22 comments

[ 2.9 ms ] story [ 59.7 ms ] thread
Prove they aren't. Prove they'll never be. I'll wait.
These are philosophically interesting demands.

Many schools of thought believe that it is impossible to prove the absence of something. Personally, I would like some firm proof that there are no pixies living in my garden, but all I can say is that I've never seen one.

It’s simply too easy for the smart speaker to have its behaviors changed. It’ll become the new wiretap.
It's pretty trivial to construct negatives that can be proven. E.g. take a solid colored object and prove it's not a specific color. You can prove the negative statement by proving a positive statement about the true color of the object, e.g. by direct observation, measuring the wavelength of emitted light, etc.

Similarly, you could prove a speaker doesn't eavesdrop by proving it performs a finite set of operations, none of which are eavesdropping.

Sure, but computer chips are probably the most complicated things that our civilization can currently make.

Asking somebody to prove that a computer won't do X is a fool's errand, outside of some shrinking safety-critical industries.

That said, you could always make your own smart speaker with a hardware button or shell script instead of a wakeword:

https://developer.amazon.com/en-US/docs/alexa/alexa-smart-sc...

That's very different than your initial statement of: "Many schools of thought believe that it is impossible to prove the absence of something.". Many (all?) schools of thought believe in the law of excluded middle, which makes it possible to prove the absence of many things.
See, this bomb has no fuse. It's just an inert mass of TNT in a metal shell. You can bang on it with a hammer, nothing will happen! You can scoop some of the TNT and drop it into your fireplace, and it will burn peacefully. It's completely safe to keep it in your house.

Now prove it's never going to explode.

Do you notice how a perceived risk of something really bad happening skews people's perception?

There is an obvious risk of turning a smart speaker into a eavesdropping device, because

- It has to listen to your commands.

- It has to send the commands it hears to a computer outside your control for processing.

- It receives firmware updates which you also do not control, and cannot inspect.

A perfect moral hazard.

If I were to use a smart speaker, it must have open-source firmware which I can inspect and flash, and it, or its processing software on my home server / router / NAS, should be firewalled off the internet. That would be a proof.

They aren’t? I Thought it was pretty well established that they randomly turn on and send data to a 3rd world transcription service.
Given that that would be opening the manufacturers up to an _extraordinary_ liability if it was ever discovered; that many individuals are highly motivated to discover this behaviour; that it would be possible to do so fairly easily with network monitoring that's well-within the capabilities of many HN readers; and that to the best of my knowledge no-one has ever made such a claim - that's an extraordinary claim that requires extraordinary evidence. If it is pretty well-established, you won't have any trouble providing an example?

You may be confusing this with the fact that recordings are transcribed to improve accuracy[0]. That's well-known and acknowledged! And for folks who _never_ want anyone else to read what they say to voice assistants, that is indeed a problem. But, again - the overwhelming weight of evidence suggests that the only data that is actually transmitted by these devices is when it believes[1] it has cause to do so. I have never seen one iota of evidence to suggest that smart speakers are designed to listen-and-transmit at times other than when there is a reasonable expectation that customers want them to do so.

[0] https://www.rd.com/article/is-alexa-really-always-listening/, "What are the privacy concerns", for instance

[1] yes, false-wakes happen. That's also an issue. But it doesn't support your claim of intentional ("randomly" - I'm assuming you mean this colloquially for "with no justification", rather than literally "in an unpredictable fashion") transmission.

EDIT: to be clear - I absolutely support people's discomfort with these listening devices. If you don't want companies to gather data about you, that's a sensible position to take! If you don't want to take the risk of false-wakes, good for you! But it's important to make the decision based on _actual fact_ rather than scare-mongering, or claims of "well it might" when weight of evidence _and_ active network monitoring strongly suggest that, no, in fact, it doesn't.

> But then there’s the 79% of survey respondents who “believe their virtual assistants and streaming devices can listen to their conversations,” and the 67% who “believe they have received an advertisement based on a conversation they’ve had that was captured by a virtual assistant or streaming device.”

to the question as stated, these seem like reasonable answers. to a more specific question that limits this to “periods during which nobody has spoken the keyword that activates the smart speaker”, the answer might be different.

> A snippet further down in the survey–48% of respondents said they cleared their browser history, a meaningless move against ad networks–suggests that many people remain confused about web tracking.

did they do this as part of resetting a larger amount of browser state (e.g. cookies)? and was this action even motivated to protect against the ad industry, or to protect against physical access (theft; keeping secrets from family)? the survey question doesn’t specify.

> Chubb’s survey surfaces comparable confusion about passwords, with 61% of respondents saying they struggle to keep track of them but only 35% reporting they use password managers like Google Password Manager.

is using a password manager provided by an ad company supposed to protect you from that ad company learning more details about your life?

what a motivated and lazy article. you can do better than this, Rob.

Is this article, with a straight face, going to pretend that the US military can't use iPhones as a listening device? The only questions here is how often phones are used for eavesdropping.

The ad targeting probably isn't happening. But if you keep a software-controlled microphone near you then it is going to be listening to what you say and at some point that will leak out to the wider world.

(comment deleted)
I'm confused. As the article states, the speakers do wake spuriously and record conversations. So the speakers do eavesdrop, even if it's unintentional. The article goes on to say that, even those the speakers do eavesdrop, they don't use the conversation for ad targeting. I find that hard to believe. The speaker doesn't know it's listening erroneously. If I say "Alexa, order sponges," it's totally within the realm of possibility that Amazon shows me advertisements for Dawn dish soap, and I posit this is true for any prompt I give the speaker. This article doesn't add up.
I don't really have a strong opinion on whether they are or aren't, nor a desire to get a definitive answer. What I've realized though is that these "products" like alexa and google home exist solely for the benefit of Amazon, Google et al, as data collection devices (irrespective of whether they eavesdrop outside of activation). They are not useful to me (alexa favouring some stupid Amazon music over my connected spotify account was the death knell*) and I don't see a reason to give these companies another window into my life, even if they do it within their TOS, so I don't use them. Whether or not they are actually eavesdropping for some definition is not worth thinking to hard about

*re the spotify thing, I don't know if this was an experiment or just a reset of settings somehow, but I had specifically connected spotify, and had Alexa revert to playing "previews" (clips of songs I asked for) on amazon music instead of using my paid spotify subscription. I also noticed that it would routinely play a nonstandard version of songs on spotify that did not coincide with the same search using the spotify app. Like if I searched for a common song, I would get an obscure concert version or a cover, when the usual version would be the first hit searching on the spotify app. Never ascribe to malice what can be explained by stupidity I guess, but it didn't win Amazon any points in my book

(comment deleted)
> But for companies to use this data gathered without people’s consent to target them with ads would a) invite a beatdown from government regulators that would make the Federal Trade Commission’s $5 billion fine of Facebook for privacy violations look like a parking ticket...

Yeah, but I'm certain they'd pass these data along (and potentially much more of it) to some government entity if served with a national security letter or some other secret legal order. The 'customer' may never even find out about it.

So go ahead and install as many commercially controlled mics as you want, citizens. What's the worst that could happen?

I don’t know if they are, but I think it is more likely than not that they are. It’s too compelling not to for a company like Amazon. Like PayPal, when you are caught it’s better to apologize and then quietly reinstate it. I’m shocked people trust smart speakers as much as they do.
They're closed-source, closed-hardware devices with microphones that are publicly acknowledged to send recordings they make to remote servers for processing. There's no non-testimonial evidence that they aren't eavesdropping. I'm not even aware of any testimonial evidence that was collected under oath (penalty of perjury or similar)!

They don't really need to eavesdrop for advertising. They'd certainly end up facing some substantial regulatory scrutiny if they did. They could be required to eavesdrop by a national security warrant (or similar) which wouldn't be subject to regulatory scrutiny in the same way advertising would be.

They may not be eavesdropping with the microphone but they could be with an accelerometer[0].

  In particular, we show that by exploiting the affected accelerometer readings and carefully selecting feature sets along with off-the-shelf machine learning techniques, Spearphone can perform gender classification (accuracy over 90%) and speaker identification (accuracy over 80%) for the audio/video playback on the smartphone for our recorded dataset.
Google was capable of warning people of an earthquake before it even happened[1].

  Google has also turned individual phones into miniature earthquake sensors. All smartphones have accelerometers that can pick up signals of an earthquake. If triggered, the phone sends the message to a detection server, along with rough location data, like the city a device is in. The server then pieces together where the earthquake is happening from data collected on multiple phones and beams out the relevant alerts.
[0] - https://arxiv.org/abs/1907.05972

[1] - https://arstechnica.com/science/2022/10/how-google-alerted-c...

And why wouldn't they? I know more than one person who insists their smartphone must be listening. Simply because as soon as you even mention a given subject in conversation, it seems to show up in ad targeting. Of course what really happened is subconscious - you googled the subject earlier, or mentioned it offhand in a Facebook Messenger conversation or maybe even just lingered on some clickbait too long, or whatever.

The speakers are listening. Only for the wake-word of course. But explain that to nontechies.