
Amazon may give developers your private Alexa transcripts - okket
https://www.engadget.com/2017/07/12/amazon-developers-private-alexa-transcripts/
======
__jal
Doesn't change anything for me, other than affirm my decision to not bug my
own home.

These seem like fun toys, but there's no way I'm allowing closed-source
surveillance devices that send data to who-knows-where/who, under terms that
are mutable by a TOS change nobody ever sees, protected by a firm with
interests only sometimes aligned with mine, stored for who knows how long in
to my home.

Even if you're fine with all the rest and think Amazon/Google/Apple/whoever is
perfectly aligned with your interests, the storage aspect should be troubling.
In the US, we've been on a steady downward slope of privacy intrusions from
our government. Imagine your personal political boogyman in power when the
next bad terrorist strike happens and everyone is in freak-out mode. Last time
the Patriot act was sitting in a drawer, waiting for the right time. What is
in the next version, sitting in a drawer right now?

~~~
wukerplank
Whenever I saw a dystopian movie/comic where people would willingly put an
always on listening device into their homes, I thought: "Never gonna happen!"

~~~
Joe-Z
Because in dystopian movies (your comment reminded me of 'The Fifth Element')
they never show the 'but it's just so convenient!'-part.

Not arguing for these things, I'd never get one either, but I'm just saying
there are (probably?) positive sides to having one as well.

------
mikeash
The headline is missing the part where it's the transcripts of your
interactions _with that developer 's service_. They're not handing over your
full transcripts of all interaction with the device. Rather misleading.

My only reaction to this is that it's kind of weird they weren't already doing
it.

~~~
ams6110
> They're not handing over your full transcripts of all interaction with the
> device.

Not yet.

~~~
throwaway2016a
What incentive would they possibly have to do that?

They are a publicly traded company. The executives have a fiduciary duty to
the shareholders and will be personally accountable if they willfully neglect
that (vs just the company being liable). There is almost no valid argument
that an executive could not anticipate the blowback from doing that and no
executive in their right mind is going to risk personal liability like that.

But say one did. The people who could leak that information include:

\- Every single third-part skill developer

\- Amazon employees

\- Government employees if they are giving it to the government

\- Any one with the technical skills to reverse engineer the hardware

The conspiracy theory would reach hundreds of people if not thousands.

If people are getting this worked up about this, the lawsuit would be
inevitable and the executive that green lit it would be thrown under the bus
and their career would be over and they would go bankrupt fighting the
personal lawsuits.

~~~
rwallace
> The executives have a fiduciary duty to the shareholders and will be
> personally accountable if they willfully neglect that (vs just the company
> being liable). There is almost no valid argument that an executive could not
> anticipate the blowback from doing that and no executive in their right mind
> is going to risk personal liability like that.

Has there ever been a case of executives being held personally liable for
their companies doing grossly stupid and evil things that were obviously going
to have blowback? Things like Union Carbide and the Bhopal disaster, the Sony
rootkit CDs, Volkswagen cheating on emissions tests, United Airlines carrying
out criminal assault on a passenger? Not a rhetorical question, maybe there is
such a case that I don't know about.

~~~
ahartman00
Plenty.

Here is an example for Volkswagon(just because I happen to remember it):

"Federal prosecutors announced criminal charges on Wednesday against six
Volkswagen executives for their roles in the company’s emissions-cheating
scandal"

"The six executives include a former head of development of the Volkswagen
brand and the head of engine development. One of those charged on Wednesday,
Oliver Schmidt, was arrested in Florida last week; the other five are believed
to be in Germany"

"The automaker is set to pay $4.3 billion in criminal and civil penalties in
connection with the federal investigation, bringing the total cost of the
deception to Volkswagen in the United States, including settlements of suits
by car owners, to $20 billion — one of the costliest corporate scandals in
history"

[https://www.nytimes.com/2017/01/11/business/volkswagen-
diese...](https://www.nytimes.com/2017/01/11/business/volkswagen-diesel-vw-
settlement-charges-criminal.html)

Here is an article about Enron executives(quite a bit here):
[http://www.nytimes.com/2006/01/29/business/businessspecial3/...](http://www.nytimes.com/2006/01/29/business/businessspecial3/10-enron-
players-where-they-landed-after-the-fall.html)

Here is one about Tyco:

" finding Kozlowski and Swartz guilty on 22 of 23 counts of grand larceny and
conspiracy, falsifying business records and violating general business law.
They face 15 to 30 years in prison"

[http://money.cnn.com/2005/06/17/news/newsmakers/tyco_trialou...](http://money.cnn.com/2005/06/17/news/newsmakers/tyco_trialoutcome/)

I'm sure there are more, just don't know of any off the top of my head.

"the Sony rootkit CDs" \-- was this illegal? Note that we can't punish people
for things we don't like.

"United Airlines carrying out criminal assault on a passenger" \-- IIRC, the
police carried the passenger off. I also thought the airlines have the
authority to order people off planes. Like it or not, IIUC this was legal too.

~~~
rwallace
> "the Sony rootkit CDs" \-- was this illegal?

Hacking computers is _very_ illegal - to crazy extremes, indeed.

But the other examples are relevant, thanks! Upvoted.

------
slg
I have a question for anyone who has privacy concerns with these type of
devices: do you own a smartphone? Those seem nearly infinitely more dangerous
from a privacy standpoint than a smart speaker. First off, you are likely to
carry them with you wherever you go instead of being stationary in your home.
Secondly they are more technically advanced with additional sensors like GPS
and much higher processing power and storage space. And lastly they are much
more difficult to completely monitor due to having a network connection that
isn't created and operated by the device's owner.

~~~
AlexandrB
I think it's the level of intimacy implied by an always-on listening device in
your home. While a cellphone can track your location, I think people have
adapted to the idea of being tracked in public. What's creepy about smart
speakers is that there's now something in your home that can betray the simple
privacy of a conversation with a friend. This is something new.

~~~
slg
If you are willing to believe that a smart speaker is compromised to a degree
that violates your privacy, why would you believe your cell phone can't be
compromised to the same degree? You cell phone is also likely to be present
for every "conversation with a friend" at which your smart speaker is present
so I think the "intimacy" issue is a red herring.

~~~
AlexandrB
> If you are willing to believe that a smart speaker is compromised to a
> degree that violates your privacy

IMHO the smart speaker's normal function violates my privacy by recording what
I'm saying and sending it to Google/Amazon/Whomever for unspecified data
analysis and processing. It doesn't need to be compromised to do so.

> You cell phone is also likely to be present for every "conversation with a
> friend" at which your smart speaker is present so I think the "intimacy"
> issue is a red herring.

You're right, but the _perception_ of privacy is not rational. A modern
smartphone's primary interface is not its microphone - at least not yet. A
smart speaker's primary interface _is_ its always-on microphone. This is not
too dissimilar from how Google Glass was creepy because one of its main
features is as a potentially-always-on camera - even though a smartphone also
has a camera.

~~~
slg
>IMHO the smart speaker's normal function violates my privacy by recording
what I'm saying and sending it to Google/Amazon/Whomever for unspecified data
analysis and processing. It doesn't need to be compromised to do so.

Then that is a fundamental misunderstanding of the stated and verified
function of these devices. They only send data out after the devices have been
activated with their wake word. Various consumer tests have shown this to be
true. If you still don't trust these companies to actually tell the truth
about what these devices do, I don't know why you would trust the same
companies to not lie about what their smartphones/tablets do. Especially when
that functionality would be easier to hide on a smartphone or tablet with a
cellular connection.

>You're right, but the perception of privacy is not rational.

And that is my entire point. The privacy fear about these devices is not
rational. They are no more dangerous than the laptop or smartphone that almost
everybody already owns.

------
throwaway2016a
This comment thread, the thread on the article, and the article itself are so
disappointing. I expected more from Hacker News and Engadget.

This is fake news and so many people fell for it. And I NEVER use the term
fake news, this is literally the first time.

Like many cases of fake news it is based on something that is true but either
through ignorance or intentional misdirection is drawing and leading people to
draw a false conclusion.

What is actually happening:

\- Website app can see an access log of every page you visit on it when
previously they could only see successful pages that didn't error or result in
a 404. Just instead of a typed URL it is a spoken sentence.

\- Web app STILL CANNOT access what you requested from other web apps (other
Alexa skills).

What everyone is ready and the Engadget article strongly implies:

\- amazon is now sending everything you say to all developers even if you said
to to another app

Edit: To the one person (so far) who down-voted me and to the others who
probably will as well... I'm OK with that. I am willing to sacrifice some HN
karma to spread the word that intentionally misleading articles like this are
not OK. And coming on Hacker News and allowing yourself to be mislead rather
than form your own opinion is also not OK. We deserve better.

~~~
AlexandrB
> Just instead of a typed URL it is a spoken sentence.

This is why I'll never use a smart speaker - the line between when I am and am
not subject to Amazon's privacy policy and information sharing with their
"partners" is blurry from a user POV and completely depends on Amazon's tech
working as intended.

With a computer it's binary, I am either typing something into the computer or
I am not.

~~~
throwaway2016a
It's pretty clear...

\- When you say the wake word it starts.

\- The light is on when it is recording.

\- Once you say a phrase to activate an app it goes to that app.

That last one is a bit fuzzy. "Open APP_NAME", "tell APP_NAME" and a few other
phrases will trigger it which may not be all that clear.

This change only effects stuff you say after you trigger the app.

And if Amazon doesn't obey it AND somehow no one can reverse engineer and
detect that they aren't playing by the rules... someone at Amazon will
whistle-blow and it will cost the company millions if not billions.

Sound the alarms when I developer reports receiving logs of conversations that
weren't with their app. There are thousands of developers. One of them has to
be honest.

The only concern I possibly have is if the governments orders them to activate
it as a listening device, but this particular article is not about that.

This article is distorting the truth to get clicks. Period.

~~~
AlexandrB
> and it will cost the company millions if not billions.

Honest question: has any company been successfully sued for privacy violations
and paid out anywhere near this much? If so how long do you think the laws
that allow such a lawsuit will persist in today's political climate?

Also, note that Alexa's Terms of Use include a mandatory arbitration clause[1]
which may prevent any effective recourse even if Amazon's entire trove of data
was shared inappropriately.

[1]
[https://www.amazon.com/gp/help/customer/display.html?nodeId=...](https://www.amazon.com/gp/help/customer/display.html?nodeId=201809740)

~~~
throwaway2016a
I wasn't talking about suites or fines. Amazon Prime is such a large business
they can lose hundreds of millions just from cancelled subscriptions and list
customers (and it would only take a 10% loss to do that).

------
redm
I can't say I'm surprised. Removal of privacy is an ongoing process as we, as
users, continue to trade privacy for convenience. After each milestone, we
settle in to allow for the next.

I don't see this changing, at the end of the day, people value convenience
over privacy, even if we yell about it.

~~~
ertemplin
This isn't removal of privacy. The article even says that the information
would be limited to transcripts of interactions for skills that the developer
owns.

Currently developers can only see what users are trying to do if they
successfully invoke a registered "intent". For example: GetHoroscope what is
the horoscope for {Sign}. The only information that the developer can
currently see is that the user invoked the "What is the horoscope for" intent
and provided the "Sign" parameter.

This would allow developers to handle _all_ interactions with their skill, not
just registered intents.

------
EduardoBautista
Every time I read something like this, I further justify my decision to buy
into the Apple ecosystem. They may be proprietary, but they haven't done
anything privacy-wise to upset me.

~~~
jstanley
Every time I read something like this, I further justify my decision not to
buy into anybody's ecosystem!

Free software and decentralisation is the answer.

~~~
gregjw
Calm down, Stallman.

~~~
AlexandrB
Stallman is an optimist.

------
treebeard901
Lots of anti-Amazon news coming out the day after prime day. From alexa spying
to the effect Amazon has on rural communities.

One article today on CNBC even went so far as to claim Amazon is responsible
for the lack of inflation in the wider economy.

If history is any guide then expect this negative PR campaign to continue over
the coming weeks.

------
digitalzombie
I mean Amazon erased 1984 from kindle users so yeaaah.

This is one more data point in the they don't care about you category.

------
pansinghkoder
I expected better from hackernews. Not from engadget though, read their other
articles and you'll know what I mean. It's a clickbait.

Alexa records and streams only when you say the wake word. Concerns raised by
fellow hackernews users are legit but it's not happening yet.

------
petejodo
the other day I thought of a secondary device (that's not connected to the
internet) that would go along with Alexa or whatever mic-connected device that
"somehow" scrambles the sounds so that it's just noise to Alexa until you say
the keyword, at which point it unscrambles for some given period of time so
Alexa can understand.

Is such a device possible?? I don't know, probably not but it would help me
feel better about getting one of these devices

------
whazor
I thought this already happens, as long as your voice app is being called. You
have special analytics tooling.

------
draw_down
Seems like you should go ahead and assume this is happening if you use one.

------
sharemywin
I feel there should be an agent with a fiduciary duty to my best interest.

------
chinathrow
> It would also raise serious privacy concerns for users.

To me, that device class alone raises serious privacy issues.

~~~
ocdtrekkie
Yeah, I mean, I wanna raise a privacy outrage over this news but like... If
you put an Amazon or Google connected microphone in your house... You've
already given up your privacy. Who else they share it with is just gravy at
that point.

~~~
Retric
I actually want a device like this that does not connect to the internet. So,
I can ask for the time while half asleep without opening my eyes and more
importantly while keeping my bedroom dark.

However the idea of having an always on microphone connected to the internet
creeps me out.

~~~
ashark
> I actually want a device like this that does not connect to the internet.

You won't get a decent one until we outlaw spying on people in exchange for a
service. Then plenty will pop up. There's just no point in trying to compete
with these services now, and anyone who tried and did even a sort-of OK job
would just get snapped up by (or, failing that, mercilessly destroyed by) a
bigco and set to working on spying services.

FWIW I also think "loyalty card" and CC data collection/selling should be
illegal, not just spyvertising Internet services. The standard should be only
allowing the bare minimum to make the service work (so CCs would have to
collect transaction data, yes), NO selling or sharing, transparency
requirements, retention limits, and prohibitions on vertical integrations that
allow companies to use what they know against people when trying to sell
unrelated goods/services.

