As the Philadelphia meetup, I got to chat at some length with a reader who had a considerable high end IT background, including at some cutting-edge firms, and now has a job in the Beltway where he hangs out with military-surveillance types. He gave me some distressing information on the state of snooping technology, and as we’ll get to shortly, is particularly alarmed about the new “home assistants” like Amazon Echo and Google Home.
He pointed out that surveillance technology is more advanced than most people realize, and that lots of money and “talent” continues to be thrown at it. For instance, some spooky technologies are already decades old. Forgive me if this is old hat to readers:
Edward Snowden has disabled the GPS, camera, and microphone on his cell phone to reduce his exposure. As most readers probably know, both the microphone and the camera can be turned on even when the phone has been turned off. He uses headphones to make calls. This makes the recent phone design trend away from headphone jacks look particularly nefarious.
“Laser microphones” can capture conversations by shining a laser on a window pane and interpreting the vibrations. However, this isn’t really a cause for worry since there are easier ways to spy on meetings.
With a voice recording (think a hostage tape), analysts can determine the room size, number of people in the room, and even make a stab at the size and placement of objects, particularly if they get more than one recording from the same site.
But what really got this reader worked up was Amazon’s Echo, the device that allows users to give voice instructions to a device that will tell your TV to stream video or audio. order from Amazon or other participating vendors, provide answers to simple search queries, like “Tell me the weather,” perform simple calculations, and allow you to order around smart devices in your home that are on the networks. like tell your coffee maker to make some coffee. He said, “I’d never take one of them out of the box.”
He was at a party recently with about 15-20 people when the host decided to show off her Echo. She called across the room, “Alexa, tell me the capital of Wisconsin,” and Alexa dutifully responded.
Based on his knowledge of other technologies, here is what he argues was happening:
The Echo was able to pick a voice out of a crowd engaged in conversation. That means it is capable of singling out individual voice. That means it has been identifying individual voices, tagging the as “Unidentified voice 1″, Unidentified voice 2” and so on. It has already associated the voices of its owners, and if they have set up profiles for other family members, for them as well, so it knows who goes with those voices.
Those voices may be unidentified now, but as more and more voice data is being collected or provided voluntarily, people will be able to be connected to their voice. And more and more recording is being done in public places.
So now think of that party I was at. At some time in the not too distant future, analysts will be able to make queries like, “Tell me who was within 15 feet of Person X at least eight times in the last six months.” That will produce a reliable list of their family, friends, lovers, and other close associates.
CNET claims that Amazon uploads and retains voice data from the Echo only when it has been activated by calling to it and stops recording when the request ends. But given the Snowden revelations that every camera and microphone in computers and mobile devices can be and are used as viewing and listening devices even when the owner thinks they are off, I would not be so trusting. Even if Amazon isn’t listening and recording at other times, the NSA probably can. CNET adds:
Amazon Echo is always listening. From the moment you wake up Echo to the end of your command, your voice is recorded and transcribed. And then it’s stored on Amazon’s servers….
It’s unclear how long the data is stored, but we do know that it is not anonymized. And, for now, there’s no way to prevent recordings from being saved.
Reread the first paragraph. The Echo has to be listening at all times in order to respond to the “Alexa” command. So the only question is whether Amazon or some friendly member of the surveillance state is recording then too.
This scenario ties into a recent development I find alarming: banks and other retail financial firms relentlessly offering to let you use your voice as your identifier if you wind up calling them. Every time I have called, I have to waste time rejecting their efforts to route me into that system. I’ve told the customer reps I never want that done but there is no way to override that even when I call in from a phone number they recognize as belonging to a customer.
Now let us play devil’s advocate. The Echo is awfully promiscuous in terms of who it seems to think is allowed to place orders. A parrot famously placed an order for some gift boxes:
But the story in the Sun states that the African Grey “Buddy” was imitating his owner:
Buddy activated her £150 Amazon Echo smart speaker, which connects to the internet shopping giant’s artificial intelligence hub.
Users can bark commands at it to control heating, order a takeaway or access a host of other services.
It responds to the name “Alexa” and hilarious footage filmed by South Africa-born Corienne now shows Buddy squawking “Alexa!” in her voice.
Now since on a quick search, I didn’t find any videos of Buddy’s owner saying “Alexa,” we have no idea of how good a mimic Buddy is (as is does the Echo allow anyone to place orders in a home who says “Alexa”? One would hope not, since imagine the mischief, say, an angry nanny or plumber or teenager could make).
Some argued that Echo and its ilk are not a threat because speaker recognition isn’t as good as is often claimed. From Scientific American:
Voice recognition has started to feature prominently in intelligence investigations. Examples abound: When ISIS released the video of journalist James Foley being beheaded, experts from all over the world tried to identify the masked terrorist known as Jihadi John by analyzing the sound of his voice. Documents disclosed by Edward Snowden revealed that the U.S. National Security Agency has analyzed and extracted the content of millions of phone conversations. Call centers at banks are using voice biometrics to authenticate users and to identify potential fraud.
But is the science behind voice identification sound? Several articles in the scientific literature have warned about the quality of one of its main applications: forensic phonetic expertise in courts. We have compiled two dozens judicial cases from around the world in which forensic phonetics were controversial. Recent figures published by INTERPOL indicate that half of forensic experts still use audio techniques that have been openly discredited….
The recorded fragments subject to analysis can be phone conversations, voice mail, ransom demands, hoax calls and calls to emergency or police numbers. One of the main hurdles voice analysts have to face is the poor quality of recorded fragments. “The telephone signal does not carry enough information to allow for fine-grained distinctions of speech sounds. You would need a band twice as broad to tell certain consonants apart, such as f and s or m and n,” said Andrea Paoloni, a scientist at the Ugo Bordoni Foundation and the foremost forensic phoneticist in Italy until his death in November 2015. To make things worse, recorded messages are often noisy, short and can be years or even decades old. In some cases, simulating the context of a phone call can be particularly challenging. Imagine recreating a call placed in a crowded movie theater, using an old cell phone or one made by an obscure foreign brand.
In other words, a significant problem is sample contamination, which is also can be an impediment in DNA analysis, in that contamination often has occurred at the collection site and sometime takes place in the lab. However, if you are repeatedly giving Amazon and whoever else might be interested voice samples again and again and again, you are giving them the opportunity to get a good, indeed many good recordings.
And our concerned reader points out that you don’t need pristine recordings to make useful inferences:
Although voice identification has a margin of error that would make it unacceptable for legal identification and non-repudiation, it still has useful utility for intelligence and “user experience” applications, especially when paired with other available data.
For example, if a sensor captures signature characteristics of a subject’s voice, it may limit the potential matches to, say, 500 people, but if another sensor detects cell phone IMEI signals near by, a match with a high degree of certainty may be predicted. Similarly a facial recognition algorithm may get a match that comes back with dozens of potential matches, but when cross-referenced to the nearby voice signature matches, a high confidence match is possible.
Databases in the cloud are very economical at scale. If persistent collection is stored in a database with proper meta data (e.g. Date/time, GPS, sensor type), then Bayesian algorithms will eventually retag the data for an unknown subject into a known subject (with with X probability).
To understand how this may work, consider the TSA backscatter scans performed every day at airports. The first batch will produce piles of scans of unknown persons. If these scans are compared with the boarding pass scans around the same place and time, then each backscatter scan may be considered as potentially matching one of the boarding passes scanned. Now, when the same person is scanned again, the number of potential matches of similar scans and common boarding passes reduces significantly. Eventually, scans can be quickly paired to an individual with a high degree of certainty. This can be further optimized by considering which scans and boarding passes have not already been tagged to someone with sufficient certainty.
But Echo and Google Home users may argue that they are allowed to erase their data, so what’s the worry? Again per CNET:
For those who don’t take chances, there’s a way to delete all voice data in one fell swoop. Head to www.amazon.com/myx, sign in, and click Your Devices. Select Amazon Echo, then click Manage Voice Recordings.
This is not as reassuring as it might sound. Amazon collects at least your Echo instructions by default. You can wipe them manually. You can’t set the Echo up not to retain your instructions nor to wipe the periodically, say daily.
So Amazon (and whoever else might have access to the data) pretty much always has some voice data to work with. And remember, Amazon is not deleting the voice profile that is has been constructing on you, merely the raw data it has been using to construct and refine that profile. So you can keep wiping your data, but ever time you speak to Alexa, and perhaps at other times too, you are giving it more and more information to develop a better and better vocal fingerprint.
Confirming some of the concerns described above, computer scientists at the University of North Carolina depict the “overhearing” of devices like the Echo and Google’s home as a hacking risk (while our reader’s and our concern is that the overhearing is a feature, not a bug). From their paper SoundSifter: Mitigating Overhearing of Continuous Listening Devices:
Having reached the milestone of human-level speech understanding by machines, continuous listening devices are now becoming ubiquitous. Today, it is possible for an embedded device to continuously capture, process, and interpret acoustic signals in real-time….Although these devices are activated upon a hot-word, in the process, they are con- tinuously listening to everything. It is not hard to imagine that sooner or later someone will be hacking into these cloud-connected systems and will be listening to every conversation we are having at our home, which is one of our most private places.
Their solution is what amounts to a hardware condom:
Instead of proposing modifications to existing home hubs, we build an indepen- dent embedded system that connects to a home hub via its audio input. Considering the aesthetics of home hubs, we envision SoundSifter as a smart sleeve or a cover for these devices.
An indirect confirmation that this security concern is real is that Amazon is giving patently dishonest reassurances to Echo customers, as in technically accurate but utterly misleading. In a Quartz article, Amazon’s vice president and head scientist of Alexa machine learning Rohit Prasad claims there is no reason to worry about the Echo devices because they are “too dumb”. They have almost no memory, a buffer of only a few seconds, and know only four wake words. In other words, he acts as if the potential of intercepting the communication to the cloud does not exist, and worse, directs consumer attention from the fact that Amazon retains user voice recordings.
One thing that may impede the spread of widespread voice-spying is that the Echo appears to be sufficiently fussy that it does not work very well in a lot of real-world settings. So only partial uptake among customers that fall squarely into its target market (upscale, tech-friendly, servant-loving) would limit how many customer profiles it gathers as well as how many parties it can listen in on.
Plus Amazon seems to have trained its algos on American voices, which means if you have a pronounced accent, you may not be very happy with the Echo.1 From Clive:
Apart from the creepy crawley surveillance aspect (and Google/Amazon bother me far more than the state security apparatus) I bought a couple of Apple Homekit enabled devices for home automation and Siri voice control. Absolutely useless. Works barely 60 percent of the time which is way, way less than tolerable considering the cost premium over conventional equivalents.
Wth proper microphone kit, a quiet workspace and a few hours training it on your dialect, there’s noting especially wrong with the principles of computer voice recognition. But it will always struggle in real-world environments and the vagaries of human speech without extensive customisation.
A lot of Silicon Valley’s output is what Japanese firms used to be castigated for — “Galapagos” products which only work in a narrow niche-local market. If you are not an urban hipster in a San Francisco loft apartment with unimpeded WiFi signal strength, reliable low-latency broadband, good acoustic envelope, no street noise and so on, the tech has an embarrassing tendency to fall over in the kinds of environments the rest of us live in.
Even in the US, these kinds of living conditions are atypical. City dwellers may have apartment type accommodation, but room sizes are smaller and reinforced concrete construction means the router in your hallway or kitchen will be patchy in the bedrooms. Suburban housing will be much bigger and you’ll need powerline repeaters to get to the outer edges of the building. CAT5 or 6 cabling isn’t standard on mass built housing and even custom build doesn’t normally specify it for residential development. My house is small by US standards but even I have to have a repeater to get a decent WiFi signal on the first floor.
I move in a tech-y circle and everyone I’ve discussed this with has tried Echo/ Siri Homekit/Google Home and has given up faced with the flakiness and demands to reconfigure their living spaces to accommodate their demands.
So many of the more trusting sort of customer may be put off by the lack of reliability of these “home assistants.” But if you care at all about your security, I wouldn’t get near one.
Update 7:00 AM. By happenstance, a story just out in the Sun confirms the UK “Echo is not ready for prime time” point of view. From Cops raid music fan’s flat after his Alexa Amazon Echo device ‘holds a party on its own’ while he was out:
A music fan has been left with a huge bill after his voice-operated Amazon Echo device threw a house party while he was away.
Cops were forced to break into Oliver Haberstroh’s flat in Hamburg, Germany, after neighbours complained about deafening music blasting from inside – but found the apartment empty.
Mr Haberstroh claims he walked out of his flat to meet friend [sic] on Friday night after checking that the lights and music were switched off.
He wrote on Facebook: “While I was relaxed and enjoying a beer, Alexa managed on her own, without command and without me using my mobile phone, to switch on at full volume and have her own party in my apartment”
“She decided to have it at a very inconvenient time, between 1.50am and 3am. My neighbours called the police.”
___
1 More from our wary reader:
Although I have never, and will never, own an Echo, when I saw people use it, it was accurate and responsive. I have not been impressed with Siri. I have noticed too a marked improvement in call center voice recognition for processing voice menus and transcribing voicemails. There is a lot of cheap older voice recognition technology in use, but the newer stuff is significantly improved each generation. The venture capital company InQTel, which funds tech for the intelligence sector is funding lots of tech in voice recognition. The big drivers for investments are: 1) replacement of call center support and marketing workers; 2) expansion of call center services because new workers are not needed; 3) transcription for marketing/business/government intelligence and sentiment analysis; and 4) cooperative and non-cooperative personal identification.
127 comments
Comments are closed.
Being a privacy threat is one thing, being a conditioning tool is a few orders above that imo….
Anywho…
Apple’s first partnership with an Australian university – RMIT – is announced today.
We’ve all heard that coding is the skill to learn, and now Apple are making it more easily accessible with its Everyone Can Code initiative to roll out worldwide in partnership with 20 universities. RMIT will be partnering with Apple in Australia, with courses starting this month, including at RMIT Online.
The course will offer Swift Curriculum designed by Apple engineers and educators to teach the tenets of coding and design, whatever ones technical background.
“At Apple we really believe that coding is the language of the future and we want to make it as accessible as possible,” said Lisa Jackson, Apple’s vice president of environment, policy and social initiatives and part of Apple’s executive leadership, on her first-time trip to Australia to be part of the announcement. – snip
http://www.vogue.com.au/vogue+codes/news/apple+everyone+can+code+initiative+announces+partnership+with+rmit,44863
Disheveled…. and the – code – is oligarchical law… for it was written… in IP
Well, it is always fine to learn how things work, but, The Problem is that “coding” is similar to Football or Bicycling:
Everyone can learn to do it to some degree of quality that is at least useful to themselves. Fewer can make a decent living doing it for others as a professional career, extremely few people will excel at it and become “superstars” asking any salary whatsoever.
Apple believes in pushing wages down for developers, however, they will find out that one gets exactly the amount of talent that one pays for!
Talent just doesn’t “scale-out”, adding more dum-dum coders means that soon every coding activity must be clearly codified in mind-numbing details in thick prescriptive manuals with “Q&A, Processes & Procedures for Application Development” (or codified in “intelligent development frameworks”-; “work-flow systems”- software).
After a while all of those resources that could and should have been used on innovation are burned on keeping the eldritch bindings on the muppets intact so that work can progress.
The military, the DMV and the IRS are shining examples of “running out of talent, then compensate by more rules”.
knowledge without Knowledge has always been humanities greatest threat.
Are you saying coding is like golf.
Are you referring to “Fore!”tran?
Smirk…
More like out of all the people that play golf only 10% are competitive, of that, say 10% of them play professional level, then only say 6% of that lot can make a living out of and finally 1% of them make the big bucks….
disheveled…. Daryl below makes a good point, but I still stand by statement about code becoming a Bernays like behavioral – conditioning tool w/ law bolt ons….
OTOH, Apple doesn’t necessarily need or want to recruit those coders themselves. They want more people using Swift and putting apps into their walled garden ecosystem. And a quick glance at either platform’s store will confirm that they are not concerned about the quality of the code, only that “there’s an app for that.”
Alexa, and any apple phone using Seri or Google Android phone using “Okay Google”. Try not having a conversation around anyone with a “smart phone”. Game over for privacy.
You don’t even have to be home (or have a parrot) for Alexa to cause problems: http://www.telegraph.co.uk/news/2017/11/08/alexa-nein-police-break-german-mans-house-music-device-held/
It appears one of the first uses of AI is practical jokes gone awry.
Eventually AI will fake your voice, and then testify in court that it truly is your voice. That’s what is truly scary.
Derick Bronze not only discusses CIA using software to fake their id as Kasperksy, but the developments in using voice and image AI abilities to mount false flag operations to smear or attack investigative journalist.
CIA impersonated Kaspersky anti-virus software
yes at least your recognize it’s not just Echo which this article seems to single out for some reason. I mean arguing don’t buy Echo because it’s a waste of money still makes perfect sense to me, but some of this technology is widespread in devices most people ALREADY own (iPhones or Android phones).
I don’t know if you can use Siri to order things online etc. or not, if not that’s some financial protection I guess from things going wrong involving $. I think you need to explicitly activate Siri so whether it is always listening or not is anyone’s guess.
Tinfoil hat theory: voice recognition tech is crap on purpose, with the aim of getting you to give them even more voice samples to build their profiles with. When recognition fails, the tendency for many people is to change their pronunciation or emphasis slightly in the hope the machine will understand better – of course this also gives the algorithm an even more varied data set to build on.
Based on the premises of the post, Yves was incautious in giving so much detail about her source. Sanitizing these kinds of anecdotes is probably a worthwhile habit to develop.
Your concerns are unwarranted. There are millions of people who have security clearances and at least tens of thousands who fit the profile I gave. I’ve had people who have clearances give me what was shocking current inside information, and nothing he said bore even a dim resemblance to that.
And what he told me is so utterly old hat to people in the know as to raise no eyebrows. He never would have told me anything of any significance as far as his day job is concerned, and the material here is remote from that anyhow, it’s in the realm of gossip he gets by being a tech guy (in fact most of his stories came from personal knowledge from well before his current incarnation).
I get what you are saying in your response – in this case, it is unlikely to the extreme that anything of any import was said that could in any way come back to haunt this individual…or trigger a NSA/FBI/CIA snowflake to dig deeper. But I think the point is that we are far more vulnerable then many people realize to easy unmasking of sources. This awareness is growing, thankfully.
But the point cannot be made enough that this isn’t rocket science anymore – with the data available from local, state, and federal authorities – at their fingertips as it were, not to mention commercially-available ad/customer tracking data, and even the resources available to white or black hat hackers on their own in the basement, the slightest slip…the littlest most innocuous-seeming driblets of data subdivide the set and make tracking, analyzing, and ultimately unmasking – trivially easy. Certainly if you have the resources of the government.
At the risk of belaboring the point, and noting I do not do this either for a living nor for amusement – but being fully aware of some who *do*, lets beat the dead horse a tad more…for effect:
“…As the Philadelphia meetup, I got to chat at some length with a reader…”
– Philadelphia meetup, Thursday Nov 2nd @ City Tap House UCity (coords 39.9543° N, 75.2013° W)
– You, arriving by train “4:30pm-ish” train, leaving on last train @ “10:27pm”
– Verify train arrival/departure times, verify all passanger manifests on these trains, and/or verify all credit card transactions taking place for these ticket purchases, cross-reference any cash/token purchases with train surveillence cams.
– Search cell site data for all pings from all cells (smart or dumb phone, doesnt matter) present at that location (+/- 200 feet) from (say) 4:45PM-10:15pm, ascertain owner data for these cells.
– Access credit/debit card transactions for Tap Room on this date, and identities.
– Search public & private security cams for face ident: https://www.videosurveillance.com/communitycam/map/?pv=philadelphia
– For good measure, access logged data (Utah, NSA data center) verify IP address, source ISP, stored identification records to determine probable identity of any/all posters to comments of Naked Capitalism for (say) last 6 months.
– Access Philadelphia Fusion Center data (Delaware Valley Intelligence Center – https://dvicphila.org/(X(1)S(xejvvfyi0djpsynsltdrlujj))/default.aspx?AspxAutoDetectCookieSupport=1 ) for any police dashcams that happened to be in area, license plate recognition for any and all plates in the general area of the Tap House at or around those times.
– Collate all of the above data and crunch to get list of names.
– Access commercial data tracking information (i.e., Google, Amazon, Apple, any/all ad network tracking etc. etc.) to cross-reference with above identities.
– Target: IT professional. Resume subdivided to include ‘cutting edge firms’, currently has occupation in the Beltway, associates with ‘military surveillance types’. Cross-reference with above data, identity compromised.
– Note that, although potentially difficult and time-consuming for a non-state actor, even without much (or any) of the data above a dedicated non-governmental hacker/snoop would be able to garner a frightening amount of clarity in a ‘private’ investigation…perhaps with a little crowd-sourcing amongst cronies and web-hirelings with some added social engineering. Not that I would, but if it were me I would start with social engineering of the Tap Room employees to impersonate an agent and obtain credit/debit card transactions from the night in question (‘for a federal investigation, very hush hush’)
– Profit! (or, arrest, detain, blackmail, render, as necessary….)
My contact knows this and more and provided the info for the post. If he were concerned, he is capable of taking precautions. I can think of quite a few that would undermine items on your little list, like paying in cash, taking public transportation in Philly, keeping any electronic in Faraday backpack. And you also assume quite a bit about how the reader interacts with me and his current formal job role which are also not valid.
My comments would mainly be for folks in the readership that maybe are not yet convinced…hopefully there are fewer around here then I might think! :)
The only tech devices i have is tower PC and WIFI android tablet useful using only password WIFI routers . The coffee shop/restaurant where go to implemented no down loading large apps and software also ban porn. If caught you no longer allow in that place.
I have no attention of owning a cell phone . I am Amateur Radio operator yes there is bad actors in ham radio such as jamming and interfering pubic safety. They do get caught by the FCC and convicted, it does take longer the FCC take action .Thanks to budget cuts since Ronald Reagan
I understand your points, and thank you for making them once again to a general audience who may be unaware of these dangers. Everyone needs to be aware of this, imo, if for no other reason than to think twice before buying another ‘internet of things’ device and bringing it into their homes.
That said, computer AI/algorithm is, at its most basic level a pattern matching process. The patterns matched are human-defined and coded in 0/1s – what the computer programs “see.” Computer pattern matches are not omnipotent anymore than the human coders are omnipotent. (See self driving bus crash and Google/AI algo for Clinton campaign.)
The source for this post seems fully capable of knowing how to avoid creating the kinds of patterns an algorithm would “read” to pinpoint a unique individual as a source in this case.
Just my 2cents.
“Don’t buy the stupid Alexa/google assistant/etc” is a take of such obviousness that I wonder why it even needs to be made.
Why anyone would want one of these things if not a brain-dead marketing slave is completely beyond me. What exactly can it do that you can’t do more or less just as easily from a smartphone or PC? I hate smartphones but obviously have one because of the potential uses in terms of having internet access in your pocket if away from home, etc etc. Alexa is in your home only. Where you have a PC.
How is Alexa better than just going to one’s laptop and entering a search query? Isn’t, clearly. Can be much more precise with the computer.
Reminds me of last year’s tech crap marketing gimmick – the smart watch. Which, uh, does what your phone (that you need to have to make the smart watch work) does but not as well and on a microscopic screen.
Or crap gimmick prior – Windows 8. Yaaay! No more need for a mouse and keyboard! Can do everything (with far less precision) via a touch-screen! Except a mouse/keyboard setup will always work 100x better.
It needs to be made because 24/7 surveillance is being integrated into products that one does not specifically buy from Google/Apple/Amazon.
Sonos One, an internet loudspeaker / sound system that one uses with services like Spotify, for example, comes with voice control now (https://www.hifiklubben.se/streaming/sonos/sonos-one-tradlos-hogtalare)
The “smart” digital plague will spread to the entire product range, one suspect. Can one maybe dodge for another 10 years by buying Now — perhaps — OTOH maybe “They” can update the thing remotely and suddenly those CIA ghouls are inside of my bedroom!
The “voice activated” business models needs to go the way of the 3D Television!
What bothers me is articles in mainstream media sources that assume that most people own and use these devices. Most people I know (and I’m not an old codger) either can’t afford, don’t want to waste time or are afraid of this junk.
That said, my bourgeois American friends are all fully equipped with all the latest Apple products even if they don’t know what they need them for. Which means that the devices get passed on to their kids and then they spend all their time playing mindless games and watching weird Youtube video on it. The old Macs pile up in a closet and the Apple TV sits disused next to the flat screen.
The mainstream media has long been entangled with tech monopolies, providing their every ‘innovation’ with not just a sheen of legitimacy, but an aura of inevitability. Here is the execrable Suzanne Moore in yesterday’s Guardian, in an article that was actually about something entirely different (chaos in the Tory Party):
Some of it could be explained as common or garden ignorance of what technology does, its possibilities and how it actually operates. Some because columnists love invoking poorly understood subjects that provide a platform for aggrandising visions of the future. But I remember, too, that a few years ago marked a perceptible shift not just to reliance on Twitter utterances for reportage but the characterising of what was said there as a significant source of public opinion. Suddenly, it was all over the place – number of retweets, trending hashtags, sick burns. The fact that Twitter has hit something of a wall in terms of active users and that its influence on anything is far from established is never mentioned. And as this site has thoroughly investigated, the same combination of tech-ignorance and PR leg work continues to dominate coverage of Uber.
I’ll leave my tinfoil hat in its bandbox and allow others to infer why exactly this might be so. From personal experience, which includes quite a lot of contact with people in their late teens and early 20s, the ubiquity of these technologies is well overstated. It may even be the case that social media have already peaked in their present form. The people I know who use it the most and with the least critical of an eye are those who didn’t grow up with it – people in their 30s-40s. The younger ones, for whom smartphones were a fact of life rather than some new thing that appeared in a blaze of publicity, are more literate in both their uses and their more sinister significance.
re: “articles in mainstream media sources that assume that most people own and use these devices”
That’s done on purpose, part of the social conditioning done by the media, on behalf of their customers, the advertisers.
I’m not an Ayn Rand fan, but this process of media manipulation was described in The Fountainhead (1943).
aye! by long habit, developed due to varying degrees of being not-rich,my house and environs are wired for sound…with speaker wire, and old extension cords for longer runs, running to actual speakers(most, older than my children, and picked up at garage sales or piles of crap from the sidewalk, encased in scrap-wood enclosures for WX), driven by an actual “stereo”, (I never pass these up, and have a sort of bull pen of ancient amps and such, all more than 30 years old), sourced from everything from the web, the laptop, the dvd(plays cd’s better for some reason) and a “turntable”(my boys’ buddies wax poetic, if incredulously, about how “yer dad is like an archeological dig!”).
I am amazed by all these new wonders, of course…being a Nasa Kid, and all(tricorder in my pocket, right now)…but have always intuitively worried about exactly what is on display, here. The trust these folks have in all this,lol…way out here, there are few folks with such toys…all rich and satisfied and somewhat arrogant(showing off their “smart home” is sort of passive aggressive, no?)…but the few I have encountered make me wonder when people stopped taking dystopian sci-fi seriously.
If I need a beer, I’ll get up and go to the damned fridge myself(or holler for the wife and kids). I’ll sweep the floors with a $5 broom, and manipulate the illumination in my house with the cheapest light switches I can find.
this excess is patently unnecessary, and obviously contains many hidden costs.
“our desires and possessions are the strongest fetters of despotism”-Edward Gibbon
For all the rhetorical soup we swim in about hyperindividuality and mountain man self reliance, we sure go in whole hog for dependencies and key logs.
Agree. The triviality of the benefits of this new technology is mind-blowing compared with the price in privacy. My rules for living with technology:
– assume that anything you say over the phone or transmit over the internet has been broadcast,
– use all the other privacy measures you can – tape over the camera, disable microphones and Bluetooth, etc
– if it’s not worth reading the fine print before you press “accept” it’s not worth having
– do nothing through the Cloud
– stay at least two generations behind the latest release for anything – someone else can pay the higher price, work out the bugs and find the privacy landmines
Oh, please. Many people just like to have the “latest thing.” Many others perceive devices like this as labor-saving machines, whether they really are or not. Don’t be so condescending.
I used to work in home technology in a very wealthy market, and my clients were eager for voice control. We could wire the house to the teeth, sell all kinds of very nifty touchscreens and ipad apps and remote controls (with racks of electronics at the head end). Shortly after the Echo was released I came upon the lady of one house listening to music from it in the kitchen. What she said is seared into my memory as something so shocking that I had to reevaluate the profession I’d been in for fifteen years. She loved the thing. It was so easy – just say “play ____” and that is it.
Their audio system was a marvel, one of the best sounding houses I’ve ever done. She didn’t care, didn’t care to use it. Reduced friction is the most important thing. That is why people buy these devices. They’re inexpensive and they’re easy.
It’s like candy – the sweetness masks the hazard.
“What exactly can it do that you can’t do more or less just as easily from a smartphone or PC?”
yes and the spying can be done by a smartphone too, and a PC (well to a limited degree with the PC I guess, not many PCs with voice recognition as far as I know,)
Actually, I don’t know of many PCs without voice recognition, and this goes back 10 years or so.
Huh? Not true for the Apple unless you load software that does that. It is not part of the OS.
Not so, sorry. My MacBook has had Siri for several years, not sure which version it was released in. Every so often I accidentally hit the key combination that invokes it.
I have a 2015 Macbook Pro and it most assuredly does not. I searched and looked under all the places apps live. Not here.
You must have gotten it on your laptop by synching with an iPhone. I don’t have an iPhone.
Devises like an iPad or cell phone that does a voice search can also do this. When you purchase technology you are giving up your privacy. even if you don’t you can be tracked by computer controlled cameras with scanners. I believe Britain is ahead of the US in public surveillance. I think they are actually the test ground that will later be implemented in the US. Like in Orwell’s 1984 big brother is always watching. I’ve read this book 3 times and probably will reread it again in the near future.
I don’t own any of those either. And with the Echo you are allowing much greater intrusion, since while TPTB can activate your phone/voice activated cell as a listening device, the Echo is on by default all the time.
Yes they are universally surveiling your driving as well if they want to, tracking your vehicle multiple times as you cross town. Whether everyone is important enough to get this treatment or only activists depends I guess. And you can’t opt out of that just by not buying something. Don’t buy a car? Oh maybe, if we assume they aren’t watching public transit, which I’m sure they are some.
Alexa – fuck off.
A gibberish generator is called for, to piss into Bezos cloud.
Indeed, everyone’s default program should be “Contaminate the data!”
Either that or tell your Echo about how great Trump is.
I saw the water-cooler item yesterday about the turtle that somehow looks like a rifle, and the cat that from the appropriate angle resembles guacamole. I’m sure there’s research going on into planting such cues into audio signals — kind of “dog-whistles” aimed at voice recognition algos. Lambert’s shout-out to zero history was very apt. A book worth reading.
As these spy technologies become more and more ubiquitous and capable, I am actually less worried about what various nation states may be using them for than what nefarious man on the street players might be able to accomplish by leveraging bits of this very powerful, expanding, and largely unprotected ecosystem. For every James Bond or 1984 scenario, there are thousands of potential applications for conmen, stalkers, insider traders, jealous spouses, off-the-reservation Deputy Sheriffs, sociopathic pranksters, and on and on. Like it or not, this genie has left the bottle and is here to stay. As a society, we need to get smart fast about the power and very real threats that this infrastructure makes possible. If we don’t start focusing significant attention on how to mitigate these threats, we will experience and very painful period while the inmates run the asylum.
“The street finds it’s own uses for things.” – William Gibson
Apple was confronted with the same problem in facial recognition for the iPhone X but – like the fingerprints – the facial data is stored on the user’s device, processed by local AI (the Bionic CPU) and never sent to Apple – which is marginally better.
You have the same problem with On-Star in your car and the new internet connected TVs. Most computers have mics too.
The more IoT they throw at things, the more points of failure there are from Russian hackers to EMP. There needs to be backup manual on/off and operations designed into everything. I grew up coding and there’s no way I let coders steer my car.
I also grew up the son of a prosecutor. No way I tell someone what I had for lunch or where I’m going.
The ‘sharing economy’ boils down to a loss of property rights. The right of ownership is the right to exclude someone else from using your property and the socialists in corporate America don’t want you telling them they can’t have access to your stuff.
The real issue here isn’t just theft; it’s also trespass. What happens when people start planting evidence of contraband on these systems now that we can fake people’s voices with all these samples?
How long will it be before we leap from fake news to fake evidence?
“Alexa, how do you weaponize anthrax?”
the socialists in corporate America?
I think it’s a comment about the ability of products you ostensibly own to spy on you and share information with our corporate overlords without your consent. Granted socialism is a term variously defined by different people but I’m not sure this fits the anyone’s definition. Unless, like some, one thinks fascists are socialists.
“socialists in corporate America”
Not the same kind of socialism that most here conceive of. But read that in the mindset of, say, banking policy before/after the Great Recession (“privatize the gains and socialize the losses”), Google (“all of society’s data belong to us”), or any of the various cartels (“let’s rewrite the tax code again for our benefit at society’s expense”) and you understand that what he means is that the corporate “socialists” want society/government to give them more more more.
Thanks for defending me! You’re right. I was pointing out the socialization of risk.
After some reflection, I would also place this issue in the broader context of the wars of enclosure, given the recent anniversary of the Charter of the Forest. We’ve lost the forest. Now we’re literally losing our homes from the inside out, from forged foreclosure docs to eavesdropping from inside the house. (Except the landlord doesn’t even need the eaves for eavesdropping anymore.)
As the immortal bards of the internet might phrase it, All your Cheezeburgers is ours.
For accuracy I need to clarify this quote from CNET:
Echo may always to listening, but that doesn’t mean it is always recording and sending audio to Amazon, the key phrase not covered is “the moment you wake up Echo”. The “wake word” used to trigger an Echo (or Siri/Cortana/Google) is a critical design limitation that these assistants have to work around, as for responsiveness/accuracy the voice recognition needs to be done on the device itself. This is why the “wake word” is limited to one or a small set of words (Alexa/Echo/Computer), as detecting it is quite difficult to do on simple hardware locally and quickly.
Now, this doesn’t rule out the Echo just sending audio all the time, but it would be consume a lot of bandwidth/storage/processing to do so, making it impractical to do so on a large scale and easily noticeable. I could imagine the NSA/CIA having a backdoor to do so (on individual devices) but not doing so all the time.
Please re-read what I wrote.
First, voice does not take much bandwidth. These devices are in homes with friggin’ Netflix or Google Prime streaming accounts, and you can still do other stuff like have your kids do their homework on the Internet at the same time. There’s no bandwidth constraint here.
Second, my issue isn’t Amazon. My issue is what we know from Snowden, that pretty much all Internet-enabled devices with a camera or a mike are able to spy on you. They can be turned on without you knowing it even when they appear to be off. Here you have Echo-Google Home which is on all the time, listening all the time, and Snowden made clear what the NSA wants is total data capture. IMHO is is incredibly naive to think they won’t do that.
Yes, but just because something is possible doesn’t mean it’s mandatory.
Batman was just a movie. The capability to drill down and spot check people of interest is different than the capability to run large scale correlation across geographically large territories, or even target city blocks.
Home networks can be air gapped and firewalled in ways that ensure that you control what gets out. That’s harder to do for things like cell phones, which is why Snowden had to take more extreme measures there. Alexa devices don’t yet come with an integrated cell phone.
There are some serious privacy implications, but they’re a step or two further way from immediate real world implementations.
https://www.wired.com/story/the-first-alexa-phone-gets-amazon-even-closer-to-total-domination/
Firstly, the unshakable faith I see that people have in their tech is startling. Firewalls are most definitely not infallible because testing their implementations and configurations is such a lengthy process which most people have neither the time nor the skill to conduct properly. Most of us just accept the out of the box settings and leave it at that.
Then there’s cost. A true stateful packet inspection firewall with separate DMZ implemented in stand-alone hardware is impractical and expensive for a typical user. So while anorak-wearing tech-savvy people might consider it, the vast majority of Echo / Google Home / Siri users definitely would not. I’m a bit of an anorak so could do all the things I’ve mentioned in terms of having the requisite knowledge, but there are way, way too many taxes on my time already to make me set aside the mental and time requirements this would entail. Not least because you have to keep testing at regular intervals just in case some update or behind-your-back policy changes got done by your ISP or O/S vendor as part of, ironically, security patches. You can’t merely set it up and then leave it alone from there on in.
Finally, all firewalls are a compromise between allowing necessary access to the outside world and cutting off things you don’t want to get through. There’s no getting around this. So there’s no magic bullet. What you can do is reduce the attack surfaces. Echo et al are a big screaming “aim here” sign.
The ShieldsUP! site might be of help to some commentators and is easy to use to test your firewall-
https://www.grc.com/x/ne.dll?bh0bkyd2
The point isn’t that the NSA can or will spy on *everyone* just that can and do spy on *anyone.*
I’m always amazed how these discussions attract the typical clueless nerd without a shred of insight yammering “aww jeez…no big deal…you folks just need to do X Y and Z and you’re safe”. The Echo and similar devices are not targeting the Slashdot crowd but the mass consumer audience.
No, the data rates is quite trivial.
Using a normal GSM data compression algorithm, one can get down to 6 kBit/s, usually 13 kBit/s, data rates for voice while keeping the voice recognisable. That amount of data would be 1.6 kByte/s. On “copper” DSL today, we get 8-30 MegaByte/s, while Coax / Fibre is 100 MegaByte/s in the minimal configuration.
GSM will “shut down” the data stream when no voice is detected, just sending few “I am Alive” messages, the noise heard on the receiving end is “comfort noise” generated by the receiver to stop people from hanging up because they think the connection is broken.
Anyway, for GSM audio monitoring we are well below 1% of the bandwidth installed in a household, who also have some kind of streaming service (or they would not have these devices to begin with). That amount of traffic is not noticeable. Someone could see the data flow if they hook up tools like WireShark and know where to look.
Someone like the NSA, FSB (or Google/Amazon/Samsung) could counter exposure to a significant degree by sneaking the Audio data into streams that are already “running”, like the music (the music is a digital stream so one can subtract the outgoing sound from the incoming to get the voice), then just use normal HTTPS / TLS encryption on the outgoing “Gimme Moar Data”-requests that are part of the running stream to cloak the added data. Nobody would see that, unless, perhaps by comparing package sizes from different devices but other things like padding and byte alignment are feeding into that so this would be quite difficult to say with certainty that something is “in there”.
For 24/7 streaming of voice, Someone like the NSA could have hacked both the home router and the “smart” device to use a custom protocol close to the physical level of the network, like ARP or even raw IEEE 802 which common tools like WireShark will not readily see. Protocol analysers could, these starts at thousands of USD and one has to know to use them. So the NSA would perhaps avoid network engineers with telco experience :). But, why risk it all ? Most “bad people” will just turn the music or TeeVee ON to avoid being listened to …
For extraction, the NSA would use a hacked edge router at the telecom provider to either route the total stream via their extraction point for collection or, better, easier, using the endpoint for re-packaging “their data” into a new stream, letting the (hacked!?) endpoint at Google/Amazon doing the decryption for them.
The speech can be further “compressed” by converting it into text. Which they probably do, not for compression but to make it searchable (they will link the search terms with the audio, of course).
The only thing stopping “bugging everyone” from taking place is legislation and draconian enforcement. Technically it is totally practical, not very hard and not even very expensive. However, we know what the track record is on both legislation and enforcement, so we basically know what to expect already!
Some links:
http://www.radio-electronics.com/info/cellulartelecomms/gsm_technical/audio-codecs-vocoders-amr-celp.php
http://blog.archive.org/2013/06/15/cost-to-store-all-us-phonecalls-made-in-a-year-in-cloud-storage-so-it-could-be-datamined
I wonder about the future of this voice technology and responses to it.
1. If someone records enough samples of my voice (like when I answer telemarketing calls), can that person fool the bank software and log in as me?
2. Can there be an app that puts some voice emulator on my device, to then transmit a created voice to Amazon or Google? And could that made-up voice be changed every so often? (I guess I would need to tell Amazon/Google “just got a house sitter, work with that person.” )
On question #1: William Burrows 2001 book By Any Means Necessary on the history of cold war surveillance flights near to and over the USSR mentions that by the late cold war, the US had the ability to transmit fake radio conversations from surveillance aircraft using voices constructed from the content of previous intercepts.
As a signal-processing engineer myself, I don’t find the capability at all surprising. From a technical point of view, it’s close to obvious. What is perhaps more surprising is this capability being mentioned in an unclassified publication. Apparently the censors thought it obvious as well.
For the truly security conscious(or, the new tin foil hat):
https://www.walmart.com/ip/Star-Wars-The-Empire-Strikes-Back-Darth-Vader-Voice-Changer-Helmet/46203099?wmlspartner=wlpa&selectedSellerId=3351&adid=22222222227034038860&wl0=&wl1=g&wl2=c&wl3=72202716032&wl4=pla-140125990112&wl5=9027529&wl6=&wl7=&wl8=&wl9=pla&wl10=113553737&wl11=online&wl12=46203099&wl13=&veh=sem
On a recent trip to the eye doctor(45 minutes one way) with my 12 year old son, he was going on about some new game/time-waster that had emerged from the school-provided Ipad…the details escape me, now, but it was obviously a mechanism to improve AI, and/or collect Data.
I began to explain this(on such trips I get to hold forth at length. this is expected and tolerated), pointing to the On Star Button in my mom’s car, the Iphone in my pocket, the redlight cameras when we got to town, the pressure plates in the road to make the turn light come on, and once in the eye doctor’s office, I point silently to the 5 little cameras placed unobtrusively around the large front room. Simultaneously with all these random examples, I explained Big Data and it’s uses, with a passionate digression into Fourth Amendment, and another into things like doxxing and spoofing and gaslighting.
A week later, and I find that my son has placed a bit of tape over the ipad’s camera.
The craziest thing is that this 3-4 hour wide ranging lecture/socratic dialog didn’t even scratch the surface of our panopticon brave new world.
There will come a day when humans are unable to even conceive of the idea of “Privacy”.
Once upon a time “the talk” parents had with 10-12 year-old children was about sex. Now there’s “the talk” about AI and Data Collection. It’s just as important as “the talk” about sex, imo, when you consider both can have a profound affect on your child’s entire adult life.
no wonder young people are not having as much sex anymore, too much else to worry about.
Call me circumspect, or various other words. I don’t answer calls from unknown numbers, and screen the known numbers to let the other person speak first, in part to assess if it is a live person whose voice I recognize. I assume that any caller may record my voice, and that more recording means more opportunity to manipulate digital capture records to deploy in any number of auto-response scenarios to my detriment. That only covers my abode. Then I need to be concerned about being out among ’em. Casual conversations anywhere could lead to unwanted consequences.
Now I need to get to work on that Faraday wardrobe.
The “spooky technologies” you mention are indeed decades old. Essentially, for example, if you want to have a private meeting in any confined space with a window, you need not only to leave all electronic gadgets outside (that probably includes Apple Watches) but pull the curtains or otherwise find a way of stopping the glass pane from vibrating to the sound of your voice. And never sit with your computer in a position from which the screen is visible, even from a long distance.
As usual, it will be less the technologies themselves than the clever ideas for misusing them that are the problem. And if history is any guide, we have no idea, at the moment, what they will be. But what’s already clear is that real-time monitoring of the movements, speech and even emotions of citizens by any reasonably advanced state is not that far away.
A couple of very old data points to flesh this out more. Two decades ago I read that mobs like the US State Department would play classic music at meetings so that the old laser-detecting vibrations-to-record-voices trick would not work but that probably does not work any more.
And for never sitting with your computer in a position from which the screen is visible, well, years ago I read that you can have a van parked nearby that would hone in on the radiation that your monitor would give off. Using that info, it would then in real time reconstruct exactly what you are seeing on your own screen.
These days those seem almost quaint now. These days you would probably have someone from a three-letter agency sit in his office and say Siri/Alexa/Echo give us a transcript of everything said in Frank’s home and include whatever passwords he says and then sit down and watch a mirror image of Frank’s computer monitor on a corner of his own.
A few years ago a journalist reporting on mobs like these watched as the article she was composing was being deleted right in front of her. She wistfully wondered if the person that was deleting her work at least liked what they read first.
About a year ago, my husband and I were working at home and happened to discuss the problems we were having with our washer/dryer. Within 10 minutes, on the home page of a.n. other financial blog, an ad appeared in the r/h margin advertising….washer/dryers.
I purposely destroyed the mics on the laptops in my house and have a separate peripheral mic I hook in if I need to talk to someone. Otherwise cell phones are kept in a separate room from my wife and I and tape over all the webcams.
What I really want to do is get a dedicated microwave to put our phones in at night as a faraday cage. Need to find some space to do that.
I know some people that have an Echo in their bedroom. Bizarre. But like self driving cars, all it will take is one incident of creepiness for the market to start to turn the other way. Amazon better behave itself.
Is there an easy way to disable the mics in the laptops? I need to do that.
They sell phone Faraday sleeves on the Internet. You can test if they really work by trying to call your phone. I plan to get one. They have bigger sizes for tablets and laptops, and IIRC even a backpack.
There are ways to disable onboard mics through your settings. However, given what Snowden is saying about remote access, all the backdoors in major operating systems probably means someone can turn them back on without much effort.
Given how crappy most onboard mics are on laptops and the like, you might as well just shred them anyway. They are usually located next to the webcam inside a tiny hole. I just took an unbent paperclip, shoved it in there, and scratched around. I did this and tested the mic in the settings until it didn’t register my voice.
There’s probably more graceful ways to do it but that’s how I handle things, hah! Next up will be my mini faraday cages, thanks for the recc.
I prefer the method I began using years ago with the family television sets.
1- Place the device in an outdoor location with a earthen embankment behind it.
2- Load the 7mm Magnum big game rifle with a single round.
3- Fire when ready
That reminds me of the naval test for components that are suspected of being damaged:
1. Remove suspect component
2. Throw into ocean
3. If it sinks, it was damaged.
I don’t think that there are any good answers here. Consider, Mark Zuckerberg who can afford to spend billions on his own computer security but still tapes over his laptop’s camera and mics as revealed in a candid foto (https://www.hackread.com/mark-zuckerbergs-laptop-cam-tape/) taken last year. The future seemed so simple in Star Trek when you would talk to the computer from any part of the ship – even though it was foreseen that sometimes there might be problems (https://www.youtube.com/watch?v=nVA5HSE6igQ). It was also clear here that your personal logs were your own and that they could be only accessed for vital reasons.
These smart devices like Alexa and Echo are like those smart TVs that not only have an inbuilt microphone (always on) and an internal camera filming what is in front of the TV but also having face recognition technology built in and all connected to servers. It creeps me out thinking about having one that could not only record your private conversations with your wife but would put them through truth-lie algorithms to tell when you lie. If hacked, it takes blackmail to a whole other level. That anecdote by rcd confirmed my worst suspicions. As far as those devices are concerned, not with this little black duck!
I keep a small metal coffee can in the truck for when I need to go somewhere unobserved.
We who worry about this sort of thing seem to be outliers,lol.
My highschooler son has been in trouble twice because one of his friends put an image online of the beer at a party, or the girl in the hotel room at UIL.
In both cases, another kid…excluded from the fun, I guess…threw a hissy and complained to their parents, and soon, I am called in to the office to glare menacingly at the principal.
I resolved long ago to not be my parents, and to allow the beer drinking(inevitable) to take place out here in the wilderness, rather than on dirt roads or in parking lots. But I not only confiscate keys, I now confiscate phones,lol.
And it ain’t because of the parents of whomever is out here(we are all in agreement that this is a better way), but spurned girlfriends and the busybodies and preacher’s son trolls.
as for the previous poster, I keep an old microwave, with the power cable wrapped around a 5′ copper rod in the ground for safe storage of a hand cranked shortwave and a few of those flashlights that you shake to operate.
It cost me nothing, and EMP has seemed so obvious to me that I’m surprised no one has attempted it yet.
Is there an easy way to disable the mics in the laptops?
The most reliable way to do this is to disconnect or remove the microphone. This can be very difficult to do in some modern laptops which are not intended to repairable. Take the 15″ Macbook Pro Retina, for example:
https://www.ifixit.com/Guide/MacBook+Pro+15-Inch+Retina+Display+Early+2013+Microphone+Replacement/17056
34 steps (some rather intricate and error-prone) just to get to the blasted thing and remove it, assuming you have the magic Apple pentalobe screwdriver that’s required to open the case.
Interesting aside: At this years Geospatial Intelligence Conference in San Antonio (yes, I could’ve been Yves’s source, but I wasn’t), one of the most popular bits of swag was a stick-on sliding webcam cover for laptops, rather like this:
https://www.printglobe.com/sliding-webcam-cover/100043
I prefer the traditional duct tape, myself.
A drop of glue can help and is much simpler ;-). Without air flow sensitivity of the mic drops dramatically.
In most cases collection of metadata (your calls, browsing history, email headers, etc) is enough for you already to be like a bug under the microscope.
The recording of conversations, unless you are high value target, is completely redundant.
I don’t buy that. Although my professional life is on the Web via my expressing my views on the site, my personal life isn’t anywhere near as readily accessible as for most people. For instance, I do such a huge amount of Web surfing for professional reasons you’d be hard pressed to identify what was personal in that.
“my personal life isn’t anywhere near as readily accessible”
Not true. It is readily assessable. For example, looking for medical information (WebMD, etc), drugs, watching movies, sport sites, music sites that you visit, porno sites for males, set of your posts, shopping at Amazon, reviews, if any, etc usually are very informative as for your “personal life”.
Social sites on which person posts represent so called “set of active sites set”. The mere fact that a person posts on Naked Capitalism on a recurrent basis represents what it is called a “signature” — which means that some subset of person interests can be extrapolated from the interests of other visitors to the same site. This “preference” can be correlated with your others postings, vocabulary that you use in them, “trigger phases” ( http://www.huffingtonpost.com/2012/02/24/homeland-security-manual_n_1299908.html ), their frequency and other similar “markers”.
All this helps to create your “Web profile” which includes your education level, set of hobbies, political views, medical problems, personal problems, financial problems, etc. Tell me now that your personal life is not accessible.
Each Web site from the point of view of Web log analysis has a certain “attributes” and the level of “affinity” to similar sites which often link to this site (for example for naked capitalism Alexa lists wolfstreet.com, economicoutlook.net, cepr.net, truthdig.com and mishtalk.com as “similar”)
If you visit set of “affiliated sites” that increases probability that you belong to certain social strata, or share certain interests/views.
Look at https://www.alexa.com/siteinfo/nakedcapitalism.com for the set of metrics computed.
All that means that for any person the history of Web activities for a year or more allows to create Web profile (or dossier, if you wish) in which professional interests and personal interests somewhat overlap (especially if you work from home), but some (or even large) part of them still can be distinguished.
You can actually create you own Web profile yourself installing Web proxy and using some scripts like AWstats. That’s a very interesting and educational exercise. Of course, if you a programmer you can write your own scripts or enhance existing to get more information. But in any case just looking at your one year Web stats you probably will be surprised how much of your “personal interests” can be deduced from this profile. First of all just the list of sites you visit recurrently creates a certain profile. Also from them you can calculate certain integral metrics, for example something like “index of loyalty/political correctness” (I heard that China is doing or planning to do something along those lines).
Also “professional interests” related Web surfing of not, there are certain “outliers sites” that you visit and certain “trigger sites/pages” which allow to narrow the set of your personal “trait” visible in your Web profile. Which, among other things, can help to identify you on other devices even if you do not login to any sites.
Bulk of surfing can be discarded, but just timestamps give quite a bit information about your personal life, about how you plan you day, etc. If for example a person usually spend 10 hours a day surfing the Web that fact alone is an important part of the Web profile characterizing the person as “Web junky”.
Which usually tells a lot about this particular person personal life and even allows to deduce some personal traits.
Outliers, sites not commonly visited by similar surfers, might be even more interesting.
Also interesting is how your Web browsing “footprint” evolves from one month to another.
For example set of sites that there were prominent in the past disappeared from your Web profile might suggest that a certain problem is solved, or put on backburner, etc. And many other things along those lines.
I see you project normal behavior on to me. My original claim stands. This was your statement:
First, I do not look at medical sites for matters of personal interest since I don’t need to. 98+% of my visits to medical sites are for news referred by readers or general public health matters like the opioid crisis. The rest are on behalf of my mother, siblings, or friends. Without going into details, the type of insurance policy I have and the manner in which I interact with my insurer also means they have less information on me than on the overwhelming majority of payments (what information your insurer gets from your doctor is a function of whether you pay or they pay).
Second, I do not visit sport sites, watch movie (I don’t use Netflix nor do I watch TV or even have a cable account) and I do not use iTunes, the Apple Apps Store, or any similar Google services. When I listen to music, which is not often, it is on DVDs on my system here. And those DVDs were purchased before 2001, most of them (gasp) in physical stores. I don’t shop much at Amazon, I don’t shop much on the Web at all, and even then most of that that is for gifts (and I have decided not to use Amazon unless absolutely required going forward).
All you could infer from my shopping is that I buy dietary supplements (a ton, so you couldn’t make specific inferences save that I am a health nut) and some warm winter clothes staples, like heavy socks, the sort of thing any person in the Northern half of the country might buy.
No. There isn’t an easy way. If you can find the actual microphone opening you can carefully fill the microphone with a solvent based glue using a syringe and a needle. One does not want to break it, because maybe the OS/drivers checks for the presence of the physical device and then there is an error code logged and one is tagged. Disabling the microphone is not always very practical. On MacBook Pros, at least one mike is under the left loudspeaker grid and one cannot get at it without disassembly.
Then the question is, is this the only one? There could be several, they are so cheap and small. Some might be “secret sauce”, perhaps used for making certain vendors video call application superior to the others, and not visible to the OS in the normal way.
The loudspeakers — are also microphones; if there is something going on where the audio system tracks the voltage applied to the speakers, maybe to shape / improve the sound, perhaps that signal is available to the CPU somehow and can be recovered. There are other embedded devices that can be made to work like microphones. Accelerometers used to protect the hard disk when one drops the laptop and the WiFi signals themselves, which can be used for RADAR-like surveillance and maybe audio extraction too. Currently, this is only for people with nation-state tools and hacking capability.
If the opposition is the common crook looking for insider information or a stalker, then it might be OK with disabling the regular microphone.
Nation States or Rogue Law Enforcement …. One can pretty much forget about it! In that situation one should not be near anything electronic at all when discussing serious things, and one should take care to not be visible on cameras. Computers are good a lip-reading too.
There is a book, “Cryptoguide for Journalists”, sadly in Danish Only but the authors does link to tools that are English and probably useful, the EFF has something similar in English:
EFF -> https://ssd.eff.org
UK Info (nerdy!) -> https://securityinabox.org/en/
links to tools -> http://www.journalismfund.eu/sites/default/files/Digital%20Security_0.pdf
Book Info -> https://www.cryptoguide.dk/english
Technologies can be surreptitiously remotely enabled/manipulated on any device with some way in (probably via networking, possibly via the same listening system with different cues — imagine your TV saying a secret code word to Alexa to put it in permanent-recording mode). This sort of use has been OK’d by the courts under warrant, sometimes, in cars via OnStar, et al. Whenever you disable a technology in the software menu of the device, there is the possibility of someone else re-enabling it (or the software ignoring your request) without your consent or awareness.
As a security researcher I’ve wanted to see a movement for DIY hardware toggles for sensitive components in a device. It should be possible to sever signals to/from any such component, or better, to de-power the component without compromising device integrity/stability. Any camera, microphone or biometric scanner is obviously sensitive. Any component of telephony, from cellular to wi-fi (those things announce your presence to the world as they ‘scan’, constantly, and can be responsive when the device is off!) to near-field communication is sensitive. You (should) want a physical airplane-mode toggle, not just a software configuration option that you’re supposed to trust. This needs to apply to all of the devices in one’s life and all of the components. As we enumerate the bits on a phone, the same logic must apply to a car (how many of us know how many microphones are there and where?). And we should expect vendors to make this impossible (out of apathy or out of defense of their own ability to listen). Maybe some vendors could court the security-minded and work to provide physically-auditable toggles… but I doubt any market-based solution would solve this problem much.
(Asofyet I haven’t seen a lot of movement on the DIY toggle front though maybe I’ve missed an example. I’m not a good person to start the work as I have a reverse midas touch with hardware hacking).
Knowing the possibility of a device lying to its user as to the disabling of snooping technology (or the possibility that something else was physically installed to spy), Bunnie and Snowden wrote guides for detecting that signaling is in use regardless of software settings, as a manual for journalists and others worried about it. Start here and search for more: https://www.pubpub.org/pub/direct-radio-introspection. I think those guys also talk about mitigation in newer work.
Just my two cents as to where a gap exists. Hopefully I’m not now on a !@#$list of the surveillance state just for thinking this aloud…
All our electronic appliances are wide open by default, and I don’t know why that fact is not addressed in the aftermarket. The total absence of aftermarket hard switches, camera covers, apertures, etc. is freakishly weird. It has been obvious for years that there is a small, but potentially profitable market for such items. It’s as if the home ‘window treatments’ business were suddenly eradicated. As if shades and curtains simply didn’t exist.
I do not understand why cell phone cases with small sliding doors over the rear camera aren’t part of every major vendors product line up. Yet, there is no ‘Speck’ or ‘Kate Spade’ branded phone case on the market that allows the owner to cover even one camera.
Likewise with ‘smart’ TVs. Why aren’t there closing cases, drapes, and other furniture for the niche consumer who wants them? There is nothing inherently attractive about a blank LCD screen. Hiding it behind a mahogany door seems more normal than not (particularly in an era when the wealthy hide their refrigerators and dishwashers behind cabinetry that matches the shelving). I truly remember more closed cases for TVs 20 years ago, when you needed a great cabinet to hold a 20” deep CRT in the living room. Shutters or doors on the central space of the ‘entertainment center’ armoire were common then.
I used to have a Nokia which had a large sliding door over the camera. Opening it would activate the camera without having to fumble with any buttons or slidey icons. The shutter was a tactile button on the side too. Great for capturing fleeting moments as it would be ready to go in half a second. They won’t do it now because it would make the phone too fat.
One could point out that Snowden also did things like put mobile phones in the microwave (Faraday cage) and advised taking the battery out of cellphones, including the dumb kind,when not in use. And while not many of us have Echo–one hopes–we almost all have computers which are surveillance engines of the finest kind.
To me Echo is just another one of Bezos’ dumb ideas to go with drone deliveries and no checkout retail stores. The haystack problem suggests electronic surveillance isn’t all it’s cracked up to be and these capabilities somehow fail to prevent domestic terrorism, mass shootings and all the other horrors that go on.
I’ve seen videos that show for the older phones (dunno if true for current gen smart phone) that the battery that you think turns off the phone isn’t necessarily the one to worry about. Many phones have a second battery, deeper in the guts of the phone, that is a circular lithium battery, like the kind you use to power watches.
That’s the case with laptops, too (at least Lenovo): they have an internal battery, distinct from the one you can remove. It is probably the case for all computer-like devices.
The little battery runs the clock when your computer is shut down so you will have the correct time/date on your machine when you turn it back on. IIRC the clock battery is something like 1.5 volts, while a decent-sized laptop probably runs on 20 volts. So you don’t need to be worried about that battery.
What’s REALLY scary is the guy who built a Linux instance which would run on the chips in your hard drive electronics and be accessed through the serial port HD manufacturers use for testing.
I don’t know that those little batteries will last long if they’re used for actual broadcasting, even though they’ll power digital watch chips for decades. They might be enough to keep recording sound to memory for quite a long time, until the radio link “officially” fires up again.
I’m not an electronics expert, but I believe those coin cells are used to keep the internal clocks going. They can last forever because they use nano-Amps of currrent.
The other social cost of this, mentioned in passing, is the drive of corporations to get rid of even more workers. Out of work phone call centre people need to eat too. Unlike the promises during the original industrial revolutions, there seem not to be compensating forms of employment being promised or created to ‘take up the slack’ of the displaced workers.
Jackpot City, here we come!
While the article is written with respect to surveillance’s impact on the individual it is important to note that the new technology here is the aggregation of surveillance onto crowds.
The individual is less important than the group. Manage the group and the individual is easy.
I just shared this post with a Microsoft certified IT fellow that works in my business. (He tells me he makes twice the money repairing automobiles in my shop as he did doing IT work)
He also tells me, ANECDOTAL AND UNVERIFIED, that he deliberately began using the word “alpaca” repeatedly, in conversation, around his smart phone, at work and at home.
After a few days, he said he began receiving advertising for alpaca products.
I am going to do the same thing, using some oddball word that I would never use, just to see what happens. So many possibilities to choose from……. hmmm..
Alexa – bring me Jeff Bezos head.
This reminds me of a long running (half) joke idea i had for a business plan. The premise is to perform various actions that will attract your street address to direct mail campaigns, then when your (snail mail) mailbox gets bombarded by junk mail, you can just sell the inbound stream to recycling plants. $$$ Whatcha think?
I don’t see a need per se for the Echo Dot we own, but it does provide some utility and (more often) amusement. And I realize that this is a species of “if you have nothing to hide…”, but honestly, there’s nothing said in its presence that could be remotely considered dangerous, incriminating or embarrassing.
We also own and use cell phones and laptops that have the same functions, with no more compunction. I’m sure there are people and settings for which this warning is appropriate, but I’m personally unconcerned. Certainly any technology can be misused, but this one is pretty far down my list of worries.
Frankly, whatever expectation of privacy you have in your daily life is unwarranted. The genie is out of the bottle — and it’s sitting in your car, your purse, on the shelf, in your ‘smart’ TV etc. I believe we have to adapt, each in our own way and in accordance with our degree of paranoia, because none of this is going away. Just because you don’t invite Alexa into you home doesn’t mean her cousins aren’t going to drop by.
“Frankly, whatever expectation of privacy you have in your daily life is unwarranted. The genie is out of the bottle — and it’s sitting in your car, your purse, on the shelf, in your ‘smart’ TV etc.”
So there’s no alternative, then? Of course I have a flip phone, listen to football on the the old combo cassette/radio “boom box”,…You are describing the state of affairs for my wealthier friends, however, and agree that those of you who feel confident enough in your circumstances to feel there is nothing you do that needs to be hidden, I’d say you and they are cognitively captured by faith in tech, but all that tech money comes from people who don’t respect the need for privacy such as yourself. I’d say the genie is in fact out of the bottle and his name is donald trump, if I had a dime for every time I heard a techie or mba say “there’s going to be winner’s and loser’s, with the tacit assumption being there will be a lot more losers than winners, and the tech/mba guys will always be the winners…somehow this phrase that was once so popular has disappeared down the memory hole because the tech/mba crowd who are so intent on screwing everyone else because tina actually found themselves to be the losers. Whoocoodanode. Anecdotally and slightly off topic, a friend was attacked yesterday in seattle by one of the ubiquitous homeless people armed with a knife (“huge box cutter, didn’t think you could buy one that big”) in an upscale neighborhood. Luckily his car door was still open and he was able to get back in and lock the doors while the guy laid waste to his paint job. Picture these homeless people (who it doesn’t really need to be pointed out don’t have smart tv, iphone 10x, or modern equipment on their 72 pinto or winnebago) start to get together because they truly have nothing else to lose to the bezos of the world and start to attack you in your pseudo safe environment. When there are roving bands of these people you’ll wish the donald was your biggest problem. So I’ve got a right back atcha, whatever expectation of safety and security you have is wildly misguided The genie has a message for you, we live a rapaciously greedy, stratified, and mean spirited country, and you’ll get what you deserve, good and hard.
http://i0.kym-cdn.com/photos/images/facebook/000/299/691/1a4.jpg
Sounds like the “I don’t see race” solution to electronic privacy invasion. Equally naive and regressive.
So presumably you are able to see into the future to know who will be in charge of deciding what exactly is considered dangerous, incriminating or embarrassing? Quite a gift you have…
…there’s nothing said in its presence that could be remotely considered dangerous, incriminating or embarrassing.
I am sure Ann Frank’s parents thought the same.
Not that anyone here is contemplating murder, but this is relevant to the conversation, I am sure:
Amazon gives up Echo data to police in murder investigation
Not to make light of the intrusion problems posed by owning smart phones, smart TV’s and laptops with cameras and microphones (I, too, have been rattled by seeing ads on websites for objects or conditions that I and my spouse had been discussing a day earlier), but I would be more likely to purchase a voice-activated command system that had a male persona; I would love to call out, lazily, “Ralph (or ‘Bob’ or ‘James’), shut the friggin’ cupboard doors and chill a glass of Pinot Grigio to exactly 51 degrees.”
The problem is really one of data retention; as usual there is no reason for a voice assistant to run in some megacorp’s private cloud. We all have hefty computers at home more than capable of running these things and keeping the whole thing private – the voice data, the request, etc.
It would not be hard to organize a free software project to make an Alexa quality voice assistant that you can run on a private computer; with an internet connection you can even run a client to it from your phone.
This is the only way to freedom from the surveillance system; the alternative is simply refusing the technology. However, so far we have really failed at delivering good free software in these areas (voice commands and also mobile phones in general); we have no one to blame but ourselves for this. Passively hoping the megacorps will behave morally seems to not be working.
“This call is being recorded for quality control purposes.”
Yesterday my fidelity service rep invited me to have my voice print archived so that they could save me the inconvenience of having to provide those security details like my mom’s maiden name and the street I grew up on. Our conversation was less than ten minutes at that point and he had a desktop widget running that told him they had collected sufficient voice data on me to do this.
I opted out.
“for quality control purposes” = “for quality control purposes and whatever the NSA and CIA see fit to do with it”
Disturbing, to say the least, and kind of puts Amazon’s commitment to hire military personnel in a[n even more] sinister light. Amazon is closely associating itself with the military because grateful patriotism, even as it takes losses to destroy other businesses. Huh.
http://www.businesswire.com/news/home/20171109005408/en/
No relatively advanced nation state with a decent-sized security state apparatus is going to allow a native high tech firm to flourish without a heavily deal of cooperation.
Hell, in most cases in the U.S. it is the defensive industry since the end of WW2 that is a key player in terms of early rounds of funding and forming links to corporate research centers & university researchers.
Just look at the role DARPA has played already in driverless technology. Their fingerprints are all over it and it is easily found in the public domain.
I’d like to add this bit of info to this commentary FYI it is a hot subject in my neck of the woods.
http://www.azcentral.com/story/money/business/2014/12/12/state-settles-smart-meter-debate/20343257/
The good discussion in this article is just one facet of a much larger change to our society. In the old days, the presumption was that everything one did was private unless specific steps were taken to make it public, perhaps holding a press conference, or doing it in the middle of a busy street or a public square.
More recently, this has changed. Now, the presumption must be that everything one does is public, unless specific steps are taken to make it private. (I won’t presume to outline the steps one needs to take for privacy, since this changes every day. A general statement would be that much of the privacy invasion is technological, and the older the technology one surrounds oneself with is, the less likely one is to have one’s activities publicized.)
It’s hard to overstate the impact of this change, and everyone, including individuals all the way up to very large businesses, is obviously still grappling with it. It’s hard to say overall whether this change is a good or a bad thing, but there is clearly no rolling back the clock.
Way back in 81, I hired on as a residential telephone tech for GTE. They actually had a document called “The Telephoneman Oath” that all employees were required to read and sign.
It specifically said that all conversations you heard while testing lines were private and confidential. Period.
If you divulged to anyone any conversation you would be summarily terminated. Period.
If you heard a convo about say a plot to kill somebody and you notified your boss or the authorities, terminated. Period. No exceptions.
My how times have changed.
See “The AI Now 2017 Report.“ (pdf)
I’ve apprised them of this post.
Looks like my minuscule investment in the Fundraiser category of ‘More Meetups’, along with that mutual investment of so many other NCers, is already beginning to pay out phenomenal dividends. Thanks to all… ;-)
About 3 years ago when I moved back to my state, I went to a credit union to open a checking account. I favor credit unions over banks, but lately I’ve noticed some of them are getting a lot more commercialized as they merge and grow.
Anyway, I was told I had to wait to set it up with the branch manager who was at lunch. When she returned and was entering my information on her computer, some red text caught my eye even though the screen was mostly angled away from me so I couldn’t actually read it. To me it suggested some kind of alert or cue for something important, who knows. It did serve to alert my own curiosity.
Then in the process of setting up the account, out of the blue the manager asked me about my pets. Since I don’t have any, that conversation should have been very brief but somehow she managed to prolong it somehow, maybe asking why not but I forget now. That would be the kind of question that would immediately start people talking, but it came out so awkwardly in the timing that I got the impression it wasn’t social as much a business related. At any rate, it did eliciting more conversation from me other than the brief but relevant answers I gave her for my account information.
Before I left, I also noticed a box directly in front of me on her desk. It caught my eye because it was placed near the edge, not set back closer to her but I really didn’t give it any more attention other than that. But combined with the pet questioning and red text, I later wondered if my voice had been recorded for some kind of security program.
Naturally they’d only get a voice recording when they could capture someone’s natural voice in a relaxed conversation, such as about beloved pets. After all, if you’re not aware you’re being recorded, you don’t get tense vocal cords or try too hard to enunciate. Plus it’s only for security reasons, right? So why tell us? The things they do for security has to be secret, otherwise it’s not secure!
But my suspicious mind thinks that whenever valuable personal identifiers are collected by any business or government entity for any reason, and certainly when it’s incentivized or written into the fine print of Patriot Act type laws, it ends up in Utah repository.
COLLECT IT ALL is not just a conspiracy theory anymore.
Or am I just being paranoid?
“…Apart from the creepy crawley surveillance aspect (and Google/Amazon bother me far more than the state security apparatus…” (Clive, from the original article.)
As far as I’m concerned, Amazon and Google ARE (at least a part of) the state security apparatus. Links between the NSA and Google have been well-established, and Amazon is a CIA contractor.
http://america.aljazeera.com/articles/2014/5/6/nsa-chief-google.html
http://www.defenseone.com/technology/2014/07/how-cia-partnered-amazon-and-changed-intelligence/88555/
(Hope that’s not too many links!)
Live interview re this topic and more. Interview will be archived at the site soon. https://ww2.kqed.org/forum/2017/11/08/graphic-novel-explores-the-history-of-drone-warfare/
Also, Krasny interviewed Snowden last night from the Curran theater in SF. I assume this will also become available on their archive. https://sfcurran.com/the-currant/interviews/
Host: Michael Krasny
NOVEMBER 9, 2017
SHARE
Episode airs November 9, 2017 at 9:30 AM
Investigative journalist Pratap Chatterjee and editorial cartoonist Khalil Bendib present a history of drone warfare and mass surveillance in “VERAX,” a graphic novel. The first half of the book profiles famous whistleblowers like Julian Assange and Edward Snowden. In the second half, Chatterjee investigates the murky background of drone warfare and its ethical implications. We talk to both authors about their new book and unexpected approach.
Guests:
Khalil Bendib, editorial cartoonist and graphic novelist; co-creator, “VERAX: The True History of Whistleblowers, Drone Warfare and Mass Surveillance”; co-host, “Voices of the Middle East”
Pratap Chatterjee, executive director, CorpWatch; co-author, “VERAX: The True History of Whistleblowers, Drone Warfare, and Mass Surveillance”
I have a friend who works with C-Suite types in tech from major companies (sorry, I won’t name names or companies). These people he works with on his account have basically told him that Amazon has hit a homerun with Echo based on its mic and how it can single out a voice in a crowd. Everybody else is playing catch up on Alexa just like they are playing catch up on AWS. This was over a year ago.
When he was approached by family for advice on which of these devices to buy, he flat out told them they are all generally equal [for personal use], the question is who do you want to collect your data?
Actually, I wonder if it would be useful to buy one under your name, and then play a pre-recorded message next to it over and over again just for the purposes of spoofing or giving bad data to Google/Amazon/NSA/etc. as a counter-survellience measure. This way, if you are an activist or protester, you can give them a steady stream of bad or useless data in whatever file they have collected on you to make your “profile” extremely inaccurate.
I work in info security. I have an Echo, though admittedly not in my bedroom. I think your threat model is wrong, for a couple of reasons.
One, the Echo’s ability to distinguish voices isn’t what you’re portraying. Anyone in the house (or people on TV, in a few infamous cases) can in fact order from Amazon using the account linked to the Echo via smartphone app.
Two, if you have my skillset and want to know if Echo is transmitting data to Amazon at any given time, do a packet capture on your network and find out. You won’t see what’s being sent because it’s encrypted obviously, but you can see how much data is being sent, which is enough to know if the Echo is sending all the sounds it hears. It is not.
Of course that could be a capability that has to be turned on remotely. But because the Echo has to be connected to a wifi network that people like me can sniff, the NSA/FBI/whatever would be taking the chance in doing that that the person under surveillance will immediately know based on the amount of data being sent spiking.
There’s no such chance with a cellphone. What’s more, my cellphone is not a fat cylinder I leave in my living room all day; it goes with me. What’s more than that, to listen in on it the government would have to work with Verizon, a company we know is slavishly supine to their every whim and has been for a couple of generations, and not Amazon, a company where they might bump up against all sorts of inconvenient technolibertarians who’d be outraged at the concept.
Can the NSA listen to me on my Echo should I ever come to their attention? I’d assume yes. Would they ever given all their other options? Can’t see why.
Thank you for your post !
Excessive paranoia is as counterproductive as excessive negligence as for your Internet and phone communications privacy.
While the reality can be a little bit more complex (buffering and shadowing can be used to hide traffic) the fact of any “rogue” transmission of large amount of data allow rather simple detection (to say nothing about possibility of setting a “honeypot”) actually is a valuable inoculation from excessive “they listen to my mic and watch me on my camera” paranoia.
People whose conversations and electronic communications are really interesting to authorities (like foreign diplomats. mafia bosses, etc ) are by-and-large aware about this is and take various kinds of countermeasures. This defense-offence game is centuries old.
It is important to understand that even without listening to any conversation, your electronic communications footprint produces enough information to make any retired STASI operative blue from envy. Any additional “intrusive” monitoring (for example, recording and transcribing your conversations) has it costs and excessive monitoring is counterproductive as it hide tiny useful signal in the huge amount of “noise”. So your conclusion is a valuable one and well worth repeating:
The truth is that they because of “other options”. it does not make much sense to listen to any conversations or watch your surroundings on video to monitor you very closely.
You need to get better informed re Amazon. Amazon is already running cloud services for the CIA:
https://www.theatlantic.com/technology/archive/2014/07/the-details-about-the-cias-deal-with-amazon/374632/
Also you seem to miss the point re Echo. Knowing what people are doing in their home, and with whom is very likely to be better much better sound capture than from a phone (which is often stuffed in a pocket or purse, so it can be relied on for GPS locating and calls, but how useful it will be as a spying device isn’t certain) is very valuable. And some of us have dumbphones or make a point of leaving the smartphone in another room as often as possible as a security measure.
Put it another way: I am skeptical of someone who represents himself as being in “IT security” who has a lax attitude about increasing his attack surface.
A lot of people seem to think that because they aren’t doing anything wrong now, that today’s innocent behavior will still be seen as innocent 10 or 15 years from now.
Just imagine what some future Sen. Joe McCarthy could do with these stored conversations and meta data, say 15 years from now, if the political winds shift again. Imagine some future blowhard, publicity seeking politician whipping up a hysteria for political purposes, destroying careers of people in the process. Imagine “Are you now, or have you every been a member of a club that read and discussed book X ?” for example. Today’s perfectly innocent actions being twisted to fit a narrative for political gain years from now. It’s not paranoia to consider the possibility.
Keeping Echo and its like out of the house could be considered an insurance practice against future political opportunists, imo.
I do not have an echo but I do have the amazon app on my android phone. I am getting paranoid. When my family and I speak of something at the dinner table the next day my amazon account will suggest related items for purchase. Once or twice, ok, it’s random. It is not random after months of me noticing this.
I was speaking with a colleague about an amazon business account and I – 30 min later – received an email from Amazon asking if I was interested in an Amazon business account.
The app is listening. I’m sure of it.
There have been confirmed cases of Alexa responding to strangers’ voices:
https://www.cbsnews.com/news/tv-news-anchors-report-accidentally-sets-off-viewers-amazons-echo-dots/
This is also true for Siri, with some pretty scary consequences:
https://nakedsecurity.sophos.com/2016/09/22/siri-opens-smart-lock-to-let-neighbor-walk-into-a-locked-house/
I would never have one of these bloody things in my house.
I’m reminded of discussions here on NC about the energy used per bitcoin and I wonder how much energy used per bitperson snoop might be? I bet it’s a shockingly high number. What a waste.
Well if you consider that when I launch this page, 25 trackers attempt to launch and follow my browsing then it is not just Amazon who are playing this game …
Amazon is building a $600 million dollar Cloud service for the CIA.* It may already be online. Amazon also stores all its ECHO voice records on its cloud service. Will the CIA have access to all these ECHO voice prints? Cloud-to-cloud computing? who knows.
I doubt computer tracker ad cookies are in this same league.
* https://www.theatlantic.com/technology/archive/2014/07/the-details-about-the-cias-deal-with-amazon/374632/
“The Echo has to be listening at all times in order to respond to the “Alexa” command.”
No it doesn’t. It’s quite simple for it to be active but not actually listening. A strong enough signal would activate the actual operation. This sort of wake-up on detection is implemented very, very easily.
Now that doesn’t really matter. I think it’s depressing that people want these things in their homes.
I think we should all let it really sink in that people are perfectly happy giving up their privacy. All this talk about people not realizing that they are is naive, they just don’t care. much like they just can’t bothered to go vote.
“The Echo has to be listening at all times in order to respond to the “Alexa” command.”
No it doesn’t. It’s quite simple for it to be active but not actually listening.
That’s called a false dichotomy, at the very least. I’d go further and call is completely disingenuous, at the worst; representing a complete lack of technical know how, in an innocent form.
How, if it’s not “actually listening” does it respond to the voice of the person that says “alexa”?
The signal is the voice command “Alexa”. It’s a specific word. That voice has to be heard, by *something*.
That “something” then has to parse out when someone is *actually* saying the word Alexa as opposed to ….any other word or words.
How does anything/anyone “hear” something if it’s not “actually listening”?
This sort of wake-up on detection is implemented very, very easily.
How does it know to “wake up” if it isn’t *actually listening* already? How does it determine that someone is saying alexa, without listening? If you have an explanation beyond “it’s easy”, it’s like to hear it.
Bring on trees falling in the woods and the huband/wife jokes
Go read the CNET article I linked to. Its very first statement is that the Echo is listening all the time. They are very clear on what is happening, and unlike you, have actually kicked the tires.
You’re kidding right? No one I know is, and there’ve been numerous commenters on this site who’ve noted they aren’t. So all of us are nobodies? You’ve taken an actual count? You think all of the horrid toys recording children to cloud databases is okay? And what about those millions who have no internet access, you’ve asked them, or are they not worthy of any consideration?
Lastly, as someone who’s never used Amazon, Facebook, or Google services, outside of using Google search in the early 2000’s, I’m quite sick of being potentially pulled into someone else’s willful giveaway of my private information, conversation, or photograph. I was more than disturbed to find some idiot behind the counter using his Alexa at a store I visited. People have a right to give up their own information, but no right whatsoever to give up someone else’s without informed consent.
It’s shocking to see from the comments section to see how many people who don’t have Echos, Alexas, smart homes etc, who are convinced their mobile phones and computer microphones are already spying on them. I have very recently come to the same conclusion. Just this past week the power cable on my MacBook Charger became frayed and separated from its base. Upon noticing the condition a brief conversation revolving around “Can we fix this, or should we just buy a new one” ensued with my wife within close earshot of my computer. I opened Amazon in a new browser window and began to type “MacBook Pro Charging Cable” in the search box, I typed “m”, then “a” when the search window instantly auto-completed “MacBook Pro Charging Cable late 2011”. (!!!) Maybe I would believe it was some kind of coincidence if I at least got to the letter B, or if it pulled up a list of other commonly searched MacBook accessories, but there is no way the Amazon site could have guessed that much about what I wanted buy unless it was spying on me.
Count me among the creeped out. I have had a piece of tape or a Post-it over all my laptop forward facing cameras since their invention many years ago. I am now planning on physically disabling my computer microphones and thinking about ways to minimize my phone’s ability to eaves drop as well.
Of course ordinary “smart” phones can do the same surveillance etc. Don’t they leave the mic on all the time so you can say “hey Siri” etc.?