572 comments

[ 2.5 ms ] story [ 381 ms ] thread
>"Gosh, I haven't thought about this before in quite this way," Osterloh said. "It's quite important for all these technologies to think about all users... we have to consider all stakeholders that might be in proximity."

How much do they not care about privacy that a chief exec with an army of lawyers and advisors "haven't thought about this before"?

It's the wild west -- corporations are just doing what they want while governments are asleep at the wheel.

Also, having an army of lawyers is exactly what allows for this -- you need to know which areas are gray in order to exploit them without risk of retribution/regulation. A basic minutes-long conversation would have likely arrived at the point of how recording of the owner themselves/third parties would affect the product.

>corporations are just doing what they want while governments are asleep at the wheel.

That assumes the governments aren't in on it. They probably want the data more than the corporations.

I mean, you know, "security" and all.

The government itself doing the things these corporation do would generate loads of outrage. For whatever reason it's a lot more acceptable for a company to collect all this data so you can play music with your voice and then the government can secretly collect it all later if they wish.
Are you not aware of the Ed Snowden revelations? I mean the NSA is piped into all these corporate data streams.
I'm very aware. That's kind of my point.
I'm sure selling data to the NSA, federal, state and local governments is very lucrative to these companies and is a primary revenue stream.
A primary revenue stream? For a public company, which has to publish its financials yet somehow keep this hidden? This sounds far fetched, to be honest.
Governments and corporations are filled with deceitful, self-serving, corrupt people. If there is a monetary interest, the transaction will take place. If that has to happen under the radar, it will. The agencies will excuse their actions by citing "defense". It is in the interest of National Security, therefore, that the data is handed/sold to the government, and the mechanism of this transfer is classified owing to National Security interests. Or maybe it's easier than that. Maybe Google is just a government agency. An Alphabet agency.
Unlikely, in my opinion. More likely the government can come along with national security letters or other means we might not even be aware of and just take what they need.

On the other hand some companies have been shown to be very willing to sell data to any buyer, not just the government. Phone carriers come to mind.

The point is, that a corporation takes data only from their customers who consent to it (if they would read it).

The government would spie on potentielly everybody (and they do btw.)

Not really true.

FB for instance stores tagged image data of non-FB-users.

>That assumes the governments aren't in on it.

My theory is the opposite.

Career politicians have a lot to lose from universal data collection. They are already running into issues caused by 5-year-old tweets; imagine if their whole digital history was leaked? This is the one silver lining regarding legislation prospects.

The government should regulate whether devices alert themselves to new guests in the house?
It is a scripted response tailored to convey a specific, albeit less than truthful, narrative Much like the Juul CEO telling the public not to use their product right before the next announcement they were under investigation. Hopefully, a similar investigation will be announced presently.

Edited.intentiin > narrative

> Hopefully, a similar investigation will be announced presently.

This will never happen.

C'mon, that a straight lie out there, plain and visible.

The other alternative is that he is utterly incompetent at his role, which I don't believe for a second. He is probably be incompetent in speaking with media though

Corporate Robots are programmed with 2 rules - Everything has to be scaled up & It's easier to ask for forgiveness than permission. Then they are let loose on the world where they fuck up, junked and a new model with the same programming is wheeled in.

Can they be reprogrammed is the question.

Of course they know, they just need to cover their asses sue to the litigation risk.
All "big tech" are at it, I tried to go to "My Pictures" the other day and microsoft asked me to run my pictures through facial recognition.

They said that by consenting I was asserting I had the consent of anyone who appeared in any of my photos or might appear in future which is insane to ask of anyone, no-one can really give that third party consent.

Then when I refused they showed me a nag screen which didn't have that warning.

Then just yesterday I opened google camera and it really wanted to run face recognition on my photos. I refused.

I wanted to try the google podcasts but it was a brick because I had disabled "youtube & web activity" in google account settings. There was no way to subscribe to podcasts without web activity, the application said. And without subscribing there was nothing the app could do.

We have a company claiming that because I don't consent to have my web and youtube activity tracked that there's no way I could subscribe to a podcast that I explicitly choose to subscribe to in an application designed for subscribing to podcasts.

They don't stop trying, everyone is trying to hoover up all data, all the time.

If you're European report them for GDPR violations. A few billion dollars worth of fines will teach them not to do that again.
I didn't even realize google had a podcast app. I just installed it and you're right, I can't subscribe to a podcast since I have disabled web activity history. That's a particularly egregious dark pattern.
I wonder why does Google need the web activity to be turned on for subscribing to the Podcasts? Is there any realistic reasoning for it?
I think this is the part hidden from view when companies claim they let users opt out of data collection. Yes you can opt out, but some (possibly unrelated) features won’t be available to you.
Yes, but I think when they disable that feature, they must provide some justification that is believable right? I can't think of any for this.
"if we can't profit from you, you can't use our services" seems like a fairly reasonable justification from a business' perspective
I know podcasts are generally advertised via an RSS feed on a webpage, but that should be collected by e.g. Google (or Spotify, Apple), not directly by a device.
Bait. That's today's reality.
I bet they run targeted advertising in the podcast based on each listener’s web activity. Now I’m dreading the day YouTube makes the switch and doesn’t let you watch any monetized videos unless you consent to being tracked.
Not all big tech are at it.

The reason you hear a global sigh that “my battery life is terrible!” at every major iOS release, is the photo face to people clustering is done entirely on-device, and which photos are in the cluster is not shared across devices through iCloud.

There are several such features where Apple has made life difficult for themselves and the UX a little less seamless for users, in service of not giving themselves all the data.

Depending how the politics of privacy go, we could find an aggregation of personal data is not an asset, but a liability.

In such an environment, avoiding “hoovering up all data” is both a marketing point, and a reduction of risk exposure.

Is Apple the only big tech that’s using AI on device in a privacy protecting way?

I appreciate their approach to user functionality that doesn’t dump all my data into a near infinite number of collectors.

I also think it’s a neat way of distributed computing to use the cpus of all these phones sleeping at night to crunch stuff is actually cheaper than cloud. I think because the phones are sunk cost that is idle a few hours a day.

I miss the BOINC/Folding/SETI at Home clients that used to run as my screensaver and try to do good.

I think Google is trying to do this with the new update to Assistant - the language model is only 500mb so it can all be processed on the local device. I saw in a blog post somewhere they are trying to get to where individual devices hold data and compile these aggregated profiles on the device, the send the profiles to google for their ad services and other big data stuff
I use Google Translate and that works well with offline datasets to do CV and translation without any network or cloud usage.

I don’t think the photo app or assistant app allows this functionality although they likely could.

Believe it or not, Google is the leader in the space of privacy-centric AI - see Federated Learning.
I find that hard to believe as Google’s definition of privacy is not mine. I believe Google could be awesome if they wanted, but it’s in conflict with their business mode.
I don't buy the fact that "Ferderated Learning" is privacy centric so much as it is liability and/or privacy-marketing centric. I feel that in the long run we will discover that using "ML" as a black box to smuggle user data off device won't hold up to scrutiny.
I'm not an iOS user. Is there a reason the clustering can't be done while charging? Does it simply take longer than a charge cycle if a person has thousands of photos?
Google has implemented this asshole design/nagware in many products to push unnecessary to me and invasive data collection or functionality I want won’t be available.

For example, their maps app on iOS won’t save locations for me unless I sign in an enable web history tracking. I get prompted every time I try to save a pin as well as every once in a while I’m case I change my mind.

It’s a free app and it’s Google’s prerogative to try to get value out of it. But it’s annoying to me that they purposely don’t implement client tech (eg, save to app cache, device cookie not tied to individual) that would make their app better for me. And that they nag with no way to turn off forever. Their app already shows ads and makes money for them, they just want more money from the data stream.

I also worry about less savvy customers who don’t understand the prompt and unwittingly opt in to data collection that exists forever. The Facebook privacy explosion of last year is an example of users who accepted terms, but didn’t understand them, and got upset when data was used in ways that upset them.

That kind of user-hostile bullshit is why I avoid anything and everything associated with Google. Still use search, but trying to break that habit.
I gotta be that guy and recommend DuckDuckGo. No, it's not always as good as Google search, but it's still usually good enough and when you -really- need Google you can simply add "g!". Every other time, you can rest assured your searches aren't feeding some AI.

DDG is at least a reasonable way to ween yourself off Google search rather than needing to go full cold turkey.

As I always do when this is suggested, I recommend using “!s” for Startpage instead of “!g” for Google.

Similar to DDG, Startpage provides results in a privacy respecting way, but it uses Google instead of Bing (and Oath), which DDG uses. There’s a common misconception amongst some that using !g on DDG is private, but it’s just a redirect, so Google can gather information from that search. Using !s as the fallback instead will keep your searches private.

I don't understand the business model of Startpage. They pay Google for using their search engine. Their revenue comes from non-personalised advertising.

So that means either Startpage has higher ad margins than Google or Google is selling services to Startpage below their own search margins or Startpage has some other source of funds to subsidise the search engine.

They do have a freemium mail offering

https://www.startmail.com/en/

I have no idea how much revenue this may bring in but it can't be much since I don't think I've ever seen it recommended in an Ask HN thread.

> or Google is selling services to Startpage below their own search margins

I expect this is the case - it's still better for Google to capture a user at lower margins via Startpage than to lose them to Bing.

Awesome, I didn't actually know about that option. Will try that now instead.

I do find the mention of DDG using Oath rather alarming, though, since Oath seems particularly obnoxious, at least with their GDPR pop-up on Tumblr. What does DDG do with Oath?

Let me correct myself: Oath (formerly Yahoo) and Bing. However, that's still not right. It's now Verizon Media (formerly Yahoo) and Bing, not Oath.

DDG was originally using Yahoo and Bing. Yahoo was thrown under the Oath umbrella along with AOL, Tumblr, Engadget, etc. when they were acquired by Verizon. I assume for transparency, DDG stated they use "Oath (formerly Yahoo) and Bing" on their Sources help page to indicate who they're actually making the deal with.[0] However, I guess Verizon has changed the Oath name to Verizon Media, so now it's "Verizon Media (formerly Yahoo) and Bing".

But, to answer your question. It's just a long winded way of saying Yahoo.

[0]: https://help.duckduckgo.com/duckduckgo-help-pages/results/so...

If you use duckduckgo, in the situations in which you think the results are inadequate you can fall back on google by appending !g to the end of your search.
I moved to DuckDuckGo and I'm not going to lie, I hate it. I've been using it almost exclusively for a few months now and what it has definitely done is lower my impulse to search for things. Perhaps that is what you are after, in which case definitely try it.
What else can you use, though? DuckDuckGo tracks you too, they're just lying about it, which is imho worse. Don't have the links handy right now, but it should be searchable. Alternatively, don't trust me.
What about youtube app asking every time to suscribe to youtube premium? I say no, then after a while I'm asked again.

Seriously, I already said no 100s of times, why keep asking?

They’ve done the same to AdWords and Adsense. I have messages that have been showing for years now and won’t go away.
Have yo tried maps.me on IOS?

I can't speak for their privacy practices, but it has the bifg advantage of letting you download maps to use them off-line.

Maps.me is my go to app when traveling in a foreign country where I may not have cell service. At home, in my car, I often need traffic info more than I need to know how to reach my destination. Is there a privacy respecting app that can deliver that?
I think Google Maps not saving your history as you described is an incredibly bad, frustrating experience.

FFS, my phone has gigs of RAM, why can’t Google Maps remember the address I searched for ten minutes ago? One minute ago? This is 2019. It has been this bad for a decade plus. Embarrassing IMO and demonstrates true UX myopia and true UX incompetence.

Normally I'd say "never attribute to malice that which can be explained by incompetence," but I really do think Google could fix this if they wanted to.

It still sucks because they don't want to fix it. Google makes their money off of people giving up info for ad targeting, and a user who only contributes one or two manually saved locations probably costs them more than they stand to gain.

Occam's razor also needs to be applied. If the explanation involving malice is the simpler option that makes fewer assumptions, then it is more likely.
I bet this has been discussed internally, but nobody cares because they don’t care about UX enough. They don’t understand the impact. The internal organization is fractured into fiefdoms defending internal services (e.g. deployment, AMP) and defending layers (e.g. SRE department), with nobody left responsible for the complete, vertically integrated user experience.

To me, this is a simpler explanation than malice.

Personally I switched to Apple Maps after the iOS 13 release and haven't looked back. Because it's integrated into the OS, Apple Maps can look into your messages and auto-complete addresses from that. It can also save places without you signing into an account.

The only thing I miss is google's "offline" mode. I live in Michigan, and I frequently go on trips up north into heavily wooded areas. I don't always get cell service, so being able to save map data locally is a huge benefit. I can still search for nearby gas stations or stores even if I do not have cell service.

From what I tried, there's no way to save data in Apple Maps - it assumes the device is always connected to the internet.

I also nuked google maps from my iPhone after iOS 13.

I share your frustration.

I would pay Apple a monthly fee to get Apple Maps on Android.
Similarly, I wish Google.com wouldn’t prompt me about how awesome chrome is every time I visit and not logged in. At least with this, I can just keep a chrome instance for only google products. So I stayed logged in, but it’s not of my real web usage.
Back in the Lollipop, maybe even KitKat days the maps app would save searches locally without web & app activity on similar to how the current gmail app keeps the last few searches locally even when you have web & app activity turned off in your profile.
I started using openstreetmap 3 years ago now and I hadn't had to use Google maps since. unfortunately not everyone else might have the same luck. it really depends on whether there are mappers in your area or have been in the past.

only way to know would be to download osmAnd and find out. it's a good all rounder app. for navigation i tend to use maps.me

(comment deleted)
I use separate accounts for Google Maps vs Web Search.
The weirdest thing to me is that the data is still there and is still accessible. Google Maps won't remember my "Home" and "Work" locations, but when the device is in airplane mode, it will show the GPS coordinates of both (although they were "forgotten" several devices ago, and this phone has no way of knowing about them)
> I wanted to try the google podcasts but it was a brick because I had disabled "youtube & web activity"

This is the worst. I have all the privacy settings turned up. In Google Maps on my phone, when I try to set my "Home" location, it tells me I need to turn on "Web and App Activity". What? Why? How are these two things related? Why do you have to track what apps I use and upload this info to Google in order to remember where my house is?

It's a bit like a psycho ex; "You want to have my phone number in your phone even though we broke up? Ok, but that means I get to install this camera in your bedroom."

The worst part is, it's all lies. If I open up Android Auto it says "12 mins to Home", so maps in Android Auto still knows where "Home" is, even though the Google Maps app claims it can't set home anymore.

I had an app that refused to work unless high accuracy location was turned on. There was a location aspect to it but demanding the highest setting of location sharing was vastly overreaching and I just uninstalled the app.
Out of curiosity how did you know the precision of location the app was asking for? If I recall correctly android gives the same permission prompt for fine and course location.
> Why do you have to track what apps I use and upload this info to Google in order to remember where my house is?

It's not a real requirement at all. I have "Home" and "Work" remembered from before it was a "requirement". They pop up as quick nav actions when holding the Google Maps homescreen icon on my phone, or when opening a GMaps Driving icon.

But I'm not allowed to set the "Home" and "Work" locations in the actual app, so they don't work via text or voice search.

Aaaand that's why I never uploaded any photo with recognizable individuals (except people performing publicly) to Google Photos...
I'm sorry to break this to you, but I think all photos taken on Android are automatically uploaded to Google Photos regardless
Only if you have Google Photos installed and have configured it up to backup your photos and videos.
Which I obviously didn't do. I only upload manually selected photos to Google Photos, albeit very rarely.
> They said that by consenting I was asserting I had the consent of anyone who appeared in any of my photos

Does it let you specifically choose which photos to analyze, or does it scan your whole library?

If it's the former, facial recognition doesn't sound very useful if I have to go through each of my photos and figure out who's in them beforehand.

And if it's the latter, tracking down the strangers in the background of my 2006 vacation photos sounds time-consuming.

I don't have any of these issues, but it's because I use my phone solely for making phone calls and GPS. I'm also on IOS, which may have something to do with it.
Side question, are you British? I'm asking because I've just read "hoover up" for the second time in my life and both were in the past week and although I understand the meaning of the phrase and I can guess why it came about, I'm trying to understand where it came from geographically.
That's in my vernacular, but I blame my Proudly British Grandpa.
Up until recently I couldn't actually do much with google maps on my phone because I have restricted it from using microphone. An error would pop up on every simple address lookup
I don't think your issue was related to microphone permission. I have never allowed the microphone permission to Google Maps and haven't faced any such issues.

Disc: Googler.

The GP may also have had microphone and other permissions disabled for Google Play Services which can get cranky with fewer than full permissions.
Google assistant requires a fair amount of data collection turned on to function as well.

GDPR enforcement for this stuff will hopefully happen soon. As far as I can tell this stuff is illegal in the EU.

They don’t care. They’re arguing in bad faith. It’s also called lying or being full of shit.
You're wrong. They are not arguing in bad faith, because they are not arguing with you at all.

They are informing you of what their products do, and what the products should likely do in the future.

Debate, or argument, implies, at minimum, a two way discussion. That's not what's been going on. And I'm not sure that a debate ever will happen? The only politically palatable people even concerned about their loss of privacy are a few activists and people in the tech industry. (Can't really count on the pedophiles and the terrorists to be of any help in gaining the support of the larger populace.)

Even worse, it's not even like the moms, grandmoms, grandpas, teenage girls, hell raising ex convict uncles, etc don't know that they lose their privacy to google, facebook, and youtube. They do know that they lose their privacy, and they just don't care anymore.

Actually, maybe they never did care? I don't even know?

It's sad.

Why should they care? Generally speaking, people want privacy when we fear that disclosure will cause us some harm. I'm aware that there is a spectrum of viewpoints on this issue, and that some people value privacy as an end itself. But I think for most people, if they do value privacy for its own sake at all, it can't be a very high priority. If it were, they wouldn't use Google, credit cards, or cell phones.

Google, Amazon, etc. have a pretty good track record of not using private data against users. Which makes sense, because it is generally more profitable to act as the user's agent. This is exactly how most people think of private data in the hands of these big tech companies.

There's still some data they'd rather these companies not have. Even if I trust my lawyer to act as my agent, I'd prefer they not have a video of me having sex with my wife. On the other hand, if they had access to an occasional snippet of conversation from an incorrect hotword activation, I wouldn't really care. I know, and my lawyer knows, that their economic interest is in maintaining my privacy. There's almost no value for them in disclosing my conversations, and they would lose my future business.

> The only politically palatable people even concerned about their loss of privacy are a few activists and people in the tech industry.

Slightly related, but the only protest marches held in my European country when biometric personal identification documents were announced were held by overtly religious people, the type of people that believe staff like the 666 number and the end of times being near. Even though I'm not religious at all I joined them in one of their protests, and by looking around me there weren't that many lookalike programmers/tech people attending. Quite the contrary, most of the tech people I personally know are all in when it comes to stuff like this, they look at me as a retrograde when I mention privacy-related issues.

I guess the whole point of hiring an army of lawyers and advisors is that you don't have to do all the things by yourself.
> stakeholders that might be in proximity

I didn't realise visiting a friends house made me a stakeholder in all of their technology choices.

It does. If their light switch doesn't work when I press it I'm annoyed. The fact that I care makes me as stakeholder.

It's just that traditionally my opinion didn't matter much and my stake was tiny.

Or they might not even be friends. Walk down a street filled with Ring doorbells. You are being surveilled by strangers who have been fear mongered because a pedophile will steal their Amazon delivery.
A small Austrian retail shop got a $4k fine from GDPR because their surveillance camera pointed too broadly at a sidewalk. It'd be funny seeing regulators try to apply such restrictions on consumers.
How about in their car? Or on their land? Or anywhere that you rely on others to provide for your safety at all?
>Ask forgiveness not permission. That's all that matters to big tech, that's what brings in the $$$
This is why I've preached this for a long time:

It's not that regular users "don't care about privacy" as many are quick to conclude, but the vast majority simply don't understand.

If even big tech execs don't understand these issues, then how can regular people?

They are clearly at fault, but at this point customers need to be more cognizant of the fine print. I recently did a Google takeout of my data and found for most services they have no tracking on me after March, which is around the time I started actively hunting for options to turn off anything which reveals private information. Taking steps to learn how to reduce my online footprint also helped
> I recently did a Google takeout of my data and found for most services they have no tracking on me after March

You found that they have no tracking data that they're willing to disclose to you. We don't know if that translates into actually having no tracking data.

He immediately admitted that he warns guests in his own home about being recorded, and the article discusses the fact that the cameras have an LED light that turns on when recording. So it's clearly not true that he hadn't thought of this before.
If you are a privacy advocate, how could you work at google and sleep well?

Why sign up for that kind of pain?

To me- its more interesting that this exec is so clueless as to utter something so damning in such a cliched way. Gosh- was he really this earnestly naive? Or is it possible that this is sarcasm? How can you be a vp exposed to press and say something this unguarded or sarcastic IN FRONT OF PRESS?!? What is going on at Google that people like this are promoted/hired?

“Our customers should consider warning guests and family that they use our products” -a google exec

It was not an admission, it was a poorly thought out conversational device. He would have done much better to say, "good question".

In the same interview, in the very next sentence of the article:

> Osterloh then acceded that warning houseguests about Nest devices' recording capabilities is proper etiquette, stating that he already does so.

Given that he already warns his guests, he absolutely 100% certainly has thought about "all stakeholders", in quite that way.

Its a baldfaced lie. In 2019, with all the concern about privacy in the world it is inconceivable that they haven't thought about it. The transition of tech power to the sociopath overlords is complete.
They've thought about it but they won't say that outside of closed doors for plausible deniability.
Does two-party consent even works if it's a 3rd party doing the recording and it goes who knows where?

I'm sure this will also work just fine in Germany.

It's a good question.

I hope that the law comes down on these devices such that it only makes sense to keep and analyze all recorded data locally.

If recorded data is never the property of the corporations but of the private owner of the device, a lot of the issues with them could be defanged.

On the flip side, the value proposition for these devices may then be reduced - both for the corporations that produce them and the customers that use them.

(comment deleted)
Not really, in many places you're not allowed to record conversations you're not actively engaging in, even on private property.
I'm genuinely curious why only nest, alexa, google home[^1] devices get highlighted - aren't they all use the same tech as the Google App on android? Why are android phones not flagged as well?

[^1]: https://news.ycombinator.com/item?id=21262521

I wish it were socially accepted to tell people to turn their Android device off while they are in company. I wish I could tell people that visit me to turn their device off or put it into rf and sound shielded containers.

I don't mind people using computers and their powers to ease their lives. I don't want to deny them that just because they are next to me or in my home. I just don't want them to use that power to collect and track and surveil everything at all times around them, wittingly or unwittinlgy.

This is acceptable in some circles in certain circumstances.
>I just don't want them to use that power to collect and track and surveil everything at all times around them

Unfortunately, the trend is to stick a camera and microphone (and compute/network stack) on every consumer device sold to you, including TVs and refrigerators. Not sure what the solution is, since the vendors can make a plausible argument for the convenience provided by voice control and additional features enabled by object detection. Perhaps some combination of local (rather than cloud) inferencing, immediate deletion of data, and privacy laws that clearly assign ownership of data to the consumer and dramatically limit what telemetry data can be sent back?

> Not sure what the solution is

A soldering iron?

We recently remodeled our kitchen and updated appliances. One microwave we looked at had Alexa built-in. I couldn't think of a single scenario where I would interact with my microwave without standing right in front of it.

I could maybe see it's usefulness for certain elderly or disabled people but I couldn't figure out why the majority of the population would ever want that.

Why are you carving out Android instead of all smartphones?

Also, you can turn off OK google in Android, although they don't make it as easy as they should.

What is actually the correct way to do this?

I don't use Android myself (I use https://ubports.com/ - it's great and you should try it), but several times I've had other people ask me to turn it off, and the best I can come up with is just dragging the Google search box off the home screen. But there's no feedback to suggest it's not still listening, only that shouting "OK GOOGLE" at the phone no longer does anything.

Hopefully somebody else will reply to you because it's been a while for me and I forget the details. There are settings in the Google App itself, settings in your Google Account in general and also I denied the relevant recording permissions for various google apps.

I'm using Lineage at the moment. I'd like to ditch Android entirely but I'm not sure ubports is where it needs to be yet. Unfortunately the open non-Android mobile OS's seem to die before they reach maturity. Obviously it's tough on them if they're competing with an existing app ecosystem, as they are.

Flashing it with something that has no google services is the most correct way to make sure you are not being spied on.
Actually, nevermind, I'll just go home again. Its been fun meeting you old friend
I assume you ask that because you are aware that any device with the capabilities of a smartphone can be made into a powerful surveillance device by whoever the entity is that has control over it.

I see variations of that argument very often. Its essence goes like this:

A: This is a proven threat.

B: But so could be this and that.

A: Right, could be.

B: But we can't get rid of them all, so let's just do nothing.

Here person B somehow convinced themselves that doing anything in that regard to be futile because they can't solve this class of problems once and for all.

There is a distinction between possible threats on one side and an existing threat based on evidence on the other side.

Any device with the capabilities of a smartphone can be nefarious, but doesn't have to be. Any Android device certainly is.

So I'd like to tell people to turn off their Android devices, but may they keep using their open hardware and software phone, because I don't see them as the threat, but the entity that controls their Android device.

They are most likely asking because the main competitor to Android devices also has an always listening assistant.
Capability, yes. Correct me if I'm wrong but I don't believe it's enabled by default?
Siri has been enabled by default since iOS 9[0].

[0] http://ios9news.net/setup-hey-siri/

The always-listening portion is not. Also “enabled by default” still requires active user consent and agreement to plain English privacy terms. It is a step that cannot be missed when setting up the phone.
"Voice Match", the always-listening functionality of Google Assistant, also needs to be enabled. It requires training to your particular voice in order to make it more difficult for someone else to try to access your information using the feature. When being enabled a warning regarding the potential security implications of doing so is presented.
Are you suggesting there's proof that Google Assistant on Android devices is always listening even if it's turned off in settings?
I would agree with the open hard-/software point, but that does not at all answer why you are purposely not mentioning the second most popular phone OS.
Probably because it feels really bizarre to carve out one specific OS for a whole a suite of devices which all have the same basic capabilities.
With a little marketing, you can turn it into a key feature for your tinder app. Using the gesture recognition radar and microphone in the android phone near the bed to collect sexual performance statistics.
I have voice-activated assistant on my droid turned off, meanwhile Siri is active on all iDevices, and everyone with a laptop at your place is a mole.

Do you expect to altogether prevent people from bringing computing devices into your home? If you are not a state target, then that is just silly. Focus your malcontent on the real bad actors, not their victims.

The various states would love to have as much data as they can on every citizen. Therefore, we're all state targets.
Language is useless if we don't set boundaries.

In this case, as you already know despite wanting to twist its meaning, "State target" refers to someone whom the state is specifically, actively expending resources in order to target. Target being the key word. Being part of a giant nation-wide dragnet doesn't make you a target.

Actually this is interesting. Some US states require two party consent for recording. Doesn't that make a phone in your pocket illegal in those states, unless you say "I have a phone in my pocket, and it's recording."
Let's travel to such a state and find out for ourselves. We'll flip a coin on who gets to be the defendant.
> I have voice-activated assistant on my droid turned off, meanwhile Siri is active on all iDevices

This is not true, voice-activated Siri is a setting as well and turned off on my iPhone.

Also, 'Hey Siri' is supposedly processed locally on the phone using the Neural Engine part of Apples custom ARM chip so it should only upload voice data after you have said 'Hey Siri' or held down the home button to activate it. You can test this if you put the phone in airplane mode or go somewhere with no reception and say 'hey siri', it still recognises that you want to ask it something but just presents a message saying 'internet not available'
This is true on Pixel as well. It would be too slow otherwise.
I think the "unwitting" part is what is the bigger issue here. I know it is conspiracist, but some think Google was founded with the backing of the CIA. Given that these spy orgs wish to spy on literally every single person and apparently have the technology to do it (we paid for all of it) we are essentially funding our own slavery. A jail with no walls, just like China's.
I might be wrong but I don't think Android phone are always listening by default.
All smartphones, Apple and Android, use dedicated audio processors which are always listening for the command word by saving recent audio to a buffer and analyzing it before discarding it.

There has never been any evidence that I've ever seen that these audio processors save and transmit their work pre-activation, only post-activation of the service.

Although I do remember in the 2014-2016 time frame when the CIA hack tools got released I believe there was a tool which could basically hot-mic certain iPhones through a zero day and use it to live transmit to a state actor without warning the user (minus the device getting hot from recording and network access).

I'm sure Android has similar zero days just as all software does.

> All smartphones, Apple and Android, use dedicated audio processors which are always listening for the command word by saving recent audio to a buffer and analyzing it before discarding it.

Not all Android phones have Google Assistant.

True, just nearly all.
>All smartphones, Apple and Android, use dedicated audio processors which are always listening for the command word

This is blatantly false. Many high-end android phones and all recent iPhones do this. A large number of phones do not.

(comment deleted)
Siri is always enabled on iPhones by default.
I don't think it is. When you're setting up your phone, you have to go through the "hey Siri" training to enable it.
This is not true. It has been on by default since iOS 9.
I've got a phone here on iOS 12 that started from a a clean wipe this morning. The initial setup asks you if you'd like to enable siri (and certainly pushes you in that direction), but if you don't accept, neither hey siri nor holding down the power button will activate it.
Yeah I can confirm. I just set up my iPhone and it absolutely asks if you want Siri activated. I said no, and it doesn’t respond to any of the keywords or button presses and is completely disabled throughout the phone.
Two obvious reasons:

- Smart home devices are used at home, where you have a high expectation of privacy. In contrast phones go with you everywhere.

- Those devices are supposed to hear everything in the room clearly. A phone in your pocket or backpack? If they can make their mics good enough for that, I would like to have that tech.

> If they can make their mics good enough for that, I would like to have that tech.

have you used a phone made this decade? of course they are capable of listening in your pocket or backup

I don't find that I expect more privacy at my home than when talking to someone at work, or while walking in a park. I'm aware that someone can overhear in public, but I'm not constantly aware that a microphone is following me.

And in many places, people take their phones out of their pocket. And women's pockets often don't have good pockets at all, so whenever they sit down the phone is also put down (or in use).

This happens to be a good example of how there are so many laws you likely break some all the time. California requires consent from all present who have vibrated the air while you record the air vibrations (but not with your ears and brain storage!). That means if the google phone in your pocket listens to people at a restaurant or your alexa listens to your delivery man for a second you are a criminal under California penal code.
In this case it's not the fault of the law though. Everyone with a basic level of intelligence and awareness of cultural norms, i.e. everyone working at Google developing and marketing these kind of products, is aware that this might cause an issue. But blinded by money and optimistic technobabble they do it anyway and make it near impossible or very unpractical for the user to turn it off.

I would have no problem with some legal action against those people.

Isn't here some law against tricking other people into breaking the law?

I'm pretty sure the burden would fall on the end user. They don't have to activate those features in an environment where using them would be against the law. Having them activated at your home and failing to inform visitors would be on the user.
Although legally you might be right, and I'm _sure_ that this is written somewhere in that 4 pages of small print that you didn't read. In practice, no-one is going to be aware of this, and because the "big tech" company isn't ensuring that all users are aware of the contract that they have entered has been adequately explained to them, they are arguably at fault for not ensuring that proper authorisations have been obtained.
Who is the end user of that data?
> California requires consent from all present who have vibrated the air while you record the air vibrations

One-party recording laws enable us to catch bad actors. Otherwise, you can't do things like record Rob Ford smoking crack and being a racist piece of shit while the incumbent mayor. The fact that you don't have the right to record a conversation you are participating in is not a good thing.

Public interest is a defence for not having obtained permission.
I'm not sure that's universally true. Even where it is, that doesn't mean the recording will be admissable as evidence in a legal proceeding.
> I'm not sure that's universally true. Even where it is, that doesn't mean the recording will be admissable as evidence in a legal proceeding.

Unless the recording was made by police, illegally-obtained evidence is often admissable if presented by non-law-enforcement.

> Evidence unlawfully obtained from the defendant by a private person is admissible. The exclusionary rule is designed to protect privacy rights, with the Fourth Amendment applying specifically to government officials.

[0]: https://en.m.wikipedia.org/wiki/Exclusionary_rule

> > California requires consent from all present who have vibrated the air while you record the air vibrations

> One-party recording laws enable us to catch bad actors. Otherwise, you can't do things like record Rob Ford smoking crack and being a racist piece of shit while the incumbent mayor. The fact that you don't have the right to record a conversation you are participating in is not a good thing.

That doesn't stop illegally obtained recordings from being presented as evidence, so long as the recording was not performed by law enforcement, at least in the United States.

Sure you might be open to civil liability but that's a different story.

[0]: https://en.m.wikipedia.org/wiki/Exclusionary_rule

I'll tell of an actual situation that is different, but with similar elements.

Guy A arranges for presumed friend (pf) to provide transport for post surgery where benzodiazepines are administered along with local anesthetics. Guy A is still hesitant after 1st dose of benzo, so another is given and surgery proceeds. Afterwards, pf transports intoxicated guy A home, but for whatever reason, they agree to go elsewhere. Along the way, pf insists on purchasing liquor, which guy A feebly objects to. Liquor is purchased. Guy A and pf arrive at some home and drink liquor. Guy A is now drinking hard liquor on a double dose of surgical grade benzodiazepine and is concealing the effects poorly. Guy A, whose personality includes jovially natured hyperbole on occasion, is now saying abnormally odd things. Throughout this occasion, pf fails to inform guy A of recordings taking place in the car, home and on pf's phone. The following day, pf takes Guy A to retrieve vehicle from medical facility and informs guy A of his obnoxious behavior and deranged rhetoric on previous night. Guy A is a bit alarmed and skeptical, but regretfully accepts that in such a state, dumb things were said. Pf, however, does not share recordings with guy A, but does with friends, without disclosing context.

That really sucks. Unfortunately some shitty behavior might not be able to be legislated away if the alternative is severely impactful to the state of civil liberty.

We won't find a perfect law which only allows good behavior, but we can find one that catches the most bad behavior with the least impact on those with good behavior.

I highly doubt many judges in California or the Ninth circuit will look at this situation and blame the user, especially when they aren't the ones with access to the recordings.
California is actively trying to make everything a crime so that they have the power to press criminal charges against anybody they dislike without violating 1A. Unfortunately, there's no Constitutional Amendment prohibiting selective enforcement of the law, otherwise these idiotic laws would have been killed as soon as they were signed.
Google could have the device say that it records conversations the moment it detects an unknown voice. Google could even ask that unknown voice for consent.
Didn't Nest want to create devices with cameras? It should just do face recognition to detect people who hasn't consented.. /s

And just like clicking "I'm under 18" on porn sites takes you to disney.com, or "continuing to use this site means you accept cookies", if they don't consent, stuff connected to Google would stop working...

"Ok Google, turn on the kitchen lights". "Operation failed with error undefined!"

What's the point of a security camera if it can't record strangers?
That'd get really annoying if there's a TV in the room.
True, but it does not seem impossible for Google to detect a TV. Else, all Google Assist devices can be controlled via a TV ad starting with "OK Google" e.g. "OK Google search I am listening to an advertisement about Google Assist"
Isn't the voice recognition done on Google's servers? How can Google record the voice, send it to its servers, decide that it is someone unknown and play the consent notification if the person has not already given consent?
Verify the voices which are known locally. If it isn't a known voice, it is an unknown one, and consent must be given.
What about recordings by that radar gizmo the new pixel is fitted with? Should owners warn "guest" that their movements are recorded?

My promotion is not dependent on finding ways to monetize this data but Gait analysis is a thing.

jUst PUT a GDPR nOtice on THE DOoR
You mean, a curtain [banner] that displays a notice, which the visitors need to move aside [close] to enter the house? ;)
How is this even legal if wiretapping is illegal in many places?
I don't think there's anywhere where it's illegal to record conversations of both parties know about it.
That's the point though, if your Nest device starts automatically recording your guests and you don't warn them, could you be liable in a 2-party consent state?

But on the flip side, Google Assistant devices don't start recording unless it gets the "OK Google" keyword, so it's not like it's randomly recording everything. You specifically have to turn it on (albeit it can be turned on accidentally if it misdetects an OK Google). Is this somehow different from Nest devices?

its listening for that keyword, whose to say its not listening for others
As an EE, this is the exact point of failure I see even from tech people on this topic.

There is LITERALLY ZERO way to tell that your “Assistant” is not listening for words like Trump or Sanders then marking down in a log if they were mentioned with other words like “Fucking” or “Communist” or whatever.

No one has or realistically can do a full reverse engineer of the firmware here, you’re talking about the same protections used in game consoles and smart phones.

The “research” into “is my Alexa spying on me” looks at large pattern encrypted traffic and determines they aren’t always uploading. But they absolutely could be collecting metadata of what you talk about without the words themselves.

The meta data of your habits and conversations for a month would be kilobytes at most and sent in a single HTTP/MQTT message that could look a ping or keepalive or some normal traffic.

Where I live this is illegal. Unless you mean when both parties actively consent to it, which in this case is not happening.
(comment deleted)
The owner of the device consented either explicitly or implicitly. For everyone else it's not immediately obvious where to assign the blame: is it the owner of the device recording you without consent, as it would be with a normal microphone, or is the smart device manufacturer at fault?

Just telling people "ask every guest for permission" ostensibly clears this up: it's the owners fault for not getting permission. Of course in many places courts are in the habit of disregarding completely unrealistic disingenuous demands.

An edge case might involve anyone who bought a Nest device with a hidden microphone that was removed from specs/documentation, only to later be enabled by a software update.
I wish I could record my phone calls. It would be easy for Google to add that function to Android but they don't. I assume it's due to legal problems. On the other hand, they sell devices that record all conversations in a home.

If they want to put the responsibility on the owner then do that. Add recording to Android. Otherwise, be consistent with your other products and turn off automatic recording.

The Internet of Things I Won't Buy
I think a device with a camera/microphone should have a physical on/off button and a LED which indicates when it's on. At least, that's how I would design it.
Doesn't Google Glasses have an indicator LED for when they are recording?
I'm sure any 0-day capable of eavesdropping on your phone can also disable the LED.
I'm sure that is why any device which includes such an LED insists on it being hardware not software. Even a magical 0-day is not going to break the laws of physics.
Nest changed their camera to prevent users from disabling the light that indicate the camera is recording and users complained loudly and bitterly about it.
I wonder - has Google became with "no-privacy" by default ?
A few short years ago it was incomprehensible, even in the west, to have what is essentially a permanently bugged house. Now it has been normalised to such an extent that even people who claim to be aware of privacy use Alexa et al at home in a striking display of dissonance. The general public at large has been sold such attractive shiny toys that they don't realise that the price they pay for using them is to unconsciously disabuse themselves of any notion of assuming privacy, even in your private space and activities. This training has been so effective that they will actually defend these practices and claim that you're a 'tin foil hat wearer' and paranoid to be speaking up for reclaiming what was normal and natural as short as two generations back.
People used to ask me why I don't use Facebook. I haven't been asked that in about two years.

I predict that three years from now the majority will share our views about voice and video recording.

This is such an optimistic and hopeful comment. Thanks. I hope you're right.
I disagree. There has been so much anti-facebook hype over the last few years, yet many of the people I know, smart people, have it on/open/in-the-background 24/7, and instagram, and a hundred other services shipping their personal data. These people don't read about online privacy or ruminate on the consequences of their actions, because everyone around them does the same. For younger people, it's worse. Their entire lives are uploaded. They have been programmed to accept this as reality, and it would probably seem like social suicide to disconnect. Outside of places like HN, conversations about privacy and censorship, in my experience, are only ever instigated by me.

And now the world seems to be in a mad rush to bug their houses. Obviously there are plenty of people who are repulsed by this, but we're all swept up in the surveillance state anyway. If people start to get the idea that these surveillance devices are bad, they'll be reminded to trust their govt with a brand new terror event.

While I agree with the broader sentiment, I think that app/web tracking is worse than "bugged houses" because it is disingenuous to claim the devices (alexa et al) are actually always listening. You specifically interact with them, and the only data lost is a voice print, and when you like to turn your lights on. Sure security cameras are the exception since they always record, but those aren't new.
I have an ordinary thermostat that doesn't need firmware, an internet connection, or to eavesdrop on my conversations. It works great!

What exactly is the advantage here?

They aren’t talking about Nest thermostats, which don’t have a mic. They are talking about the Nest Cam, and now the Google Home which has been rebranded a Nest device.
Automatically turning HVAC systems on and off depending if the place is empty, turning it back on remotely, cycling the fan on and off to circulate air more often, removing excess humidity, using data about sunlight to adjust temps.

There must be energy savings for the utility companies to give them out for free or almost free. Although I prefer the HomeKit thermostats since I presume Apple has better privacy controls.

Don't know about other parts of the country, but where I'm at (low 80s @night, mid 90s @day), that's all false economy.

Turning it down while away for a few hours just means a struggle to get the temps back down when I return. And in places where summer is less hateful, best option is to turn it off altogether and open the windows.

To a utility company, just shaving a percent or two off consumption is a slam-dunk. Not so much out of eco-friendlyness as fear of having to add more capacity. Personally, I will gladly pay another percent or two on my power bill to not have any more SV awfulness in my house than necessary.

Why would anyone come back to a home after such a warning?

Think back 20 years. Would you come back to a home after the resident switched on audio and video recorders and said "you're being recorded."

Now come back to the present, and add the word "thermostat." Does it make any difference?

The Nest thermostats don’t have microphones. Houses have had security cameras long before Google existed, as have a large percentage of retail businesses, banks, gas stations, convenience stores, government offices.
I'd wager most people adjust their behavior accordingly. I would absolutely expect privacy inside a home. If a friend had cameras inside their home I'd probably even opt to meet in public, where at least there's no false sense of privacy.
Additionally, the cameras would usually record on their equipment only, it wouldn't be sent for further analysis to on of the largest data collection entities worldwide.
I get where you are coming from. How do you feel about things like Ring doorbells, where you are on camera approaching a home. Audio is being captured of at least some conversation inside the home, assuming there will be some proximity to the front door.
In the general sense I'd say I'm ok with a ring pointed at people's own property. I don't expect privacy in their front yard, might be a bit bothered in a backyard. A neighbor pointing their camera at the street accidentally capturing my coming and going would somehow feel like a privacy breach.

Ironically I currently have 2 ring cameras setup on the outside of my house, installed by previous owner. I'm looking to replace them down the line as I don't trust Amazon with my data.

Which is why I unplug my Nest from the wall socket when I get back to my apartment.
(comment deleted)
Since cameras and mics are embedded in all kinds of consumer devices these days, it makes me think we need a site that recommends devices that DONT include surveillance as a “feature”. Sort of a Wirecutter for privacy.

Does this exist?

well it really depends how far down the rabbit hole you want to go.

a laptop running OSS is better than a laptop running win10, but then there's usually still intel ME doing goodness knows what.

a phone running sailfish or f-droid is better than OEM android, but there's still your cellular service provider selling location data to goodness knows who.

anyway, check out the pinebook (laptop), librem 5 (phone), mycroft (voice assistant).

Yep. Two phones hacked already, could be a us-based three letter or could be something else. Can find the hacking only because of transperancy into some components of the network, but certainly that does not include my phone...

Just another ant on the ant hill, the only difference is that I was able to identify that I had compromised security (with the phone)...

I want to go all the way down the rabbit hole & can hardly wait for the lebrim 5.

“Those that would give up a little liberty for security deserve neither liberty, nor security”- my attitude is those who were spying on me can go screw themselves!

FWIW, I'm living a Google-free live now, and it works very well:

- DuckDuckGo as default search engine

- Own domain for email, forwarded to Apple's mail

- Apple map, Yandex map, Waze, Here WeGo for maps (depending on the country)

- For videos, I search them in DDG with "<searchterm> !yt", then copy the links I want and download them with `youtube-dl`

- Firefox and Safari

- Zoho as a replacement for online docs and spreadsheets

etc.

EDIT to add: I should say that I try to live Google-free...

You've certainly reduced your Google footprint. I don't think it's possible to reduce it to zero though.
Just a heads-up: Waze is owned by Google [1] now.

[1]: https://en.wikipedia.org/wiki/Waze#Google_subsidiary

Waze was recommended by family for a trip to Israel.

The good news: Available for Windows Phone (which I had at that time)

The bad news: In order to use it access to my address book.

For a navigation app?

WHAT THE FUCK!

probably to suggest destinations
That would be true if it was optional, not required.
Peeves me that in order to control Spotify from Waze I have to agree to share my Waze location data w/ Spotify...

I really wish we had regulations that limited companies from blocking functionality behind data-walls.

What do you do about websites that use reCaptcha?
good point... browse in private mode by default, and with a VPN (which by the way means that I solve a lot of captchas :-/ )
You're likely not at all living "Google free". https://gizmodo.com/i-cut-google-out-of-my-life-it-screwed-u...
Informative, thanks.

Hmmmm, Uber, Lyft, and Dropbox - I avoid those, too.

I was a huge Google Fan but this is becoming lunacy.

I understood trading some data and privacy for great search results, maps and free quality email.

But people willingly bringing always on listening devices in to their homes (beyond what smartphones are already capable of) I just can't comprehend it.

Why would people voluntarily do this in exchange for being able to ask for weather, play a playlist, add a todo and a few other parlor tricks.

I guess I value my privacy more than others and don't like the idea of entities compiling a record of my data that they can sell and market.

Imagine how some governments could use this data to limit freedoms, crack down on their opposition.

And what about the first data breech that includes transcripts or even audio of all your household conversations/activities over the past three years matched up to your email or even address?

It just sounds like we are heading down the wrong road.

Do you own a cell phone?
Having a cell phone does not invalidate their legitimate critique.
Of course not, but phrasing it in this way (that phones are a separate exception) minimizes the legitimate critiques of always-listening cellphone privacy.
Phones solve many more problems though.

I'm willing to make some sacrifice so that I can get GPS/maps anywhere I go, ability to make emergency phone calls, etc.

Smart speakers really don't have the same value add.

Apparently on this site it does. I had a conversation where I made a joke about Alexa glasses spying on us all in public instead of just in the privacy of people's homes now and got downvoted to oblivion because apparently you aren't allowed to care about privacy if you own a phone. The amount of whataboutisms on this site where people try to invalidate others opinions or critiques is incredible and makes it very difficult to have any kind of genuine discussion. I imagine it's partially because there are plenty of Google/Facebook/Amazon employees on this site so it's in their best interest to shut down any pro-privacy discussion
Apparently on this site it does. I had a conversation where I made a joke about Alexa glasses spying on us all in public instead of just in the privacy of people's homes now and got downvoted to oblivion because apparently you aren't allowed to care about privacy if you own a phone. The amount of whataboutisms on this site where people try to invalidate others opinions or critiques is incredible and makes it very difficult to have any kind of genuine discussion. I imagine it's partially because there are plenty of Google/Facebook/Amazon employees on this site so it's in their best interest to shut down any pro-privacy discussion
He mentions that he does.

The thing is everyone has a cellphone, even many kids. Invite half a dozen people over and you’ll get half a dozen cellphones.

I have a couple of Amazon Echos, plus iOS devices that occasionally activate Siri for no reason.

I love them. My feeling is that I’m willing to live with it for now. Hopefully, a decade from now, voice technology is perfected and more is done on device.

There is never going to come a day when any of these companies give you more control over your devices. Why would they? Thats their entire competitive advantage.
The Pixel 4 does speech to text on device. They do it because it's faster.

Once it becomes a solved problem, there will be better open source devices and more competition. On device will be a checkbox feature.

Not every company makes you the product.

>Not every company makes you the product.

yeah, but since that has been a workable angle we'd had an explosion of companies that do make you the product.

I wouldn't assume the inverse over time related to a reduction in effort from better devices and competition; i'd assume further growth.

of course I do, it's alluded to in my comment: "(beyond what smartphones are already capable of)"

I agree, smart phones provide the same surveillance capabilities of 'smart' speakers and more.

But supposedly phones aren't always on and listening to all your audio like the 'smart' speakers.

This might just be a divide in society, some people accept surveillance as not an issue and are fine with it.

Would you place a similar 'smart' speaker device in your home if the government suddenly required it?

I just feel a surveillance state is detrimental to freedom and democracy, the freedom we have in the states is not common.

If you look back in history and even around the world today it's pretty rare. I just want to make sure we aren't setting ourselves up to weaken it or even lose it.

> But supposedly phones aren't always on and listening to all your audio like the 'smart' speakers.

New phones are.

Also, AFAIK, Alexa et al. are only sending traffic home after the wake word is heard. I believe this has been confirmed via wireshark.

That's true a phone has 'smart' speaker features.

It seems 'smart' speakers wake more easily than Siri.

We hadn't been hearing news stories about FANG employees listening to/reviewing conversations intimate moments until the 'smart' speakers were deployed.

I expect this could have been going on with Siri as well though.

I'm open to using a 'smart' speaker in the future, there might not be any reason for concern.

Currently it just seems like a bad idea to add recording devices you don't control around your home.

> We hadn't been hearing news stories about FANG employees listening to/reviewing conversations intimate moments until the 'smart' speakers were deployed.

That just shows that the media didn't think those stories would sell.

> New phones are.

But it's a setting. I own an iPhone have turned off "Hey Siri". If it would still listen all the time that would be a security issue and breach of trust.

after the wake word is heard

It's more accurate to say "after the wake word is heard or after a false positive for the wake word is heard".

Even in the presence of hardware interlocks (active when the wake word has not been detected), the accuracy of wake word detection is a really important question, as is the question of whether an adversary can modify the wake word detection code remotely.

> New phones are.

Not new Android phones. Since Android 8, google no longer listens while the phone is locked. If you want to use the google assistant, you have to give your fingerprint or password first.

But saying "beyond what smartphones are already capable of" diminishes the fact that they are also always listening, and are also generally near where you are. Siri, by default, is always listening. Most people don't understand or know this. People are then amazed when they put their phone on a table and say "Hey Siri" from across the room.
It's very different. Smart speakers are much better at invading privacy.
No one has yet to provide an argument as to why "smart speakers are much better at invading privacy".

For example, just this year my always-on, always-near-me iPhone was subject to an attack where anyone could call me on FaceTime and gain access to my microphone. This attack vector does not exist on my Google Home.

So, why are smart speakers much better at invading privacy?

Smart speakers are made to listen by design, that's their sole purpose: to listen and respond to that. Disabling the microphone takes away the core functionality and basically their purpose for being. You're left with a speaker.

For a phone the assistant is an optional side-feature and disabling it takes almost nothing away from the utility of the smartphone. You're still left with a smartphone.

Smart speakers are designed to listen, obviously!

Streaming audio is not seen as suspicious.

Also they aren not phones and not using wifi, not LTE/4G uplinks, making it more easy to stream audio without hitting bandwidth caps or using too much battery.

It's way much easier to notice if a phone streams audio often and unnecessarily.

If you believe that your smartphone isn't always on, wouldn't it make sense that your smart speaker is also off until you give it a wake word?
No, because it's a small step from having a smart speaker - which is specifically designed to pick up someone speaking quietly from the other side of the room - to go from "requiring a wake work" to "listening to every conversation". Especially when the companies involved (Google and Amazon specifically) have direct interests in knowing what you are talking about.
They use the exact same hotword detection - that is all they are "always listening" for (obviously plenty of false positives that can still capture other conversations)
The problem is the illusion that these devices present of being just another utility like a toaster or a TV or even a smartphone. The always on link between these listening devices and their command and control is not evident. It gives the illusion of operating locally.
I hate not having privacy but I don't understand singling Google out here. Siri is listening (both on phones and on Apple' homepod), Alexa is listening, Cortana is listening, ...

I actually am less worried about those (since I turn them off) than I do about Netflix/Amazon knowing every movie I watch. Amazon knowing every product I order. My Credit Card and Bank company knowing every business I transact with. My Mac and PC spying on what I do with them (i think that's more Windows than Mac). My PC/iPhone/Android/Rift knowing every app I run. My ISP knowing all the websites I visit or DNS lookups I make etc... I could go on and on but I don't see how Google sticks out here.

It's a much bigger problem.

I don't see anything in the parent comment that says this is a Google-only issue.

Also, the Netflix and Amazon examples don't seem to be in the same category, to me. Every time you interact with Netflix and Amazon, you are doing so deliberately. You are choosing exactly what to give them. You can easily pick another service.

Always-on listening devices, on the other hand, are taking data that you did not choose to give them, and other people's data as well. That's the point in the headline of this article. I would never need to tell guests "If you order something from Amazon, they'll know you ordered it," but apparently I might need to tell them to watch their mouths in my house. There's a big difference.

> Every time you interact with ... Amazon, you are doing so deliberately.

Don't forget that Echo devices are Amazon's always-on listening devices.

Yes, sure, but that wasn't what the comment I was replying to was talking about... This is about the difference between always-on listeners, including Echo, and stores where you buy things.
Echo's listen for their wake word, which is done on device and offline. It detects the wake word, and then connects to the internet. It is not actively transmitting in the background.

If you have proof of echo devices not doing this, you need to yield a source. Wireshark logs, anything.

> If you have proof of echo devices not doing this, you need to yield a source. Wireshark logs, anything.

I suspect most of these comments are from people who don't own, haver never used, let alone sniffed traffic from those devices.

They conveniently ignore all the networks (including my own) which will throw a fit if these devices start sending unusual traffic.

I'll worry the day they embed a cellular modem.

Amazon is the only one of the GAFAMs that it's not practical to boycott : boycotting Amazon Web Services breaks a large part of the Web.
May I say that I love your use of GAFAM. I always thought FAANG was silly and Netflix was not like the others and was included just to make a good acronym
I agree with the company choices, but the spelling of the acronym worries me that it will be read or intended by some as "gay fam". Particularly since the usage as a generic insult makes semantic sense for disparaging a group of closely related companies...

(I guess it's not the only slur it has to avoid with that letter combination though.)

FAANG for top pay, GAFAM for global dominance?
If I'm not mistaken FAANG is more about the Silicon Valley (and the people that might be interested in living/working there). Meanwhile GAFAM is more from the point of view of the users, also Netflix#, as a non-US online presence is pretty new, and let's face it, is only about a specific kind of entertainment - one might then add Valve/Steam as well !

It does bother me when politicians say GAFA and leave out Microsoft (but not Apple??)

#Netflix did play an important part in adding DRM to the Web specifications...

Trying to boycott any service that uses reCAPTCHA is pretty impractical, as well. Lots of stuff also uses the Google hosted AJAX libraries.
Right. I tend to forget about it because for the most part you only get reCAPTCHaed when creating a new account...
y, I agree it's not just Google.

I think allowing any company or government having an open mic/'smart' speaker, essentially bugging your own home/business is just a bad idea.

"I actually am less worried about those (since I turn them off)" - are you sure they are off, had to ask.

I'm not as worried about Netflix/Amazon knowing every movie I watch, product I order or am interested in.

I'm more worried about private conversations and communications being monitored as it applies to freedom of ideas, diverse political movements, freedom to vote and even freedom of religion.

Nest/Google Home devices have a hardware mute button. They are off when they are off.
yeah, I believe the hardware mute button does mute the mic.

That was more of a joke, are you sure they are off?

I'm sure someone has or is testing that the hardware mute button works.

I'm not against Nest/Google. I was always sporting Google T-Shirts and hats back in the day, telling everyone to use it and recommending their products.

I'm just not sure on this product.

> Nest/Google Home devices have a hardware mute button. They are off when they are off.

Can you cite where Google says that the mute switch is a hardware kill switch for the mics? I've only read where they say that it doesn't listen but never that it physically disables the mics which means it's done in software and the device could be "muted" and still able to listen.

Unless the mute switch is a physical disconnect for the microphones then it's no different than the Alexa's mute button.

And don't forget Google's Nest Secure contains/ed undisclosed microphones and not physical mute button and Google wanted you to trust that it is/was disabled.

Google it you lazy fuck, yes they repeatedly say it's a hardware disconnect
What terms do I use to find these magical results?

If I google "Google Nest Home Mute Hardware disconnect" for example, none of the results on the first page state it is a hardware disconnect.

The support.google.com links all use vague language that never explicitly says there's a hardware disconnect. Just that the mute switch causes the microphones to be disabled.

Interestingly the last result on first page is this: https://store.google.com/magazine/google_nest_privacy#ada2d2...

And it's claims are known to be false.

> Your device will only send audio to Google if we detect that you or someone in your home is interacting with your Assistant

So I'm genuinely curious where all this information about the mute switch being a physical disconnect for the mics exists.

There's a world of difference between a company or government doing that.
regarding Siri, I think the general assumption is that the phone is triggered by hearing 'Siri' to start recording. I doubt very much that people think their phone is always recording everything and that they are therefore ok with being recorded when not using siri.
I'm not clear on this - Is Siri or Google listening for anything other than Hey Siri or OK Google?
Officially, no, but it's not uncommon for it to misinterpret another word as the wakeword and then capture and send off 30 seconds or more of audio that was never intended for it.
It can't selectively listen. It processes all audio input for those key words. Once it hears the keyword, it then sends a recording of what you say next to a server.
This is not accurate. At least on the Google home the "wake word" is baked into the hardware and no audio gets through that piece of hardware until the wake word is detected.

Obviously there can be defects, but Google is not getting 100% of the audio from your home.

I highly doubt the 'wake word' is embedded in devices on a hardware level rather than software. That sounds like a terrible idea on multiple levels.

You are using 'Google' in a vague way which may be why you are confused about what my comment meant. The Google device gets 100% of audio it hears, because it can't magically hear a 'wake word' without listening to all audio. It only sends audio to a Google server after the wake word.

Aren’t “OK Google, hey Siri, hey Alexa” all processed/recognized locally? Otherwise, it would be a horrible idea to send EVERYTHING off to the internet for processing. Not even concerning privacy issues, it would just be unworkable that way.

(This is at least true for the iPhone, Hey Siri is recognized locally before anything is sent off to the net)

Re reading your comment, I guess you mean: the sound processing goes through the local microphone no matter what, even if the audio is only forwarded on if they lead with certain keywords, right? In other words, just like how every other voice activated system has to work. The privacy implications are that the equipment could be compromised to actually put the recording in longer term storage, like a bug or something.

I think we need to be looking at this from the side of biometrics. There are already privacy laws in some states which protect that kind of information about individuals. It's scary to know that if you collect a lot of what may seem like harmless information about an individual in one place, and analyze it through an algorithm or AI, then you're able to accurately predict a lot of extremely intimate details about a person. Just look at the classic example of Target predicting a teen's pregnancy before she even knew it herself, just by observing her buying habits[1].

Imagine if AI advanced to the point where a human brain could be simulated in a computer. If you collected enough data on a person, you could create a virtual clone with their exact same beliefs, opinions, intelligence, etc. Just imagine how easy it would be to exploit someone if you could simulate how they'd respond to anything with perfect accuracy. You could literally enslave people.

And while that's currently scifi, the amount of money companies like Google and Facebook are pumping into AI research means we could land somewhere pretty close to that eventually. If we're still not protecting peoples' data by then, we're all fucked.

[1]: https://www.forbes.com/sites/kashmirhill/2012/02/16/how-targ...

Just look at the classic example of Target predicting a teen's pregnancy before she even knew it herself

Might wanna read that again, it’s a story of clever and spooky observation but not that clever.

>Siri is listening (both on phones and on Apple' homepod), Alexa is listening, Cortana is listening, ...

I've disabled Siri and Cortana to the best of my ability (and I don't own any Amazon devices with a microphone). Of course I can't actually be sure that that means that they're really not listening, but it's absurd to imply that just because one owns a smart phone they must give up all hope of privacy.

I don't think anyone is suggesting that smartphone ownership means you give up all hope of privacy.

You are trusting that your efforts to disable Siri and Cortana have actually resulted in them being disabled, and that Apple and Microsoft aren't doing nefarious things to keep them enabled anyway. If you trust that, I don't think it's a stretch to trust that Apple and MS would avoid doing nefarious things with a HomePod or [whatever MS's analogous device might be]. You seem to not want to have anything around that can record you without your express permission, so sure, I get why you don't have a HomePod.

I had an Amazon Echo for a while, but decided I didn't trust Amazon, and exchanged it for a Google Home. I have an Android phone with Google Assistant enabled, and I don't see the privacy implications as materially different between the two.

The new version of Fahrenheit 451 (film w/ Michael Jordan) does a fantastic take of this. I highly recommend it unless anyone is a Fahrenheit 451 originalist.
My personal view is that the biggest issue here is the lack of user protection. I'd be a LOT less concerned about this if the appropriate legal framework protected me.

The Star Trek vision of voice as an interface is a good vision. The question is how the regulatory framework protects users in this world and keeps it from being the dystopian nightmare that our "for profit corporations get to do whatever they like as long as you agreed in an 'all or nothing' click through" seem to be headed for.

The in-universe answer from Star Trek is that there's no more capitalism in their post-scarcity society.
While the tech seems to be catching up in certain areas (if not the FTL drive), socially we're nowhere near what was depicted in Star Trek. It wasn't just post-capitalism but post-money. People no longer had to work for basic necessities. That is almost an unimaginably different setup to what humanity has always been used to. There's also a noticeable lack of crime and corruption, again something humans will have to extensively transform themselves in order to reach the goal...
Don’t forget, that in Star Trek, there’s a post-apocalyptic period waiting for us before the post-capitalism times...
If the voice interface is implemented locally then it's not a problem. Google already has it working on the Pixel. It has some limitations but it responds faster and works offline.

https://techcrunch.com/2019/03/12/googles-new-voice-recognit...

> If the voice interface is implemented locally then it's not a problem.

That's not really observable or enforceable by me though. A question I ask myself all the time before I say yes to some kind of "new data tracking" is: "How do I think company_x will behave in 10 years if their profitability is plummeting?" Because I think that paints the worst case for companies that so far have been good actors.

I guess the TLDR is: That's great, but I think that the solution is legal protections for users. Right now all the power is in the hands of the collecting organization.

It's also possible for any software to have a keylogger. We don't really worry about that, because if it unexpectedly sends data, someone is likely to notice and tell everyone.

Voice interfaces today work like keyloggers by design, and we're just trusting them not to abuse all the data they're getting. It'd be a lot better if we didn't have to.

(I'm on board with legal protections too, of course.)

Star Trek is a post scarcity society. There is no capitalism, commumism or even an economy. Every basic need is met. People join Starfleet and work as officers purely so they can better themselves and explore the stars. This is incredibly optimistic vision of the future.

We are far more likely to end up in a cyberpunk nightmare where corporations are richer than entire nations and technology is used to subjugate and control people.

The Expanse seems to show where we are headed.
A lot of people just don't care.
> people willingly bringing always on listening devices in to their homes <...> I just can't comprehend it.

The reason is "people" lack education in technology. They can barely use a computer these days, with "using a computer" generally means being on Facebook with a browser.

There's a very significant divide in this regard that has been growing for decades. And it isn't getting any better. This is why it is nearly impossible to convince people you know to use better passwords and adopt security and privacy-conscious behaviors. I don't know if you (plural) have experienced this, I know a few people for whom sending a link via email is a challenge. They think they sent you a link and what you get is unusable. No, it isn't about age at all.

Smart phones and tablets have changed the relationship people have with computers. They make things very easy to use and require almost no technological knowledge to operate. In computers, the browser or Chromebooks do the same.

Add it all up and the idea that someone does not even remotely think that a thermostat could be recording every word being said in home doesn't even cross their minds. Going beyond that, thinking about how and where that data is stored and how it could be used it yet another level.

All this says it is the responsibility of the tech community to make sure customers understand the important aspects of the technology we provide.

> All this says it is the responsibility of the tech community to make sure customers understand the important aspects of the technology we provide.

Which is difficult as long as some peoples income depends on not making sure that customers understand.

As much as I'd like to pretend we are all morally and ethically acting grown ups, reality tells us we are not. Ultimately this needs to be regulated by law and continually enforced. It seems like regulation is slowly rolling in, but enforcement seems to still be far out.

"The reason is "people" lack education in technology"

This is a dumb statement. Lots of tech people use all of these devices. In fact smart tech people differentiate between machine listening and humans listening.

A Math, Tech person know that the probability of a human listening to my recording is close 0.000001%.

Humans, including yourself, make far worse decisions every day in your life that have much higher detrimental effect to your overall quality of life than worrying about stupid things

Yeah I’m a software engineer for GAFAM, am fully tech literate and I like my Echo Dot. I’m simply not concerned about the privacy issues. I have yet to see evidence that they are using my data in any way that I would object to.

I thought it’d be fun to go back through my two years of recordings to see if it captured any accidental conversations, and it was so boring to go through. They are entirely expected questions like “what time is it” “what’s the weather today” “set a timer” “what’s the cubs score” “when do the cubs play” “how many games back are the cubs” “how many games left are in the cubs season” “Do the cubs even have a chance at this point”

I'm also a GAFAM engineer. (Personal opinion ahead etc..)

I agree with you that nobody is listening and it isn't valuable data even if they were.. My biggest issue is that the devices are a black box. Nobody knows if they're hacked or compromised which is why hardware disabled buttons. More transparency is critical. I think I should be able to monitor all of my smart devices' activity with as much done on device as possible.

Apple and (now) Google have made strides with on-device ML lately - I hope things continue down this path.

>> "The reason is "people" lack education in technology"

> This is a dumb statement.

How about doing a bit of research before saying stuff like that?

For example:

https://lifehacker.com/this-chart-shows-how-computer-literat...

From the article:

"The results aren’t terribly surprising if you’ve ever worked a help desk. Around 5% of the U.S. population ranks at level 3, the strongest level of computer literacy. Another 26% ranks at level 2, where users can do things like “find a sustainability-related document that was sent to you by John Smith in October last year.” Those who ranked in level 2 likely aren’t developers or engineers, but they get by.

However, for the 69% of the population below level 2, complex skills are still hard to come by. 26% of people weren’t even able to use computers. The full report at the source link below shows how these numbers break down over age ranges. Regardless, the numbers give some perspective on how skilled the overall population is."

And this is about using a computer. Understanding technology in general is a very different matter. The data on this isn't difficult to discover. There have been a number of studies, for example:

https://www.pewresearch.org/fact-tank/2014/12/04/half-of-ame...

The vast majority of the population is utterly ignorant when it comes to technology. Start adding areas like machine learning and AI and the chasm is massive, deep and wide.

Using tech people to claim this problem does not exists and, therefore, calling the statement "stupid", betrays a failure to understand the topic at hand.

The same is true about medical knowledge. The vast majority of the population is utterly ignorant about medical science, pharmacology, etc. Claiming this statement is "stupid" because doctors, nurses and medical practitioners do, in fact, understand the domain, is, again, missing the point. And missing reality.

The example is useful because, unlike in the general case of technology, the medical sector has a range of safeguards, rules and laws in place in order to protect consumers. Very little, if any, of that exists in technology.

You can manufacture and sell a 3D printer that can fail and burn down someone's house. There is not FDA equivalent in order to ensure some level of safety exists as a minimum. If you think FCC, UL, CE and TUV provide those safeguards, well, you are obviously not in the hardware business. This is particularly true for the utter junk that comes from China, where these certifications are given away like candy and ar sometimes falsified.

And so, you can insert a microphone and a camera into a consumer device and there really isn't anything preventing anyone from using those sensors nefariously. This is particularly true if the device's firmware and software can be updated over the 'net. Which means you can ship a device that can test out to be completely benign. Later on the same device is updated over the net to include obtrusive capabilities that compromise privacy, and nobody is there to prevent that.

And then, of course, there's this:

https://www.youtube.com/watch?v=0vL4HLTZQ_Q

and this:

https://www.youtube.com/watch?v=t-lMIGV-dUI

...and who can forget this:

https://www.youtube.com/watch?v=aHGd6LqAVzw

People just don't know how valuable this data actually is. Sure it only gets value if a critical quantity is reached.

There is just a disconnect in understanding. With huge efforts they will create archives of 5% special price coupons, but how tech companies extract free money from them is beyond their comprehension.

The implications of having every deed and word quantified is perhaps too abstract a danger to understand.

no, you just over estimate how valuable this data is because you desperately want to feel important. guess what, you saying "ok google turn on my lights" 1000x times is completely worthless to anyone. you're not important and your data means nothing to anyone. grow up
no, you just over estimate how valuable this data is because you desperately want to feel important. guess what, you saying "ok google turn on my lights" 1000x times is completely worthless to anyone. you're not important and your data means nothing to anyone. grow up
I don't think this is just a Google issue. Osterloh just happened to be the first one to come right out and say, yeah, maybe you should tell your guests.

Personally, I thought the bigger news (insult) was when he said, "Gosh, I haven't thought about this before in quite this way."

Give me a break. You knew it. I knew it. We all knew it. Maybe the right thing to do is have the device recognize there's an unknown voice in the room and announce that it's listening. That hasn't happened for some reason, but I highly doubt the reason is that no one ever thought of it.

> Gosh, I haven't thought about this before in quite this way

Imagine if I made a self-driving car. Imagine if, in the rain, it simply slowed down and stopped right where it was, even in the middle of the freeway.

Now imagine that when asked about whether this was dangerous and ought to be disclosed to customers, the VP of Engineering said, "Gosh, I haven't thought about this before in quite this way."

We'd all say the VP was either lying, or was dangerously incompetent and was running a dysfunctional engineering group.

I don't need to get into a long conversation about whether this is malice or incompetence: It's unacceptable either way with self-driving cars to claim to have not thought about safety, and in the case of privacy and disclosure of recordings in my home, it's unacceptable either way to claim to have not thought about it.

This company is rotten from head to toe, and so is the system of incentives that lead companies like Google and Facebook to flout all standards of responsibility.

How can someone say something like this and still have their job at 5pm PST? How can Zuck say time and time again, "Sorry, we'll do better next time, by the way, political ads can lie," and there are no serious consequences?

Exactly! He knew it, the whole company knew it and took advantage of it, and didn't disclose it publicly until questioned by a reporter.

I see parallels to the genetic testing kits: it's all fun and games until police use it to find people who committed crimes. Just wait until investigative units realize FAANGs have recordings from inside houses that they can supeona.

> But people willingly bringing always on listening devices in to their homes (beyond what smartphones are already capable of) I just can't comprehend it.

Always-on listening doesn't seem like a huge deal. What matters is the policy of allowing Google people to listen to captured audio, even if it's for training purposes. This is skirting uncomfortably close to a dystopian surveillance society.

If you want to gather data from people, provide an incentive to voluntarily participate. For instance, on Google maps you can become a contributor and there are benefits and bonuses if you contribute enough. Yes, this group is self-selected so it's not as good as a random sample, but it's better than the dystopian alternative.

Always-on audio capture is a HORRIBLE idea in general. First, if it's stored - at all - then you have to ask "who else could get access to the recording besides (Google|Apple|whoever)?" Whether it's a nation-state via a search warrant, or some random script kiddie who hax0red the storage mechanism, once it's recorded you don't know WHO is going to get access, or what their intentions will be.

Secondly, even if it's not normally recorded, so long as the capability is there, you've basically bugged yourself. Now if you become a target for surveillance, all the other party has to do is arrange for (Google|Apple|whoever) to give them a real-time feed from your device and now all of your conversations are fair game.

Smart phones are bad enough, but why put more devices in your home (car, office, etc.) that make it trivial for others to monitor you?

Isn't this true with any device that has an embedded microphone? Laptops and pre-smart cell phones have had the same vulnerabilities for a very long time, no?
It's a fair point... unless a device has a hardware mute switch, it's hard to know for sure if somebody can activate it remotely for listening. But why add more attack vectors unnecessarily?
Everyone in my house finds the Echo convenient. It is not a big deal, but neither is our threat model. There is no profit to anyone in spying on our kitchen. I'm much more wary of devices that radios, GPS and cameras, but I still use those too since they are even more convenient.
The general public didn't have a reason to distrust the devices. Snowden, Assange, email scandals and general overbearing decisions from tech companies black-holing things has shown the average joe there could be a problem.

Combine that with a general rise in authoritarianism and living outside of the US where these tech companies are based.. I can see the problems arising.

> Why would people voluntarily do this in exchange for being able to ask for weather, play a playlist, add a todo and a few other parlor tricks.

I don't really understand why the device needs to store my recording and send it over the internet.

I would be willing to pay more for a device that guarantees that my recordings are deleted immediately.

Echo does this - only wake word phrases are sent to the internet - but it is not guaranteed by the hardware. Also your failed requests - where it recognized the wake word but not the request - are listened to by QA people. Those could easily be private conversations with an accidental wake word.
I'm pretty sure this is how all smart speakers work.
A simple work-around on Echos is to enable the wake word notification pling. Then you immediately notice that the Echo is listening.
You are right but as you say all those things apply to your smartphone and the smartphone of every person you are in range of. Also, smartphones have cameras front and back. An Alexa in my bathroom only has a mic and speakers. The future will also be powered by cameras and microphones in public and you will be tracked. Amazon is actively selling software and hardware to enable dystopia today.

I imagine that if governments start to use Alexa, et. al. to crack down on dissenters, those whole business lines disappear as people dump them all in the trash. I think we have to depend on capitalism and whistleblowers to shout if things change. If someone wants to listen in on the sounds of my bathroom, help yourself. I personally draw the line at cameras. No camera, no Ring doorbell and my phone is usually in my pocket or in a shelf with no visual access.

The other thing that I'd point out is that a lot of people publicly shout their political and other positions voluntarily. This is great for free speech but is an even easier and richer target for government crackdowns.

I blame Star Trek. Simply speaking out loud to ask the computer anytime something was needed, it seemed like magical tech. We just didn't anticipate the companies and extra consequences that would come along with it.

I would love to see a parody of Star Trek where all the tech is run by an advertising company exploiting all the crew members individually by capturing all their private data around the clock.

No relationship. Why does the device have to record and send everything to the cloud to provide this experience?

I suspect the answer is a mix of "we want to invade privacy" and "it makes the devices cheaper to build since you can put really wimpy chips in them."

> Why does the device have to record and send everything to the cloud to provide this experience?

It's everything after the hotword, not everything.

You're getting downvoted, but this is literally baked into the hardware.
Except when it isn't, or another "convenient" bug makes everything a hot word, turning the device into an always-recording Internet stream.
A "bug" in your phone could do the same.
In the short run, it gives the company three direct benefits for making the technology work (besides the "They can advertise at you better" one that people like to drumbeat on).

1) Context is nearly invisible, and is constructed from dozens to hundreds of data points. Holding state on the user (not just from direct interaction with the agent, but from other services the agent can be aware of) makes a lot more context possible. My assistant knows about my calendar, where I've been recently, and my recent emails; it can make much better educated guesses about what I mean if I say "What's travel time to Oakland?"

2) Getting the voice recognition tech itself from 90% accurate to 99.9% accurate requires awareness of the tens of thousands of real-world complicators that never show up in laboratory testing. As Google showed off by bootstrapping their voice recognition tech via Goog-411, they know how to take megabytes / gigabytes of "dirty signal" and use it to refine their algorithms against unforeseen corner cases.

3) Releasing new assistant features can be done atop existing collected data, without requiring months of lag for enough state to build up for the feature to be useful.

All of these are addressable engineering challenges if privacy were a priority. It's just that privacy is not a priority.

(1) is not that hard, just subscribe to feeds or query cloud services from the device. (2) is harder but could be done by treating the devices as a cluster or sending data up only when it can't be easily recognized and storing it only long enough to be useful in training (and storing it anonymously), and as for (3) the device could store data encrypted in the cloud and that would be fine. A new or updated device just downloads and decrypts the index to its data. There are other workable approaches.

I think the best way to change that is legislation. We need HIPAA-type liability laws applying to all privacy-sensitive data: recorded audio, recorded video, location, etc. Leak someone's location or a recording of audio from their house? That'll be $10,000 per person per incident.

That would instantly transform privacy invasion from an asset to a liability and incentivize companies to minimize data collected and when it must be collected to provide the service minimize the length of the time it is stored.

As it stands literally all economic incentives jump up and down and scream "invade the user's privacy s much as possible!" These are:

(1) Data is valuable and advertisers will pay for it or pay for data-driven ad services.

(2) Engineering privacy-invasive systems is easier than engineering privacy-respecting systems. This is a subset of "engineering insecure systems is easier than engineering secure systems" as privacy is a dimension of security.

(3) Privacy sensitive approaches usually require more compute and storage at the edge, increasing device build cost.

"Just subscribe" is already asking more detail engagement from users than they want to contribute. Most users do not care enough about implementation details to want the device to not be working until and unless they tell it to.

I agree that if you want to change the model, law is the way to go. It'll hold back progress, but if that's the price we want to force people to pay, we could.

Let's not forget the other important issue: aligned with privacy-invasive technology is the business incentive towards turning products into services. This is what drives most of the bad engineering in IoT products - perhaps even more than the secondary revenue stream of selling users' data. When you make your device depend on the Internet for its most basic functions, you secure yourself a recurring revenue stream.

I'd like to see regulations addressing this issue directly, in addition to more strict pro-privacy regulation. For instance, I'd love to see it so that data, software and compute become independent - instead of current vertical integration. That is, I want to a) own my data, b) choose where it'll be processed, and c) have the software processing it come to the data - this way the vendor supplying software for c) won't be able to take the data and sell it or hold it for ransom.

Some significant incentives or legal controls would likely be necessary to realize that. Companies have zero incentive (beyond possibly performance if network bandwidth is an issue, and it's not) to (c), since that gives you carte blanche to steal their implementation, reverse-engineer it, and use it outside their control. I don't anticipate they'll facilitate that voluntarily.

It's also a lot easier to debug and improve software running on machines in a cloud one owns than on local heterogeneous architectures out "in the wild." Ask anyone who's done backend web development vs. frontend how fun it is to get "It don't work" bug reports from end-users with no logs and only spotty event metrics to guess what failure mode they got into and how they could get out of it (including failure modes such as "their ad blocker decided to kill half your functionality because your JavaScript's name had 'ad' in the URL").

There's a lot of incentives aligned for thin clients and fat servers.

isn't that what in this sitee is the maligned GDPR does?
All of these items can be used through using test panels, or even dogfooding. There's no need to violate the privacy of millions of people.
That’s not going to produce a good model. Test panels and dogfooding are both small scale and introduce biases based on who uses them. Until the gains stop coming primarily from supervised deep learning we won’t move away from the winner being whomever has the largest, most diverse dataset and compute resources.
I feel like another motivation is to keep the neural net parameters, AKA the most valuable part of the speech recognition algorithm, off-device. It'd have to be huge otherwise, and could be easily duplicated then used as a starting place for a competing product.
"Violate the user's privacy in order to build a product" is lazy engineering.

There are plenty of avenues to collect the data needed at that scale, it's just that none of them are as cheap as simply spying on users.

Lazy engineering gets to market first, and if most users don't find it harmful, the company wins?
Yes, spying on users is a cheap way to get results.

The fact that incentives exist to violate user privacy is not an excuse to violate user privacy.

Giant piles of cash can buy many excuses. ;)
Lazy, half-assed, corner-cutting everything gets to market first. This is a problem. It's also why markets accrue regulations over time.
I agree, and it's likely that's the most correct answer if people want to see the market change.

The second most correct answer is to just opt-out if you feel spied on and get to feel very smug watching people who didn't opt-out get burned by their choices. Honestly, I recommend that solution unless one encounters a situation where opt-out is impossible.

We seem to have no good solution to this. Capitalism/cowboy development: ship crap fast, break stuff, accrue regulations. Socialism/planned economy: have meetings to plan meetings to discuss requirements forever and nothing ever happens.

While both were government funded, the "cowboy" approach of ArpaNet and IP vs the OSI network protocol consortia are a great case study.

I think it looks comfortable in the Star Trek universe because it is implied that voice activated stuff is controlled by a super-AI. That is, the AI won't give humans access to the audio. Which in turn means we are going to have a super-AI that can restrict our rights and itself have access to vast amounts of information about us. I.e. Star Trek is a society essentially controlled by the AI, as it will be above us.
It looks comfortable in the Star Trek universe because everyone trusts Starfleet and the ship's computer.

I mean, if you don't trust the computer to look after your interests with regards to your voice interactions, why are you trusting it when it also controls life support and airlocks? ;)

Another classic SF example of a voice interface: "I'm sorry, Dave..."
But what's an AI, what's 'artificial', when does something become so if it's made by/of 'natural' things? Which reminds me of BSG, they have airlocks too.
I disagree. Given it takes place hundreds of years into our future, I'd assume speech recognition is just a "solved problem" and not something to worry about. Plus, there's also the Federation -> navy comparison. If speech recognition is mandated in Federation vessels, why would the crew worry about who's listening?
I think it looks comfortable in the Star Trek universe because Star Trek portrays a society that is not run by mobsters, warlords, delusional ideologues, and sociopaths.

We are still very much savages. Clinical psychopaths and delusional narcissists run our institutions and major decisions are made on the basis of fanatical superstitious ideologies and mindless herd behavior.

In short I won't put an Internet connected microphone in my house and I'm very wary of privacy leakage in general because I don't trust the people who run our world (including both governments and corporations). I don't think this is irrational. Glancing around it seems like a decent number of world government and corporate leaders belong in prisons and mental institutions, not powerful offices.

> Star Trek portrays a society that is not run by mobsters

But also portrays societies run by and indeed composed entirely of mobsters (see "A Piece of the Action" TOS S2E17).

It does, but the protagonists are part of the utopian society; in that context, technology actually works to benefit people.
> Star Trek portrays a society that is not run by mobsters, warlords, delusional ideologues, and sociopaths.

Interestingly, while this is certainly the background assumption of Star Trek, it is much less valid in episodes where the crew must interact with their own government.

>a society essentially controlled by the AI, as it will be above us.

This is the highest probability of the realistic outcome of AGI as it will advance in capabilities so much and so rapidly that we won't be able to keep up. I personally think it will be benevolent and care for us like we do for our pets which won't necessarily be a bad thing.

If you're interested in reading about AI goal theory further, I suggest Superintelligence, orthogonality and CEV as books/topics you could explore.
These are fantastic recommendations, thanks!
It isn't. In fact, people there are uncomfortable about computers giving them orders (TNG S03E06). It works because in Star Trek, the society works. For instance, a ship's captain could easily access plenty of surveillance records about their whereabouts and activities, but as a matter of course, they don't. Cases where someone abuses technology for ulterior reasons are presented as negative, and protagonists do their best to thwart such misuse.
In TNG they ask the computer for someone's location every other episode, usually without hesitation. Didn't go so well for Barclay, when they walked into his cringy holodeck fantasy program.
They do, but they never abuse this capability.
I'd disagree with this. Frequently they look through peoples records. Whenever someone dies it is the first thing they do. They also on one hand talk about holo decks being a private space but how often do we see them walking in on peoples' sims. You could totally just shut down the sim from the outside if the person inside is not responding and that would more readily respect that person's privacy (but isn't good for entertainment nor shows that Star Fleet is also composed of "humans").
When someone dies or goes missing, not even an hour goes by before someone like Geordi or Riker is sifting through their personal log entries. :)
QUICK! Let's look at their personal logs!

Like come on guys, there's more than personal logs. There should be more barriers before you go there. But to also be fair, it is stuff they know is going to be used in that way and it isn't just a log of everything they've said in their room. So there is a little more consent involved. I don't think you can really give consent to always listening devices.

> In TNG they ask the computer for someone's location every other episode, usually without hesitation.

Which is appropriate. There's nothing wrong about locating a crew member on a _military vessel_.

It works in Star Trek, because as 'api says, their society is sane. United Federation of Planets is an utopia, where people don't try to abuse and profit off each other.

For a proper Star Trek comparison, imagine how comfortable Federation citizens would be with using ambient computing technology created and sold by the Ferengi, who are also known to be performing surveillance for Romulans in exchange for money.

(For non-Trekkies here, Ferengi is a species of extremely greedy and exploitative capitalists; Romulans are what you'd get if you reified the Five Eyes into a species, and put them into state of cold war with the Federation.)

That parody needs to happen on Ferenginar.
I've gotten Alexa and Google's Home for free but I refuse to set them up. Even if you believe these companies aren't going to "spy" on you, the security of these things has been proven dubious at best.
What is the worst thing you think could happen if you did set either of them up?

I'm personally not a very private person and I'm not worried about giving up some privacy for convenience. There are a few bad things I could think of like the government using out of context recordings to frame you or something like that, but the odds of that happening seem so vanishingly small, I can't worry about it.

> Why would people voluntarily do this in exchange for being able to ask for weather, play a playlist, add a todo and a few other parlor tricks

Because it's a lot of fun and the personal risk is basically nonexistant. It's the oldest story in the book: different personal evaluations of risk of activity.

Can’t you just removed the hardware from the device? It’s not like microphones are magical.
What does having a Nest thermostat get you? I'm a tech dude, I build modern software, but I live in a dumb, old fashioned house. My programmable Honeywell thermostat, which has no internet connection, does a perfectly fine job of keeping my home the right temperature. My door locks use a key, and keys have great battery life, and my smoke detectors beep instead of speaking to me. What am I missing by not having internet connected stuff?
you can turn it on remotely, like when you are on the way home from work, and have a warm house when you get there.

to me, that is the killer reason to have it online.

If you have a predictable schedule, there are plenty of offline thermostats that let you set target temperatures for different times of day. If you don't, I can see how being able to control it remotely would be nice. (But an embedded microphone is still creepy and unnecessary.)
Im in the same boat, I find the concepts very fascinating but almost all of it is trying to solve problems that don't even exist for me.

The only thing my friends with IoT devices do are party tricks on voice command with their smart lights. Other than that, I find the so called 'problems' these devices solving are extraordinarily trivial.

My favorite part of my IoT loving friends' party tricks is that they only even seem to work about 40% of the time. Most of the gimmicks might be worth having if they worked 99.9% of the time and I didn't have to sell my soul to get them, but as is they're a half-baked solution to problems that I don't actually have.
It's nice that it knows when I leave and adjusts accordingly automatically. If I need to come home at a non-routine time, I can adjust from my phone so that it's comfortable when I get home. I don't see the need for most smart devices, but the Nest thermostat has actually been really useful for me.
I value privacy, my nest thermostat is the only IoT device in my house that talks to the internet or can be accessed remotely without a VPN. What I find most valuable is it programs itself. Am I cold? Turn it up a bit, hot? Turn it down a bit. Suddenly I have stopped having to adjust it at all. Even as life has changed. It has some nice other features, such as preheating/cooling, telling me how long it will take to get to temp, energy savings by allowing the electrical company to shift my cooling earlier before the afternoon rush.

I bought my Nest before Google bought the company, and I will switch brands instead of buying one of the Google built devices, again over privacy considerations. Hilariously enough, we entered the name of the thermostat as HAL.

Ok, but what on this list actually requires an internet connection? I guess the integration with your power company. But aside from that?

You could put a local AI model into the Nest, and it shouldn't need to talk to the internet at all. It can keep the data locally, and be programmed to draw inferences without help from the mothership.

For some reason we've decided it's ok to gratuitously connect everything to the internet "just cause". Sort of like how data maximization has become a thing because the costs are low, so why not?

Posted elsewhere, but my A/C had a small leak and was slowly loosing efficiency. At peak heat it could not keep up, but I had no way of knowing that at work. My $99 Emerson Sensi messaged me that the cooling was not keeping up and there was a problem. I could turn off the unit remotely to prevent stress on the compressor and fixed the small leak well before I would have known without a internet enabled thermostat.

I did A/C repair in college, fixing it early more than paid for the maybe 50 extra bucks wifi cost. The thermostat itself is on an isolated wifi network,

That doesn't answer the question: why does that require internet access?
How else did you expect it to message him? Or let him turn it off remotely? Sure, could put a SIM in it and do an SMS that way, but then you have to pay for service for your thermostat, rather than just using the WIFI you already have.
Couldn’t it just have a lcd display with a scrolling alert message? Maybe even a red light that turns on to draw attention.
"I could turn off the unit remotely to prevent stress on the compressor"
Good point. In my experience an air conditioner is something that you use when you're home, so turning it off remotely doesn't make any sense, but I suppose other people might AC their house while they're gone all day?
If you live somwhere that might be >100 degrees, you can't just turn the AC off all day
Messaging you requires at best only enough Internet access to send a message. It doesn't require all other functionality to be Internet dependent.

Frankly, the way these IoT devices are designed to be just dumb terminals to some cloud on the other side of the world, it's just bad engineering, in service of anticonsumer business.

Perfect IoT device would include an internal scripting language (ideally standardized and easy to grasp, embedded python/js/lua etc) and API exposing all of gadgets hardware. This way user/owner/external service providers could supply their own script snippets implementing desired functionality. Aka general computing.

Imaging buying "smart light" thats actually smart enough to do what you want it to do.

Just taking a guess...besides integration with the power company, an internet connection can be useful for plenty of things. Weather forecasts and aggregating local user behavior to improve predictions of how to adjust settings more accurately over time. Talk to your mobile device to know when you're getting near home to pop out of an eco mode. A heartbeat to the cloud so it can notify you when the power is out. Lots of possibilities you wouldn't get with a local-only mode.
How much would a localized AI cost to implement, and would you pay it for a thermostat? As a result, you're lowering your one-time capital cost by connecting to the internet instead, perhaps?

I like that I can check on the house from my phone if one travels for multiple weeks at a time. I also like warming up the house before I get home late in the evening. Granted, I've now got a VPN / firewall setup that would do this without an internet connection, but I'd still need some form of wireless connectivity to execute the changes from my mobile device.

> How much would a localized AI cost to implement

Not much, because you're probably doing regression and I doubt this tasks needs neural nets. Well, it is definitely solvable without NNs at the very least.

Don't you need data aggregation to build the model though? I think that's part of the problem, but I could be wrong.
No. You could do this with any model that has feedback built in. I don't think you'd even need something as complicated as Q-learning but any type of reinforcement "learning" method would work. You're basically teaching a PID that has a clock.
>Ok, but what on this list actually requires an internet connection

I have a somewhat irregular work schedule, and on hot days was lifechanging to be able to turn the A/C on before I got home. Similarly, if you're on vacation and go "oh shit I forgot to turn the A/C off" it's nice to be able to do that remotely. The Nest has a motion detector but it's not 100% accurate. Maybe some non internet connected thermostats also detect presence, but it's nice to be able to confirm the state of the A/C remotely. I also like being able to graph the temperature/humidity of my place over time.

That said, my next thermostat will probably be an Ecobee because I'm pissed off about a number of decisions Nest has made lately (e.g. removing access to their API)

> You could put a local AI model into the Nest

Why do you even need AI for this? This kind of task is solvable pretty easily and is really only an ML task in the most broad of senses.

You can control it from anywhere so if you're coming home earlier than normal or know you need to pre-cool the house because you're having a party later you can do it from your phone. Or just being able to control it from anywhere in the house, this can be done with X10 or something but that requires additional hardware to bridge between the X10 network and the internet. Most IoT devices are similar and use wifi and a central server because it's the most convenient option for configuration, with both sides hitting a central API you don't have to worry about ensuring clients discover all the devices on the home network and it's then trivial to allow control from outside the home.
That sounds like a startup opportunity there :)
To be fair, most of that doesn't require the internet— it would be perfectly possible to build a simple learning thermostat that was offline, or perhaps was only periodically online (eg, dumping a compact data log while it's connected to your laptop for its yearly firmware update).

I feel the same way about voice assistants. Recognition can be done locally— playing your playlists or turning the lights on and off should require no internet connection. Updating a todo list or calendar, maybe, but then it should be an API call to that service provider, indistinguishable from an action originating in any other third-party app.

Eons ago Nokia phones were able to learn "voice commands" tied to certain numbers. This was in the dumbphone era.
My limited interaction with those was that they were pretty universally terrible and would not be acceptable today (and were bad enough to be annoying then even).
Sure, they were. But it was a Symbian, with memory measured in KB, not in GB, CPU in low MHz range, not GHz. I only wanted to point it out that even though it was bad, it was possible, and with phones today, it's not only still possible, but maybe even possible and reasonably good. All that offline, of course.
>What I find most valuable is it programs itself. Am I cold? Turn it up a bit, hot? Turn it down a bit. Suddenly I have stopped having to adjust it at all.

Is that a problem most people have? I bought my house a few years ago and haven't touched my thermostat since I originally set it up years ago

Do you live alone? And are you or do live with a girl? Because when I was single, I never touched the thermostat. Now that I am, it has to be constantly adjusted.
(comment deleted)
> What does having a Nest thermostat get you?

Nothing that a programmable thermostat plus a Home Assistant instance won't get you.

I run OpenHAB at home (and have tried HA), but setting all this up is not in the wheelhouse of the majority of people. Doing the in-home setup is difficult enough, but safely exposing it to the internet is not something I'd ever ask a non-technical person to do.

Meanwhile, you just swap your old thermostat with the Nest, tell it how to get to your wifi, install an app on your phone, and you're done.

Yeah that's what a lot of the responses in this thread don't get or dismiss. These things could be run in a much more privacy protecting way but that comes with all sorts of configuration and setup headaches that most people don't want to deal with. And being able to access the devices from anywhere is a feature most people want even if it's only useful occasionally and a central API running all interactions means if it works while you're home it will work anywhere rather than it working while you're home then not working because something something DynDNS/NAT.
I think you're overestimating how difficult it is to setup a smart device with something like Nabu Casa's Home Assistant Cloud.
And youre over estimating the technical literacy of the average person. This is the first time I've heard of nabu casa, I just checked out their website and they're immediately talking about yaml, I've browsed every page I can see and I can't see anything about setting it up. Another labe mentionrd docker and JWT as troubleshooting steps - that's too much for 99.99999% of people to ever use.
I'm under no delusion that the average person can, or is willing, to setup something like Home Assistant.

I was answering a question posted on HN, where the assumption that the average HN user is capable of fiddling with hardware and software is usually valid.

These kinds of devices are just slightly better than the old ones, because it's possible to programmatically control them. They would be an interesting idea, because they offer slightly better convenience than the previous devices, but they are such a huge privacy violation that they aren't worth it. Take out the privacy violating parts and they could be interesting products.
It gets you troubles. Just bought a house that had some installed. Had weird "lost connection" failures, and the "smartness" trying to learn what's the right temperature for you doesn't work. After two months, I still have to wake up in the middle of the night to manually reset the temperature to something reasonable.
I have a cheaper thermostat with wifi, a few months ago it alerted me that the temperature had been more than 5 degrees over setpoint for half an hour and something was probably broken. I was able to remotely shut off the unit and after I came home from work, sure enough the coils had iced over due to a refrigerant leak.

It was only hot enough for this to happen at the peak of the heat when I was at work. I was able to catch the problem early and fix it cheaply all for the cost of a thermostat (Emerson Sensi) about $40 more than a non wifi model.

Is there any advantage in involving you in the loop, though? Couldn't it just shutdown upon detecting the problem and turn on a warning light for you to see when you got home?
It is probably worth mentioning that the Google Nest Thermostats are one of the only Nest devices without a microphone.

Source: https://support.google.com/googlenest/answer/9330256?hl=en

Thank you for this information 'JCBarry. I was legitimately alarmed and confused. I searched for the word “thermostat” in the article, and I didn’t find it, but I could easily be out of date with respect to Google’s Nest and IoT branding.

Thanks again,

A programmable keypad is nice. I have a Z-wave one which can notify my Smarthings hub which notifies me when it's locked or unlocked.

The Nest thermostat allows me to control the heat remotely.

These two things are great for rental properties. Guests often forget to lock the door, I have records of when guests or maintenance people are coming or going, I can adjust the heat to 55 when nobody is there which saves a lot of money and more importantly I can ensure the heat is not turned off (which could cause frozen pipes) which some guests do for some reason.

Outside of a rental, these things aren't as useful. But I'd still get a programmable keypad (I've been running the Yale touchscreen ones in the mountains for years). It's very handy for friends or maintenance and with a Smartthings hub you can unlock the door remotely and give no code. Or give a code and change it later. I got the one with a key backup just in case but I haven't had the touchscreen fail yet.

I do run the Nest cameras outside and they've been nice to check snow levels, bust the spa maintenance guy for not even showing up, expose a neighbor for stealing firewood and rocks, expose guests who brought an actual bus full of people, expose another guest for filming a movie, and plenty of other things that have been helpful documentation.

It's kind of crazy how far the Nest cams pick up audio and how clear it is. So be cautious of these things because they are constantly recording and it makes it easy to scrub for footage (detects and quick links to voices, dogs barking, people, etc). I only listen to the audio when it's applicable (guests are doing something they shouldn't) but I'd imagine that some homeowners are watching and listening for fun.

I'm assuming that by rental property you mean AirBNB or some other short term rentals.

I would never be okay with my landlord controlling or monitoring my thermostat.

> The Nest thermostat allows me to control the heat remotely.

On a flat you're renting out? That's insanely unethical.

The comment specifically says: "I can adjust the heat to 55 when nobody is there which saves a lot of money and more importantly I can ensure the heat is not turned off (which could cause frozen pipes) which some guests do for some reason."
I have kids. They forget to turn off lights, mess with my thermostat, leave doors unlocked. The peace of mind of being able to remotely check/access/control all of this is great.
Or you could spend time with your kids, educating them to actually function as adults.

But I suppose conditioning them for life in a surveillance society does that job.

How did you infer how they were raising their kids or how much time they spend with their kids from that comment? To me, it sounds more like you just want to attack them.

I'm an adult, I know I forget to turn things off sometimes and it is really nice to be able to remotely check on things like if a light is on or off or something similarly as trivial.

You obviously have very little experience with children if you think spending enough time with them will cause them to not to forget to turn out the lights.
It sounds like you have short-term rental properties, aka unregulated hotels, or more accurately regulation-skirting residential businesses. In normal rentals, guests are called tenants, and in most places tenants have all the same privacy rights as property owners. Therefore, a landlord having access to or retaining any information about door usage or audio-video of the property would likely be illegal. Perhaps a camera pointed at the driveway and public street for security purposes, but even then only with full disclosure to the tenant. Frankly, I wouldn't rent anywhere the owner had installed his/her own cameras--if necessary for security, I'd install my own.

Of course, the same privacy rights also likely apply to short-term guests as well, but while everyone is skirting regulations, what's a bit of surveillance in addition. I mean you've basically admitted (why people can't just shut up when they break the law) that you record your guests in outside areas where they can expect privacy (sounds like the hot tub). That people make movies in places they expect privacy (shocking), and of course you don't look at any of those skinny-dipping videos wink wink. Funny how unregulated businesses attracting unregulated activities still like to have some way to regulate their guests--and do so likely illegally.

Yeah, I know, some airbnb guests can be jerks, abuse the crap out of your investment, I mean second-home you couldn't afford without hotel-income. But you don't deal with the bad apples by violating the rights of everyone else, at least unless you want to invite scrutiny and regulation into your activities.

>That people make movies in places they expect privacy

If they're doing unpermitted guerilla filmmaking on someone else's property, they're just as guilty of violating someone's privacy and doing unregulated business activity.

FWIW, when I lived in a house where the landlord installed security cameras there wasn't much we could do about it. The law was on their side for outside cameras and cameras in common areas (like a laundry room)

(comment deleted)
> It sounds like you have short-term rental properties, aka unregulated hotels, or more accurately regulation-skirting residential businesses.

There are regions where is is a regulated, perfectly-acceptable activity, and has been for longer than the founders of AirBnB have been alive.

It's sounds like you have little experience living anywhere except highly regulated, highly populated enclaves. Many places don't have regulations against things like Airbnb.
> It sounds like you have short-term rental properties, aka unregulated hotels, or more accurately regulation-skirting residential businesses.

This is not correct. I pay transient occupancy tax just like the hotels (11% at one, 7% for another) and also have local authorities come out periodically for certifications to make sure everything is up to their standards (fire alarms, extinguishers, lighting, safety rails, notices posted outside, etc).

If I was in a city that didn't have regulations for short term rentals, then it wouldn't be a regulation-skirting business anyway. It's only skirting if the area has TOT and regulations in place and you don't abide. How did you get to this conclusion based on my post?

> I mean you've basically admitted... that you record your guests in outside areas where they can expect privacy

No I didn't. And my listings clearly state that I have cameras outside.

> That people make movies in places they expect privacy (shocking)

Why is this shocking? They were making a low budget horror film. You need a license to film a movie on someone else's property and the city has regulations and procedures for filming. Not to mention they started a large fire in the desert and I could see the fire department come out and have a conversation with them. The guest also lied to me saying they were having a little couples getaway and we even gave them a discount because we were told it would just be 2 of them.

> and of course you don't look at any of those skinny-dipping videos wink wink. Funny how unregulated businesses attracting unregulated activities still like to have some way to regulate their guests--and do so likely illegally.

I have a pool at one property but there are no video cameras overlooking the pool. Or even the back yard for that matter.

You've made a lot of assumptions.

If you don't like short term rentals because some people don't comply then that's fine but hotels have bad actors too. Plenty of hotel owners not paying their share of TOT taxes, peep holes in bathrooms, stealing property when cleaning. Ever see those service spaces between 2 rooms? Bad actors would use those for peep holes and watch guests in person.

> I mean second-home you couldn't afford without hotel-income

Actually I can afford both without hotel-income. Even if I couldn't - the cities approve of it and get income and jobs.

> But you don't deal with the bad apples by violating the rights of everyone else, at least unless you want to invite scrutiny and regulation into your activities.

I comply with regulations and also create a lot of income for people in cleaning, maintenance, upgrades. We pay a living wage to all service providers.

Nor do I violate the rights of anyone.

Honestly all this monitoring and "busting" and "exposing" people for minor infractions sounds exhausting. Personally I have other things to spend my time on than surveilling people. Frankly it's kind of bleak to imagine you sitting around keeping an eye on your surveillance cameras and graphs to make sure no one is stepping out of line.
OP sounds like a voyeur
The homes serve a lot of guests and 95% of them are respectful. How does reviewing footage when they make false claims or I get a report from a neighbor make me a voyeur?
Sounds more like he just checks archived video when thing go awry. Like missing firewood, a trashed house, etc.
It's only when I get reports from neighbors, my turnover crew or they make a false claim on AirBnB. The tech in the Nest cams make it so you don't have to wade through footage. It short links to events and has great detection as I mentioned.

None of what I wrote was minor either. If a vendor is charging me and not showing up, that's fraud. Bus full of people - over my approved capacity and I can get fined. Filming - I can get fined. Fire in the desert - big liability. Stealing firewood - theft and now my guests won't have any.

Not sure why you are fabricating a story that isn't there.

Don't forget they also have a smoke/CO2 monitor. I use that because it would be really handy to know about those being issues prior to coming home.

Of course, the next question is always "How do I confirm this?" but if it means I can catch those problems sooner, regardless of whether I'm home, I'd rather do that.

And yet, this article has me re-thinking it. Maybe removing the Nest alarm and getting Simplisafe's detector is the better move (but I need to look into theirs first).

They look cool and the knob has a nice feel to it.
Does it HAVE to record conversations? It could do all you want but be less Zuckerbergian.
Why does a thermostat integrate with cameras and microphones anyway? Do they have any internal one?

Anyway, I do really want a smart home lock. Just changing the shape of the keys so that they would stop puncturing my pockets when I walk would be enough of a gain. I also want a programmable bedroom light that can slowly dim on at morning.

I don't have those because the costs are much higher than the benefits. I'm sure a smart lock will lock me out of home at some point, with no way in. A smart light will also fail at the worst possible way, and I don't want to deal with it.

> I also want a programmable bedroom light that can slowly dim on at morning.

FWIW, a lot of cheap CFL bulbs do this on their own. It's one of the reasons I hate CFLs for most uses, but I've come to appreciate that the light in my kids' room starts at about half (perceived) brightness and takes a minute or two to warm up.

I think the key part is that the bulbs come on automatically, not necessarily the ramping up of brightness.

I don't really care about brightness ramping, I just have my bedroom Hue bulbs come on at max brightness at 6500K at 5:00 every morning, switch to 2700K at noon, and 2000K (and dimmer) at 20:00.

> also want a programmable bedroom light that can slowly dim on at morning

Oh you absolutely do, this has been by far the best (arguably only) benefit I've seen from home automation. Sunrise is now whenever is convenient. The lights slowly come on over 30 minutes and it feels like I'll wake up at some convenient time for my body during that period, rather than having my sleep interrupted by an infuriating alarm.

> A smart light will also fail at the worst possible way, and I don't want to deal with it.

I haven't had any problems with mine (v1 hues), they default to working like normal bulbs so the worst case scenario is you toggle the switch off and on and you get an illuminated lightbulb every time. Also (true of any LED light) they will continue to work even after you've shattered the glass by accident.

> changing the shape of the keys so that they would stop puncturing my pockets when I walk

Have you considered alternate solutions such as less-tight pants? ;P

Shameless plug: we - at Crownstone - have an open source plug or built-in switch with with wake-up functionality. I don't know if it's too smart, but if it is, I'm fine with you flashing adjusted firmware to make it dumber. :-)
I have an Ecobee rather than a Nest, but I had the Nest before I moved and the one thing I note is that it having access to temperatures and weather outside the house means it can choose just to run fans to circulate the air from outside to regulate the temperature inside instead of running the heating or AC. If it knows the outside temperature is the temperature you want inside, it can just shut everything off. A dumb thermostat only knows what the inside temperature is... or more specifically, when the little coil bends to connect the electrodes, it trips the heating on until the coil bends the other way and disconnects them. If the external temperature was sufficient, your thermostat could've chosen to circulate external air into the house instead of running the heating.

Also, it knows when you're not home, so it can then just shut down everything until temperatures would cause other problems such as frozen pipes.

Additionally, you just dial it to where you're comfortable and if you get too hot or cold, adjust it again. It learns what temperature you like it at at certain times of day, it takes a week or two to really get to know you, but once it does, it just keeps the temperature comfortable and you rarely have to touch it or even look at it after that without you needing to go through a complex programming process like you do with most other thermostats.

That's pretty much what a smart thermostat gets you.

Whether or not you consider that useful or a good use case for your needs is really down to your own evaluation.

I like that my thermostat is smart enough to be able to regulate the temperature in my house without needing to kick on the AC or heating, which reduces my power consumption somewhat and is somewhat better for the environment, but is also better for my wallet.

The system in my house just has an exterior temperature sensor. You don't need an Internet connection to know the temperature outside your house, and the "outside temperature" it's getting from the Internet may be quite different than the temperature of the air outside your house anyway.

Knowing when you're home can also be done quite well without any Internet access - just see if your mobile device recently associated to the wifi.

These things can trivially be built without the privacy concerns. The business model might be a bit harder if you can't collect the data, though...

Of course, I'm not discounting these things, nor am I suggesting it can't be done other ways. I'm just saying that this is what you get with a smart thermostat that you don't get with most non-smart thermostats.

The thing I really liked about the Nest is that I just turned the dial to where I felt comfortable and it just took care of everything else for me without me needing to do anything. As long as you're brave enough to put screws in a wall and hook up a handful of wires to connectors, it took about 15 minutes of me getting it out of the box to it being installed and configured. I can't say the same about any other programmable thermostat I ever had. Seriously it wasn't an awful lot more complicated than the mercury switch thermostats I've installed.

The handful of Honeywell programmable thermostats I've installed had a disastrously bad user experience. In fact, I installed the Ecobee in my current house because I got so pissed off going through the programming cycle of the Honeywell I gave up before I got to Wednesday :'D

I live in an area where I can go from heat to cool needs in a single day, and I have pets with sensitive temperature needs. So I have a thermostat I can control via the Internet.

However, it is not a Nest, and only I can control it. It's not connected to any account or cloud service. It doesn't have direct IP connectivity at all, so it can't be turned into a part of a botnet. And it works just fine without the Internet.

People managing AirBnB checkouts in cold, remote areas appreciate being able to check and adjust the thermostat remotely.
I loved my Nest thermostat when I first bought it. I could change the set point with my phone without getting out of bed, or set the house to the right temperature before I got home. It would automatically go into energy-saving mode if nobody was home. I could track my long-term energy usage with an app on my phone.

That was all very nice, but then Nest blew it. They kept forcing firmware updates to the thermostat that I had no control over. Some of them bricked the device for a period of time; some merely changed the UI so that options on the thermostat moved around or literally disappeared. I finally got fed up and reset the thing and refused to give it my wifi password. Then Google bought Nest which made me doubly sure I'll never connect the thing again.

Now it just works as an ordinary dumb thermostat. A rather expensive dumb thermostat, but it does the job. The extra features that came from connectivity are not worth the company's disrespect for my right to control the devices in my home.

I got a dumb but wifi Sensi thermostat, glad i did
I replaced my Nest with a Sensi once Google took over. In doing so, I extensively researched the available options searching for an acceptable one that could be used without a cloud server somewhere, but those just don’t exist in any decent-looking package. Choosing the Sensi was a compromise on settling for a company not likely to go out of business or discontinue the device within the near future and whose core business doesn’t conflict with keeping any data private.
From the Sensi website: "As existing features are enhanced and new features are released, your thermostat software is kept up-to-date automatically."

No thanks. Been there, done that. With a simple device like a thermostat, I don't want the thing changing all the time. Security updates are fine but every update needs to be under my control and the device should be designed with a mechanical switch that restores the previous version of the firmware.

And really even security updates should be unnecessary if the code is written in a type-safe language with good security practices.

I don’t want my complex devices changing all the time either. Just updated my desktop to last year's macOS and it caused a cascade of changes from dependencies I wasn’t ready for. Same with the latest version of Xcode, and the auto-updated text editor that went to subscription for the features I had paid for already.

I got Sensis too. Best compromise I could find, avoided connecting to the internet until I couldn’t find another way to program them. Suppose I could disconnect them now.

> What am I missing by not having internet connected stuff?

I'd say that's a question that can be asked of anything that's Internet-connected. Phones, watches, TVs, cars, etc. They probably all create a level of convenience, typically at some cost Like all costs it's up to each person to make a decision whether that cost is too great - usually these questions are really veiled value judgments on others' cost/benefit analyses.

Nothing, in my opinion, but I do have a sort of funny story about IoT thermostats.

My SO's dad is a gadgets guy, and he travels constantly for work. He is also incredibly vigilant about bills. They're the kind of family that can't touch the thermostat until a certain time of year, weighs insurance costs into every decision they make, etc.

Anyways, when he was traveling—even in cold months—he would see the thermostat going up on his phone and panic, turning it down. His kids, who were freezing in the house, would turn it up again because winter, and several hours later the cycle would repeat. They were basically locked in a constant battle to warm their house against their miserly dad and the cloud.

Classic story I heard was of a landlord who locked the thermostat in a plastic air-flow case. The college roommates who lived at the residence learned to strap an ice pack to it. Hilarity ensued when the landlord would come by to check on the heating system.
This was also the subject of a Judge John Hodgman episode: https://www.maximumfun.org/judge-john-hodgman/judge-john-hod...

(He’s the “PC guy” from the Apple commercials, among many other performances, and he has a podcast where he acts as a more cerebral and empathetic Judge Wapner, hearing “cases” and making rulings. The show has quite the internal lore, complete with local court rules, standing, and binding precedent.)

IMO? Nothing.

I do have some WeMo switches on some lamps in our living room. I got them instead of fiddly-dip-switch timers before a vacation several years ago, and it turns out I like having them come on an X time automatically, and turn off at 10, when we typically go to bed. We never interact with them; it's great.

But the thermostat is dumb (but programmable). The locks are all regular locks. We have no smart speaker (dear god WHY?). The TV is dumb.

Why? Because I've spent 30 years in software, and my watchword is "don't put firmware in shit that doesn't fucking need firmware."

Are we acknowledging a difference between the Nest device he warns about (which is sold as a surveillance device) and, say, an Amazon Echo? (Which the headline mentions as equally problematic, but the body of the article doesn't mention at all.) My understanding of the Echo is that it only records after hearing a trigger word.
> beyond what smartphones are already capable of

What do you mean by this? What exactly is it that you believe smart speakers capable of that smartphones are not? (Modern smartphones are just as capable of listening for and responding to hotwords as smart speakers are, fyi.)

People are afraid of dying in a terrorist attack but aren't afraid of driving their car around town. Even though the odds of them dying in a car accident are much greater than dying in a terrorist attack.

I think the same thinking allows people to overlook their phones while focusing on their smart speakers.

Skynet apparently is somewhere under Google's cellar.
'Don't be evil' as a company motto really seemed to make Google different in the early days - not just in terms of being hip and cool in contrast to their contemporary competitors, but in terms of recognizing that technology has a moral dimension and that the firm's long-term wellbeing lay not just in maximizing its technological power but distributing the benefits thereof as widely as possible, rather than conserving it for private advantage.

I find their news product a useful barometer of the extent to which they've abandoned that. Last Monday I sat down at my workstation and the top item - amid war, political instability, and everything else going on in the world - were articles about the Google Pixel 4. I know this wasn't a reflection of my browsing habits - I'm just not interested in phone technology at the product level, and and any online shopping/product research that I do these days happens on a separate account on a separate device, because I don't want to mix up my consumer preferences with my intellectual interests.

You would think that with all Google's brainpower the presentation and distribution of news would by now have seen massive advances, but instead it has simply magnified the worst aspect of print and Tv news. I'm beset with sports, entertainment, 'health' (mostly quackery), and 'technology (mostly consumer products) news every day, even though I used to be able to opt out of those things. If I make the mistake of looking at a sports article on my workstation or phone, I am swamped with sports articles for the next day or two, presumably because the sports market is so lucrative and Google's algorithms get tremendously excited at the possibility that I am adopting the consumer the consumer profile of a sports fan.

Likewise I am constantly being advanced second- and third-hand sources of news based on SEO and existing reach; every other story I read is a half-assed rewrite of original research done by a news outlet with a smaller brand footprint. If I'm lucky I can see that in the first paragraph or two and can click through to the original, if not it's because a big news outlet is just stealing or redoing stories without credit or attribution and I may find out about it later when I read Twitter.

I could rant on and on and on about Google's news product and about their other products and practices, but all my critiques of the firm boil down to this: google has become a company that takes bids (including from itself) on the order in which it provides leaves to consumers, while denying them sight of the trees they are plucked from.

You said it yourself: smartphones are already capable of it. So what difference does it make if you add an Alexa or Google Home? At least those aren't going everywhere with you. This is the defeatist attitude, but this tech is probably here to stay. We just need to do our best to make sure companies do the right thing.
(comment deleted)
I have a few echos and a google home, and I love the feeling of living in the future by controlling things with my voice.

It may be naive, but I think the device vendors have way more to lose if it turns out they are actually recording all the time, not just listening for the wake word.

It will be the wrong road if we end up at 1984, but I’m hoping for the Culture, or at least the Jetsons...

I know I'm gonna be in the minority with this, but what if you really just don't care despite knowing the danger?

I have a Google Home in my bedroom, and it's extremely convenient for controlling my lights. I'm aware of the privacy concerns with such a device, but out of all the things in the world that worries me it's just not far up my list to disregard the convenience. I imagine a lot of consumers might feel this way. Now this would be a different story if something was forced upon me (like the government mandated some device, and I don't have an active choice in having it) but I'm making an active choice to buy this device and use it knowing that it could very well be recording the conversations, sex, whatever else goes on in my bedroom.

I feel like this is the only sane response. To say there is no danger is naive. To say this is existential danger is...well...have you read the news lately?

Every day we are making choices about what risks we're willing to accept. In the scheme of things, this is novel but minor.

It's no different than an iPhone
> It just sounds like we are heading down the wrong road.

Humans are a lazy bunch and this feeds into these genetically coded tendencies in the worst way.

I feel like there is a growing backlash against these technologies that are getting way too invasive. Myself and a few of my friends have gone back to being as "analog" as possible. Dumb thermostats, dumb tv's, regular old key locks (you can still get some pretty secure, non-electronic locks), dumb fridges, etc, etc. The point is to disconnect as much as possible from the internet, Google, FB and Amazon. Three of my best friends now just carry Windows phones. Internet connected, very few apps, and phone service.

We are of course, a very small minority whose seen the dark side of these technologies. I don't think enough people know or understand the consequences of having these devices in their homes.

This might be because I’m running on a half hour of sleep but I legit thought you said you were a Google Fan as if Google makes smart ceiling fans and you were somehow talking to me.
> I guess I value my privacy more than others and don't like the idea of entities compiling a record of my data that they can sell and market.

I think a lot of people don't understand how much their data is worth. It is something I frequently hear, that "my data is useless, so why hide it?" or "what are they going to do, see that I like cat photos? HA!". I think these kinds of comments are slowly diminishing as the average person is seeing 1) these tech companies are worth $1+ trillion 2) people get scared and think Facebook is always listening because they every so often hit the mark too well. But I don't think most even know the extend of the data that these companies have (e.g. they think that Google only has their email data and knows nothing about financial), let alone how that data can be used.

> But people willingly bringing always on listening devices in to their homes (beyond what smartphones are already capable of) I just can't comprehend it.

I don't get this position: my (Android) phone can already record my voice, so how does having a Google Home materially increase the privacy risk?

The GH does have access to mains power and a wifi connection, so that makes it easier to record all the time and upload a lot of data vs. a phone, but it seems like a bit of a stretch to me to think that Google would be doing something nefarious with GH and then absolutely nothing on Android. I've also noticed that when I call out to my GH, my phone will usually respond too, so it's not like my phone can't understand me, even when it's in my pocket, so the capability is definitely there.

So if you do trust Google enough to have an Android phone, then you should probably trust them just as much to have a GH. Beyond that, then it just comes down to bugs: what if GH is too sensitive and thinks you've uttered the wake word often when you haven't? Ok, then some conversations may get recorded that you didn't intend. That's certainly a concern, but "I just can't comprehend it" would seem a bit hyperbolic in that case.

> ... includes transcripts or even audio of all your household conversations/activities over the past three years

This seems to indicate to me that you believe that GH etc. are always recording and uploading every sound it hears, all day long, without regard for the wake word. If you believe this, I guess that is your prerogative, but I guess we're probably not going to have a productive discussion here.

(comment deleted)
«I don't get this position: my (Android) phone can already record my voice, so how does having a Google Home materially increase the privacy risk?»

Indeed. Maybe people don't realize that a smartphone is a much bigger privacy risk. A phone can literally record audio and video, track your position, monitor all your online activity, and upload all that without you even noticing it, even when the screen is off and locked. (This can happen when the phone is hacked or if the OS or device vendors are evil.)

I think people perceive devices like the Echo Dot or Nest Mini as more dangerouse simply because they aren't used to them. But smartphones have existed for more than a decade, so people have long accepted these.

The privacy risk is not the same and the convenience to mitigate is not there

I can leave my phone at home when I go out. In another room. Shut it off. I do all of these things quite regularly.

Do I go around and disable numerous smarthome gadgets for privacy or stick with my oh so terrible life without them? Bonus! I can avoid awkward conversations with my guests.

People buy products because we feel they help us be better. There’s little real utility towards bettering myself with a colorful, and extra power sucking, thermostat at home all the time.

Given how outdated most Android phones are, they are substantially more of a security risk than a Nest (of some sort), Alexa, or Apple smart speaker. With Google your facing someone substantially fucking up, a search warrant, or compromised account. A random compromised Android phone, just about anything or anyone and the only giveaway is going to be the battery draining faster than expected.
How are you sure you can turn it off? Are you removing the batteries?

I don't understand how the risk is anything but greater with a phone.

Have you ever seen a verified case of a smartphone operating while off? I have only seen rumors. If you are going to be that paranoid then how do you know removing batteries turns it off? Maybe there is a Secret battery for spying on people.
If you've carried an Android at all, you've already had a listening device in your home for years. This device also has a ton more sensors and data it collects off you than a smart speaker could.
The thing is, the majority viewpoint always wins, whether they are right or wrong. If we had a well-educated and well-informed populace, people might make better decisions. Unfortunately, this is not the case and the situation is worsened with marketing and advertising from companies choosing revenue over morals.
> I guess I value my privacy more than others and don't like the idea of entities compiling a record of my data that they can sell and market.

Because big tech/advertising companies don't sell your individual data. They sell to other entities the ability to show people like you specific content. I wouldn't use products monetized in the first way, but I'm happy with the latter approach.

As you noted, smartphones are already capable of this. Smart speakers are relatively moot from a privacy perspective, unless you keep your phone in a soundproof case.
> But people willingly bringing always on listening devices in to their homes

Because flying cars. The home assistant is the glimpse of future people looked forward to since first Scifi movies. Its convenient and out of way. And people don't understand nor care about privacy.

That said I am still ranting to my brother that he is using Alexa whenever I visit his home.

They should be required to display a "premises under 24 hour surveillance and recording" at their front door when they have any of these sorts of devices.
So Google has made it official that they're a manufacturer of spyware. All that stuff should be illegal right off the bat since it merrily spies on people who never gave their consent.
Not being funny but i have a nest and i don't remember anything i the set up about any microphone at all, also i don't remember anything about agreeing to share personal data.

I assumed it would be uploading usage and stats as nobody respects privacy but that is very different to actual recordings or images ffs.

i live in the EU so this seems a pretty clear breach of GDPR no? i would have needed individual opt in consent for each of these (i would have thought)

Is it unfeasible to pursue expansion of dual/two-party consent laws to cover this in some way?
Make your own IoT Devices people!
I know it puts me in the minority, but I honestly do not care that much. It's obfuscation by volume.

If Google wants to hear me and my roommate argue about Red Dead Redemption online or the new Bill Burr comedy special, good luck with that.

When I worked in IT, people always used to say oh you can read my emails? Nobody wants to read about your boring-ass life.

My understanding is they are using our speech to create better speech-recognition and it shows. I have much better luck with OK Google than Siri. I willingly give up my privacy for a superior product because most of my conversations are inane.

And if I ever intend to murder anyone, I will turn off Alexa.

This is simply a "I have nothing to hide" argument, and the rebuttals to this have been done frequently and better than I can manage.
>It's obfuscation by volume.

I find it hilarious that you mention this and completely disregard what google is famous for: search. Volume means nothing and relying on volume to hide in a crowd is basically impossible in today's world. Even the absence of data sends a signal, so when you turn off Alexa, that's when your surveillance will increase.

>If Google wants to hear me and my roommate argue about Red Dead Redemption online or the new Bill Burr comedy special, good luck with that.

Google doesn't care about that. But you can bet that the contractors they hire are deeply interested in the 3am conversation you had with/about your significant other.

> It's obfuscation by volume.

Not even sort of. They know EXACTLY who you are, and have the ability to determine EXACTLY what you say, or when you are home, or who is home with you, or meta data about your habits like sleep or TV, or in a very realistic possibility monitor for words beyond “Alexa”... like let’s say “Sanders” or “Trump” and upload number of times those trigger words were said every 24 hours.

There is no part of this that is obfuscation by volume. Specifically you get specifically tagged.

How could it not be within reason that a door to door political volunteer is sent to your specific door with their tablet saying “Don’t mention guns, Do mention tax reform”?

There are arguments I can make for personal assistants esp for elderly or disabled. But obfuscation by volume definitely isn’t the case here.

> Nobody wants to read about your boring-ass life.

On the contrary, aggregated personal data sells for a lot of money. Entire companies exist only to collect it.

And if I ever intend to murder anyone, I will turn off Alexa.

Police cases of the future:

"He's a prime suspect because he turned off Alexa shortly before the so-called accidental death in question happened."