Why not just
tape over Alexa's microphone?
Project Alias is a homebrew gizmo that aims to deafen Alexa and Google Home until a user is good and ready for the creepy little cylinders to pay attention. By following an Instructable from Amsterdam-based Bjørn Karmann and Tore Knudsen, those confident with a soldering iron can build their own kit using a Raspberry Pi A+ and …
Downvoted because then you've effectively rendered the device useless. You'd have to get up to remove the tape every time you wanted to use it. It makes as much sense as buying a remote control TV, and then taping over the IR lens for some reason so you need to get up to change channels.
Like the webcam on 90% of company notebook machines, staff do remove complain about crappy image quality and retape the webcam back up (Because they fear someone is spying on them). Amazingly HP now have a plastic slider to cover over the webcam (People still put bloody tape over the bleeding things).
So yeah it woulnd't surprise me if people are covering the mic on their iot fad that is never turned on.
You mean the button that says "Whatever you do, please don't listen to anything I'm going to say because it could be used against me"?
That's a bit like "trust me, I'm not a spy. No, honest, guv, I won't listen to a thing, no really, really I won't. Sorry, how many nipple clamps did you say you wanted. Oops..."
I would consider allowing one of these devices into my home if it had such a button, provided that the button operated by physically removing power to the microphone pre-amp. It would also require an LED on that power line so I could see if the device was capable of listening or not.
"I would consider allowing one of these devices into my home if it had such a button, provided that the button operated by physically removing power to the microphone pre-amp. "
Well it's not just devices, most smartphones and laptops/desktops can have these facilities, even if your's don't someone else's can, safest is to assume you are always being monitored lmao
>I would consider allowing one of these devices into my home if it had such a button....
There is such a button on the interface and when Alexa is switched off she responds by lighting an ugly red ring around her periphery.
There's also a version of these devices, the Tap (soon to be obsolete), that doesn't respond to a wake word, you have to press a button to get it to do something.
I've never bothered much about Amazon spying on me since they're primarily interested in selling me stuff (and since I've been buying stuff from them for a bit over 20 years they probably have got to know me quite well by now)(which is exactly what happens in a bricks and mortar store, BTW)
I would consider allowing one of these devices into my home if it had such a button,
Nope, still wouldn't. What is said in the privacy of my own home stays there. I do not want to later discover (as is bound to happen) that there are terabytes of recordings of one's home stored somewhere "safe" on a "secure" S3 bucket, sufficient to give a future audiences of "You've Been Recorded" moments of hilarity. In other words:
"Let's stick a button on the top of it and pretend that its a real on/off switch. They'll never know the difference."
So you'd buy one if it had a button that lit a light and told the device to not respond? Because that's all Google would do. Sure, they'd SAY it wasn't listening, but in reality they'll still be slurping your life. In fact, I could see pushing the button being a signal to Google that they needed to give the recorded sound some extra scrutiny...
"I would consider allowing one of these devices into my home if it had such a button, provided that the button operated by physically removing power to the microphone pre-amp. It would also require an LED on that power line so I could see if the device was capable of listening or not."
Teardowns of some (not seen all) of the Amazon devices seem to show that this exactly what the mute button does. Physically cuts power to the mic in a way that can't be switched back on electronically.
"is that why you can't remove the battery from most phones now?"
It's cheaper to make a phone that doesn't have to accommodate a removable battery. Glue the thing in and it can be a pouch cell with no hard plastic shell and no contacts to worry about corroding. Just solder the leads and seal the back.
If only they had a button on the top to turn off the microphones....
I was thinking that wiring in a "push-to-talk" switch in the microphone would be less involved. Of course, the microphone is likely so ingrained into the circuitry that you probably can't add a switch into the circuit.
Yeah, going with the 'don't have one in my home' methodology. The alternative would be to use one of those raspberryPi projects to do a build-your-own Alexa/Siri/Google client box you can mod yourself.
"A button renders the thing useless because then you have to walk over each time you want to use it"
Not if it's an on/off button (with LED, natch) rather than push-to-talk. That way you can impress your date with Alexa's ability to tell jokes and order take-away but turn it off before you get down to the horizontal jogging
(yeh, I know it's wishful on my part... but we can't all be trendy hipsters... mine's the Tesco meal-for-one and a QI rerun on Dave)
"Jut not buy the things in the first place???"
Not from Amazon in India...
"Amazon's own range of Echo speakers, its Presto-branded home cleaning goods and other Amazon Basics products such as chargers and batteries had also disappeared. "
I like that I can "ok google navigate to X" in the car and get directions pretty reliably, rather than trying to type and not crash while driving."
Of course, a dedicated GPS unit will do this without telling an unknown number of servers and companies and other organizations where you are on a second by second basis.
"OK Google, navigate to X"
"Location data for X not found, please be more specific"
"OK Google, navigate to X, $country, $region."
"Location data for X, $country, $region not found, please be more specific"
"OK Google, navigate to X, $country, $province, $region, $district."
"Location data for X, $country, $province, $region, $district not found, please be more specific"
"Oh, fucking hell"
"Calculating route to Hell, Trøndelag, Norway via Fucking, Upper Austria, Austria."
What's exactly creepy about it? Apart from, because the internet said so...
I find mine incredibly useful for home automation, as trying to get into my wheelchair, get across the room and using attempting to poke the lamp's switch with my stump takes about 20 minutes. "OK Google Turn on the lap" takes 1 second.
OK, so Google now knows I have something I call a lamp, and at dusk time, I usually turn it on. Big deal.
Is it? I've not looked into the details, but I find it hard to believe that a current fast desktop or laptop machine can't handle speech-to-text, given that it could be done with reasonable fidelity in the days of 8086... And I'd take a guess that there's a sane parsing engine that could make sense of common requests and fit in the same machine.
I'd even go so far as to speculate that this is something a Pi or similar would be ideal for:
Listen -> text -> request -> actuator
without any need for a cloud. I can't believe nobody's working on that.
I find it hard to believe that a current fast desktop or laptop machine can't handle speech-to-text
I imagine the majority of the computing power is required by the text-to-request phase of command interpretation. Text is really an approximate form of phonetic encoding, so its relationship to speech is more-or-less finite. Extracting the meaning from the encoded request is a more open-ended problem.
"Extracting the meaning from the encoded request is a more open-ended problem."
But for home automation, the resulting vocabulary is much, much smaller so less to worry about. It may require training to the user(s) voices, but then for home automation you aren't really going to need the complexity to interpret every possible web search or purchase request. 90% could be done using specific words or short phrases rather than interpreting the meaning of the word or phrase. This sort of basic speech recognition could be done back in the 8-bit days because you don't need to recognise what a word is. Just some unique details of the pattern generated through a fairly simple circuit, eg a low and high pass filter with level adjust.
"I can't believe nobody's working on that"
Just a guess, but I think there's far more money to be made in having access to customers' voice data and requests, AND have a ready sales channel, so Alexas et al are probably sold at far less than it would cost to develop and bring to market a comparable stand-alone device.
Of course there are many 'smart home' hubs / devices that can be handled through a home hub and are only internet-connected so you can command them using your phone even when you're not home. It should be relatively easy to reuse these as a local-only controller, cutting out internet connection and using phone command through home wifi network
Just a guess, but I think there's far more money to be made in having access to customers' voice data and requests,
I guess that is just what HMRC are thinking. Soon they'll make it mandatory for us to provide not only a voice sample but our DNA, inside leg (and other items) measurements as well.
"Of course there are many 'smart home' hubs / devices that can be handled through a home hub and are only internet-connected so you can command them using your phone even when you're not home. It should be relatively easy to reuse these as a local-only controller, cutting out internet connection and using phone command through home wifi network"
Most of the ones I have seen won't work without a connection to the mothership. The data collection is a huge part of the revenue stream for somebody like Google, Apple and Amazon. They may not care when you switch lights on and off, but what you search and shop for can be very valuable individually and in aggregate with your neighbors/ age group/ family status, etc. To get all of the functionality all you have to do is give up your privacy and have whatever is said in your home available for subpoena by the filth. It will be very handy for the Pre-Crime units.
"There has to be a market for this kind of thing. Maybe it would need a bit of training that the cloudy ones don't need, but that's got to be worth it."
Just needs a limited vocab for home automation ("lights on/off"), with pass-through command prefix for complicated things... "[Tell Alexa to] bugger off... "Alexa, bugger off"
"mainly used for just waiting porn"
Sounds like your internet connection is from the 90s too, if you're waiting for your porn :)
Then again, my two decade old Vaio does speech to text, and it still works if it loses net connection.
I'm able bodied, so home automation seems mainly like faff to me. The heating is already programmable, no hot water cylinder, the oven, rice maker and slow cooker have their own timers.
"without any need for a cloud. I can't believe nobody's working on that."
Ever seen Dragon Dictate? Speech to text and it's pretty good. You can even give it spoken commands for punctuation and formatting. Digging deeper, it might be possible to send a text file to an automation system to perform a task. I don't see anything too complicated making that work.
but for a much more expensive - but better on many fronts - look at Apples HomePod, especially from the sound point of view, and the Homekit compatible world. The company claims to be far more privacy non-data oriented than the others, and the recent Facebook Shutdown seems to back it up
"The remote server is required for the quality voice recognition."
A relatively inexpensive six year old GPS does it in the noisy environment of a vehicle moving over roads in weather amidst traffic.
I suspect that's a vanishing problem, that serves as a good excuse for massive data collection.
The remote server is required for the quality voice recognition.
Considering old Nokia phones were quite capable of dialling a number based on what you spoke, something like Pi3 would have no trouble at all recognizing something more complex. Granted some training would be required, possibly for each person talking to it, but would that be such a bad thing? At least it wouldn't act on something it might hear on television or radio.
"What's exactly creepy about it?"
Well, you know how it waits for a key phrase so it knows you want it to do something? Do you think it autmagically awakens just at the split second you say the command? Or maybe there's one of Sir Pterry's little psychic imps sitting warmly ensconced in a padded leather armchair just waiting to hear your voice.
Or maybe the electronic eavesdropper is listening to everything and only reacts when you speak the magic words, a bit like a virtual Simon Says with a permanently live microphone. Which is just fine and dandy until some daytime TV host "accidentally" sets Alexa off on a shopping spree or some evil git works out a way to send a datastream to your device that makes it think it just heard you order it to do something; you might think it needs to hear you speak, but what if all those unexpected activiations aren't really Alexa having a hiccup but are the result of the system interpreting completely unrelated sounds as a wake-up call...? And not just Alexa, obviously - my Android phone has woken itself up on several occasions and there ain't nobody said "Okay Google" in the house OR on the TV.
The question is not "Am I paranoid?", it is "Am I paranoid enough?"
And has been proven many times, both have a LOCAL 2 second buffer looking for the keyword, after which the voice command is then sent to the cloud for speech recognition and actions.
"Then again I am not a tinfoil hat paranoid open that believes everything the internet has to say.."
Neither are we, snowflake. You need to work on your critical thinking skills to figure out what's worth listening to. The big tech companies have been caught overreaching and violating our privacy over and over. But you don't believe that for some weird reason. Incident after incident fails to convince you. You are exactly their TARGET MARKET - gullible buyers who can't or won't recognize the frightening implications of these products.
Living proof that the Internet never made anyone smarter.
I don't quite know what the frightening implications are of Amazon hearing "Could be warmer in here. Alexa, turn up the heating." Sound of someone sitting on a sofa and turning on the TV. 3 hours of sound of TV, an hour of snoring, yawn, "Shall we go to bed?" Alexa, turn the heating down. Alexa, turn on the bedroom light. Bathroom sounds, people getting in to bed, Alexa set the alarm for 6AM. alexa turn out the bedroom light. Snore.
PS yes I know I'm responding to a troll but it makes me feel better
"I don't quite know what the frightening implications are of Amazon hearing "Could be warmer in here. Alexa, turn up the heating." "
Then you see something on the news and toss out a statement like "I could kill somebody for saying something like that" only to find out that "I could kill" is a trigger phrase that has the unit flag your account. Wouldn't that be fun if the person you were raging at was killed shortly thereafter and there you are with that statement being forwarded for enquiry?
"Wouldn't that be fun if the person you were raging at was killed shortly thereafter and there you are with that statement being forwarded for enquiry?"
One would hope that when someone gets murdered (or dies suspiciously) that anyone who had enough of a grudge to mouth off about them would at least get a look over. Unless they were a public figure perhaps.
There has already been, in the U.S. at least one murder case where the dead victim (don't remember the facts of the case, or if they've been determined) had an Alexa and Amazon was subpoena'd for the data on the off-chance that it recorded any of the conversation before/during/after the killing.
I won't have one, but I won't prevent Amazon from selling you one.
"The question is not "Am I paranoid?", it is "Am I paranoid enough?""
...in a way, but consider if you do monitor a quarter of the planets audio day and night you will get a lot of false positives "Kill him, kill him, kill him" (playing online game, or over excitedly watching action movie), or something sounds like a drug deal (TV volume is on high watching cop or gangster TV episode or movie).
Crime wise I suspect the police or security services will only go snooping records if someones actually a suspect, although if you are in politics or other high profile position probably best not to have one, but then again if journos or spies want to snoop they have other ways of doing that.
On Alexa you have to activate the buy option and I did have it trigger when someone said the magic words on a tv program to buy some orange juice (mines "buy" option is turned off).
My Alexa is actually getting hard of hearing I think, sometimes I have to get about a metre away and yell the wake up word before it wakes up
If you have to get up and walk to within a metre of the thing just to wake it up, why not devote that effort to actually doing yourself whatever you're asking the bloody thing to do?
Most of the uses we hear are for numpty things like "play music", "turn on the tv" "dim the lights" etc etc, which, frankly, don't take a lot of physical effort.
Obviously there are cases, such as for the wheelchair-bound AC above, where they are actually useful. But the idea of putting in physical effort to shout at something to try to save physical effort...?
I would point that the whole marketing effort for this kind of devices is never directed to the people who really need it. I never saw an ad showing a wheelchair-bound person asking Alexa to turn on the lights/heating or call for help. I only see young attracting females in excellent health condition cheerfully chirping "Alexa play my favorite ...." and all that crap.
You're thinking a bit small, no? Playing online game -- data trace exists of online game running, false positive filtered. Ditto for what's on telly -- this is basic application of big data here.
Plus, you're thinking too small on the use of said flag. Say a murder is committed in a city. The police first pull all the flagged accounts within some time window of the murder, and use that to guide the rest of the enquiry, instead of going to all the hassle of figuring out who to investigate based on physical evidence. Who cares if some innocent people are violated in the process, think of the children / etc....
And that's not even going into the China-style social credit score systems that the West is getting a little too interested in these days. "Alexa turn up the heat" == "not community minded citizen, wasting precious scarce resources, have a little automated drop in your credit score". Enough of those and now you can't get on a train or get questioned for every petty crime in your area. Oops.
"listening to everything and only reacts when you speak the magic words"
As per Kendy in Niven's Integral trees. Kendy listened all the time, but only responded when a statement was preceded by the keyphrase prikazyvat KendyThe keywords were only there to stop the crew suspecting Kendy was spying on them. Which he was
I took a poll at work and found that although many +20 to +55 had read Animal Farm at one point they were really unaware of 1984 as a book or film, even though it comes up so often in popular culture. What's even scarier is that these are Government workers that have a very narrow view of reality.
I took a poll at work and found that although many +20 to +55 had read Animal Farm at one point they were really unaware of 1984
I studied Animal Farm & 1984 in the distant past - in my UK skool both were covered at O Level apparently in the US school system Animal Farm was studied but 1984 ignored. I recall reading bemused reviews from US readers who considered 1984 more relevant to their personal experiences than Animal Farm.
"I studied Animal Farm & 1984 in the distant past - in my UK skool both were covered at O Level "
Same here for GCSE. I thought the main point was that they were his first and last books. Hence why Animal Farm is somewhat optimistic and comic, wheras 1984 is pretty bleak.
Mind you, it's not like most USians need any introduction to doublethink :)
"What's exactly creepy about it? "
So, explain to me how - after having a conversation with a colleague one afternoon about an obscure device which provides bluetooth access to a car ECU, with my Andoid phone sat on the desk between us during the conversation and me having never searched for, or even thought about, any such thing - I came to find the very next morning Google Play Store recommending me the app for that exact device...?
I've heard multiple anecdotes of late from people about unexpected hings happening for which the only sensible explaination seems to be these devices listening to you even when you think they're switched off.
'So, explain to me how...'
Google assistant..most probably...ISTR some nonsense a couple of automatic updates¹ back where it somehow infected my phone and announced the fact that 'I'd just got Google Assistant'....errr, ok? why? did I ask for you?
Been sort of ignoring it, on the whole I'm not an incessant phone user and my android beastie spends most of it's life lurking in a padded case on the fireplace..but for gits and shiggles put a firewall on your phone sometime with a default deny and log ruleset and then sit back and watch how busy, busy, busy your phone's network connection is when you're not using it..oh, and 'deny' (hah!) google's stuff access to the hardware - mic and camera - for added fun and incessant on-screen bleatings..
¹I need to root my phone or finally get round to installing LineageOS/whatever...but I plead dread inertia...
"Andoid phone sat on the desk between us during the conversation and me having never searched for, or even thought about, any such thing - I came to find the very next morning Google Play Store recommending me the app for that exact device...?"
Statistically, one or a few such occurrences are not a sign of being spied on. We get bombarded by ads all of the time and most of them we don't even notice anymore, but since you had a recent discussion about that device, you would be much more likely to notice an ad about one (or the software).
The creepy thing is if you are exchanging email with a family member through a social media portal and are talking about taking a Mexican cruise and then start getting ads such as "Thinking about a Mexican cruise, consider Alaska" (the Bahamas, etc). It's too specific for it to not have been generated by the system reading your "private" mail and using key words and phrases to market stuff at you.
Do you have Whatsapp installed on said phone? Because that does most definitely listen in to conversations in the background, with no warning that it is doing so.
I have a watcher that caught it and alerted me to it's microphone use, at which point I was able to check and find out that yes, it does do that.
Unfortunately, I have family who use it, so have had to make do with removing the microphone permissions. Bit of a pain to turn it back on when someone uses whatsapp to make an audio call, but I'm working on getting them to switch to something not run by farceborg
It's creepy because I had an Amazon Fire tablet right up until it decided to slip Alexa in during an automatic update and there was no way to remove it. Like Cortana in Windows 10, I was given a spy feature I didn't ask for and don't use that was near impossible to neuter. What's not creepy about a bunch of Big Brother wannabes shoving spy shit down your throat?
OK, so Google now knows I have something I call a lamp, and at dusk time, I usually turn it on. Big deal.
That would be if Google was only listening after you said "Ok Google." They're also listening the other 23 hours, 59 minutes, and 55 seconds each day. That's kind of the point of this whole article-- a way to make it so that Google only knows what you specifically tell it, like that you have a lamp that you turn on at dusk time, and not the stuff you said all that time you weren't talking to the thing.
Yeah, I’m not sure that the voice command to turn on the lamp next to you needs to go off to a server probably half way round the world to be processed and then the switch command sent all the way back half way round the world.
I am gadget addict #1 but I don’t want one app f those things anywhere near me.
My new Bluetooth headphones have got one of these services. I won’t be enabling it.
Its a pointless fad (Although to be fair I said that about iphones and look how wrong I was there).
After everyone has finished with making the overpriced poc meow, bark or moo its either left off or just used as a glorified radio.
Setting multiple timers and controlling the tunes hands free sounds appealing, its just the decidedly creepy other side that means they are never coming in here.
We went round to a friend of the missus a few months ago where the guy spent half the evening extolling the virtues of his many Echos, even explaining what you can do with them. It was infuriating that I don't know him well enough to a) correct him b) pull a xkcd blackhat move without also infuriating my lady friend, so I just had to sit there and nod as he explained how, wow, we can also play the music in the living room? Who'd have thought!
Just turning the radio in the BBC 6Music and leaving it there usually does the job! But yeah, a multiple timer for the kitchen would be good. Of the discrete timers, the mechanical ones aren't accurate and the digital ones have a fiddly (read: bad) UI. Hmm, Pritotyping a good multi-timer might make a good Raspberry Pi project.
Sony made a range of waterproof Android tablets, suitable for kitchen use. You might find one on eBay. Old battery life and old OS aren't problems if it's plugged in as your kitchen recipe hub.
I've gone for a mix of old school and new tech, eyeballs and knives for checking when stuff on the hob is done, and digital temperature probes for the meat - pulling the bird out when it hits 75°C on the thigh and letting it rest gives a much better roast than oven thermometer + timer, and steaks are trivial to get right, 55°C for medium rare, 60°C for medium and 65°C for medium well. If anyone wants more well done than that, I have an old boot they can chew.
I've got the stack of kitchen timers that I can use when I've got multiple things going on. I don't need them broadcasting on the internet and controllable from my mobile because I'M STANDING RIGHT THERE with a full compliment of working fingers. I will set the timer on my phone if I have something in the oven that's going to take a while so I can go troll some commenters and not set off the smoke detector by forgetting that I've a cake baking.
My microwave oven, electric stove and slow cooker all have an integrated timer. I also happen to have two or three small mechanic or electronic kitchen timers and, on each of the three mobile phones my family owns (I have two more gathering dust) there is a timer app. Oh, I forgot about an iPad mini, a full blown iPad and an Android tablet. All with timers.
So, what were you saying about multiple timer ?
There should be an icon for "No Joke" so I can use it here.
" Pritotyping a good multi-timer might make a good Raspberry Pi project."
It would. You could even still have it able to respond to voice commands without having to call into the cloud! Limited-vocabulary speech recognition has been solid on low-power hardware for a very long time.
"the digital ones have a fiddly (read: bad) UI."
Mine cost £10. It has a start/stop button, 3 buttons for H:M:S and four buttons to select which of the four timers you are setting and displays all four timer on the LCD panel. Easy peasy.
There are products appearing on the market that allow home automation without sending any data off site, thereby addressing privacy concerns. There's no technical reason for data to leave the home, other than voice trained data sets held by Amazon, Google and Apple - but hey, a system that is trained by, and only responds to, the occupants of the house could be a feature not a limitation.
2018 might prove to be a watershed in the wider public awareness of big companies not respecting data and privacy.
Apple appears to have been too conservative in their HomeKit home automation system. It's considered secure compared to most systems, but it's proprietary which adds cost to the devices as well as delaying their release whilst Apple certify them.
The upcoming Bluetooth spec is due to add triangulation, so that phone will know where, down to a couple of inches, in a room another Bluetooth device is. This would allow an elegant UI: phone controls only the device - lights, for example - it is pointed at, like a magic wand.
Given that they are not supposed to be listening all the time, and the key phase is supposed to turn on the link to the AI at the other and and is detected locally, I wonder what the point is at all.
A far better bit of research would be to use wireshark and determine if the key phrase *does* start something up and see a bit more traffic, or if there is a continual snoop going on.
I can't do that because I don't have one and don't want one.
Since it's Friday, I CBA to Google, but pretty certain this was something that was done a while back and it found the devices did send a lot more back to base than just the keyword trigger. It was explained as being needed for an improved experience. Whatever that is.
"I wonder what the point is at all."
The point is to avoid having to trust Google, etc. That seems reasonable as it's clear they can't be trusted.
A full security audit (including long-term traffic sniffing) is well-advised (not as well-advised as just not using these things, but still...), but not something most people can do.
Why the paranoia? I take it anyone complaining about having one of these devices never uses anything on the internet they enter any information into. Certainly not Amazon, Google, etc.
I say this because we use Alexa a lot. But we have a disabled elderly relative and it makes so many things very handy. I do understand I could put in the effort and time and cost into other methods - but it's so easy. Amazon can know when I turn on the lights - I don't care. We make sure that when we are plotting our overthrowing of western capitalism we are well away from any electronic devices...
I get the paranoia and the downvotes for people using the line 'I've nothing to hide so why worry'. But seriously, we have one of these in the Kitchen. We have kids who wander in and out of the kitchen constantly, we never ever discuss anything private/financial or seditious there where kids could overhear us. All it gets to hear are discussions about food, and the kids day in school or pets or something, all truly boring family chatter.
So if google does spy and find out what we are planning for dinner tomorrow, so be it. They're much more likely to find out interesting stuff about me by watching my online browsing, not ploughing through millions of hours of speech-to-text trying to find one nugget of info.
1. Scope creep and potential (ab)use for things you (and they) haven't thought of yet
That's simple paranoia - you could argue that against anything at all. Don't watch TV as they may find some kind of subliminal way of controlling you. Don't go outside in case of snipers. Where do you stop. I find that any reference to the nebulous "they" usually doesn't really mean anything. Except to those living in a hidden bunker in the wilds.
2. For all kinds of reasons the default in life should be that things are private, not shared. These things are trying to make it the other way round.
We are always, always, giving up little aspects of our privacy. Unless you want to retreat to said bunker.
"All it gets to hear are discussions about food, and the kids day in school or pets or something, all truly boring family chatter."
From that it's not hard to determine how many kids, what genders, approximate age, when the leave for and return from school. What and how many pets you have. How often you have visitors over, age, gender, length of stay. While you discuss meals, you give away preferences, health prohibitions, possible religious affiliation based on dietary choices, budget concerns, etc.
A good investigator could glean a tremendous amount of information about somebody from a recording made over one day. A computer may miss intonation, colloquialisms, inferences and things a human will pick up on, but over weeks and months of chipping away with infinite patience, it will learn way to much about you to every feel safe again. Given the way that data leaks like a sieve from these companies, do you want to have somebody blackmailing you and mentioning the names and ages of your children, where they go to school, grade, name of teacher(s), if they take a bus, walk, ride a bike or are driven there and back, after school activities, recent photos/video........ Somebody could do that in a classic way with PI's or spying in person, but with these new listening and video devices, they can do it from anywhere on the planet. They have also moved from just sitting outside of your home with a long lens to being virtually at the dining room table. Are you frightened yet? No? go get a mirror and see if you are still breathing.
Back in the days of Kerosene TVs (Kerosene = Paraffin) telephones had wires going to a central office. The was a device, reed switch, which would allow a interested party to turn the phone into a room bug at the will of the bugger (!). It did this by having a mechanical switch that would bypass the ringer and make the phone go off hook while sitting in the cradle. If this was done with 1930s tech, think of today's possibilities. For ten dollars and a bottle of my favorite Russian Imperial Stout the challenge is to build an Alexa in the steam punk manner and see what relic parts could do at what cost. Then go watch Black Hats U-tubes to see how cheap surveillance now.
"I take it anyone complaining about having one of these devices never uses anything on the internet they enter any information into. Certainly not Amazon, Google, etc."
However, there's a difference between voluntarily typing a search term into Google, using GMail, or placing an order on Amazon and having a device in the room that could be listening to anything.
When my mistress comes around for an afternoon's shenanigans* (shhh don't tell SWMBO) I wouldn't voluntarily announce it online, but who knows what Alexa might be picking up.
Look at this patent filed by Google and tell me you are not worried. Read this Reg article about how much information Amazon keeps and tell you are not worried.
If you are so unconcerned about a for-profit company having a device that is always listening for something in your presence, then why not let me put one in your house too? Or the police? They are publicly traded businesses, as such shareholders are going to demand more profits. And that means they will start harvesting your private conversations sooner, not later. Do you want Amazon knowing how many children you have? Do you want Google knowing when you at work? A simple algorithm can easily determine those things from your private conversations.
That is some scary stuff. I only skimmed the Google patent and saw enough to just say no. It looks like their ultimate goal is to turn your house into an electronic nanny, and out the house in charge of its residents to include deciding what the thermostat is set to and what food is in the fridge, and if it doesn't like hearing what you say in your own home, it'll call the cops on you. Thanks, but I think I'll pass, and now I'm considering keeping my phone in a soundproof box.
Nothing is 100% useless (even Facebook as valid use cases, I guess...) and I can see how Alexa can simplify the life of elderly or disabled people.
That said, the paranoia comes from not knowing really what goes inside Amazon or the other providers.
I could say about my own life that I have nothing to hide and therefore nothing to fear. But even so, is it healthy for a society to willingly give so much power (through information) to these companies? Most people don't trust their governments (be it in the US, Europe, Latin America...) and rightly so, but they do trust these private companies that are currently worth more than many countries without knowing what ulterior motives (if any) their heads have. How is that sane? Facebook has already shown how it can negatively impact the real world thanks to its shocking lack of ethics, but people seems not to care...
I simply think these companies have already too much power over the people, and instead of protesting it, the public is happily giving them even more power through these devices.
/tinfoil rant over
"Why the paranoia?"
Why do you call it "paranoia"? Paranoia is irrational fear of a nonexistent threat. I don't think this qualifies -- the threat is real and is demonstrated on a regular basis.
"I say this because we use Alexa a lot."
And that's fine -- if it's worth the tradeoff to you, I'm not going to say that you're wrong for making it. But, equally, others aren't wrong for not finding that tradeoff worthwhile. And an even larger set of others aren't even aware that they're making a tradeoff at all.
"Why do you call it "paranoia"? Paranoia is irrational fear of a nonexistent threat. I don't think this qualifies -- the threat is real and is demonstrated on a regular basis."
I call it paranoia because, and look at the vast majority of posts on this topic here, most people are basing their worries and mistrust on the fact that "we simply don't know what's going on in these companies". There is no solid proof they are doing anything that a) wasn't already being done and b)is anything like they assume. Worst case baseless assumption is best summed up as paranoia.
"There is unbound potential for nerdery in that two-second wake-up phrase"
Now that you mention it, and in keeping with the Star Trek theme, I now feel the disgusting urge to buy an Alexa just so I can trigger it with "Captain to engineering" and turn off the lights with "reduce our energy signature!"
That actually makes sense. In fact I would even consider it because they only have multiple syllable trigger words for Alexa (3 in the default) and that's a struggle for one of our users. If I could replace it with "Hey!" and change "Alexa, turn lights on" to "Hey light on" that would be great. I may have to get my soldering iron out now.... If only I had a friend with a new 3D printer.... oh...
I have to admit -- I'm keeping an eye on these devices because if the price point drops low enough, it can become more economical to buy it in order to use the parts for other projects over buying the parts directly. There are a few other things I do this with.
"it can become more economical to buy it in order to use the parts for other projects over buying the parts directly. "
The thrift store is great for sourcing electronic parts. If I need a 5v/12v power supply for something or a battery circuit that boosts 7.4v (two Li cells) to 12V, I can usually find a borked something for £1 and chop the bit out that I need. Purchased online from China is more.
For a moderately healthy person I can see no real benefit derived from these systems. Indeed, we are continually being told we don't get enough exercise, and spend too much time sitting around. Now, I'm quite happy to concede that the situation is different for those with special needs, but even then there are very few times when any form of offsite data traffic is actually necessary.
While I appreciate what the Project Alias people are trying to do, instead of taking pain killers, why not stop hitting your head?
So, the solution for people who are worried that Alexa et al might be eavesdropping on their homes via their built in microphones is to provide them with a device with a built in microphone which is always listening for an activate phrase. Sounds like an excellent method identifying and then eavesdropping on the sort of people who think that they have things to hide!
Better solution is the more basic Alexa enabled smart speakers where you have to push a button to speak to it.
"So, the solution for people who are worried that Alexa et al might be eavesdropping on their homes via their built in microphones is to provide them with a device with a built in microphone which is always listening for an activate phrase."
The solution for people worried an always connected internet device with unknown internals and workings might be eavesdropping on them is to provide them with a local, entirely disconnected device with fully open internals.
"Better solution is the more basic Alexa enabled smart speakers where you have to push a button to speak to it."
So the solution for people who want to replace button pushing with voice commands is to force them to use both?
"So, the solution for people who are worried that Alexa et al might be eavesdropping on their homes via their built in microphones is to provide them with a device with a built in microphone which is always listening for an activate phrase. Sounds like an excellent method identifying and then eavesdropping on the sort of people who think that they have things to hide!"
Did you even RTFA? Or did you just read the headline and then kneejerk?
"Nest smoke alarms (and thermostats) have most of the same privacy issues as the speakers do."
I don't see the point with those for the price they want. My programmable HVAC control works perfectly well. It changes the temps to not heat or cool an empty house too much when I'm gone to work. It's warms the house up a bit in the morning during winter starting before I get up so I can have a shower without my teeth chattering and turns back down before I normally leave. I have no thoughts of changing it remotely ever, but I am concerned that somebody that discovers a "smart" control online might want to have a go at running the heat up to max or the cooling down to min (or both at the same time if there isn't a lock out) while I'm away. That will make for a fancy bill at the end of the month. It would p!ss off the cat too. IF I were to go on holiday and completely forget I've left the HVAC going, I have the ultimate remote, I phone my buddy that has a key to my flat and ask him to go switch it off and to help himself to any beer in the fridge. Problem solved, everybody happy.
Just stick with something like the amazon firestick or my Google TV.. They only listen via the remote when you press a button to trigger them. Simples.
So maybe some alternative method other than audio to trigger them to listen to you. Interpretive dance perhaps?
Or maybe a small badge that triggers them to listen when pressed... Let's call it a 'comunicator badge'...
So, an obvious variant of such a device is something which sits on top of the thing and continually feeds it whatever causes it to wake up followed by either suitable random gibberish (which might not be safe if it interprets it as 'do something expensive / bad') or some phrase which does nothing useful but requires significant processing power to interpret.
If lots of people had one of these things then it would be interesting to find out just how much computing capacity Amazon have.
Pretty sure such a thing would be easy to make, and indeed it could probably be just an app on a phone: all it actually needs to do is play the same loop endlessly.
Depending on how sensitive the things are to their owner's voices (do they need to be trained? I don't know) this could be done over the radio: just have a radio (streaming...) station which endlessly pukes this stuff at the device.
Not that I am suggesting anyone should do this, of course, because I'm sure it would somehow be not legal.
Brilliant idea! Let's intoxicate their servers with garbage info.
Why would it be illegal ? Amazon T&Cs do not come with a list of what you are allowed to discuss in your own private space.
Now if some would come up with a method of sending fake location data that would be really interesting.
So, an obvious variant of such a device is something which sits on top of the thing and continually feeds it whatever causes it to wake up followed by either suitable random gibberish
When I saw the title, I thought it was going to be some device with a text-to-speech circuit that narrated old DOS manuals into the smart speaker to keep it occupied.
So the sole purpose is to force the device not to constantly be listening to you and uploading the data, which they claim they don't anyway, with another device which is listening the whole time to tell the first device when it can listen?
I can see the attraction for paranoids / privacy enthusiasts but how do you deafen the smart speaker by making noises too quiet for human ears to hear?
Surely it's also quite easy to tell if Alexa et al are maintaining a link when you're not commanding them, by seeing if your network is sending data constantly? IIRC they listen locally for the activation command _then_ send voice to the cloud for remote analysis - it must be very easy to tell when they are or are not doing this, so easy in fact that they would be instantly sued to heck if they were?
Presumably you can also rig up a similar effect by blocking the thing's network access except when you wish to use it, which is neater than whispering into it the whole time?
"So the sole purpose is to force the device not to constantly be listening to you and uploading the data, which they claim they don't anyway, with another device which is listening the whole time to tell the first device when it can listen?"
Just to be on the safe side, can we have another device that prevents Project Alias from listening to things it's not supposed to listen to?
Mine's the one with the infinitely large pockets to hold the recursive collection of privacy devices --->
"but uses a different word to activate"
If had one of these devices, this RPi add-on would be worth it for that alone. Why should some faceless corporate decide what I should say? How hard could it be for them to allow users to create their own wake up phrase instead using their international branding every fscking time they interact with it?
"I bought two Alexas, to communicate with distant Parent with dementia who can forget how phones work. I'm not oblivious to the privacy implications but consider that communicating with them by voice outweighs the potential disadvantages."
Yes, there are definite use cases for these devices, and you have my sympathies. I can't imagine how much they would cost if they were "only" a niche device for the disabled/infirm.
I bought two Alexas, to communicate with distant Parent with dementia who can forget how phones work
Two RasPi's, each with a speaker and a microphone array, and when one of them picks up sound at a more than background level (i.e. it gets spoken to), it opens a connection to the other one and transmits the sound which then gets played. Can be implemented with standard utilities, even with some kind of voice mailbox functionality (probably most useful on your end).
I'm no luddite and have plenty of gadgets but Alexa, Google Home et al simply mystify me. Why do I need to talk to a device to turn on my lights when it is less effort to simply turn on my lights with a switch. It's an unambiguous, binary action that takes less effort than actually saying the words and hoping they're recognized. Not only less effort, but less electricity, clutter, expense, intrusiveness, configuration and things that can go wrong.
"Ah but they do so much more!" someone might opine. I'd argue that so does my phone / computer and if I need that "do more", then it's as easy or easier to just use that device.
that Amazon/Google are storing/using/analyzing voice data ALL the time? (Samsung, we know about you).
There are brighter people than us (either infosec or even nation state actors) who would love to give Amazon or Google a bloody nose over the issue of privacy and yet I have seen no conclusive proof (and the operative word here is "conclusive") that this has ever happened.
I have an Echo and I happen to like it. The one time it will go in the bin is if I'm talking to my wife within earshot of the thing about an interest in [wildly obscure product] and the next time I'm browsing, an advert pops up for it.
Your personal assistant is listening all the time for your wake word. As soon as it thinks you're talking to it, it's recording, and Amazon and (I believe) Google keep transcripts and audio snippets of these to further train their NN models. See Register passim
My niece was talking about 'customising' (re-casing) an Alexa or similar the other day while I was supervising her Arduino-fying of her toy Light Sabre. I cringed a little at the thought (not the re-casing, but the spy-device itself). I will file this possibility away for when she is ready for something a little more advanced than making her light-sabre go rainbow-colored - it is actually meant to be just one color, but changeable via a dial, but we were playing with the addressable-LED sample code, which we now fully intend to leave in as an option (Darth FABULOUS! mode) !
... here keep saying, "Why should I care, I have nothing to hide." The correct thing to be saying is, "How is my private life anyone else's business?" Even if I'm just sitting on my couch watching the wall, nobody else needs to know about it.
I've also never seen this little tidbit addressed: these companies are handing out fripperies to get access to personal information, and they are making billions every MONTH. No, if my information is that valuable I want to be paid in CASH for it. I want 50 bucks an hour for each hour's worth of data collected. It doesn't matter if it's valuable data from my net cruising for that hour, or less valuable time from taking a dump for an hour, if you want data from x time period to x+1hr time period, 50 bucks. I am only selling access to a period of time, not guaranteeing value for that time. When they want to pay me my rates for my data, it'll be available.
"I've also never seen this little tidbit addressed: these companies are handing out fripperies to get access to personal information, and they are making billions every MONTH. No, if my information is that valuable I want to be paid in CASH for it. I want 50 bucks an hour for each hour's worth of data collected. It doesn't matter if it's valuable data from my net cruising for that hour, or less valuable time from taking a dump for an hour, if you want data from x time period to x+1hr time period, 50 bucks. I am only selling access to a period of time, not guaranteeing value for that time. When they want to pay me my rates for my data, it'll be available."
Hmm, I have been saying something similar (for years) without the tech angle about clothing and other tat that has a "designer" name splashed all over it. I want an advertising fee for the time I wear or carry it. Or, in the case of my face and body built for radio, maybe a fee to refrain from wearing/carrying said item.
I suspect that wiser people are simply not installing internet-connected mics and cams (let's just call them "spy devices") in their homes. Invasion of privacy and abuse of personal data by the internet giants is bad enough, but the potential for hijacking of such devices by evil shitbags or governments—insofar as any distinction remains in 2019—is staggering. (How long do you think it will be before, say, China, requires a spy device to be installed in every home? Or the UK government, once it's finished forking up Brexit, arrogates the power to listen in to spy devices if you happen to have them, including the ability to activate them even when they're supposed to be off? All in the name of anti-terrorism, of course.) Are you naïve enough to think this will not happen?
At the same time, while I deplore the laziness inherent in many of these confected-problem use cases ("Alexa, wipe my arse please") I can absolutely see the advantages of having a voice-controlled assistant to make hands-free phone calls while cooking, retrieve information in parallel with some other task, check out MoT bookings at the local Kwik-Ripoff and so on. Possibly Stark's JARVIS has a lot to answer for in setting aspirations for this kind of robo-PA.
So my Sunday morning ramble brought me back full circle to the irony of "cloud": that we use immensely powerful computing devices, some of them in our pockets, to access vast data systems over the wire, when we don't need to. This isn't 1977 any more, when if you needed real computing power you connected to the university mainframe using a lamprey to glom a modem onto your twirly-corded telephone receiver so that you could green-screen a few lines of 8-bit code. Today the Android in your pocket makes that old mainframe in its air-conditioned basement look like a steam engine. We had serviceable speech recogntion systems on 486 CPUs 30 years ago. Now you can buy a 4,000,000,000,000 byte disk for the cost of a weekly grocery shop. We've moved from thinking 8 bits and 100MHz is fast to taking for granted the 64-bit 5GHz 8-core lump under my desk, which is rapidly becoming obsolete. I could keep the entire compressed English Wikipedia on the phone in my pocket. (I could keep the same thing in uncompressed form on any one of my NASs.)
My point being that maybe 97% of "cloud" use is driven by marketing not reason: a vast amount of what we choose to do on other (untrustworthy) people's silicon we could do just as well on our own. In a privacy and security context, it is both perfectly practical and arguably highly desirable to keep this stuff local.
A desktop-level box in a cupboard could easily do speech recognition for a domestic LAN and its devices, run some webcams, store a few terabytes of essential data (much of it probably cached from the net) and otherwise interact as and only when needed with the wider internet. There's no reason why your actual spoken words or gestures need ever be transmitted off the premises. Sure, if you ask your system to make a booking for two at the Parson's Pig then someone somewhere will know that you're planning to dine there next Tuesday evening: but that's a very long way from the potential risk of all of your domestic conversation being stored for all time for anyone to listen to. It might be nice to explore options for your next European motoring holiday without Google (or whoever) potentially being able to follow all of your fortnight's-worth of ideas and thoughts and choices and discussions with your wife while you honed your routes, budgets and accommodation.
It seems to me that a certain kind of more privacy- and security-aware customer might very well be prepared to spend a few hundred quid on a robo-PA that doesn't send every syllable back to base. You could maybe charge a premium for Paul Bettany's voice, even?
I guess I am waiting—perhaps in vain, admittedly—for a backlash against unnecessarily cloud-based functionality and surveillance. Am I the only one?
No, I don't have a SnoopySpeaker in my life, but the idea of the programmable Pi-Snot being able to play what I decide I want it to hear appeals to me. Probably an endless loop of their own adverts. As for the activation phrase, obviously it would be "Oi PFY,.....", although "Oi, f***wit,....." would also be tempting.
Biting the hand that feeds IT © 1998–2019