
Google is nerfing all Home Minis because mine spied on everything I said - watbe
http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/
======
turc1656
What this all boils down to is 1) trust and 2) the value proposition with
regards to the trade-off between possible privacy violation and the value the
device has to them personally. For me, these devices are worthless and even if
their value was >0 the number would have to be enormous because of the value I
assign to my privacy.

The real issue here is the same issue we have with government agencies like
the NSA and CIA. There is substantially little most people can do to verify
the claim. For example, Clapper swore before congress that the NSA wasn't
collecting data on millions of Americans. Snowden showed that was a complete
lie. The NSA program would have continued without anyone being the wiser
without the leaks because the only people that knew that didn't work for the
NSA were delivered gag orders. So without some sort of civilian oversight
committee that has real teeth, how would anyone actually ever find this
information out?

The same is true here with things like Echo, Home Minis, etc. The data being
transmitted is encrypted so even if you are technically inclined and know how
to capture it on it's way out of your home network, you'll never be able to
decrypt it. So how do you really know for sure that it isn't actually
transmitting anything and everything you say? The only logical answer is
trust. You believe them. That's enough for most people. But to say, as the
article does, that ideas like this are from the tinfoil hat crew is kind of
absurd. In addition to the PRISM program, we also know that Amazon's Echo
is/was being used in at least one murder case and I highly doubt a few seconds
before being murdered the victim used a hotword to activate the Echo device.
We also know that the NSA has a program called Tailored Access Operations
which they can use to intercept online tech purchases and install spyware on
them if you are a target of interest.

~~~
johnpython
Like you I would never bring a device like this into my home. The issue is
they are becoming normalized and mainstream adoption is growing at an alarming
rate. What happens when you can't purchase a home appliance without these
"features" and it refuses to work without connecting to your wireless network
and being able to phone home?

~~~
MrMember
It's getting more and more difficult to find a non-"smart" TV, it will be a
sad day if the same thing starts happening to other appliances. I don't want
to live in a home with a smart fridge, smart toaster, smart oven, smart
toilet.

~~~
turc1656
Yep. Fortunately, though, you can simply refuse to set up the internet
connection on your TV. This is what I have done. No wifi password = no
outgoing data.

~~~
bhauer
Probably only a matter of time before devices start leaking data via the cell
network. Amazon was able to deliver "free" cell service to Kindles, right?

~~~
MrMember
Tesla does the same thing in their vehicles. Every one has an LTE modem.

~~~
turc1656
I hadn't heard of this or the Kindle thing mentioned by bhauer. Thanks for
alerting me. A new threat I now need to monitor for (sigh).

------
mhb
_Before I describe exactly what happened and how I discovered this pretty
incredible violation of privacy, I 'd like to point out that it ended up being
a hardware defect in my Home Mini as well as an unspecified small number of
others. Google never intended for it to happen and has reacted incredibly
swiftly to rectify the situation._

~~~
ilamont
_it ended up being a hardware defect in my Home Mini_

According to Google.

 _as well as an unspecified small number of others._

Nothing to worry about, I'm sure. Probably no way to exploit those issues.
Probably.

 _Google never intended for it to happen_

Obviously, it's a rookie mistake that anyone could make. And that's why I'm
willing to forgive and forget when it comes to multibillion dollar global
businesses that make billions more off of the private information they gather
and store. Just like I did after Equifax goofed earlier this year. And Yahoo
the year before that. And …

Look, I get it that the Google PR people have been super nice and
accommodating and embarrassed about the whole thing. Maybe the writer is
friends with people on the team, or there might be a job at Google down the
road. And, of course, some writers don't want to lose access to free trials
and potential interviews.

But I really would like to see specialized news outlets show more backbone
when it comes to screw-ups, and not downplay or gloss over serious privacy
issues such as this, or take Google's word about what happened. It's a fair
question to ask whether the problem(s) may still be present in every other
Google device … and if they are potentially exploitable.

~~~
jerf
If you're going to be cynical, be properly cynical, not just half cynical.
Nobody has any use for a spying hardware appliance that tells the user all
about how it's listening to every word you say and logs it in a clearly
visible location. Obviously this was not intentional on any level.

~~~
russdpale
Prove it with the code or what you are saying is 100% useless.

------
wizzzzzy
I'm in two minds about Google home, alexa etc. On one hand, the novelty /
utility of these devices makes me half inclined to get one but the fundamental
idea of having a device in my house, connected to the internet that is sat
there listening to me 24/7 leaves me feeling slightly uneasy at best. The idea
makes me feel like I'd be treating all the things I've read in the past few
years about tech companies, privacy etc with complete contempt.

~~~
subsubsub
Honest question. Why do you feel this way about a hub, and not about your
smartphone?

(assuming you have one)

Is it because, although your smartphone has the ability to listen to you in
the same way, it is not the stated aim of the device?

~~~
darklajid
Not the OP, but .. my smartphone explicitly has NO hotwords that it listens to
as far as I can tell. I opt out of this Google stuff as best as I can.

So for me the answer would be that - while my smartphone can certainly listen
to things (as every thing with a microphone can. Who covered all the
microphones in their laptops?) - a smartphone offers these things as optional
features.

For Google Home and Alexa etc.: The 'listen all the time' (for hotwords at
least..) is the single use of these devices. And as soon as you buy into this
stuff you might as well allow the cloud storage of your recordings for 'better
recognition'.

A smartphone could do the same. But it has a lot of value without doing any of
that.

~~~
kybernetikos
If you use voice with your smartphone you'll probably find some items on this
page

[https://history.google.com/history/audio](https://history.google.com/history/audio)

~~~
TeMPOraL
I did. Curiously, the only "false positives" activations are relatively recent
ones (from the last 6 months), while stuff ranging from 6 months to 2+ years
ago is all correct activations. I.e. it seems either my current phone vendor
or Google messed something up.

------
ilamont
Black hats will love this.

Google took it seriously because of the potential for bad press -- the company
clearly is sloppy on testing and protecting users' privacy, an issue they
don't want to bring attention to, considering Google aims to have hundreds of
millions of these listening devices in people's living rooms, bedrooms, and
even bathrooms in five years' time.

This person also had the contact info for Google PR, which changed the nature
of the interaction with Google.

~~~
avoutthere
This sounds like a case in which thorough product testing was sacrificed in
the rush to make the deadline of the announcement event.

~~~
csours
I would guess it's a product iteration problem - the prototypes probably
worked, but the first production batch will have some level of issues that
spot checks might not find.

------
gepoch
I notice that in the log of the recordings that it made, it specifically says
"started by hotword."

If that had instead said "started by long press," I think this may have been
easier to figure out as a button issue versus a voice recognition issue by the
user.

Is that a fake static field in the log, or what?

~~~
sangnoir
I imagine the following transpired.

Team Member A: "We're going gold next week, Product decided we'll be including
touch support after all - the Hardware guys worked out the kinks just in time"

Team Member B: "Hmm, that's a little tight. Perhaps it can be a simple change,
we will re-use the tested code paths and only test additional touch
integration"

Result: on_longpress(trigger_hotword());

------
Zekio
+1 to google for sending a guy to pick up a defective unit at 9pm on a Friday,
gotta say that is dedication

~~~
morganvachon
I'm highly critical of Google in general, but this is indeed an amazing
response from them, and is above and beyond what I'd expect from any tech
company.

Though, I have to wonder if the response was so urgent because the author is a
journalist who specifically writes about Google products (which he indicated
to them right away). They really had no choice but to respond immediately.

~~~
phil21
Yes, this is what happens if you are well known blogger with a large following
and happen to have private contacts within Google's marketing department.

The average user will not get anything remotely like this response, and it's
dangerous to hold this up as a positive representation of Google's support -
their support was never even involved.

------
rubyfan
Title should be changed to be less clickbait-y.

Perhaps: _Some guy’s defective Google Home recorded everything and they had
extraordinary customer support and fixed it._

~~~
wyldfire
Well, hold on -- it's not a production defect, it's a design defect. "Some
guy's defective Google Home ..." unnecessarily plays down the likelihood that
it will impact actual customers. BTW the "extraordinary customer support" only
took place because he claimed he was going to publish a news story about it. I
would describe that instead as "Google swiftly invoked their extraordinary
marketing/damage control team."

~~~
tremon
No, the explanation points to a production defect:

 _The Google Home Mini supports hotword activation through a long press on the
touch panel. [Google said it] is seeing the touch panel register “phantom”
touch events._

How widespread the production defect is remains to be seen, but it is a newly
introduced feature that apparently has seen too little testing.

------
phkahler
The notion that voice recognition is still hard enough to require doing it on
a server somewhere still bothers me a lot. IMHO there should be no excuse for
this today. I understand that the device needs to be connected to the internet
anyway, but this whole thing is such a gimmick it's not worth the privacy
risk.

[edit] to clarify I think speech to text can be done on a device today, that's
why this bothers me.

~~~
kodablah
> voice recognition is still hard enough to require doing it on a server

I'm not sure this is true, it's just that since they are phoning home anyways,
why commit to extra local hardware to change sound bytes into text words?

I would love to see an offline version of one of these with an easy API (do
any high quality ones exist?). If I then wanted a generic Google request to
give me the first Google response, so be it.

~~~
hipitihop
The awesome folk at Snips are challenging the idea that you can't do it
locally [https://snips.ai/technology/](https://snips.ai/technology/)

~~~
kodablah
Nice. I wish every route I took there didn't require me to sign up. But I did
find [https://github.com/snipsco](https://github.com/snipsco) and am browsing
now.

------
ec109685
They aren’t nerfing all Home Minis, just disabling a feature in an early batch
of them that caused it activate far too often.

So many words to explain a very obvious (since it indicated it was listening)
bug.

~~~
archon810
They are now. [http://www.androidpolice.com/2017/10/11/google-
permanently-r...](http://www.androidpolice.com/2017/10/11/google-permanently-
removes-top-press-functionality-home-mini/)

------
tremon
_When the first home assistants were announced, I was excited. [..] I didn 't
give too much thought to these privacy concerns because they all sounded
theoretical and unlikely_

That's interesting and more than somewhat disconcerting, coming from a tech
journalist.

~~~
RodgerTheGreat
Tech journalists aren't typically in the business of criticizing the
introduction of new gadgets and online services; that sort of thing is their
lifeblood. In many cases they must cultivate relationships with tech companies
to obtain stories, free trials and sample products. Don't bite the hand that
feeds you.

Follow the money and take _all_ journalism with a healthy grain of salt.

------
pitaa
At least they took it seriously. Obviously they're going to be a lot more
responsive to a well-known tech blogger, but either way google still doesn't
usually make house calls.

~~~
jmnicolas
Because they know if the bad publicity around this becomes viral it will kill
the adoption of smart assistants for the next 10 years.

------
dhoulb
That was well dealt with. Especially the part about deleting all long-press
recordings from the servers. Very thorough Google!

~~~
6d6b73
What about deleting everything from backups? Will they spend time to search
all of the backups they have and delete that data? Is the data really deleted
or just marked as deleted so it's not shown on the website?

~~~
puzzle
They don't need to search backups manually. All products are required to have
automated pipelines (along with monitoring) to wipe out user data.

~~~
6d6b73
Any source on that?

~~~
puzzle
There's an example of the Music pipeline going wrong:

[https://landing.google.com/sre/book/chapters/data-
integrity....](https://landing.google.com/sre/book/chapters/data-
integrity.html#google-musicmarch-2012-runaway-deletion-detection-JMsvtqsz)

Another reference for Fi:
[https://www.linkedin.com/in/pliu1/](https://www.linkedin.com/in/pliu1/)
"Redesigned and refactored the Fi user data deletion system to ensure
compliance with data deletion policy, to add instrumentation, and to improve
performance"

There is a dedicated team that tracks compliance for all products. (source: I
was at Google)

------
jasonrhaas
Oh, hell no. I've held off on getting an Alexa or a Google home partially for
this reason. My main reason for not getting one is because I think they are
actually pretty useless and I find it kind of annoying to have to pretend to
be a robot to get them to understand me.

But -- I also realize that they literally can (and clearly do) collect your
audio data 24/7\. In this case it was a "mistake" on the part of Google, which
they quickly worked around by commenting out some code in the firmware. But
all it would take is probably a few lines of code and an automatic update to
turn on 24/7 audio collect for all Google Home users.

My theory with Amazon's Alexa (and probably Google Home) is that they lose
money on these things, because they don't actually care about making a profit
on them. The whole idea is to collect as much audio data as possible to
improve their machine learning models.

It's a race to see who can collect the most data on their customers, and
ultimately develop the best and most comprehensive speech recognition model on
the market.

------
a-nikolaev
Sorry that this is quite tangential to the topic of the article, but it opened
my eyes to the existence of Apple-level worshiping of Google -- eesh. Just the
sheer scope of how this person is involved with Google customer products is
astonishing.

------
jancsika
Are there any serious FLOSS alternatives to these devices?

~~~
klausbaudelaire
Mycroft.ai, perhaps.

------
chris_wot
These assistants seem like a privacy nightmare.

~~~
Walf
Are a privacy nightmare.

Soon someone will bring one out called a telescreen, and people will but them
voluntarily.

~~~
cjsuk
Don't we already carry them in our pockets?

------
z3t4
Try running tcpdump to see what servers your computer connects to. Lets open
chrome, and type something into the address bar ... erm, sorry, the search bar
...

------
EADGBE
What would have happened outside of California?

These kinds of things always make me wonder ('Member that whole Apple-
Deleting-iTunes-Library-Thing).

I'd love that kind of support.

------
russdpale
You have to be very naive to use these products in your home or office.

------
InclinedPlane
Odd that google's device could comply with all of the industry standard best
practices, home automation regulation, code audits, licensing requirements,
and privacy guarantees and yet still have such a bug.

~~~
wkearney99
What regulations? What guarantees? There really aren't any at this point. As
for 'best practices' that's a laugh, sadly. Home Automation has been all over
the maps, for decades now, and it's not looking like it'll stabilize much any
time soon. This is, perhaps, a good thing, in that innovation continues to
occur when things are in disarray. A patchwork of various pieces from
different vendors might seem inconvenient, but that also brings along a lot of
diverse approaches and innovation. I'll trade that against dominant market
player arrogance any time. Nice to have options, even nicer to have the
suppliers fighting each other through innovation.

~~~
InclinedPlane
"That's the joke."(TM)

------
sigi45
Is this touch button similiar isolated that the keyword detection part?

Sounds like a software button.

------
jasonmaydie
How is something that can hear everything you say not record everything you
say?

~~~
Jyaif
When you are watching a video on youtube, are you recording it?

------
pricechild
Of the two options, "hotword" and "physical touch", I'm surprised at which was
disabled to prevent false positives!

~~~
Mithaldu
If they'd disabled hotword, then the phantom physical touch would still
happen, so literally nothing would've been solved.

~~~
pricechild
Sorry I wasn't clear enough making my point:

I'm surprised that the implementation of a (simple) physical button was done
badly.

I'm surprised that the (surely more difficult) hotword detection works so
well.

~~~
TeMPOraL
My guess is that location could have helped trigger the defect - assuming
they're using a capacitive touch button, then moist environment of a bathroom
isn't exactly helping (doesn't change that it's an implementation issue,
though).

~~~
joezydeco
Capacitive buttons are also highly sensitive to noisy ground busses. A cheap
power supply can make one go haywire.

Want to bet the developers all had good clean power while the production units
got cheap Chinese bricks?

------
stefanwlb
That's cute, you think it was an error or mistake that it happebed. Instead,
the only mistake that occurred was that you could see what it had been doing
this whole time. But don't worry, the next box they send you for free, one in
which this "mistake" can never happen will be arriving shortly!

