You are reading a single comment by @kl and its replies. Click here to read the full conversation.
  • I still have absolutely no idea why anyone in their right mind would put something in their home that records their conversations.

    I work in IT and partly specialise in networks/security/encryption/etc. I have one as it was a gift.

    If I hadn't been given one I probably wouldn't have bought one. Not because of worries about security but more because I want less technology in my life rather than more. I don't want my toaster/kettle/fridge to require an IP address. However, it does come in useful; we use ours mostly as a radio (i.e. BBC Radio 5 Live Sports Extra) since the last radio we had in the kitchen died, for Spotify and for answering random questions.

    On a technological level it's no worse than carrying a mobile phone. Those also have the capability to listen, record and forward it all to a third party and the transport mechanism is far more opaque than the various home assistants.

    Do I care that a random person can hear endless clips of me saying "Alexa, play BBC Radio five live sports extra", "Alexa, stop" or "Alexa, play ambient relaxation playlist" ? No, absolutely not.
    Do I ever say anything to it (after the watch word) that I wouldn't want anyone to be able to hear? No, absolutely not. It's not as if I ever say "Alexa, change my Natwest bank password for username arglebargle to catdog123"

    Would I get rid of it if it was found that the device was exfiltrating raw speech that wasn't triggered by a keyword? Of course, but there's no evidence that this has ever happened.

    (Yes, I know it sometimes triggers on some random phrases [especially given two of the names in our family], but I've checked in the app a few times this has happened and the text dervied from the speech has never contained anything I wouldn't talk about in public anyway.)

    On the other end of the scale, there are some devices which are downright dangerous where the speech to text technology is badly implemented, or security is an after thought. I think it was some Samsung Smart TVs that had no speech-to-text technology within the TV itself and so it shipped a constant stream of the microphone to Samsung's servers to do the speech recognition. That's beyond awful as far as privacy is concerned as there is nothing you can do to prevent all of that being recorded, and it was effectively 24/7.

    For the same reason I'm less trusting of devices from certain manufacturers if they're "smart". I've got a Samsung TV, but it's not a smart one and doesn't have any way of exfiltrating data (it doesn't have any data connection).

    I certainly wouldn't have a Samsung or Huawei mobile phone for example. Phones have access to much more information (every website password you've entered into your phone, every keypress, every email, all of your contacts, your browsing history, health data, etc).

    And, again, if you think that a home assistant could be recording things and exfiltrating data when it shouldn't because you can't trust the technology then you wouldn't ever have a smart phone.

    The biggest worry with the home assistants, which I'll address when I redo the wiring and networking in my flat, is that the echo dot is on the same network as everything else in my flat, so it could be used as a launchpad for an attack if a vulnerability was found (or Amazon decided to be dicks). I should really move it to its own DMZ to partition it off from everything else.


Avatar for kl @kl started