
Project Alias hacks Amazon Echo and Google Home to protect privacy - jbredeche
https://www.fastcompany.com/90290703/this-is-the-first-truly-great-amazon-alexa-and-google-home-hack
======
maybelater
This thread has gotten long, so here's a summary:

\- There is not evidence that these devices record and transmit without an
activation word triggering this behavior \- However, there is nothing to stop
companies from breaking this assumption \- Some people think the risk of one
of these companies flipping a switch and recording everything is negligible \-
Some people think the risk of one of these companies flipping a switch and
recording everything is warrants serious concern \- These two groups will not
agree, and that's fine :)

~~~
VMG
I still don't get why a stationary assistant would be less trustworthy than a
handheld phone. Shouldn't both devices be equally suspect?

~~~
mcny
It's like in school where there's an advantage/disadvantage question and I
only know one thing: I wore the same thing as advantage and disadvantage.

The advantage of a stationary device is you don't have to charge it. It is
always connected.

The disadvantage is you don't have to charge it. It is always connected so the
engineers don't have to make trade offs they'd have to make on a battery
operated phone.

------
wrs
While I appreciate the sentiment...unless you actually think Google and Amazon
devices are recording irrelevant ambient sound deliberately (they aren’t),
this doesn’t help anything. Unless the software here is better than theirs at
recognizing the trigger word (very unlikely), there will be even more false
positive activations on this device than there are on the originals.

Edit: It’s very unlikely because Amazon and Google _pay_ for false positives,
so they have a strong incentive to develop really good trigger word detection.

~~~
heinrichhartman
> (they aren’t)

How do you know? And, how do you know they will not do this silently in the
future?

Also worse detection does not mean more false positives. Usually, you can get
the false positive rate very low by allowing more false negatives. In this way
you have a choice, how you want to trade-off. Without this device, you are
stuck with the choice that Amazon/Google make for you.

~~~
bussierem
> How do you know? And, how do you know they will not do this silently in the
> future?

Because it's a literal hardware limitation. The device is built in a way that
requires a wake word before any recording can possibly happen, thanks to it
being built with 2 separate control boards. If they ended up maybe changing
the wakeword to "the", then maybe they could "silently" listen to everything,
but that would be caught pretty quick because the device would be "lit up"
constantly (another _hardware_ thing), or someone would notice that it no
longer responds to "Alexa" or "Google".

Seriously, a lot of people on HN need to do their damn homework about these
devices before declaring them to be something they have been proven not to be.
Packet sniffing and hardware inspection both instantly disprove all these
conspiracy-theory nonsense claims that these devices are recording your every
word.

~~~
stronglikedan
> Packet sniffing and hardware inspection both instantly disprove...

I'm under the impression that packet sniffing is useless with end-to-end
encryption, but I could be wrong. I.e., you can tell that _something_ is being
sent, but you can't know what.

~~~
Arelius
The _theory_ is that we can still estimate how much data goes over the
network. So if it were sending all audio to the cloud, we'd see.

It does however not exclude other information, like sending keyword flags, or
storing audio fragments to send along with other messages later on.

~~~
dcbadacd
Neither does it exclude the possibility of any "time-bomb"-type of features or
future OTA updates altering the software's behavior.

------
creeble
I call it Misplaced Distrust.

Every cellphone in the world has a microphone that could be listening all the
time and sending data anywhere. So does most every computer. It's a better
threat vector by 1000x, more stealthy, easier to conceal traffic. But all
anyone ever talks about is a device designed to listen to you talk because
hey, so obvious, big brother MUST be listening in there!

~~~
philsnow
Cell phones have batteries, so it would be even less practical for phones to
be "phoning home" a stream of what's going on around it at all times than a
"smart speaker".

~~~
ProfessorLayton
And metered data. I would be _very_ aware if my phone was eating my data plan
via constantly recording audio. Even a measly 12kbps audio stream adds up to
nearly 4GB/mo if recording 24hrs/day.

Non-techie users would absolutely notice that their data and battery is being
used up in the background pretty quickly. Further, the cell networks simply
could not support that kind of usage from every single subscriber at the same
time.

~~~
dmix
Your phone could easily wait until it's on wifi to upload 24hrs worthy of
ambient voice data (which is only trigged by voice activation, so not a full
24hrs)...

The feds have been using cellphones as full-bore wiretaps since the early
2000s when they used it on mobster's "dumbphones". I'm sure they've figured
out clever exfiltration techniques on smartphones by now.

Especially considering how willing the ISPs/telecom companies are to bend over
backwards to hide surveillance. Even 3g/4g wiretapping is probably feasible.

------
goda90
So doesn't Alexa already not record until you say the trigger word? If we
don't trust that that is the case, then sure this device covers that, but it
doesn't change the fact that they are still collecting data on every command
you issue to the device.

~~~
lotu
That is correct! Google, Amazon, and Apple despite having vast resources don't
have the ability/desire to pay for the bandwidth, storage, and processing
needed to have 24/7 recording and analysis from every smart device, especially
when you realize that includes cell phones.

Also it is ironic because all modern cellphones have the whole smart speaker
thing built into them but people aren't freaking out about that in the same
way. (Probably because they haven't realized it. ¯\\_(ツ)_/¯)

~~~
ttul
This is similar to the issue of people being scared of radiation from cell
towers but somehow not freaking out that they have a transmitter in their
pocket that uses the same range of frequencies but at vastly higher power (due
to the proximity).

~~~
homero
Like the people that attack smart electric meters while they talk on their
cell phone

~~~
g45y45
Cell phones don't leak precise power signals that identify exactly what a home
user is doing. Smart Electric meters are absolutely part of the surveillance
capitalism equation. Power Analysis is a leaky side channel.

------
iratewizard
This is a brilliant idea. I'm curious about a lot of the implementation
specifics like how audible the white noise is in a silent room and what kind
of UX trade offs it brings.

~~~
Spellchamp
Yeah, I'm wondering how it should work when you say the wake word too. Like if
I say "Sister Assumpta, what's the weather like?" is it just going to repeat
the same command but replace "Sister Assumpta" with "Hey Google?" Thus slowing
the whole thing down?

~~~
entropicdrifter
Seems to me based on the description that it only says "Hey Google" to the
device and then lets your voice through by cutting off the white noise. That
would mean the only delay would be between when you say the wake word and when
Google starts listening.

------
hcurtiss
I'm curious whether it will handle the audio trigger as well as
Google/Amazon/Apple. It takes some pretty advanced audio algorithms to catch
"hey Google" in a busy kitchen. It would be pretty frustrating if this device
caused these devices to trigger even more inconsistently.

~~~
kuhhk
Ya, my echo devices can hear me across the kitchen, with people talking near
it, while the water is running, and the TV is on (in the distance). That's a
core feature for me. If this device dropped that capability, I'd rip it off in
a day.

------
whalesalad
Everything about this is radical aside from the way they made it resemble an
actual fungus growing on a device. This is the most extreme skeuomorphism I’ve
ever seen.

~~~
mnsc
And I love it!

------
WAthrowaway
You could also just not buy one of those awful things. I have _never_ seen a
legitimate use for it that wasn't misplaced adolescent tech fantasies (omg I
can tell big brother to make coffee and my keurig starts up!). But maybe my
line of business has made me excessively paranoid / niche

I would like to make an edit: functionality for those with disabilities is a
huge use-case I did not consider. Thank you for your insightful comments

~~~
decebalus1
I'm probably biased because I lived my early childhood behind the Iron Curtain
but I can't for the life of me understand why someone would buy these. The
cost-benefit is just not there.

~~~
pwython
I agree that your phone can delegate the same voice commands to your smart
devices or do Q&A, but some of these devices are also decent speakers to
stream music casually (eg. $75 Echo).

~~~
JeremyBanks
If you don't trust these devices, you probably wouldn't trust your phone
either.

~~~
pwython
And I have a feeling many people who make a privacy case against Echo/Home
forget that their phone does the same thing.

~~~
kennywinker
My phone is in my pocket, which signficantly degrades the audio quality of any
recordings. Same reason I have a cover over my laptop camera, but not over my
phone camera.

~~~
JeremyBanks
I've made several audio recordings with my phone in my pocket. Unless you're
very consistent with the pocket and placement of your phone, that isn't a
significant mitigation.

------
lftl
I love this idea. I've wanted to do something similar for a long time, but I
was thinking about building a home assistant where the always-on mic was a
complete separate board that only listened for wake words and had no internet
access. The main mic would only be powered on when the smaller board woke it
up. Alias achieves the same thing in a much simpler way to where I might
actually consider buying a home assistant now.

~~~
tantalor
Explain how this is an improvement?

~~~
hnnh44
I'm wondering this too.

Like hey, let's install some under developed AI from some unknown company with
unknown security policies on top of a device with access to hordes of personal
data and the ability to make transactions online.

No hacker will EVER think to use it as an attack vector /s

~~~
lftl
I didn't look into Alias deeply, but does it even have network access at all?
I don't see a reason it would have to.

~~~
kelnos
It needs it for setup (so you can set up the wake word using your phone), but
then after that it can be disconnected.

------
JoshTriplett
I'm much less interested in gating audio recording (which I have reasonable
confidence in the device itself doing) and much more interested in being able
to _use_ a device like this without turning on all of the various histories.
Google Assistant refuses to do most of its interesting functions (other than
trivial things like setting an alarm) without turning on search history,
location history, voice history, and various device information.

There's no good reason for it to require that information for a request like
like "play XYZ on YouTube".

~~~
ddtaylor
> which I have reasonable confidence in the device itself doing

A few horror stories related to Alex hint that it might not be doing a very
good job. The grammar/syntax it uses to wake is much more complex than what
Alias is proposing as a safe alternative. The most blatant example would be
the Portland, OR couple that found the Alexa device making phone calls to
people as they had a discussion near it.

~~~
bagacrap
I don't know about Alexa but Google Home always repeats back to me in a loud
and clear (and slow :( ) voice what it's about to do when I issue a command. I
have a hard time believing you wouldn't notice the device making a call. Even
if you failed to notice what the device was doing, the likelihood of this type
of mistake vs. the likelihood of a pocket dial seems relatively slim.

------
ape4
Do Alex and Google have software APIs? Can you make a hardware device (eg
Raspberry Pi) that listens for a wake up then sends to the API? Seems more
elegant.

As a bonus, maybe your device could understand "Alexa..." and "OK Google..."
and send to the relevant API. Use Alexa for shopping and Google for searches?

~~~
mLuby
Involves more trust. This has the elegance of not needing to trust the
megacorps any more than you care to.

~~~
amdavidson
How does this involve more trust?

With either Alias, or an homebrew solution you're sending the query portion
("How many teaspoons are in a tablespoon?") to the megacorp?

~~~
mLuby
Whoops didn't see this part, yeah you're right!

>hardware device (eg Raspberry Pi) that listens for a wake up then sends to
the API?

------
lqet
Hm, I don't quite understand how this works. So, if you say "Alias", then
Alias has a built-in speaker that whispers "Hey Google" (or the equivalent)
into the microphone. What if I start the question before Alias has finished
analyzing my speech and playing the "Hey Google"?

~~~
vthallam
For a pre-defined wake word, it should be pretty fast. It could also cache
your query if it is still waiting for google home's response.

------
squarefoot
Assuming they didn't do that already, a couple more mics in the device base
with noise cancelling circuitry if implemented the analog way or in software
will defeat this project in no time. I applaud the intent, but unless one
knows for sure how many mics are there, including tiny MEMS devices like
accelerometers that can be used as such, and can physically disconnect them
all, there's no way to know the device isn't listening.

------
MichaelMoser123
today I learned that rain forest fungi hack an ants brain and cause the ant to
spread the fungus further on. We live in a wonderous world.

Here it says the fungus is pulling this trick only on its favorite ant
species, amazing:

[https://www.livescience.com/47751-zombie-fungus-picky-
about-...](https://www.livescience.com/47751-zombie-fungus-picky-about-ant-
brains.html)
[https://www.sciencedaily.com/releases/2014/08/140825142124.h...](https://www.sciencedaily.com/releases/2014/08/140825142124.htm)

Wikipedia has a list of mind altering parasites; it turns out that this not a
unique hack. [https://en.wikipedia.org/wiki/Category:Mind-
altering_parasit...](https://en.wikipedia.org/wiki/Category:Mind-
altering_parasites)

Scary stuff, don't read HN past bedtime! It's probably more tricky to pull of
this trick with complicated brains, but who really knows how we tick and who
is running us.

------
cheriot
I'm more excited at the prospect of choosing my own wake word than the
privacy. Ok, Google is weirdly cumbersome

------
seheaven
Access to privacy equals business today. Therefore turning this "promise of
privacy" project over to the business sector would be a contradiction in
terms. Most of the world does not care that companies/governments have access
to their privacy. Snowden is a good example of this principle. The few that do
care would not be enough to sustain this "promise of privacy" business model.
Therefore the responsibility is upon each individual to make their own Alias
in order to protect their own privacy using this open source maker project.
Great work to all those that worked on the Alias project!

------
ars
This is going to mess up the voice detection. It's keyed off of the original
trigger word and knows who is talking to it so you get reminders and other
items specific to that person.

~~~
tylerhou
What’s to stop you from configuring it so it says “Hey Google” differently
based on the person talking?

~~~
thefreeman
Well for one you would need to build user identification into the speech
recognition on Alias which is likely a lot harder then just recognizing one
trained trigger word. Could be a feature down the line though.

------
LawnboyMax
This may be an interesting addition to some home assistant developed using
[https://www.home-assistant.io/](https://www.home-assistant.io/)

That is, use Google Home/Alexa/Apple Home for their speech recognition
abilities while ensuring it doesn't eavesdrop and works with any other smart
device that you have (e.g. there is no way to directly control Nest using
Apple Home).

~~~
kelnos
There's really no need for that. Google at least has a speech recognition API
that you could send audio to directly; no need to use a Google Home as a
middleman if that's all you want.

------
mikeyg
One thing that'd make this better is if it spammed garbage to poison their
data sets when not in use.

------
who-knows95
im confused, how are people arguing about if amazon echo or other smart
devices record conversation without the wake up prompt?

-[https://www.kiro7.com/news/local/woman-says-her-amazon-devic...](https://www.kiro7.com/news/local/woman-says-her-amazon-device-recorded-private-conversation-sent-it-out-to-random-contact/755507974)

amazons statement is:

“Echo woke up due to a word in background conversation sounding like “Alexa.”
Then, the subsequent conversation was heard as a “send message” request. At
which point, Alexa said out loud “To whom?” At which point, the background
conversation was interpreted as a name in the customers contact list. Alexa
then asked out loud, “[contact name], right?” Alexa then interpreted
background conversation as “right”. As unlikely as this string of events is,
we are evaluating options to make this case even less likely.”

-[https://www.theverge.com/2018/5/28/17402154/how-to-see-amazo...](https://www.theverge.com/2018/5/28/17402154/how-to-see-amazon-echo-alexa-conversation-recording-history-listen)

amazon

"For these instances, Amazon claims that the devices were likely triggered by
false positive commands."

in my mind, it's not a question of if the device is recording you, because
that's exactly what it's made for. it's a question of, if the company or even
worse, govt. want to use these devices for spying or info gathering.

we already know the NSA has back doors and exploits they explicitly decide to
keep open so they can access devices for information gathering i.e spying.

-[https://www.wired.com/story/eternalblue-leaked-nsa-spy-tool-...](https://www.wired.com/story/eternalblue-leaked-nsa-spy-tool-hacked-world/)

so, i feel if you don't wish to open yourself up to the idea of a device
spying on you, that's perfectly acceptable.

------
lazyjones
Perhaps someone will build a little robot that listens like this Alias, then
takes the Alexa/Home out of a soundproof box (or just opens the box) and
passes on the commands, then closes the box again. That'd get rid of the
static...

------
bhhaskin
This is a fantastic idea! Although it is pretty sad that it is needed in the
first place.

~~~
sidibe
It's not needed

------
garysahota93
From my understanding, just because these devices are always listening,
doesn't mean they are always recording. Only when you say the wake word do
they start recording and only that information is used for advertising/etc.

Right??

~~~
TaylorAlexander
It’s a closed source device with an always on internet connection and it
silently accepts software updates. So... maybe? Certainly that is how they are
marketed. But is that really how they behave? Does the software accept a
command that would have it send back additional data on command? Could we
know?

------
clebio
Or just don't buy one in order to hack it and instead start with a project
that supports these goals at its core.
[https://mycroft.ai/](https://mycroft.ai/)

~~~
Krasnol
Does it allow you to change the name you call it now? Last time I looked at
it, the dev wanted to know how much I was ready to pay for the feature...

------
warkdarrior
I bet Echo and Home could be reprogrammed by Amazon/Google to listen all the
time, learn what the Alias trigger word is, and speak/replay that word for the
Alias shell whenever they feel like.

~~~
kelnos
That's not how this works. Alias plays white noise into the Home/Echo speaker
so it _can 't_ hear what's going on, unless you first speak the Alias' wake
word, which causes it to activate the Home/Echo and allow speech through.

------
fixermark
This is an extremely clever solution to the trust question for people that
trust the company with their query data but not with every snippet of raw
audio that could float through their room.

------
usefulcat
So the market for this device is.. people who care enough about privacy to buy
this device, but not enough to forgo using an Echo or Google Home in the first
place?

------
dinujohnk
This can be seen as a step towards privacy hardware. Maybe a special hardware
to protect the privacy of people who uses this kinda of gadgets

------
michaelmior
Of course now I need to trust the Alias device. That might very well be a good
tradeoff, but there's still something always listening.

~~~
StavrosK
Except now you can audit the software and not connect it to the network at
all.

~~~
michaelmior
Good point if I set up the Pi myself, but it's unclear if this will apply to
the device if it gets produced commercially.

~~~
StavrosK
Even if it gets produced commercially, no network access means no problem.

~~~
shagie
In the “let’s go down the what could be done” path...

No network accesss doesn’t mean no access to the outside world. “Alexa, tell
some tracker that ...” when you are asleep. And how many people audit their
past activations on the Alexa app?

No, I don’t believe this would be the case... I have half a dozen Alexa
devices of various builds, a google home (that is currently powered off) and
some iDevices plugged in for hey Siri in different rooms.

The thing I was trying to point out though is that no network access is not no
outside world access for this device. And if one is paranoid enough to desire
this device, then the device itself should be worried about.

And yes, with the right software, it could be reprogrammed via voice too.
“Alexa, read some reprogramming site”.

The only acceptable solution is to make it yourself and audit the code
yourself if you are concerned enough to desire it in the first place.

------
_____bee_____
Snips ([https://snips.ai/](https://snips.ai/)) can be a good alternative

------
crankylinuxuser
The project seems really cool, but...

This is like putting gold leaf on a turd. The companies in question treat
users like datamines to be stripmined and left. These are listening posts that
books like 1984 talked about. Yet unlike the stories of them being "placed",
they're being sold to the gullible public who clamor to get the next version.

Echo&GHome < Project Alias < Not buying one at all

------
sabujp
tldr; uses raspberry pi to continuously feed the smart speaker white noise
until it receives your new keyword, "ok alias" or "ok computer" or whatever. I
think it's cool, there have been countless times when I didn't even say "ok
google" and it has randomly woken up

------
SmellyGeekBoy
I get that this is an art project, but I think it would be more effective as a
privacy device if it inserted a switch inline with the microphone, doing away
with the "white noise" entirely. :)

~~~
Lizzo
Are you implying that turning off the mic stops it from listening? If they're
gonna steal your data they're gonna do it properly

------
bArray
In the article, `raspberry pie` -> `Raspberry Pi`

------
cordonbleu
this is the source[s] released by amazon. no warantee from me , these are
suppossed to be every version of all alexa interface devices source so far.

[https://www.amazon.com/gp/help/customer/display.html?nodeId=...](https://www.amazon.com/gp/help/customer/display.html?nodeId=201626480)

------
vectorEQ
"Project Alias offers an independent layer of protection to any privacy-minded
person"

how>? that makes no sense. only because it wakes it for you? i think its good
that you need to talk to google or some company, at least then you have an
honest picture where your data goes :D. most useless machine in the world,
apart from the damn home-AI nonsense itself :D

------
justtopost
I still think voting with your wallet and not buying the devices is the better
tack. This just normalizes the notion that they are always listening, qnd the
best we can do is pay for the hardware and then hack around it? Bollocks.

------
throw7
Well, props for trying to fix these assistants, but i'm not gonna pay more for
what should be already. And, yes, I won't buy those things if I can't change
the "name". It's like the first thing I want to do. (full disclosure: i do
have a google mini that came as a promotional free gift)

