
Google says Nest’s built-in mic not listed in specs was not meant to be secret - temp1928384
https://www.businessinsider.com/nest-microphone-was-never-supposed-to-be-a-secret-2019-2
======
userbinator
Having worked at large companies before, I'm almost certain that more than one
person working on the product raised the point "this has a microphone, why
isn't it documented?" or "this has privacy implications", but was silenced.

(Or it could be that everyone working at Google has been carefully chosen to
not have such concerns; I do get that feeling sometimes too.)

~~~
illumin8
Contrast this to Amazon: during design of the original Echo at Lab126, an
engineering discussion took place where they determined that implementing the
mute function in software would be less expensive in terms of component
requirements than implementing a physical disconnect of the mic circuit.

The engineering team refused to take the less expensive route, and insisted
that the mute button physically disconnect the circuit, so that no future
engineering team could decide to stealth "unmute" the microphone through
software.

To this day, you can disassemble an Amazon Echo device and you will find a
physical disconnect of the mic circuitry when you push the mute button. Don't
want an "always listening" smart speaker? Just keep it muted, and a red LED
circle informs you that the mic is physically disconnected.

I'm proud of the approach that Amazon takes to privacy. Privacy of customer
data is considered the most important thing to Amazon, and this customer
obsession (the #1 leadership principle) permeates the organization.

Disclaimer: I'm a principal engineer at Amazon.

~~~
dantillberg
In this story, it was only _lower-level_ engineers that took a stand for user
privacy. It was them against everyone above them at Amazon. Doesn't sound like
Amazon-the-company deserves credit.

Update to clarify reasons for this characterization: Parent used the words
"refused" and "insisted," which strongly suggest conflict between the pro-
privacy engineers and others at Amazon involved in the project. And "so that
no future engineering team could decide to stealth 'unmute'" suggests a lack
of trust in long-term company management. Nothing in this story supports the
later statement that "Privacy of customer data is considered the most
important thing to Amazon."

~~~
illumin8
The company fully backed their decision. They did not have to fight anyone.

This type of product design decision happens all the time. Whenever you're
considering component costs, you have to evaluate all of the options. You're
mischaracterizing it as a fight between engineers and management.

------
est31
Oh wow, this is amazing. There's been a lawsuit in court about someone in
Germany who sued their landlord because the landlord has put a Google Nest
fire alarm into their flat against their will, ignoring offers by the renter
to put in a non-google-non-iot fire alarm at the renter's expense. The
landlord won because apparently the court was not convinced that the fire
alarm could spy on conversations [1]... What would have happened if Google had
secretly put a microphone into their fire alarms as well, not just their home
security system?

[1]:
[https://www.bundesverfassungsgericht.de/SharedDocs/Entscheid...](https://www.bundesverfassungsgericht.de/SharedDocs/Entscheidungen/DE/2015/12/rk20151208_1bvr292115.html)

~~~
cbg0
> What would have happened if Google had secretly put a microphone into their
> fire alarms as well, not just their home security system?

You could have found it by dismantling the device and the renter would have
won their case against the landlord.

~~~
jve
I hope you all know that Nest fire alarm aka Nest Protect v2 features
microphone for automatic sound (health) checks.

~~~
xyzzy123
Yeah so the nest protect is, when you look at it objectively, a ceiling
mounted general purpose remote sensing package. It’s basically only lacking a
wide angle camera and I suspect that’s because they figured it would cross too
far into “creepy” for it to be saleable.

It seems to me like a team sat for a while, looked at all the possible ways
they could get people to mount a package like this in every room and settled
on calling it a smoke alarm.

At the most optimistic they started with a smoke alarm and gradually realised
they could build a general purpose platform based on the hardware being
deployed in lots of rooms and many types of sensors being dirt cheap now.

Decided they could enable new capabilities (and data goldmines!) in software
later.

It’s a pity there’s not an actually customer controlled version of it.

~~~
jve
Are there any alternatives to nest protect that would: Sense Carbon Monoxyde
AND smoke AND fire off some event to mobile phone via wifi/sms/whatever?

~~~
graeme
There's the first alert onelink. May have the same issues though, it has a
microphone and an alexa integration. Also support homekit, unlike the Nest
Protect.

Are there any best practices for using a device like this but not having it
communicate with the wider world? I.e. It can communicate with you via a
homekit hub, but can't connect outside your LAN

[https://onelink.firstalert.com/withalexa/](https://onelink.firstalert.com/withalexa/)

------
strictnein
Infosec dramas are getting more and more tiresome. Between this and the
Singapore Airlines story, it just seems like people need to ratchet everything
up to 11.

You have two options, choose one:

\- 1. Google wants to spy on you with a hidden mic

\- 2. They had future plans for the mic, but it was disabled, so it wasn't
mentioned by the marketing department

For the Singapore Airlines story, you have two options, choose one:

\- 1. Singapore Airlines wants to record you

\- 2. The infotainment devices in the seats are just off the shelf Android
devices

One option gets you lots of clicks and let's the infosec drama crowd tweet
obnoxious things and sound insightful. The other is the pretty obvious
explanation.

~~~
dnbgfher
For Google, I'm not sure how option 2 is supposed to be acceptable either. It
is perfectly reasonable to be concerned about introducing an internet-
connected microphone into your house. It doesn't even require assuming a
malicious Google to see potential problems with this. You're one decent
security flaw (in an IoT device no less) from anybody having a microphone in
your house.

~~~
est31
> You're one decent security flaw (in an IoT device no less) from anybody
> having a microphone in your house.

Many people already have Android smartphones, so there is already a Google
microphone in your house. The big difference is that you _know_ that it has a
microphone.

~~~
skookumchuck
The smartphone requires a battery, which drains away noticeably if it is
sending all your conversations. The Nest is connected to the house power, so
it can stream audio non-stop.

~~~
jannes
Are you sure about that battery drain?

A malicious actor could easily conceal their activity by making 24-hour-long
recordings and sending them in the night (or whenever connected to WiFi and
plugged into power).

~~~
cesarb
The main trick smartphones use to have their battery last long enough, is to
power off every piece of hardware that's not in use, for as long as possible.
Doing a 24-hour-long recording would require the main CPU to be awake far more
often than usual (and in fact, I would suspect it would have to be pretty much
constantly awake, unless the phone had a large dedicated hardware buffer for
the recorded audio samples).

------
atemerev
One would have thought that in post-Snowden world, such reassurances would be
completely unacceptable. Yet many people even here are dismissing the case
with the "conspiracy" catch-all label.

~~~
fixermark
If there's one thing we've learned from post-Snowden world, it's that most
people don't care enough to dodge the surveillance because most people didn't
respond by voluntarily throwing out all their computing devices, smartphones,
ISP service plans, etc.

~~~
krapp
Another thing we've learned from the post-Snowden world is that people invoke
the post-Snowden world as an excuse to abandon critical thinking and
skepticism and assume all conspiracies are valid, and often don't actually
understand what, specifically, Snowden did and didn't demonstrate. People
still believe the PRISM program was about companies giving the NSA direct and
unlimited backdoor access to their databases, and that every logo on a single
slide is more or less an NSA front.

It's a similar phenomenon to the "post-Hilary" world of the Wikileaks email
docs. People assume there was hard evidence proving a criminal conspiracy by
the DNC to rig the election _somewhere_ in there... mostly because that's what
other people told them. Not because they've bothered to look.

People's cynicism has led them to put more trust in the metafictional reality
of leaks than actual reality. Which, ironically, makes them easier to
manipulate even as they believe themselves to be somehow above indoctrination
and control having reached enlightenment through the "Snowden revelations."

~~~
flycaliguy
My take away from the Snowden leaks was basically non-technical and simply an
appreciation for how public-private partnerships have assembled a new sort of
surveillance industrial complex. One which resembles the military industrial
complex and may in the future even replace it? It felt like a warning along
the lines of Eisenhower and even Snowden’s role as a whistle blowing
contractor felt symbolic of our government’s diminished role in it all.

Would you consider that as misguided? It certainly encourages a general
distrust of all those company logos in the slides.

~~~
krapp
I would consider it misguided to assume that one can determine whom to trust
and whom not to trust based on whether or not their logo appeared on a slide
leaked onto the internet, yes. I would also consider it misguided to
implicitly believe stories that conform to any particular ideological bias,
because misinformation, manipulation and deception can take place everywhere.

It leads to things like people implicitly trusting DDG because they weren't on
the PRISM slide, or implicitly trusting Facebook and Reddit because they
aren't the "mainstream media."

------
pdkl95
> It also said the microphone was originally included in the Nest Guard for
> the possibility of adding new security features down the line, like the
> ability to detect broken glass.

Detecting broken glass with a microphone? Does the device even have enough CPU
power (and RAM) to add advanced advanced audio processing features? Or was
this going to upload the audio to Google's servers to do the work? If it's the
latter, that would necessarily[1] require uploading audio _without_ a wake-
word trigger.

Either they just admitted to wanting always on microphones in the home, or
they are blatantly ling about why the microphone hardware was included.
Designing hardware for a large market usually involves a _lot_ of value
engineering to reduce the number of parts or replace a feature that requires
expensive parts with a functionally similar design that is cheaper. Saving
$0.01 (or less) by removing an optional resistor doesn't sound like a lot, but
it adds up if you're selling >100k units. A microphone is _much_ more
expensive[2]. A part that costs $0.366 (or more[3]?) needs a good reason to be
included, and "for the possibility of new features" isn't good enough. So what
was the _real_ intended use that justified including a moderatly expensive
part?

[1] The robber about to break your window isn't going to call out "Ok, Google"
first so the Nest Guard knows it can upload an audio clip.

[2] [https://www.mouser.com/Electromechanical/Audio-
Devices/Micro...](https://www.mouser.com/Electromechanical/Audio-
Devices/Microphones/_/N-awp4b/?Ns=Pricing|0)

[3] $0.366 when buying >10,000. Up to $0.75 in lower quantities. (prices from
a random example: [https://www.mouser.com/ProductDetail/DB-
Unlimited/MO064402-4...](https://www.mouser.com/ProductDetail/DB-
Unlimited/MO064402-4?qs=sGAEpiMZZMtcsMZaWNSquyIpiU55CdOlgUxGjuk%2fltGvCULOk0lGsA%3d%3d)
)

~~~
jonas21
You don't need "advanced audio processing" to detect a glass window breaking
because it is loud, and has a distinctive spectrogram. It's a lot easier to
detect glass breaking than a wake word, and you can buy standalone acoustic
glass break sensors for under $30.

[1] [https://www.amazon.com/Honeywell-Intellisense-
FG-1625-Acoust...](https://www.amazon.com/Honeywell-Intellisense-
FG-1625-Acoustic-Glassbreak/dp/B003V1BGT4)

~~~
pdkl95
Ok, so it could at least plausibly have been local processing. I haven't been
able to find out what kind of CPU/etc is in the device, and most of the
features would have been easy to implement on the almost any hardware. It
would have been even stranger to _also_ include a powerful (expensive) CPU to
do a bunch of audio processing, but if there are techniques that work on $30
devices, that opens up a much broader range of cheaper hardware.

(I still think it's insane that the bean counters and value engineers let them
include a microphone that wasn't needed.)

~~~
baobrain
> I still think it's insane that the bean counters and value engineers let
> them include a microphone that wasn't needed.

Having worked on hardware products, the features planned sometimes (even
often!) change _after_ the hardware has been prototyped and an initial
production order has been placed. It is cheaper to simply not ship the feature
than it is to change the board.

Many in this comment section do not really seem to have much experience with
hardware. It is fairly common for products to ship with unused hardware and it
much more believable than malicious intent, especially given how disorganized
Google is internally.

------
atoav
What never ceases to amaze me, is the absolute inability of companies like
google to understand what their actions look like for somebody who is
concerned about privacy.

Maybe they understand and do not care, because there are many vocal critics.
But having a microphone in a product and not disclosing it? If not even google
can keep track of what they _should_ tell us, how on earth do they think they
deserve trust?

~~~
kmlx
who's "concerned about their privacy" and why?

~~~
atoav
Privacy is a important factor in the stability of free democratic societies.

Today we have a asymmetry of transparency: institutions and companies are
intransparent while the individual isn’t. This assymetry in information
translates into an asymmetry of power.

The traditional way citizen of free societies dealt with asymmetries of power
was to divide them.

A government could easily sentence and jail anybody if it weren’t for some
strangely roundabout rules that made this hard.

The privacy movement is part of a powerplay between individuals and entities
that go beyond single persons.

Of course you also have those who think it is about their dick pics..

------
jrowley
It’s really sad to see companies like google buy companies like nest, or more
recently amazon and eero. These little companies build fantastic devices, then
the companies get acquired and the elegant products get mutated to serve their
new owners. Finally a new player enters the market and the cycle continues.

~~~
sametmax
What's sad is that those companies accept. I have been offeredd job interviews
at google and facebook and politely refused.

Yes, millions are a much bigger temptation, but you still have a choice. In
the hand, either they decided those companies where matching their ethics, or
they gave up on ethics for money.

Given our entreprenarial culture, is that surprising ?

~~~
chimen
Often, the offer is much harder to pass. "We will buy you or we will build a
better you and destroy your business" \- it's not just a money offer to refuse
when you think about it. Part of the decision process is also the feeling that
a huge company wants to enter the market with the same product. Can you
compete?

~~~
bpye
An example that went the other way? Snapchat. Facebook just made their own.

------
xvolter
It wasn't listed in tech specs, but it was never hidden or kept secret. It
probably could have been more explicitly detailed, but in the FAQs for the
Nest Secure it even tells the user:

> Can Nest Secure detect breaking glass? No. We’re working on bringing glass
> break detection to Nest Guard, the main hub of Nest Secure. Nest Detect, the
> open/close motion sensor, doesn’t have a microphone, so it can’t detect
> breaking glass. But its motion sensors can detect movement by intruders as
> well as when a door or window opens and closes depending on how it's
> installed.

[https://nest.com/support/article/Frequently-asked-
questions-...](https://nest.com/support/article/Frequently-asked-questions-
about-Nest-Secure#secure-glass)

This was listed before this big announcement.

------
mrb
Fun fact: any device with a speaker can be turned into a microphone because a
speaker is fundamentally the same thing as a microphone (a membrane connected
to a coil/magnet).

~~~
randcraw
Yes, any speaker can become a mic, but only if you plug it into an amp's input
channel. Unfortunately for the CIA, they're all plugged into _output_
channels.

~~~
throw082
input and output channels are not always physically different pins, sometimes
it's just a software configuration. see
[https://news.ycombinator.com/item?id=13014435](https://news.ycombinator.com/item?id=13014435)

------
wpearse
I wonder if Singapore Airlines has something new to say about the cameras in
their IFE system?

[https://twitter.com/vkamluk/status/1097008518685573120](https://twitter.com/vkamluk/status/1097008518685573120)

~~~
craftyguy
Of all places to 'spy' on folks, on a cramped airplane seems like the worst.
Most people will be 1) asleep, 2) pissed off, 3) eating shitty food, 4)
watching bad movies. It's likely that they decided to shove in some cheap
android tablets that someone else sold them. It's unlikely that they are
actively watching everyone, though the possibility of them switching on the
camera to watch/record you shifting in your seat to get away from your
neighbor trying to use your shoulder as a pillow is always there.

~~~
kalleboo
I used to go to a gym where the exercise machines all had Windows tablets
built in. They all had a camera and Skype installed. I'm still curious who
ever wants to Skype all sweaty during an exercise, but probably the same
person who wants to Skype on an airplane.

~~~
userbinator
_I 'm still curious who ever wants to Skype all sweaty during an exercise_

Maybe a variation of this old meme might help explain: "The great thing about
going to the gym isn't exercising, it's showing everyone online that you did."

------
netwanderer3
I love Google for the service values they provide, but if this were to come
from another company then I might have believed it was in fact an error.

Privacy has always been an important factor when people consider any Google
products, and they are fully aware of that so this topic must have always been
on their list of priorities. For a company like Google with rigorous
testing/approving processes in place before a product is even launched, to
come back and say that it was an accident is pretty hilarious, though
realistically what else could they have said?

I still like them. It's a love-hate relationship, we have passed the denial
phase and entered the acceptance stage long time ago.

~~~
beatgammit
Why does Google get a pass? They're an advertising company, and listening to
conversations is _very_ relevant to that business model.

In fact, I think it's _more_ plausible that this entire foray into IOT is to
collect even more data for use in advertising (e.g. get more microphones in
more places). Why else would an advertising company get into such a wide array
of businesses?

Yes, their products are convenient and typically get good QA testing, but
there's still no way I'll be convinced that they're not trying to get as much
data as possible to contribute to their core advertising business.

------
mimixco
And if they later activated the microphones through a software update and
didn't tell anyone, I guess that would be an "error," too.

------
bb88
Mods,

Can you change the title to say "Nest Gaurd's", because this has nothing to do
with the Nest Thermostat, which is called, "Nest".

~~~
circa
Yeah, I was worried it was the thermostat too. Hopefully that day will NOT
come when they tell us all their products have microphones in them.

------
uberman
Will they recall the product or offer a replacement without the mic? If not,
they are not sorry, the breaking glass claim is false and this invasion of
privacy was always the intent.

------
throw2016
This thread has been comprehensively derailed and is an embarrassment to
informed discussion. Imagine if a major Chinese firm had 'forgot' to document
a microphone, how many people here would be making excuses? This is an
astonishing reflection of the quality of technical discussion.

Anyone who is even remotely familiar with hardware design will know this
cannot be an accident in any way and form. It's there because its designed to
be there. The fact that its not documented takes it firmly in the territory of
extreme malice and dystopic surveillance unconstrained by any ethical
concerns.

The only folks for whom this is not a concern are those unburdened by any
sense of societal or ethical concern. They represent those sections of the
tech community who have zero compass or qualms and do not see any problem
building a toxic dystopic society.

------
darkerside
Literally, "Oh, we're sorry. We thought it was obvious we were spying on you
by now". Guess their conditioning program isn't yet complete...

~~~
fixermark
When a person hires a personal assistant, the person doesn't generally turn
around and accuse the assistant of spying on them because the assistant
listens too attentively.

~~~
darkerside
The Nest is not a personal assistant like the Google Home. It's a thermostat.

~~~
xvolter
The microphone is not part of the Nest thermostat, it's only part of the Nest
Secure, the keypad which is included as part of the Nest Guard.

------
_RPM
And most of the rich people in my neighborhood have complete voice devices in
their homes, Amazon’s device and Google’s I refuse to have these devices in my
home regardless of how cool they seem.

~~~
criddell
What event down the road do you think will vindicate your decision? How do you
think your neighbors will be harmed?

~~~
StanislavPetrov
Some people have no problem putting a little webcam in their toilet bowl so
that the world can watch them eliminate every morning. Personally I prefer to
keep my business private. I don't need any "vindication" to be happy with my
decision to protect my privacy. If you don't understand the value of privacy
nobody can explain it to you - but they may watch your morning broadcasts.

~~~
criddell
You don't see any difference between people getting a Google-connected device
(like a Google Home or Pixel phone) and those that install a public webcam in
their bathroom?

~~~
StanislavPetrov
The Google-connected monitoring device is arguable much more intrusive.

~~~
criddell
It's almost as bad as a smartphone with Google's software installed.

------
mdekkers
Now I'm going to have to take my Google Wifi points apart to check for
"forgotten" microphones

~~~
handzbagz
If you've got Google wifi points in my opinion you're simply inviting them to
spy on you anyway.

------
brisance
At the bare minimum Google should offer a full refund for those who bought a
Nest Guard. This could be covered under the breach of implied warranty of
"fitness for particular purpose", where the purpose is "to purchase a device
and having a reasonable expectation of being free from surveillance".

------
gerash
Placing an inactive mic does raise questions naturally but shipping updates to
hardware is not easy/possible. So you'd want to future proof your hardware
throughout its lifetime. Had Google announced in their marketing that there's
an inactive mic there, it would've become the only focus by the louder
segments of the media. Whether or not it would ever be activated.

Perhaps had Google assistant been more useful, fewer people would've felt so
upset. The mic can also be used to detect broken glass, etc.

------
0x262d
ahh, hate it when the company whose business model is to spy on me
accidentally forgets to mention they put a microphone in my home security
device!

------
dmitriid
> “the revelation is especially problematic for the company that blah blah
> blah”

How is it problematic? What exactly will change? Customer’s will abandon
Google’s products? Google will stop this practice?

There will be exactly zero repercussions, and more “ooops it’s an error we
never meant it to he a secret” down the line.

------
vectorEQ
it wasn't meant to be secret. it just happened to turn out that way. so weird
huh? sorry guys!

------
distant_hat
I wonder how would people react if it had an undisclosed 360-degree IR camera
with LED.

------
2sk21
Sounds familiar: [https://ca.news.yahoo.com/singapore-airlines-passengers-
unse...](https://ca.news.yahoo.com/singapore-airlines-passengers-unsettled-
cameras-073029950.html)

------
sitkack
We need an IOT protection bill that starts with labeling.

    
    
        * sensors
        * endpoints it talks to
        * update timeline
        * security protocols and device specific passwords

------
jerkstate
Couldn't read the article due to adblocker, but I assume the mic was for
home/away detection. Is there any evidence that it uploaded audio?

------
eternalban
This remind of the wifi sniffing "mistake" of Google. What other "mistakes" is
Google making?

------
vetler
So no one opened up one of these and looked at the components?

~~~
mateo1
Just like many physical and non-physical (software) products, very often,
_literally nobody_ reviews/verifies/checks them.

Google will learn from this mistake, and next time they'll use a fancy MEMS
microphone or a similar technology and place it inside a semiconductor
package.

When do you think such a feat will be discovered by independent researchers?
Probably never.

~~~
freeflight
There's also the reality that they can simply change the components/layout
without ever telling anybody about it.

People just keep buying the same boxes without even being aware that the
hardware inside these boxes might be completely different revisions.

Who's to say that future batches of Nest won't have cameras added for "future
use"? Who's gonna go through the effort of checking every fresh batch of Nests
for revisions like that? And what are the chances of actually catching it when
it's only rolled out in small batches?

~~~
mateo1
Good point. I'd like to also mention that it is possible for companies like
Amazon to "personalise" orders before they are shipped.

------
amelius
That's bad, but remember that every smartphone has a microphone built in ...

~~~
beatgammit
Only two more months until Librem 5 launch. Yes it has a microphone (it _has_
to), but it's _far_ more trustworthy than any other smartphone from a privacy
perspective.

------
ewoodrich
*Nest Guard

