train with a schedule, so its always the same commute time.

      " "Add eggs to my shopping list" as I'm walking through the kitchen thinking about it."

      a note pad of paper on top of the fridge has worked for me for years.

      ""Turn off the Christmas trees""

      You dont have all your xmas lights on timers? what a waste of time.

      But i'm sure all of these slight conveniences is worth having a device spy on you from a for profit advertising company.

      --
      As a potential lottery winner, I totally support tax cuts for the wealthy
    19. Re:Good grief by yorgasor · · Score: 2

      I have disabled the 'OK Google' functionality on my Pixel 2. I don't want my phone always listening to me. But it came with the little speaker pod that my kids loved playing with (although I make them turn it off when they're done). However, I quickly discovered that my phone kept responding to 'OK Google' being said by my kids nearby and prompting me to reenable the service so it could respond to my queries. So, even though I disabled the functionality, the mic is still always on and listening for me to say 'OK Google'. That gave me very warm fuzzy feelings knowing that my phone is still listening in even when I tell it not to.

      --
      Looking for a computer support specialist for your small business? Check out
    20. Re: Good grief by ConceptJunkie · · Score: 2

      That probably would solve a lot of problems in Hollywood and Congress...

      --
      You are in a maze of twisty little passages, all alike.
  2. obligatory xkcd by Doke · · Score: 4, Funny

    https://xkcd.com/1807/

  3. Simple Solution... White Noise. by Zurkeyon3733 · · Score: 2

    As you ALREADY have these mic's on your TV, Cell Phone, WebCam, Etc... A white Noise Generator at frequencies only a Mic can hear, are the ONLY option for true privacy in your personal space anymore. Besides totally withdrawing from electronic/digital society. Good thing they make simple circuits for this from one end of the internet to the other :-P

  4. Definitely 'nope'. by Baron_Yam · · Score: 4, Insightful

    I want something open source, that runs locally on my home network. If it requires connectivity to a server on the Internet, I don't want it.

    There's no legitimate reason such a device can't be made except so that the tech companies can access whatever data they want - which yes, is PROBABLY just for product improvement (which will include better, creepier targeted advertising), but is also a massive invasion of privacy with all sorts of potential to be used by criminals and the government doing things you'd consider criminal.

  5. My comment from the site by DarkRookie · · Score: 2

    Who wants to bet within the next week, there will be an article praising these things.

    --
    The millennial that doesn't like most of the stuff designed for millennials.
    1. Re:My comment from the site by DontBeAMoran · · Score: 2

      Who wants to bet within the next week Adam Clark Estes won't be working for Gizmodo anymore?

      --
      #DeleteFacebook
  6. A Smart Speaker is indeed a terrible gift by michiganbob · · Score: 2

    Even if you remove the privacy argument, it's an awful gift. You're imposing your choice in technology on someone else. It's akin to an Android user getting an iPhone dock as a gift... it's going right in the trash.

    I'd put it up on the list of bad gifts along with lottery tickets.

  7. Audio Security by notrelevant · · Score: 2

    Just install an On/Off switch in the microphone line to ensure it's not listening when you don't want it to.

  8. This is a legitimate concern by evolutionary · · Score: 2

    To the person making the comment about the cell phone burning a hole in your pocket in your pocket if it was always recording, not at ALL true. Oh, and bandwidth allowance may not be an issue either if there was an understanding between, say, google/apple and ISPs, plus government monitors. There is a reason why many new phones are designed in such away it is surgery to remove the battery which is the only sure way to be sure it isn't monitoring. There was a reason Snowden had cell phones put into a microwave when the reporters were meeting him: he knew they can always be listening/watching, regardless of settings by the user. The limitations people HOPE there are on a cell phone in regards to limitations are an illusion. Don't believe me? Try using apps like WeChat for awhile. your battery would not be dead either (certainly not on the new phones with the non-removable battery). I know because I've had conversations using apps that have gone one for hours which barely put a dint in the charge and my phone did not require a recharge for several days after. But I digress.

    Any device that can listen and has access to the Internet is probably listening. There is a project that claims to plug this hole called Purism ( https://puri.sm/products/ ) with a hardware shutoff switch for the "holes" that are on by default on. And don't forget, Google was recently caught with their hand in the cookie jar, taking user location data even if you turn it "off" on your phone. The Cell phone, like these vocal response devices, are in essence trojan horses. No one should be having devices that listen 24/7 in their home. If we don't fight to protect our privacy, government and private business will assume permissions has been given. It used to be one had to break into your home, plant bugs, and monitor close by to do the kind of intrusive monitoring that can be done just by putting out devices people think are "cool" or convenient. It's like Mark Twain's whitewashing chapter in Tom Sawyer: We pay to let people into our home and take our data.

    --
    "Imagination is more important than knowledge" - Einstein
  9. Privacy by Titanek · · Score: 4, Interesting

    I make an analogy to privacy by asking people if they close their curtains/blinders at night, or if they let the passersby look inside. Usually gets the discussion going.

  10. It's not hard to figure it out by Guyle · · Score: 4, Insightful

    Seriously, has anyone bothered monitoring packets from an Echo or Google Home using their router or Wireshark? If these devices ARE uploading voice data when you're not actually using it then it's not difficult to figure out. I monitored mine at home for a month straight, and the only spikes in OUTBOUND traffic coincided with the precise times I asked Alexa for something. Beyond few bits here and there, which are too small to hold any meaningful audio of understandable quality, I failed to detect any secret surveillance.

    With all of the engineers out there (who are smarter than me, for sure) there has to be folks who've tried what I have on a bigger scale with better tools, and if someone had found evidence of illegal surveillance, they would have come forward by now. It's what everyone wants, right? To PROVE these things are evil?

    If you say audio uploads aren't detectable then give me a plausible method for ex-filtration of the data.

    1. Re:It's not hard to figure it out by Anonymous Coward · · Score: 3, Interesting

      If you say audio uploads aren't detectable then give me a plausible method for ex-filtration of the data.

      1. Record audio with compression. (It is a LOT smaller than you all apparently think)
      2. Transmit it when owner asks Alexa for something.
      3. Profit.

    2. Re:It's not hard to figure it out by krelvin · · Score: 3, Interesting

      Seriously, has anyone bothered monitoring packets from an Echo or Google Home using their router or Wireshark? If these devices ARE uploading voice data when you're not actually using it then it's not difficult to figure out. I monitored mine at home for a month straight, and the only spikes in OUTBOUND traffic coincided with the precise times I asked Alexa for something.

      As a person with mobility issues, I have 3 Echo Dots and now 2 Google Home Mini's. They control more than 12 switches and a number of other sensors throughout the house making my life much easier.

      I too monitored the traffic from the echo dot when I first got it and like the @Guyle above, came to the same conclusion.

      My cell phone captures much more information than these devices do.

    3. Re:It's not hard to figure it out by sinij · · Score: 3, Insightful

      I choose to sleep under a hanging sword suspended by a single strand of horse hair. I closely monitored this sword, and have no detected any signs of it falling down and killing me in my sleep.

      If you say this sword is going to fall and kill me in my sleep, give me a plausible method for how it would work.

    4. Re:It's not hard to figure it out by hey! · · Score: 2

      And if they did upload all that data, who would *analyze* it? Data collection is pointless in itself, it's the analytical products that you want. The cost of *manually* going through that data would astronomical for the value obtained. They'd have to have centralized computers comb through that uploaded data to find whatever it is they were looking for.

      Now if the thing sitting in your kitchen or TV room actually had a computer inside it that could listen to and classify speech, you'd have a genuine cause for concern [note generous use of sarcasm and ironic understatement].

      There's no doubt these things exist to spy on you, but even knowledge about you is just a means to the end; nobody really cares that much about you. The vendors' goal is to shape your behavior -- specifically your purchasing behavior. But once that capability is widely enough accepted and deployed it could easily be re-purposed to control other kinds of behaviors.

      What Amazon and Google are building is the most powerful and intrusive general purpose network for the monitoring and control of human behavior ever conceived. It doesn't really matter that that's not what their intention is, once the network is sufficiently ubiquitous there will be reasons to use it for other things, reasons that some people will find compelling. That may come in the form of a legally enforceable government demand in the wake of a moral panic over drugs or terrorism. Or it might be hacking by (heretofore) non-state actors. The network will be there, all that is waiting is the will and means to exploit it.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  11. Wouldn't it be nice.. by fluffernutter · · Score: 2

    Wouldn't it be nice if we could trust these companies to only use your voice for the purpose you intend as a consumer?

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  12. Yes and no by joh · · Score: 2

    First, I don't need these things either. But "installing a device that can literally listen to everything you're saying" is something you do ANYWAY. Every device that has a microphone and an Internet connection and that runs software that you didn't write can potentially do exactly the same.

    If you don't believe Amazon, Apple or Google that they don't surveil you with these gadgets, why should you believe them when they say that they aren't listening to everything you say through your smartphone or your laptop? Why?

  13. Privacy and Security, is obsolete now. by geekmux · · Score: 2

    You might as well give up on trying to convince the masses that they should suddenly start giving a shit about privacy or security. Based on the products they worship, they obviously no longer care.

    System got hacked? Oh well, buy a new one. Identity theft? That only happens to someone else.

    The masses gladly give up their digital soul in exchange for a free service. Pathetic, but so true there's no way anyone can deny it.

  14. Re:For the very same reasons.. by JaredOfEuropa · · Score: 2

    To Gizmodo as well as yourself: your concerns are valid and noted. But I'll be the damn judge of what I or my family needs, thank you.

    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
  15. the other way around by aepervius · · Score: 2

    It is usually the onlooker which beg me to close the curtain at night. Usually a lot of tears and "oh my god" is involved...

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
  16. What's the big deal? by thunderclees · · Score: 2

    In Orwell's 1984 Winston had a television that listened to his voice.
    How bad could it really be?

  17. Cloudless by mrwireless · · Score: 2

    Thing is, the trade off doesn't even have to be there. Things can be 'smart' without using the cloud. We just have to demand they work this way.

    For example, Nest thermostats didn't work during an internet blackout, leaving people in Canada freezing. Many 'smart' things use the cloud because their designers followed the trend or wanted access to behavioral data.. not because it's a good design.

    Nest source:
    http://www.cbc.ca/news/technol...