
Google’s Nest fiasco harms user trust and invades their privacy - johnisgood
https://blog.malwarebytes.com/security-world/2019/03/googles-nest-fiasco-harms-user-trust-and-invades-their-privacy/
======
baxtr
I have said this before: the reason why people find a hidden camera much worse
than a visible camera is simple. People aren’t dumb, they make _trade-off
choices_. Of course they could spy on you with a visible camera, too. But
either you know and don’t care and still buy the damn thing or you don’t.
Knowing means in this case being able to _make an informed_ decision. Not
informing customers about a camera inside a home device feels like they don’t
want you to consider this fact in your decision making...

~~~
jstanley
I agree with you in principle, but I think the Nest actually only includes a
hidden microphone, not a hidden camera.

~~~
akira2501
This is something I always ask people with those little "camera blockers"
attached to their laptops: "How do you block the microphone?" and "Which is
worse? Recording video of you all day, or recording audio of you all day?

~~~
smelendez
That's a good point. I think it varies from person to person.

Part of my reason for blocking video is I can never figure out when
videoconferencing tools will default to transmitting video, which I never
want, before I have a way to turn it off.

Also, I don't think I'm a high profile enough target that somebody would
bother sifting through everything I say in front of my laptop for something
interesting.

Capturing images every minute or so and looking for something embarrassing
(someone showing lots of skin) seems much easier for malware to automate.

~~~
trevyn
> _I don 't think I'm a high profile enough target that somebody would bother
> sifting through everything I say in front of my laptop for something
> interesting._

The threat model is closer to automated transcription, global history search,
and parallel construction.

~~~
smelendez
I think that would be hard to pull off in the US, where I live. There are
enough paranoid infosec people that would spot the data transmission or CPU
usage.

But certainly no harm done in muffling or ripping out a mic if you're
concerned!

~~~
pdkl95
Why would anybody bother trying to hide traffic? Lots of apps already waste
bandwidth and CPU to exfiltrate a wide variety of data, often sending it
straight to Facebook[1]. They simply relabeled it "analytics",

[1]
[https://media.ccc.de/v/35c3-9941-how_facebook_tracks_you_on_...](https://media.ccc.de/v/35c3-9941-how_facebook_tracks_you_on_android)

------
iforgotpassword
I suspect this is going to be an unpopular opinion, but I still don't get the
fuzz. People buy crap like Amazon echo left and right, and have been carrying
little computers with microphones and an internet connection around all day
for even longer. Apart from the fact that any sane person shouldn't trust any
google product value their privacy in the first place, how many people are
there consciously not buying a smartphone in fear of it being used to spy on
them, then go buy this nest product and feel safe about it.

I might be an asshole for it and rightly so get down voted, but I really feel
schadenfreude from this story. And maybe now some more people will learn their
lesson. You can tell a toddler a dozen times that the stove is hot. They
really only learn after they touched it once.

~~~
reaperducer
_little computers with microphones and an internet connection around all day
for even longer_

The difference is that we _know_ our phones have microphones and cameras and
internet.

The reason people are upset is because there was no way anyone would know they
added an internet-connected microphone to their home with this device unless
they opened it up and reverse engineered the firmware.

If anyone can prove that these microphones were turned on without the owner’s
consent — even just for “telemetry” or “quality assurance” — then criminal
charges will follow.

~~~
iforgotpassword
> The difference is that we know our phones have microphones and cameras and
> internet.

The question is, does that really matter? Isn't that just something you tell
yourself to feel like you're still in control, ahead of the game? I have two
colleagues who in general are pretty concerned with privacy, data protection
etc. but still bought an echo. Then countered my surprise with the same
argument: at least I know it's listening and how it works! Like somehow, that
knowledge makes you immune to the Problem. In reality, you don't suddenly
behave differently at home. You won't think twice before saying something. You
just managed to fool yourself enough to deal with that cognitive dissonance.

And I'm all for charges against google here, I mean I dislike them more every
day because of _something_ they did, including this story. It's just funny
that some people still think you can trust them in any way.

~~~
ncallaway
> The question is, does that really matter?

I absolutely think it does.

I have also bought an Amazon Echo, but I unplug it when it's out of use for
extended periods of time.

I wouldn't purchase a similar product from Facebook, because I trust Amazon
with my personal data more than Facebook.

I've never purchased a Smart TV that contains a microphone.

Just because I make some decisions _you_ disagree with in balancing my privacy
and convenience trade-offs doesn't mean I should be prevented from making
those decisions at all.

~~~
reaperducer
_I have also bought an Amazon Echo, but I unplug it when it 's out of use for
extended periods of time._

I was given a Google Home for Christmas, and won't even take it out of the
box. I'd give it away, but that not really solving the problem.

 _I 've never purchased a Smart TV that contains a microphone._

My LG has one in the remote control. But I disallowed the TV from my home wifi
about a year ago. I don't trust LG, and looking through the 53 screens of
Terms of Service LG thinks need to agree to just to watch TV, I probably did
the right thing.

~~~
glennpratt
> I'd give it away, but that not really solving the problem.

This implies that your moral judgement must apply to whoever you gave it to.
Why?

------
xg15
> _While collecting data on users is nearly inevitable in today’s corporate
> world, secret, undisclosed, or unpredictable data collection—or data
> collection abilities—is another problem.

A smart-home speaker shouldn’t be secretly hiding a video camera. A secure
messaging platform shouldn’t have a government-operated backdoor. And a home
security hub that controls an alarm, keypad, and motion detector shouldn’t
include a clandestine microphone feature—especially one that was never
announced to customers._

This sounds too much like trying to move the overton window for me. If the
next generation of smart devices is advertised as "no hidden cameras and
microphones! (we'll just spy on you with the _visible_ cameras and
microphones)", I don't think this would be a win.

~~~
renholder
> _If the next generation of smart devices is advertised as "no hidden cameras
> and microphones! (we'll just spy on you with the visible cameras and
> microphones)", I don't think this would be a win._

Agreed but we have to consider that it's entirely plausible that we're in the
minority in this line of thinking.

~~~
xg15
True of course, but what specifically makes you think that?

------
cascom
These companies want it both ways - they hide behind their terms of service
etc. saying consumers should actually read this stuff and be inforned, and
then when they get busted for failing to disclose something it’s “oops, our
bad, we didn’t think anyone cared”

------
starky
Are these Nest products sold worldwide? I recently worked on a product that
included a microphone as an integral feature and we were told that in order to
sell it worldwide we had to include a physical disable switch for the
microphone in order to be able to sell it in multiple countries. Even though
nobody who ordered the product would ever disable the microphone. How does
Google get around selling their devices without even announcing there is a
microphone in it?

~~~
dawnerd
No different than a lot of products with microphones that are sold worldwide
with no disable switch. Sounds like you had a product manager or someone that
just really wanted a switch.

------
scarejunba
I am quite convinced that consumers don't care all that much. I certainly am
not. I trust Google not to fuck with stuff. When they do, I'll kick up a fuss.

The degree of "you should be panicking" around this is annoying to me.

~~~
notatoad
Yeah, this doesn't seem like a big deal to me, and i haven't seen any outrage
from actual customers of the product. All the outrage seems to be coming from
bloggers who are taking this as justification for their existing "google is a
privacy threat" stance.

------
baybal2
I think that experience with abandonware will for long scare away regular
people from all that IOT stuff.

My own position has for long been that all that IoTness needs to be
"invisible," or otherwise it turns the thing into an annoying toy:

I've seen people throwing away their smart assistants already. A lot of people
get quite surprised that the famed speaker is far more than just a speaker and
tries to insert itself into your breakfast conversation. And those annoying,
repeated "Internet connection failure," I think a few people threw them out
just because of that.

------
IshKebab
There was a perfectly good reason for the microphone to be there, and there
was a good reason why it wasn't mentioned (though it probably should have
been). I'd hardly call the event "trust shattering".

~~~
nabakin
I agree they were being dramatic, but Google still violated the trust of many
people. Accidentally or not.

------
willart4food
As long as "It's better to apologize later than to ask permission" is free or
cheaper than doing the right thing, this is what we get.

------
bg24
A product release in an established organization goes through legal checklist.
It could have been one of those “our checklist for search, chrome, nest etc.
can be same”. I am not defending nest. Just saying that sometimes these get
bypassed, people move to other jobs, new folks come in, someone finds out and
damage control begins.

------
chopin
Google should put its actions where its mouth is: can I return the device and
get a full refund?

~~~
trimbo
Call and ask?

~~~
chopin
I don't own one :-).

Edited to add: A bold move by Google would be a public announcement that you
may return the device for a full refund.

------
tehlike
We are at the last decades where privacy is somewhat possible. It is downhill
from here.

------
ReptileMan
Let's start with the obvious question - why all of those sensors require
internet connection AND accounts. Seems absurd.

------
hgjwq
>“The on-device microphone was never intended to be a secret and should have
been listed in the tech specs,” a Google spokesperson said. “That was an error
on our part.”

I don't know, it sounds believable. Maybe they put it there "just in case",
but didn't want to put it in the list of specifications because it had no
software support, and having it there would've mislead customers who could've
thought the microphone was functional software-wise.

~~~
FakeComments
“Unexpectedly smart” and “hidden, software enable-able features” are both
anti-features of security hardware.

I don’t think Google deserves the benefit of the doubt anymore: these untruths
happen with _every_ product, and they’re _always_ in Google’s favor. There’s a
consistent pattern of Google specifications, documentation, etc being
knowingly untrue.

The only “error” is Google got caught deceiving people, again.

~~~
eli
What do you think was the secret nefarious purpose for this hardware?

~~~
rum3
To develop some opt-out feature in the future that will record audio as often
as possible, activated by an update with this information hidden behind a long
wall-of-text terms of service that nobody will read.

------
skookumchuck
Cameras and microphones must come with physical switches to turn them off, not
software switches.

~~~
upofadown
The OpenBSD people implemented an interesting insight recently. Now a
microphone attached to a OpenBSD system does not work by default. You need to
actively turn on a sysctl as root to activate the microphone. So to get
eavesdropping access on a default OpenBSD system you need to root the system,
which makes that access somewhat harder to obtain.

The moral here is that microphone access should be treated differently than
access to the rest of the audio system. You can get more protection through
software than we normally get.

~~~
skookumchuck
Any software switches can be subverted by malware. But not physical ones.
Physical switches and a light (like video cameras used to have when recording)
are simple, cheap, and effective. I don't understand why companies don't add
them to allay their customers' fears.

