
Amazon's Alexa Team Can Access Users' Home Addresses - pilingual
https://www.bloomberg.com/news/articles/2019-04-24/amazon-s-alexa-reviewers-can-access-customers-home-addresses
======
notatoad
So in summary, people who amazon trusts to have access to sensitive private
information have access to sensitive private information?

i'm not sure why location is the scary part here, i'm more concerned that real
people and not just algorithms have access to my audio recordings or
transcripts from alexa.

~~~
noja
No, people who Amazon trust to have access to _voice information_ also have
access to other information by default and automatically with no extra work.

~~~
WillPostForFood
You have to have an amazon account to use Alexa, so you've already established
a relationship with Amazon that would include your name, email address, IP
address(location).

~~~
dx87
That doesn't matter, restricting information that employees can access is
Security 101. I can't view restricted company information that I don't need
for my job, likewise people transcribing Alexa voice commands don't need the
home address of the voices they are transcribing. Just because you give Amazon
your address for shipping and billing information doesn't mean you want to
give John and Jane on the Alexa QA team your home address.

~~~
milkytron
It is security 101, the sad part is how bad companies fail at this.

I worked a company with over a trillion dollars in assets that had hundreds of
“highly confidential” (their own words for classification) that were available
to anyone on the network.

I took all the appropriate courses of action to report, no action on their
end. Reported it to the teams responsible and offered a solution, no action. I
debated blowing a whistle and making an example, but I didn’t feel like I’d be
safe.

This post even makes me paranoid.

------
goshx
> “Anytime someone is collecting where you are, that means it could go to
> someone else who could find you when you don’t want to be found,”

How is this different than Amazon literally shipping packages to someone's
home address and having their billing information?

~~~
spaceheretostay
The people who are packing the boxes and knocking on your door don't have
access to the microphones inside your house. Hearing conversations and search
requests from customers is quite different from knocking on their door or
packing a box.

Combining the knowledge of what you say inside with knowing where you live is
different than the knowledge of a purchase you made and where you live.

Also, I would certainly assume Amazon to know my home address if I bought
Alexa and shipped it there. But most people wouldn't assume that Amazon actual
employees are listening to their conversations who also know where you live.
HN might expect that, but Amazon makes a privacy promise that is violated
here, as described in the article:

> In an April 10 statement acknowledging the Alexa auditing program, Amazon
> said “employees do not have direct access to information that can identify
> the person or account as part of this workflow.”

 _Bloomberg is saying that this statement by Amazon was false_ , because the
location information from the Alexa devices can, in some cases, identify the
individual or account "as part of this workflow".

~~~
ajross
To be clear: there's no assertion of real-time access to microphones anywhere.
This is a quality team that has access to some presumptive subset of recorded
data.

The headline and your interpretation are leaning very heavily on the "ZOMG
SPYING!" angle, where... I honestly don't see it. This seems like pretty heavy
spinning.

Yes, they should probably have a policy of scrubbing data better before voices
get presented to human ears.

> Combining the knowledge of what you say inside with knowing where you live
> is different than the knowledge of a purchase you made and where you live.

Technically true, but... is it actually worse? I can see convincing arguments
made either way, frankly.

~~~
spaceheretostay
> To be clear: there's no assertion of real-time access to microphones
> anywhere.

Well yes I know, I figure this data is likely years-old or whatever, I don't
see how that matters? I didn't bring up real-time access and I'm well aware
that Amazon doesn't (likely) even have that capability. _Nobody here is
asserting real-time access to microphones!_

> Technically true, but... is it actually worse? I can see convincing
> arguments made either way, frankly.

Yes, it is much _much worse_ , because it is a direct violation of their own
statements about privacy. Amazon makes no statement about their box packers or
labellers not knowing your address, because they obviously have to know that
in order to put the label on or knock on your door.

But Amazon _does_ make a privacy promise to not do what they are doing here.
So they are totally different things and it matters due to customer
expectation and their own written words.

Edit: I'm "posting too fast" and am not allowed to reply to the user below. I
will state that I _do care about privacy_ , I was simply taking the simplest
debate stance to demonstrate that the two concepts are quite different
(package delivery knowing your address and human reviewers of your voice
commands knowing your address).

 _If you look at my comments on this article you will surely see that I care
about privacy._

~~~
ajross
So... you're not actually concerned about "privacy" as such, just with
Amazon's fidelity to their written policy?

Yeah, you're spinning here. The headline and your hyperbole above quite
clearly want to frame this as a "Amazon is spying on your family" thing. And
when challenged, you're retreating to a bland critique of their process
adherence.

~~~
zepto
‘Just’ fidelity to a written policy _about how they handle data from
microphones in your house._

~~~
ajross
The point was: that worry (which, fine, you care a lot about) wasn't the one
espoused upthread or in the linked clickbait. It was the _fallback_ position
for the poster when challenged on the "spying" angle that everyone originally
started with.

So fine, Amazon didn't honor their agreement and they should fix it. They
didn't spy on your kids.

~~~
zepto
You think it’s ‘Fine’ that amazon didn’t honor their agreement _about how they
handle data relating to the always on microphones in people’s homes_?

If the don’t honor agreements about handling data it means means they can’t be
trusted with that data.

------
millstone
> If a user has chosen to share their contacts with Alexa, their names,
> numbers and email addresses also appear in the dashboard.

So my data is popping up on a dashboard even though I've never once used an
Alexa? Gee thanks.

A privacy-respecting design would have been:

1\. Contacts never leave the device.

2\. Location data is sent anonymously, in subsequent requests not associated
with the initial query.

~~~
cmroanirgo
> _A privacy-respecting design would have been..._

Not really disagreeing with you, but every smartphone app that has access to
your contacts also violates your contacts' privacy. WhatsApp, FB, Google Auto,
etc, etc. More than anything, I hate the way this has been allowed as an
acceptable practice.

~~~
snaky
> We should not be sharing their contact information online. So, keep your
> contacts in a different database. This app saves contacts in its own
> database seperate from android contacts. This way no other app would be able
> to access contacts.

[https://f-droid.org/en/packages/opencontacts.open.com.openco...](https://f-droid.org/en/packages/opencontacts.open.com.opencontacts/)

~~~
adrian_mrd
Any suggestions for what to do on iOS?

Unfortunately, it's not always so easy to not share contacts with certain
services. For instance, WhatsApp works just fine with a telephone number but
it actively encourages users to upload their contacts - assumably consumed by
(the) Facebook (group of businesses) as part of its social graph.

------
sokoloff
It seems like there's a legitimate use case for this data:
troubleshooting/quality scoring the results for inherently local searches.

"Alexa, what's the nearest pizza place?" "Alexa, is the corner coffee shop
open now?"

(Disclaimer: not an Amazon employee, but [generally] happy Alexa user.)

~~~
spaceheretostay
> It seems like there's a legitimate use case for this data

Maybe, but you haven't found it. To resolve your query, simply fudge the
locations by 50-200m in random directions. You'll still get good local results
and won't pin the exact room or house down with needlessly accurate location
data. Amazon can keep that data of course, it just need not be shown to human
reviewers.

Edit: I'm "posting too fast" and so cannot reply to the Uber comment below.
I'll say, I still don't understand how human reviewers would need your address
or GPS coords to improve their service after you get an Uber. How would they
even verify the Uber came to the right place, they don't have the verification
info there.

I just don't see this as a valid use case at all.

~~~
FakeComments
The reason a human reviewer needs that information is to troubleshoot the
response.

1\. Customer makes a request that requires location — “Alexa, what’s the
weather?”

2\. Alexa gets the response wrong — “A turkey is a flightless bird.”

3\. You flag that as incorrect in the application.

4\. An Amazon employee reviews that flagged response, and needs to figure out
how Alexa misinterpreted — did she mishear you? ...is your location data
malformed, so that interpretation was discarded? etc.

I don’t see how Amazon employees can troubleshoot the Alexa application
without both reviewing the audio files and the contextual information
provided.

Disclaimer: at one point, I reviewed security for Alexa teams. I no longer
work there, my opinions are my own, etc.

~~~
JohnFen
> I don’t see how Amazon employees can troubleshoot the Alexa application
> without both reviewing the audio files and the contextual information
> provided.

From my point of view, the issue isn't really that Amazon does this. The issue
is that Alexa users are surprised that Amazon does this. Their surprise
indicates that no real consent was obtained.

If Amazon had done something like, when a user flags an incorrect response,
asking the user for permission to use that data, I would not have any issue
with it.

~~~
FakeComments
I completely agree that surprising users is always a problem, precisely for
the reasons you state.

I just hoped to give a better idea of how it came to be people who (in my
biased experience) are thoughtful about user privacy, ended up bringing
together a data set users were uncomfortable with:

Of course the team reviewing responses needs to see the user context!

Whoops.

------
negamax
How are these gaps not captured early on in Amazon and similarly on Facebook.
It’s like people creating these systems have no clue about the wider world.

~~~
Gys
They probably have a better clue then most of us. But they also have
opportunism

------
antisthenes
And any 3rd party seller on Amazon also has access to customers' home
addresses.

Having my address isn't the scary part. It's having access to the content of
all of my conversations inside the address that's worrying.

A voice assistant is just something I'll never allow in my house. The
risk/benefit ratio just isn't there. It would have to be at least an order of
magnitude more useful before even considering it.

------
orblivion
It would be an interesting project to produce a documentary of what goes on
inside a tech company in this regard. The very fact that this stuff is so
mundane to us _should_ be alarming to everybody else. Maybe actually seeing it
would generate enough controversy that segregating data according to "need-to-
know" would get higher priority compared to a new feature. Or maybe they would
just stop buying these awful products.

------
Causality1
If a feat is simultaneously profitable and technically possible it is being
performed, full stop. The government refuses to punish breaches of privacy
with fines heavy enough that spying on users is no longer profitable,
therefore the spying will continue.

------
cosmodisk
I may be a bit paranoid but I don't think I'd ever buy something like Echo...
Every single command,ask nad sneeze can be sent back to the mothership to
analyse...I,'ve already got google for that,no need one more...

------
kalado
This really shouldn't be news to anyone.

Alexa Team also know when you are home, your work hours and when you are on
vacation just by the time stamps of you using Alexa.

------
kayhi
Is there a place that Amazon states exactly what (only trigger word, plus 5
seconds) they gather and how it is used?

~~~
bryan_w
Maybe in their privacy policy

------
idlewords
People should reconsider keeping an always-on microphone operated by strangers
in their home.

~~~
criddell
I do that every time I see a story like this. So far the cost has never
exceeded the utility.

~~~
idlewords
A lot of that cost, unfortunately, is a collective harm. Your decision means I
have to live in a surveillance economy.

~~~
dsfyu404ed
It's like littering. No direct cost to the person doing it but if everyone did
it it would have a large cost to society.

~~~
criddell
It's not really like littering. I don't think there are very many people that
think littering isn't a problem if everybody does it.

Smart phones, on the other hand, are used by billions of people everyday to do
all kinds of legitimately useful things.

------
notyourwork
I'm so so so tired of these articles. So a dev can listen to conversations
because they write software to transcribe voice to text? Sigghhhhh....

~~~
spaceheretostay
> I'm so so so tired of these articles.

What do you mean, isn't this the first article on this topic?

> So a dev can listen to conversations because they write software to
> transcribe voice to text?

That has nothing to do with this article. This article is about exact
GPS/location coordinates, has nothing to do with "a dev can listen to
conversations".

> Sigghhhhh....

I think you have misread the article, this is new information about a new
topic. There's nothing repetitive about this news item and there's no need to
sigh so heavily about people who care about privacy and the _honesty_ of
corporate statements.

~~~
dsfyu404ed
>That has nothing to do with this article. This article is about exact
GPS/location coordinates, has nothing to do with "a dev can listen to
conversations".

User: "Alexa how long does it take to drive to Walmart"

Alexa: _proceeds to give totally nonsensical directions to a Walmart that isn
't even the nearest one_

~~~
yur3i__
Tell me what part of that process requires a human knowing my address?

~~~
dsfyu404ed
Troubleshooting what caused it to get F'd up.

~~~
yur3i__
Yes, when the user reports it as f'd up. Until then theres no reason for your
address to be sent to some dude

