Ask HN: Private Alternatives to Alexa?
95% of the value we get from Alexa is automatic turning on/off of lights and simple functions like cooking timers.
We've had Amazon Alexa for five years, since the gen 1 device, and now find it to be an increasing invasion to the sanctity of the home.
We find it particularly annoying that nowadays, when you ask Alexa to do something, several times per week it will suggest some annoying upsell crap you don't care about. It used to suggest things once per quarter tops, that was fine.
HN, what private alternatives to Alexa may exist?
For example, does anyone make a system that's relatively polished and operates entirely in the home, with no audio sent to the cloud? I'd be happy to run a hub/box for the system.
165 comments
[ 6.1 ms ] story [ 241 ms ] threadAlthough audio is sent to the cloud, you can choose whether it is stored or not, and whatever you pick, Apple's privacy policy is very strict.
HomePods are mostly advertised as music playback devices, but I mostly use mine as a HomeKit control device.
Homebridge allows you to control non-HomeKit devices via Siri: https://homebridge.io
[0] https://www.cnet.com/home/smart-home/homepod-echo-google-hom...
I have Alexa through Sonos for years. It has never tried to sell me anything? What’s the context of these upsells?
Apple has broken trust multiple times, including the FBI back door, and the CSAM fiasco. They are a public company beholden to shareholders, not your trusted friend from college. Even China has strong leverage over them due to their manufacturing and market there. They are fundamentally no different from Amazon.
The poster is asking for a private solution this is emphatically not it.
That's why you use VLANs on your home network and open source operating systems on your phone and computers. It reduces attack surface area. It's on your property and you can analyze where data is being sent.
With cloud services, you have no idea what's going on with the data once it is on someone else's servers.
I respectfully disagree.
If Apple says "we don't do X", and then is shown to do X, that would be a massive PR disaster.
Whereas Amazon makes no privacy promises at all. In fact, they promise the opposite.
We have evidence and even admittance of abuse / improper handling in the past, but I'm unable to find any evidence that things have changed.
https://en.wikipedia.org/wiki/Argument_from_ignorance
https://www.cnbc.com/amp/2019/08/28/apple-apologizes-for-lis...
I was just asking a question, I wasn’t attempting some sort of gotcha. I really don’t care that much.
This. Is there any reason I should think this is not accurate?
The feature itself was perfectly fine, very few people even bothered to read up on it and focused on "OMG APPLE IS SCANNING MY PHOTOS!" without any nuance.
Since creating a hash from a file is a one way process that you cannot reproduce the original file from the hash output, I would not call this a scan. All you can do is match to known child porn files.
But yes, go ahead, make more pedantic excuses on why we should protect people that hold child porn.
There are types of hashes that aren’t for finding exact matches. My thesis in school way back when was building something for image near-duplicate detection using a sort of hash made out of the image features detected. The output of a neural net run on an image is also a sort of hash in a (maybe) semantically meaningful vector space. And then you can look for similar or nearby vectors. This isn’t just useful for finding one type of image.
So, in case you didn’t realize, and you’re actually arguing in good faith, no one is arguing against this because they want to defend sex offenders, so you can leave that out in the future, unless you want to seem disingenuous. It’s because it makes it easy to create a population-wide dragnet for other things. It’s not hard to apply something similar to find photos taken at a protest, for example. Or pictures of a specific person you happened to meet.
Anyway, have a good one.
What's the point you're trying to get at here. I think it's well understood that there can be false positives -- but can you tell me at what rate of false positives it makes this type of child abuse detection unjustified? Also can you tell me what rate Apples system would cause a false positive. If for every one billion people(hypothetically of course) that are caught with child abuse images, one innocent person is asked to unlock their phone to prove that it's a false positive to a court, I think that's a fine trade off to make. I understand it's unpleasant for that one person, but I don't think you're correctly weighing the suffering to children this could help stop.
> It’s because it makes it easy to create a population-wide dragnet for other things. It’s not hard to apply something similar to find photos taken at a protest, for example.
This is in my opinion where thinking of people on your side is wrong and fundamentally dealing with these hard and nuanced issues on the wrong conceptual level. If the government wants to create a population-wide dragnet there are a lot of other ways to also do that. If for example an iPhone was a literal perfect privacy machine it would simply be forbidden from being sold in totalitarian countries that wanted that type of dragnet.
The thing that you're fundamentally missing the point on, in my opinion, is that the thing that protects me is not the technology, it's that I live in a democratic country that has laws to stop such thing as being prosecuted for just attending a protest. The police can listen to my phone calls and read my mail _right now_ but what keeps that kind of thing from being used against me in an unfair way are the courts. Fundamentally I don't think any technological solution can save any of us if we live under a totalitarian government.
> If for every one billion people(hypothetically of course) that are caught with child abuse images, one innocent person is asked to unlock their phone to prove that it's a false positive to a court, I think that's a fine trade off to make.
How do you know the false positive rate yet? Not only has Apple not implemented it yet, but people have shown that
a. NeuralHash can correlate two completely unrelated, undoctored images
b. Hash collisions are be manually designed with minimal effort and changes to the source image
You're pulling this hypothetical figure out of thin air, it may as well be one in a hundred or one in a trillion.
> I don't think you're correctly weighing the suffering to children this could help stop.
That's not the problem here. If people want to continue to store photos of child exploitation on their iPhone, they can do it with the flip of a switch. Once you disable iCloud, Apple stops client-side scanning altogether. That arguement is a whole lot of bark with no bite, and unless Apple did the unthinkable (eg. store hashes for every photo you ever took regardless of it's status on iCloud), it's never going to hold water.
> If the government wants to create a population-wide dragnet there are a lot of other ways to also do that.
Oh, like they already[0] do[1]? iMessage has been wiretapped since 2013, it's an open secret at this point that Apple is deep in bed with domestic intelligence agencies. Denying this is just refusing to acknowledge a truth that has reared it's ugly head again and again and again.
> If for example an iPhone was a literal perfect privacy machine it would simply be forbidden from being sold in totalitarian countries that wanted that type of dragnet.
Countries like China, who demanded that Apple give them complete control over their domestic data[2], a request that Apple happily complied with? If they give foreign markets complete control over iPhone data in their respective countries, imagine for a moment how trustworthy their behavior is in the United States, the same country that decides if they're a monopoly or not and sets their tax rates.
> the thing that protects me is not the technology, it's that I live in a democratic country that has laws to stop such thing as being prosecuted for just attending a protest
If you think that's what they care about then you're missing the point entirely too. People aren't paranoid that they're going to be thrown in jail for legal action, that's frankly silly. What the United States wants is two things: your trust and your data. They could care less if you're cooking drugs on your property, selling weapons illegally or, in many cases, exploiting children. If they actually cared about those things, they'd divert some of the national budget to addressing those issues. Instead, they take that money and invest it in surveillance. Billions of dollars get poured into black budgets every year, with margins that constantly expand. The NSA regularly backdoors encryption standards, the FBI regularly designs exploits and incorporates them into US infrastructure. If any of our surveillance programs want to backdoor an iPhone or introduce vulnerabilities into iPhones, Apple has no recourse.
> The police can listen to my phone calls and read my mail _right now_ but what keeps that kind of thing from being used against me in an unfair way are the courts.
What keeps them from doing that is that it's a pointless, fruitless endeavor to try and criminalize their entire nation. It wouldn't be hard to arrest the majority of US Citizens, it would just be expensive and time-consuming. A much more appealing effort is to keep tabs on everything you do, everywhere you go and everyone y...
I agree, but it’s just as had waving when I say maybe it’s low chance that there are false positives, as it is when you’re freaking out at it being a hypothetically high number of false positives.
> That's not the problem here. If people want to continue to store photos of child exploitation on their iPhone, they can do it with the flip of a switch. Once you disable iCloud, Apple stops client-side scanning altogether.
If it’s so much under the users control why do you care or feel like this is an invasion of privacy then? I’ll say I feel like it’s still useful because criminals make dumb mistakes that incriminate themselves all the time — and this is a fine balance between being overly invasive and catching some people that store abuse images.
> Oh, like they already[0] do[1]? iMessage has been wiretapped since 2013, it's an open secret at this point that Apple is deep in bed with domestic intelligence agencies. Denying this is just refusing to acknowledge a truth that has reared it's ugly head again and again and again.
Yes, everyone knows this stuff, but just because it’s happening does not mean it can be used to incriminate someone in court unless there is justified prior suspicion which a judge issues a warrant for. That’s where the transparency is, at the court level.
> Countries like China…
This is a silly example, it makes me sad to say, but people in China are going to have their personal freedoms violated in very harsh ways regardless of Apple operating there of not. Unfortunately that’s the reality of living under totalitarianism — I don’t know why you’d even bring this up when I am clearly stating that what really protects people is living in a free democratic country with a well functioning court system.
> If they actually cared about those things, they'd divert some of the national budget to addressing those issues. Instead, they take that money and invest it in surveillance. Billions of dollars get poured into black budgets every year, with margins that constantly expand. The NSA regularly backdoors encryption standards, the FBI regularly designs exploits and incorporates them into US infrastructure.
I don’t wholly disagree, but I don’t see the connection with the original point. Also, you’re talking about governments as a monolith, which is a mistake. Any government is made of may departments and people, when you say ‘if they actually cared’, who’s the ‘they’? I think it’s really silly to say no-one in any part of the FBI cares about stoping child abuse for example. Sure I get that the CIA does not care, but that’s just not their job either.
> If any of our surveillance programs want to backdoor an iPhone or introduce vulnerabilities into iPhones, Apple has no recourse.
Maybe, maybe not. What is your hypothetical scenario for this? Can you explain how you think they’d do this where Apple has no recourse? Also who is the ‘they’? When you just say ‘they’ in a handwaving general way you sound conspiratorial. Are you saying they’d do it and apple could not detect it? Or that they’d coerce apple and apple would have no legal way to stop them?
> A much more appealing effort is to keep tabs on everything you do, everywhere you go and everyone you talk to. That way, if you become a legitimate threat to the state they can zero you before you cause any real damage. Make no mistake, every government is only out to save their own skin. You may disagree with it, or find it silly, but that's realpolitik for you.
This is where we depart the most. I’m European, In my opinion, America, with its two party non proportional system is a very poor example of democracy that is quite susceptible it corruption because of it’s concentration of powers. Just because you guys don’t live in a well functioning democracy does not mean that’s the case for the whole world — yo...
The chance of that happening in the real world is astronomically small.
You choose to tell them to store it or not. Due to third party doctrine you have very little legal protection for material you voluntarily provide to a third party. Even if apple behaves honestly and has no vulnerabilities or compromises they may be forced to hand the data over.
And the fact that you don't know this says to me that Apple is in practice unethically exaggerating the level of privacy they're able to provide.
https://en.wikipedia.org/wiki/United_States_v._Warshak
https://en.wikipedia.org/wiki/Carpenter_v._United_States
For awhile, they did so without even allowing the users to opt-out. This is a terrible suggestion if privacy is what you seek.
If that works, that might be a solution for people who want the convenience of voice control but do not want an always-listening microphone in their house.
So if you've got a few apple devices such as a homepod / apple watch / iPhone, consider the homekit ecosystem, its been working well for me.
Would probably be easier with Android as I imagine you could push apk files OTA if you wanted, which would come in handy.
It seems like they have an open source client that you can run on your own hardware but it's still dependent on the backend services that Mycroft-the-company provides. Perhaps their privacy stance is more palatable to you, though?
I think there used to be a project that was fully on-device but it got bought and consumed by Sonos
* changing the wake word was a pain
* having a Home account is essentially mandatory (kind of defeating the point)
* speech synthesis was really bad
* It needed a lot of rhetorical help to get useful responses.
Just getting to that point involved several hours of fairly hardcore debugging and even then basic issues like reliable mic input still existed.
I also couldn't find reasonably priced (<$100) speakers/mics in an Alexa form factor, but it wouldn't be fair to blame that on the mycroft team.
After you get it to work, I'm not sure if your server would have a worse data set for speech recognition etc, maybe, maybe not. I'm guessing it should be all right because they are using a Mozilla free data set (which you contribute to by default I think, if you use their server).
On the flip side, I do not, I repeat, DO NOT recommend giving their team money for pretty much any reason. They've been struggling to put together any working hardware (and promising the opposite) for years through a genuine comedy of errors. I think the most recent design iteration of MycroftV2 is something like a Raspberry Pi on a daughterboard in a 3D-printed case. I still check in on their blog and subreddit every few months to see what's changed, and everytime I'm rewarded with additional details on what seems to be one of the most incompetent engineering organizations I've ever heard of.
[1]https://www.wsj.com/articles/amazon-says-it-has-over-10-000-...
In a lot of ways, it doesn't really matter why they're not producing results, so much as the fact that they're not producing them. I mean, check out the list of remaining action items in their last "Production Update"[1]. This came over 8 months since shipping what were supposed to be the Mark II devkits, and almost four years(!) after they announced work on the Mark II in early 2018 [2], which has since gone through about a zillion different design changes. I won't claim to be an expert, but having had even a bit of experience with product development of this kind, this is not the happy path to getting consumer electronics shipped.
[1] https://mycroft.ai/blog/mycroft-manufacturing-and-product-up...
[2] https://mycroft.ai/blog/specs-new-voice-assistant-device-see...
I backed the mark2 on kickstarter which they have been promising is better and will ship anytime now - for a few years...
Commands which work nicely which we use all the time: "Hi Mycroft, set timer to X minutes." "play news", "set alarm to 6 am", "what's the temperature?", "will it rain?", "what's the time in Paris?".
I wrote METAR and TAF module for it to get more detailed weather (and learn some Python).
https://www.amazon.com/GE-Mechanical-Intervals-Decorations-1...
clap off
the clapper
clap clap
Mozilla has DeepSpeech [0] and, while not as advanced as the stuff from Google or Amazon, my experimentation left me feeling pretty hopeful that it could reliably recognize at least keywords.
The Raspberry Pi is quite capable though you'll probably need some dedicated microphone to reliably catch voice data. I know ReSpeaker [1] but maybe some off the shelf conference USB microphones would work as well.
[0] https://github.com/mozilla/DeepSpeech
[1] https://wiki.seeedstudio.com/ReSpeaker_4_Mic_Array_for_Raspb...
(It might be harder than it looks especially if your lights' API isn't documented well.)
To be clear, I’m not concerned about cloud processing or even mining my data. Just something I can have a reasonable amount of control over and that doesn’t constantly enable features I don’t want on its own.
For what it's worth, Google Homes don't have this drop-in feature. You can make calls and make announcements, but both require the person on the other end to actively answer or respond.
Once we figured it out, we then had to spend half a day going through the Alexa documentation (useless) and random threads on Reddit to figure out how the access control for this feature and Alexa in general works. Like I said, certain changes to your account cannot be made without contacting support and being escalated to a certain team. By the end of it I still could not be certain we had locked this person out because of the number of changes they had made to the account and how much of a mess the app is.
The thing I really don’t understand is that this feature has been deployed for over a year and has received negative attention in the press. It’s just unbelievable that they would ship a feature that can turn your Alexa into a listening device and not think through what could go wrong, and never revisit it in a year.
I have an in-law who uses voice recognition to dictate messages into WhatsApp extended family group and some of the shit she's posted is hilariously (unintentionally) spicy. Her kids get into stupid "conversations" with Alexa. They're 8. Just no.
The sad part is, for most people who say this, it's true. Their lives indeed contain nothing interesting enough to be worth concealing.
The majority of people on Earth have pretty boring lives.
40-50% of the meetings are low risk and they don't require removal or power off and these devices though.
For medium risk or higher we run random tests during meetings to see if they have google and alexa around. Nothing fancy or anyting. We just have they devices play a song like "Never Gonna Give You Up".
Someone set their name on Xbox live to something like "XBox turn off" then got people to read his name, which would turn off their console. It's a harmless example, but it shows that people and devices are susceptible to this kind of attack.
It is for us. The use case that sold us is my partner cooks a lot and often needs to add reminders or update a shopping list, which is difficult with both hands dripping with raw chicken juice or dough or whatever. They were for sale a while ago for $30 a device and they are decent speakers to boot, better even than a $1k phone.
They’d have to work reliably first
Do you have a link for that one?
People said again and again it's going to be abused, and you had the technical knowledge to evaluate the risk.
Yet you went with it.
If it was not your scenario, it would have been another one. There will be other ones. Hell, with things like PRISM, that's inviting 3 letters agencies in your bedrooms.
Since the pandora box is opened and people are going to do it anyway, we should at least militate for having hardware switches on any sensors for any device.
How is it different from a smartphone or notebook?
I don't have my phone expecting it to listen to all the room, all the time.
It could, but if it is, it's not a deliberate choice.
The microphone is not made of this, I regularly put it in plane mode, I don't have an account linked to the phone nor smart assistant actives.
Listening to my phone all the time would require targetting, since it's not, unlike alexa, doing so by design: https://eu.usatoday.com/story/tech/conferences/2020/02/25/go...
Also she and my partner both like the convenience, so who am I to say that they shouldn’t have such a device? The device does have hardware switches for the camera (it was off) and the microphone but you can’t switch off the microphone without effectively disabling the device.
When I she bought these devices they didn’t have this feature. None of us knew that the feature was deployed and enabled by default. To your point, it is a huge issue that we have no control over these devices anymore since the software can be changed at any time and can lie to you (lies of omission usually).
The Alexa goes above and beyond imo because when this person gained access to my mother in law’s other accounts, it took about 30 minutes to permanently lock him out, despite him bypassing text based tfa by having compromised her phone. Alexa wouldn’t even tell me this problem existed, and I can’t document what happened unlike with literally every other service.
I have never had an Alexa but surely there isn't that much time saved by having it turn off lights. Siri on your iPhone can set alarms and shopping lists and presumably your phone it always around you.
You should try.
It’s a trade off: You choose when to spend more time to set up the assistant, in order to save time setting an alarm while you have your hands in the dough.
I use the timer on my watch; then I can go away and completely forget about it, and be reminded in time.
First off, unless you want to really DIY the glue-code, you want to use HomeAssistant (huge community) or NodeRED.
The only part I'm uncertain about and haven't explored properly myself is the voice-to-text part. Any solution should be pluggable into HA or NR.
Relevant threads in HA voice-assistant sub-forum:
* https://community.home-assistant.io/t/replacing-alexa-or-goo... (Ada, Rhasspy and other FOSS alternatives)
* https://community.home-assistant.io/t/local-voice-control/29... (you can apparently use Alexa for voice control even if it does not have any internet access)
* https://community.home-assistant.io/t/best-option-for-local-... (local TTS)
I set up my phone so I can say "hey Siri ok google" and then it asks me what I want to tell google. I then say any command supported by the Google Assistant, and it passes the command through.
Technically I think it's supposed to work all in one utterance, but I have found that it never works that way. I always have to split it up. Even still, this is a pretty handy way to be able to ask for information (Siri's knowledge seems quite limited compared to Alexa/Google) without having any always-listening devices in my home.
Essentially you can program your house to coded knocks. Lights/music/door/... all by sequences of knocks.
There are open source speech to text engines, text to speech engines and assistant software with APIs, you could probably build something with a raspberry pi, I looked into it a while back but I don't really mind light switches.
"Open Assistant" should get the ball rolling for you, search that and dive down the rabbit hole of open source home automation.
While I've not used the entire Rhasspy project myself (but trying it out is on the long list of things to do :) ) I have used the offline Text-To-Speech sub-project Larynx...
...and it is amazing!
Larynx is significantly ahead in terms of quality of output & variety of voices (fifty--across multiple languages, accents & genders) of any other FLOSS Text-To-Speech project I've tried.
I think the relative new-ness of the project is part of the reason Larynx (https://github.com/rhasspy/larynx/) currently flies under the radar.
If the rest of Rhasspy is as good as Larynx I'd imagine it's worth trying out.
Larynx demo video: https://www.youtube.com/watch?v=hBmhDf8cl0k
Samples of pre-trained voices: https://rhasspy.github.io/larynx/#en-us
The only thing I struggled with was getting the wake-word config right: I could never find the right balance point where it responded every time, without also having annoying false positives, so I ended up turning it off. It does support multiple wake-word engines; I'm gonna have another go with Picovoice Porcupine now that they're opened up custom wake-word training for free.
I'm most heavily experienced with Rhasspy's sister project, voice2json [1], which I used to build a voice-controlled car jukebox [2], and it's been working fantastically. (It triggers from a Bluetooth remote, so no wake-word issues.) The two projects share the same core engine.
For hardware, Raspberry 3/4 perform quite well, and strong recommend for ReSpeaker [3] for audio (either usb or 4-mic hat).
[0] https://nodered.org/
[1] http://voice2json.org/
[2] https://github.com/lukifer/voicetunes
[3] https://www.seeedstudio.com/category/Speech-Recognition-c-44...
You want a case, but then from my research, cases can easily interfere with those arrays. So you need one that’s custom-made for the array you are getting. But no array I’ve seen does actually come with such a case.
Back when I asked (relevant subreddits and on tildes before I deleted my account), no one could tell me that any of my research had been wrong, but no one had a solution either. I posted the threads almost 2 years ago, so maybe things changed? I’m currently still using Alexa, but besides privacy reasons I’d also love custom software that can take the idiocy out of my assistant (mainly by using pre-configured commands that do what I want instead of sometimes guessing what I want; also for on-the-fly language switching, Alexa is atrocious when you want to request a band that’s not in your primary language)
I could probably get away with the kitchen and office assistant using a normal microphone, but both bedroom and living room need to recognize voices from most directions (and in the case of the living room, also have decent recognition through music playing).
If anyone has any solutions, I’d love to hear them.
(Just to male it clear, I'm not affiliated with them in any way)
But! Now they sell the new array as USB array in a proper case! That’s not perfect as I’ll have 2 devices instead of one to place/hide, but it’s still a lot better than last time I checked their site.
Thank you, now I have plans for 2022 :)
Hah, and of course there is only one left in stock :/
edit: And I found a company in Germany that not only resells them for almost the same price, they even have a lot of stock.
Note that I did not look into them, just found them when searching and bookmarked the site for next year ;)
That breakout is $6.95 with price breaks to $6.26 at 10 and $5.56 at 100 which is probably a bit pricey for this application, but really you only need the breakout to make it easy to play around with it on a breadboard. The other parts on the breakout besides the microphone module itself are just a couple of resistors. The module itself looks like it would be reasonable to solder wires directly onto, so you should be able to build a microphone string with just the microphone modules, the wire, and a couple of axial resistors at each microphone.
Here's that particular microphone module at Mouser [2]. $2.64 for one, price breaks to $2.19 at 10, $2.02 at 25, $1.90 at 50, and $1.78 at 100.
There are other I2S and I2C and SPI microphones. The SPH0645 just happened to be the first one I found to use as an example.
I'm not sure though if any of these interfaces have enough bandwidth to support enough microphones simultaneously for this to work. You might need multiple parallel strings, or maybe a hierarchical system, like having some ESP32 modules on the walls too, with each ESP32 handling a smaller string of microphones, and the EPS32s reporting what they hear along with timing data wirelessly to whatever is doing the processing.
[1] https://www.adafruit.com/product/3421
[2] https://www.mouser.com/ProductDetail/Knowles/SPH0645LM4H-B?q...
What about a controller you carry around with you that you can speak into, like phone software, a watch, or if you’re into the hacker chic look, a mounted mic you wear?
I don’t think speaking is even the best choice, it’s limiting, a phone can be a web interface, gestures over a sensor seems reasonable for basic controls and speech to text can be piped into it as commands though your phone you carry with you anyway.
If you’re controlling lights it’s less hassle though a GUI, and limiting it to voice will not make your life easier.
check the neural then british, Amy. the "smoothness" is uncanny. the samples are "almost" there with larynx you linked. good but take kathleen (glow_tts), there is "still" some robotic in there. is this something that can be improved by tweaking the training ? this sounds really cool to be used at home
And Larynx is game-changingly ahead of the other FLOSS+offline options.
(Probably the highest quality voice is the one that's used for the demo video narration--which when I first heard it I had to skip to the end of the video to confirm it wasn't a live human. :) )
My (mostly uninformed) impression is that there's room for training tweaking/improvement given how young the project is. And there's also multiple stages to the generation process so presumably there's opportunities at each stage.
the video is a great example
https://www.youtube.com/watch?v=IsAlz76PXJQ
https://news.ycombinator.com/item?id=29565983
https://homeintent.io/
https://github.com/victorqribeiro/rpiapi
Here you can see I'm using voice commands to drive a car
https://github.com/victorqribeiro/raspberryCar
I mean, with a little bit of code and some 3v relays you can achieve what you want
Lot of plugins and functionality, especially mycroft.However Almond being open-source is very good for hacking around