Slashdot Mirror
Woman Says Alexa Device Recorded Her Private Conversation and Sent It To Random Contact; Amazon Confirms the Incident (kiro7.com)
Gary Horcher, reporting for KIRO7: A Portland family contacted Amazon to investigate after they say a private conversation in their home was recorded by Amazon's Alexa -- the voice-controlled smart speaker -- and that the recorded audio was sent to the phone of a random person in Seattle, who was in the family's contact list. "My husband and I would joke and say I'd bet these devices are listening to what we're saying," said Danielle, who did not want us to use her last name. Every room in her family home was wired with the Amazon devices to control her home's heat, lights and security system. But Danielle said two weeks ago their love for Alexa changed with an alarming phone call. "The person on the other line said, 'unplug your Alexa devices right now,'" she said. '"You're being hacked.'" That person was one of her husband's employees, calling from Seattle. "We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'no you didn't!' And the (recipient of the message) said 'You sat there talking about hardwood floors.' And we said, 'oh gosh, you really did hear us.'" Danielle listened to the conversation when it was sent back to her, and she couldn't believe someone 176 miles away heard it too. In a statement, an Amazon spokesperson said, "Amazon takes privacy very seriously. We investigated what happened and determined this was an extremely rare occurrence. We are taking steps to avoid this from happening in the future."
Further reading: Amazon Admits Its AI Alexa is Creepily Laughing at People.
Further reading: Amazon Admits Its AI Alexa is Creepily Laughing at People.
"Amazon takes privacy very seriously."
Obviously not.
You're nuts to have any of these devices in your house, or at the very least, plugged into power when you're not actively using it.
We investigated what happened and determined this was an extremely rare occurrence.”
Wow, that settles it, don't ya worry, it's like being hit by a meteorite. A far, far away danger. Until it hits YOU.
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
I'm really not one of those people who fear new technology or anything of the sort. However, how can it not eventually go horribly wrong when you plant recording devices in your own house that are designed specifically record and send the audio offsite. Eventually, there will be mistakes made with the audio or a hack, or something you said will violate some law "forcing" the company who has the recording to do some particular thing with it.
I'm all for new technology, but these things should have bad idea written all over them in bold print.... and I don't mean that to be specific to Amazon, either. Apple and Google's take on the things are just as bad.
More people should make an effort to understand what their personal electronics actually do before purchasing. We (as a society) need to incorporate classes on this sort of thing into primary education classes.
I received one of these messages just a week ago. Alexa sent me a message of my friend and his girlfriend having a private moment. I immediately texted him to ask if he intended to do that and he did not- so weird.
So an always-on microphone with access to the Internet that processes and transmits voices recorded and transmitted their conversation? Who could see that coming?!? How could anyone be even a little bit surprised this happened. This would be like being surprised their microwave heated food.
I'd like to say I feel bad about this, but I'm afraid I can't.
You brought this thing into your home, in the case of this lady apparently a bunch of them. You chose to have microphones scattered around your home, you chose to connect them to the internet.
I'm over feeling sorry for people who buy this shit and then discover it's spying on them.
Boo fucking you. If you want sympathy, go someplace else.
Yet another reason why I will never own this kind of shit, or any of the IoT garbage being peddled to us.
I've been thinking for a while that this is the kind of thing that needs to happen more to get people to actually care about their privacy. Maybe a timed worm that'll gradually install itself on all sorts of these devices, and all at once start sharing recorded conversations with strangers. Or a smartphone virus that randomly takes pictures of people while they're facebooking on the toilet and posts them.
My phone has several very good microphones, as does my computer. Both devices also have extremely good cameras. It seems silly to focus on devices like Alexa and Google Home when they have relatively small market penetration and are less capable of spying on us than the cellular and GPS-equipped monitoring devices we slip into our pockets whenever we go *anywhere*.
My husband and I would joke and say I'd bet these devices are listening to what we're saying,"
Um, yeah ... that's how they know you said commands and stuff. They listen to what you are saying.
The problem which I have with all kind of voice recogition is that - right now - they seem not to have a good indicator if they understood "something" of "what you said". Try telling google voice keyboard a random story about a nontrivial event in you life 10 years back - it will understand something - and that something will be take from the set of things people "usually" say. So it is obvious that if you talk enough in presence of these devices and some point they will mishear words and recognize these as one the thing they were designed to do.
Because it was programmed to. It doesn't happen by itself. In this case it just happened to forward it to the wrong person, instead of Amazon.
If you buy these devices, just know that _anything_ you say, can be recorded and stored permanently, and possibly used against you.
Frankly, you have to be fucking nuts to buy one of these things.
33b9 9267 0931 549d
f257 8a50 e338 0b54
1dec 4b48 274e 9966
e00e 49b6 3993 02e2
de05 ebc4 c416 e648
afef eb2d eb8a f3f2
e866 64e0 5efe db8b
643a 19bb c460 c407
Wanna be more specific, Amazon?
Like, actually say what really caused it to happen so that people can evaluate for themselves just how rare it is?
Because, you know... if your trustworthiness has already been called into question by evidence that a private conversation was eavesdropped on by your technology, then it makes no reasonable sense to simply take your word for it that whatever caused it to happen was genuinely "rare" at all.
I'm not saying that Amazon is necessarily lying here... but it makes no sense to actually trust what they are saying about this without being able to evaluate that claim's veracity for ourselves, and the longer they stay quiet, the sooner any honest skepticism can slide into outright disbelief.
File under 'M' for 'Manic ranting'
So how long until one of these things in a confessional relays "inappropriately"?
What Amazon says:
“Amazon takes privacy very seriously. We investigated what happened and determined this was an extremely rare occurrence. We are taking steps to avoid this from happening in the future."
What they don't say:
We are taking steps to ensure that no one gets your audio data.
Check your premises.
Amazon takes privacy very seriously.
Evidently not if an occurrence like this was even possible.
We investigated what happened and determined this was an extremely rare occurrence.
"Extremely rare"? That implies this has happened more than once. That's more than a little disturbing.
I'm feeling pretty good about not buying any of these wiretapp... err, personal assistant devices.
Aaaaaahahahaha .... ROTFL!
We suffer more in our imagination than in reality. - Seneca
I understand that this stuff it convenient to have, but like how hard it is to hit a damn light switch. I also wouldn't trust it to order a damn thing off amazon, if I said Alexa order toilet paper or what ever, I'd assume that amazon has it programmed to give me the worst deal possible, because they make the most money that way.
Bring on the Twitter and Slashdot rage storm! (pffft)...
You're messin' with my Zen Thing, man.....
Part of me wonders what really happened here...
An Alexa device can make phone calls if set up for it, and they apparently had this person's phone number imported into their Alexa contacts, so they clearly had that feature configured.
So was this just a case of Alexa making a phone call, without "Daielle" being aware of it? If the call was to a google voice number or similar service, it would just recorded the unanswered call and emailed them. This case would be just a speech activated equivalent of butt-dialing, paired with a google-voice emailed voicemail twist.
Or was this a case where Amazon generated audio files and then emailed them to some random person out of the contact list?
I kind kind of understand how the first case could happen by accident, but still be disconcerting. However, the second case would be very disconcerting.
Given that Amazon is offering to de-provision the communications feature for them, I'm inclined to think this was a "butt dialing" incident, but I'd love to hear some actual details to confirm one way or the other. Clearly the title of the news article is designed to make you think it was the second case, where Alexa recorded the call, not google voice, but there's a lot of vagueness here that makes it unclear.
-Matt
You have to be six degrees of stupid to allow an always-listening device like Alexa into your home. I don't care how convenient or cool it is.
Amazon said they take security very seriously. Nothing is ever enough for you people!
How exactly is Amazon not subject to violation of Federal wire-tapping charges in this case?
"We investigated what happened and determined this was an extremely rare occurrence.”
Where "this" is them getting caught at it.
They meant to send the audio and contact info to advertisers of hardwood floors. The need to fix their algorithms so the audio gets sent to the correct advertiser.
I'm a consultant - I convert gibberish into cash-flow.
I don't think you can measure how stupid this is
nothing to see here - move along
You surely note Amazon did not name their product 'Abug'.
Instead gave it a sexy name Alexa, so you wouldn't think of it as potentially a 'bad bug.'
Technology is good for some things, but terrible for others.
I think the obvious difference is that these home assistants by Amazon, Apple, and Google are actively listening by design. I have the Google assistant turned off on my Pixel...I know because it keeps notifying me to turn it on. Now could the mic on my phone or pc be activated by an unscrupulous actor a la "Person of Interest"? Sure. But that seems far less likely than a software glitch in a device that's supposed to be listening to me.
Amazon is taking steps to make sure this doesn't happen in the future. I already took steps to ensure it would never happen by not buying a device like that.
I'm sorry, but your opinion seems to be wrong.
--- Alexa.cpp (revision 13)
+++ Alexa.cpp (working 14)
@@ -108,8 +108,8 @@
SpyOnUser();
SendConversationToAmazon();
-SendConversationToRandomContact();
+//SendConversationToRandomContact();
CoverEvidence();
I assume what happened was they triggered the "send a voice message" function in their conversation and their Echo device's volume was turned down and didn't hear the Echo activation beep or see the light. Based on this guide, all you have to do is say something that sounds like "Alexa send a voice message to XXX" and if XXX is a unique contact id, then the Echo sends it without further confirmation.
https://www.amazon.com/gp/help...
To send a voice message using a supported Echo device
1 - Say, "Send a message to [contact name]."
2 - If the name is similar to other contacts in your address book, Alexa repeats the name back for you to confirm.
3 - Once you confirm the name, Alexa prompts you for the message.
4- When you've finished talking, Alexa sends your voice message.
I kid of course, would be hillarious though. I want to believe Amazon will be fined out the ass for this rather then their bullshit PR trying to downplay it.
Can anyone that is recorded face any legal peril whereby the recording is mistakenly sent to unintended recipients? ie. Slander, defamation, hate and the like.
Dave, I've noticed your bowel movements are growing in time, so I told the google telephone assistant AI schedule a visit to your doctor.
Dave, I've noticed your shower runs for more than 5 minutes, and that's a waste of water. I posted this shameful habit to your Baidu page and lowered your Beijing social credit score.
Some drink at the fountain of knowledge. Others just gargle.
"the recorded audio was sent to the phone of a random person in Seattle, who was in the family's contact list"
No, it wasn't sent to a random person, you wouldn't have a random person in your contact list. It was apparently sent to the husband's employee.
translation - we have no idea why it accidentally sent it to one of your contacts when these recordings are supposed to be sent to us.
Consider what is required to make this "rare" incident possible:
- Alexa must continually record audio, and upload these recordings.
- Alexa has access to your contacts list.
- Alexa is able to send email, including attachments.
How many people have any idea that Alexa has these capabilities? In particular, that Alexa is recording audio and uploading it to who-knows-where?
Ok, ok, most people wouldn't care if they did know. I'll go cry in a corner now.
Enjoy life! This is not a dress rehearsal.
People used to be afraid of wiretaps. Now they willingly install them in their own homes.
We wait for apologies from all the /. fanboi's who ridiculed anyone saying this was possible..
We wait. We're not holding our breaths, but we wait.
You misunderstand - They *do* take privacy very seriously: it interferes with their profit margins and they're doing their best to eliminate it without triggering excessive consumer backlash.
As yourself this: Does this incident make you substantially less likely to buy or use one of their home surveillance devices, or were you already committed to one camp or the other? If there's no substantial change, then they're doing an effective job of limiting backlash.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
You're nuts to have any of these devices in your house, or at the very least, plugged into power when you're not actively using it.
That ship has sailed. Phones are ubiquitous, any VOIP phones you have are on your network, and many computers and monitors and other devices have built-in microphones. Most conversations in the developed world happen in the presence of a microphone, and will do so for the foreseeable future.
Real lawyers write in C++
and that the recorded audio was sent to the phone of a random person in Seattle, who was in the family's contact list.
So less of a "random person in Seattle" and more of a "random person in the family's contact list". Why even say it like that unless you're trying to intentionally drum up FUD?
Reminds me of this short story:
http://www.baen.com/chapters/W...
"When information is power, privacy is freedom" - Jah-Wren Ryel
The Alexa app lists the commands given. In a situation like this you look at your phone to see what was heard and interpreted by the app. As the Echo can already send audio to someone in a contacts list it seems likely to have been something in a conversation which triggered the action, rather than the device obeying some secretive overlord.
So Amazon, how many total incidents like this have there been?
Were any of the calls to or from minors? which might have legal repercussions......
Of course it is... normally all of the uploaded conversations are stored on Amazon's servers, not sent as voicemails to someone on the contact list. Completely isolated incident..
Birch hardwood floor. Repeat, Birch hardwood floor.
The chair is against the wall. The chair is against the wall.
Who the fuck knows what she's doing if she's able to record an entire conversation and send it to someone. That's not what Alexa's supposed to do. She listens to a command or two and does something for you (plays a song, tells the temperature).
And if you believe that's all these home surveillance devices foolish people have been buying and putting in their homes do (because ... shiny! new!), then I have a very nice bridge in Brooklyn I'd like to sell you. Half price, today only!
While automobiles kill a lot of people year on year, it's a tiny fraction of drivers.
I don't for one minute believe a tiny fraction of Alexa/Siri/Google Assistant users are being recorded for posterity (and big data analysis by whoever pays Amazon/Apple/Google enough) are a tiny fraction. These are surveillance devices, pure and simple, and people are being fooled into paying for them and bugging their own homes, simply because they are shiny and new, and make you feel like you're in a Star Trek episode.
So the grandparent, while a bit unkind, is spot on. People who lace their homes with surveillance devices connected to the Internet have only themselves to blame, and should have done even a modicum of due diligence if they cared at all about their privacy.
I do, and I don't own a single one of these devices. My wife and I do have I iPhones, which (when we're home) we put in the office, at the opposite end of the house from where we do our day-to-day living, behind a closed door. And we're both very cognizant of the fact that that may well not be enough to entirely protect the sanctity of our home from outside ears.
An update on Ars Technica has details: https://arstechnica.com/gadget...
In short: A string of words in a voice conversation was interpreted to be "send a voice message", which it did. Probably the best fix: Make sure the Echo's voice responses through the several steps needed to accomplish this cannot be muted and are played at a volume level louder than the ambient noise in the room.
This makes the whole thing the equivalent of a butt dial to voicemail circa 1997. Sit on your non-flip phone and either speed dial someone or re-dial a previous number. The call goes to VM and if you're talking the whole time someone gets a 30-minute "file" of someone talking and not knowing they are being recorded.
(Emphasis mine)
Maybe people would think about these things differently if they thought of them as smart listeners.
Beware! Whenever a company claims "we take privacy very seriously", you should run! That company will do whatever possible to collect as much private data as possible about you to control and abuse you for its own purposes.
What do expect people?
Why do you think these devices are sold?
Requiem for the American Dream
I would say just human average. Which is pretty damn stupid.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
So Alexa isn't deliberately programmed to record your conversations and send them to someone else!? I'm not suggesting any particular organisation might be interested in our conversations. Seriously!
"I never thought leopards would eat MY face," sobs woman who joined the Leopards Eating People's Faces Club.
Just cruising through this digital world at 33 1/3 rpm...
I've removed the batteries and use the iOS app only. At least IOS let's you have some control over the mic.
When it comes to privacy and user's software freedom, there's no substantive difference between one of these spy devices (which must listen all the time in order to hear the command phrase) and a tracker. I prefer a more honest name for what are otherwise called a "cell phone" or "mobile phone"; if the beginning of wisdom is to call things by their proper name we shouldn't call these devices by their sales name. Since geolocation is what these devices do most, we should call them what they are. The only substantive privacy and freedom related difference between the home spy device and a tracker is rather minor: you can't tell when the tracker is listening. But both devices could be covertly monitoring their users without signaling this to the user or giving the user control to stop that behavior. When considered from a user's privacy and freedom perspective these devices share more in common than they differ.
"If you apply General Curtis Le May to a situation and you get havoc, well, that s what you called General LeMay in for" (to use an Eben Moglen quote out of the context in which he said it); if you host a device in your home running proprietary software you ought not be surprised that it is spying on you and the proprietors determine what to do with that data, not you.
We must not forget another critical component of all this: these devices run on proprietary (nonfree, user-subjugating) software. Therefore the user has no permission to: inspect what it does, modify it to do only what the user wants (or, since most computer users aren't programmers, get someone technical they trust to perform such modifications for them), run the modified software in their device, and distribute copies of the improved software to help their community.
If these devices ran on free software (software that respected the user's freedom to run, inspect, modify, and share) the more technical among us could help them. But as it is even the most technically-minded willing person cannot legally do this work to help them.
As Eben Moglen reminded us after the Snowden revelations came out: It's critical that we don't fall into the trap of saying something akin to 'those kids take too many darn pictures' like concluding that we just can't have these devices or their services at all. We can have all of their alleged conveniences but only if we have free software implementations.
Digital Citizen
To try and quantify how stupid, consider the number '8'. Now turn it 90 degrees...
> "My husband and I would joke and say I'd bet these devices are listening to what we're saying"
That's how fucked in the head people are nowadays...placing microphones in their homes, then 'joking' about them working as intended. Oh the LOL'z.
makes you wonder how all these services are build/managed, it seems they have become so complex and big that nobody knows anymore.
it's either that, or the service worked as intended (but in this case i fail to see why they would want it to work like this).
we need to take step back and make sure we're still in control before it really gets out of hand with rampant services nobody knows how to control.
On a long enough timeline, the survival rate for everyone drops to zero.
I knew that /. was supposedly filled with geeks, and that they aren't the cleanest of people, but holy hell ... ! ...
5 minutes is considered a lot, and 45 seconds normal??
You are some nasty fucks!! Seriously! ... I mean with soap, between the toes, and rinsing them with water! ... I bet you haven't done that since that one time in your childhood!
When did you wash your feet the last time?
The "listening" angle is a red herring, because they're going much farther than listening. They're permanently recording your private conversations, and the world needs to recognize this, NOW.
Just get a "Faraday Cage" pouch for it. I have one. They're usually called signal blocking pouches. It works great. Calls can't get through, music streaming quits as soon as the buffer runs out, etc. Can't be tracked. And they're cheap. Need to use the phone? Just open the pouch.
I used to have a ceramic pocket knife too, with a plastic handle. Accidentally walked right into a federal courthouse with it for jury duty. Oops. Never got caught for the entire week. Now you can't find ceramic knives anymore. I wonder why?
Point being -- if the Faraday cage pouches disappear from the market, then you really know we have something to worry about. Keep your eyes open.
Amazon: We're very sorry. The recordings were suppose to go to the NSA. We just don't know how it went to some random person.
Just make sure you're not out in the pod when Alexa goes off the rails.
... you did bring a listening device into your home, one with "AI" (whatever the fuck that means anymore). Right?
Play with fire and you're gonna get burnt.
broken by design.. ie the fact that this could ever happen tells me the algorithm & code is broken by its design.. perhaps amazon should have considered a "capabilities" design pattern?
Capability type systems would have avoided this class of flaw completely as no key would have been available to decrypt the voice stream when it arrived at the foreign device...
also using the design patterns in "translucent databases" by Peter Wayner could have helped here...
anon