I've told my roommate I'm moving out if he ever buys an Alex/Google/Apple assistant device.
I have a microphone and I've been intending to get one of the open source solutions working and just tie it in to mpd, weather and a few other things. But all the processing should really be done on your own device, by hardware you own, software that's open and that you configure, and not send up to someone else's computer (aka "the cloud").
Of course non-tech people probably wouldn't bother because that's a steep curve and you're talking about more expensive devices to do on-board processing. There are some companies that are trying to make this more accessible to regular consumers. I hope we see a move in this direction.
> I've told my roommate I'm moving out if he ever buys an Alex/Google/Apple assistant device.
Do you have an Apple or Google device near you right now? Does it have a microphone, battery power, and a connection to the internet? What about your roommate? Do you ever have sensitive conversations near these devices?
Of course I'm not suggesting you should abandon such technology. I'm just wondering why you draw the line at "Alex/Google/Apple assistant device"
This is actually a pretty interesting question about threat models. A lot of "it can listen" fears are inconsistent with "I carry a smartphone", but I do think there's a meaningful distinction. My expectation isn't secrecy, but it is privacy.
I carry a smartphone, but I keep voice-command activation turned off. I'm sure it could be activated remotely, but I expect that would require a targeted effort. I assume that Google isn't constantly recording everything in the vicinity of all Android phones - the news would probably get out, and honestly I'd see the battery impact pretty quickly.
As the saying goes, "Quantity has a quality all its own". My basic objection is to systems that are likely to store/upload all available data, with the attendant risks of leakage or commercialization I object to. Anything I say around my phone is potentially forfeit, but I don't think everything is.
They may not be recording everything all the time, but you have no idea when it is recording. At least I didn't on my moto x.
I went on to the google page that lets you see a lot of data they have stored for you. I had read about it in a blog post or something, so being curious I went to check it out. I believe it is the "control your content" page in your settings. I don't want to login to google right now so I might be wrong.
It has stuff like web searches (if you have that enabled). During the year I had an android, it captured several conversations, and I only found out because they were on that data page.
None of them would have had the words "OK Google" or whatever triggers it. One of the conversations was definitely private... it with my doctor during a consult. Nothing that was recorded was actually sensitive, but the fact it happened, and I had no idea, was disturbing.
So how is an Echo different from your smartphone? It feels like you've failed to quantify that.
It's much easier to turn off voice-command activation on the Echo than your smartphone. The Echo is not constantly recording.
> I assume that Google isn't constantly recording everything in the vicinity of all Android phones
AHAHAHAHAHAHA, see for example: https://www.google.com/maps/timeline The vast majority of Android users I've met unknowingly had this enabled. It doesn't record your conversations, but it still records far more than an Echo.
Why would remotely enabling recording on your Android phone be more difficult than on an Echo?
> So how is an Echo different from your smartphone? It feels like you've failed to quantify that.
> It's much easier to turn off voice-command activation on the Echo than your smartphone. The Echo is not constantly recording.
The difference is that a smartphone has the ability to constantly listen, but an Echo's primary use-case is to constantly listen. So if you're going to turn off voice-command activation on an Echo, there's much less reason to own an Echo in the first place than there is to own a smartphone with voice-command activation disabled.
Furthermore, an Echo is constantly plugged into essentially limitless power, while a phone is not. People in general are much more likely to notice excessive power consumption on their smartphone from the fact that their battery would drain more quickly than usual. Whereas, not many people are directly monitoring the power usage of their plugged-in Echo on a daily basis, so they'd be much less likely to notice if their Echo is suddenly using more power than usual (for example, by being remotely activated to listen constantly).
> AHAHAHAHAHAHA, see for example: https://www.google.com/maps/timeline The vast majority of Android users I've met unknowingly had this enabled. It doesn't record your conversations, but it still records far more than an Echo.
Granted, but there is no built-in voice command to send your timeline to one of your contacts.
> Why would remotely enabling recording on your Android phone be more difficult than on an Echo?
It's not that one is more difficult than the other, but rather that your risk grows with the number of possible attack vectors. If I already own a smartphone, then I may already be at risk, but adding an Echo to the mix increases my risk.
Two channels for remote listening will always be more risky than one. I don't think anyone is suggesting that you can replace your smartphone with an Echo, so the discussion about the risk of an Echo will always be within the context of _adding_ to the risk of having a smartphone. I don't think it's surprising when someone draws the line between the thing they currently rely on and the additional thing they can live without.
Thanks, this is summarizes my position really nicely.
The most fundamental point is that a smartphone with voice-control disabled is still a useful tool, but an Echo with voice-control disabled is an LED rolling pin.
And beyond that, yes to the rest - I don't want to add an attack channel, I trust my knowledge of phones more than that of an always-on black box, and I object to voice control as a more open-ended threat than location tracking.
JangoSteve's responses cover most of my thoughts - I don't think remotely enabling recording is harder on a phone than an Echo, I just think the base state of the devices is different.
But as for "AHAHAHAHAHAHA, see for example: https://www.google.com/maps/timeline The vast majority of Android users I've met unknowingly had this enabled"?
I do have Timeline turned off. I know most people don't, but I'm not sure why "many people make this mistake" is supposed to be a rebuttal to "I'm more privacy conscious than many people".
> I'm just wondering why you draw the line at "Alex/Google/Apple assistant device"
There’s a big difference between:
- Devices which are by design always actively listening and sending real-time audio to computers you can’t control or even really trust, with unknown security properties, and consumer-appliance security life-cycles/support
- Devices that can be configured to do that, but which you have some control over (phones, laptops, etc.) and generally won’t, without some form of consent (even if via a dark pattern, e.g. LinkedIn on Android).
To be fair, Apple’s homepod doesn’t send any data until it’s activated with the wake word. Amazon and google products send a ton of data back constantly.
Where have you read that Amazon and Google send a ton of data back? I've heard that none of these devices send anything back until they're activated by a specific phrase.
Speaking for myself, I have my iPhone set so that I have to authenticate then hold down the physical home button before Siri will start listening to me. Home assistant devices are listening all the time.
The reason this matters is well-illustrated by the linked story here--the potential consequences of bugs are more severe when the mic is always on.
The way I have Siri configured, the opportunity to make mistakes about what I mean is limited to when I am intending to speak directly to Siri. It's not that often, and I am aware of what I'm doing.
But if Alexa is going to make a mistake about a trigger word and start transmitting data... well, that potentially could happen whenever I'm in voice range.
Sure, if some three letter agency is targeting me, a smartphone is probably no safer than a home assistant. But I'm not concerned about that level of targeting, for myself.
These taps are expected to always be listening and on non-battery power and dedicated ISP connections.
Phones are expected to be on battery and metered internet. There are tricky ways to tap a phone without draining the battery or internet billing, but that very much limits what can be recorded and sent remote. The risk still exists, but is lower and the bar to entry is higher.
These taps are expected to always be listening and on non-battery power and dedicated ISP connections.
Phones in your pocket are expected to be on battery and metered internet. There are tricky ways to tap a phone without draining the battery or internet billing, but that very much limits what can be recorded and sent remote. The risk still exists, but is lower and the bar to entry is higher.
How is a home speaker any different? you can monitor your network traffic and see how much data it's sending home right now. It's definitely not a constant audio stream. You'd have to be targeted.
I have a microphone and I've been intending to get one of the open source solutions working and just tie it in to mpd, weather and a few other things. But all the processing should really be done on your own device, by hardware you own, software that's open and that you configure, and not send up to someone else's computer (aka "the cloud").
Of course non-tech people probably wouldn't bother because that's a steep curve and you're talking about more expensive devices to do on-board processing. There are some companies that are trying to make this more accessible to regular consumers. I hope we see a move in this direction.