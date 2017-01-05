1. Publish an album with 1000 short, quiet tracks and a very unique name to all of the online streaming services
2. Buy ads on late-night television with a very clear voice that says "OK Google, play album <unique name>. Alexa, play album <unique name>. Hey Siri, play album <unique name>."
3. Rack up the fraction-of-a-penny residuals as my songs play to people who've fallen asleep with the television on!
(I have started using an air purifier next to the bed to mask noise in the house and it really helps my sleep).
Pink noise, if anyone's looking. White noise sounds very sharp to me, and I get annoyed by it in few seconds. Pink noise, on the other hand, sounds a bit like sea waves on a beach to me, and I can listen to it indefinitely. A lifesaver at work, when I really need to concentrate.
https://www.youtube.com/watch?v=t-7mQhSZRgM
Dueling Talking Carls
10 years ago, you would get two cycles in and the software would assplode.
Then the ad guy came back using his online screenname, and re-added the promotional introduction before it was reverted several times (along with an author from The Verge editing it, probably the edit that changed the wording to something like "[it] tastes like cyanide", but can't be too sure)
It was then astroturfed by some pro-Burger King sockpuppets (unsure of this but their changes all switch to the wording that the Burger King ad guy used), before finally being locked for disruptive editing.
Furthermore, the Wikipedia article itself now has a section about the attempted astroturfing by Burger King, and another Wikipedia user came back in and cited NPOV problems with the _original_ pre-ad wording (e.g. usage of the word "signature") so now the wording in the article is even more generic and less favorable to the Whopper than when it first started.
http://fortune.com/2017/04/11/wendys-chicken-nuggets-teen-tw...
http://www.boredpanda.com/funny-wendy-jokes/
(Although in reality I expect if another company tried to pull this off, it'd backfire horribly.)
I just bought a google home (it's only just been released here), and if it either plays me adverts, or other adverts (ab)use it - I will return it to the store without hesitation.
This was not sold as an ad-supported service.
To take an extreme position - Google should take Burger King to court via the computer fraud and abuse act - they've just performed a distributed denial of service attack on google's servers by using thousands of peoples google devices simultaneously without their permission.
Also - this is a key reason why google need to spend some time on supporting custom hot words for google home. 'OK google' and 'Alexa' are the audio equivalent of IoT devices with a default 'username:admin, password:password' on your network.
It certainly is unauthorized use of a computer... not a stretch at all.
In other words, people who buy alexa and ghome do not get to complain about unauthorized use, or privacy for that matter.
In my layman's opinion, there's a potential for a case here.
And for that matter
Authenticated != Authorized
Whether you can do something is orthogonal to whether you're allowed to do it.
Burger King knowingly attempted to access the device of thousands of people and then issue voice commands, without permission.
I can't believe that those ad execs really believe that people want intrusions like that. That they'd want the TV to hack their Home into advertising to them. That's just bullshit.
Google should change the autoresponse for burger king.
"Hey Google what is a whopper?"
"A whopper is a tall tale which clever executives want to sell you but really tastes of cardboard"
They know that they don't. I am starting to believe that these companies do shitty things on purpose (Looking at that Pepsi ad with the Kardashian girl) knowing full well the amount of outrage and free publicity it will get.
This particular one leaves you completely vulnerable to trivial deception. Want to get away with something evil? Just pretend to be dumb, make it look like you don't know what you're doing, then people on the Internet will defend you as "merely incompetent, not evil."
Besides, did you even read the article? Burger King is doing this on purpose! Says so in the first paragraphs!
This paints their president as clueless about positive ways to connect with customer. FWIW, I don't think the president should be evil or incompetent.
Burger King's ad executives can hack it. Non-interactively.
I mean, does that not say it all in a nutshell or what?
These are probably the same people that overloaded webpages with so much junk that the adblocker came into being.
Is there anyway for end user to know what "wake up" keywords are? How do I know it's not listening for keywords like "buy" (example: "You should `buy` milk") and then targeting adds that way?
What happens next time FBI decides it wants google (et. all) to leave its device "always awake" on some person of interest ?
Can a third party somehow compromise the security to change the list of "wake up" word?
Maybe you can add voice recognition along with keyword to make sure it's only responding to authorized people. But even then, seeing how far machine learning has come, is it really a security?
On a side note, do these devices only capture human audible range of signals? Or is there ways to send non-human audible signals with commands and wake word and what not? Dog whistle for alexia or Home .. Alexia whistle?
Edit: typos and clarity
I wonder about this one. Everyone's device has the same "password" (i.e. "wake word"), the device is attached to your home network and associated with your credit card, and programmatic ads apparently receive little to no vetting. Even if there are no bugs in the code that sends the audio to Google/Amazon and deals with the results, I'm reminded of an article here awhile back about researchers creating special eyeglass frames to make one face look like a completely different one to modern zillion-parameter facial recognition algorithms. This will not end well.
It seems like figuring out how to exploit these types of devices to be "always-on listening devices" is exactly the type of thing NSA, et al., would be interested in doing.
Do you not own a smartphone that could conceivably be compromised in the same way?
Then I ask it to look up flights to Syria.
You should be upset that someone querying those things can feasibly scare you about triggering some kind of investigation.
I get some people have their pet causes/conspiracy theories - but is doing this at your friend's place really the place to be getting on your soapbox?
If you want to make a change - go run for office, or campaign for something. Don't just be a armchair jerk.
I know plenty of people like this that have their pet causes (usually government surveillance, or the industrial-corporate machine, or eating meat etc.) - proselytising and ranting to your friends is one thing (and look, we all rant at times, so give some, take some) - but being a jerk about it is childish and immature.
Who said it's a soapbox? Personally I'd find it hilarious watching a friend scramble to unplug their poorly-designed voice assistant—assuming they even cared, which they probably wouldn't.
>... proselytising and ranting to your friends is one thing ...
What about to people on the internet, telling them they're childish, immature jerks for not giving a shit about chilling effects when they're in private?
It's the equivalent of going to somebody's unlocked laptop and typing in "XXX bum photos" or "how to kill the president. Or yelling "Fire! Fire!" to scare somebody.
Yes, it's probably quite funny when you're young (and you shouldn't leave unlocked laptops around) - but come on, really?
Look, we're obviously talking at different levels here - so I think I'm going to withdraw from this fight. There's little I have to gain here.
BTW - To nepthar, unethical_ban, and rl3 - if any of you actually are under the age of 16 - then I'm sorry, I apologise and withdraw my earlier comments - have fun, buddy - try to squeeze in all the pranks/stupidity you can before you have to be an adult =).
I'd like to think people are the best judges of how their own friends will react, but maybe that's naïve.
>It's the equivalent of going to somebody's unlocked laptop and typing in "XXX bum photos" or "how to kill the president. Or yelling "Fire! Fire!" to scare somebody.
Those examples aren't even comparable to each other, let alone to a bunch of orders made via voice assistant that probably end up instantly canceled.
>Yes, it's probably quite funny when you're young ...
>Look, we're obviously talking at different levels here ...
>... There's little I have to gain here.
>... if any of you actually are under the age of 16
>... before you have to be an adult ...
You may have overdone the condescension there just a little bit.
We started with thermite ingredients and plane to Syria, something clearly made to potentially trigger USGOV anti-terrorism surveillance. It won't be fun for anyone if somehow it actually works. It's a joke at someone else's low-probability but life-threatening expense.
It's like doing pranks to scare random strangers. All fun and games until you meet the one with a heart condition that gets triggered by your joke.
Driving a friend to a surprise party would be far more dangerous on multiple levels. Life is full of risk, and if you minimize it to the maximum extent possible it's quite boring.
Obviously there's some things you don't joke about, such as presidential security, inciting panic in public places, joking about terrorism in an airport, unsafe pranks on strangers, et cetera. That's all common sense.
Adding a bunch of suspicious crap to the cart and looking up a flight on your friend's unsecured voice assistant is more akin to two people making a campy NSA joke during a private chat session. The latter happens all the time, no one cares.
Granted, if your friend is a Syrian national living in the U.S. on a temporary visa then I might agree with you. :)
I mean, what would 'nepthar do if for some reason the police actually showed up? Or if he/she found out later that their neighbour was denied boarding because TSA pulled some logs from somewhere? I mean, besides having a story to leak to papers, how would 'nepthar feel about getting their friend in life-threatening trouble?
As minuscule as the possibility is, the joke seems funny mostly because this possibility exists (or at least is perceived to exist). This all is akin to doing pranks to scare the shit out of random people. It all sounds funny until you realize that some of those people may have heart conditions and could get seriously harmed by such a pranks.
Instead, Hacker News tries to rip him apart for not observing the chilling effect said device creates, despite the complete legality of it. Ironic.
"Comrade Stalin, I heard you collect political jokes."
"Yes, I do, comrade."
"How many have you collected?"
"Three and a half labour camps' worth."
If you want an uninteresting life, expect that the police have no sense of humour.
Kidding aside, I've been able to mistakenly activate other people's Cortana because they didn't take the time to set up voice recognition. It's a great way to exploit such tools.
I'm always amazed at the universe some marketing people seem to live in. It must be a beautiful place.
Allow the owners of the device choose their own "activation words".
Leave the default "branded" activation sentence as-is, but allow the user to customize it as they see fit. This won't happen, of course, because of the whole "branding" thing (like the user is going to forget which service they are using?).
This just hammers another nail into my decision not to get one of these devices; instead, it would probably be easier and better to build my own, using a raspberry pi or something similar for the "front end". I'd probably still have to use one of the big players search engines or such, but I could also hit anything else I wanted to, as well.
I tend to wonder if this is going to be the trend? Those who have or desire more freedom will have to build it themselves, and those who can't or won't - they'll just have to shoulder the burden of not being as free...
There are ways the State could make DIY uneconomical or near-to-impossible (and I don't think the scenario is realistic anyhow) - but if that ever happened - if things ever got to the point of it just being too much - I'll just go offline. I've got more than enough data and junk to keep me amused for the rest of my life. Plus, I don't think I'm alone in that sentiment, either.
Note that the edit in question stood (with a small edit to s/mayo/mayonnaise/ and remove some WP:PEACOCK language) for about a week.
There's also some interesting discussion on https://en.wikipedia.org/wiki/Talk:Whopper
Early speech input systems required an individual to read several pre-defined words, usually several times, in order to train the algorithm to understand their speech. And then the next person to use the system would have to do the same. This was considered a 'negative' because everyone wanted systems that anyone could use.
Now however, there is a tremendous need for your phone, or tablet, or commercial listening device, to be able to distinguish between who is talking so that different policies can be established based on the speaker. That will be the next killer feature in the voice wars I'm guessing.
> “We think about our guests’ perception and their perspective on how we interact with them, but on balance we felt this was a really positive way to connect with them.”
Perhaps I'm too cynical or jaded by the trends in the evolving relationships between individuals, communities, businesses and our shared technology, but I see way too much negative in this type of connection.
The only positive aspect to this is that Google/Amazon/Whoever must now find a way for users to create their own audio triggers for their devices in order to protect them from this type of invasive BS or else we need to go through the lengthy and expensive process of defining and legislating the relationship between users and their AI such that activating and using another person's AI is illegal... or is it even your AI to begin with?
Thanks for the philosophical/legal quandary Burger King, but as I've always personally maintained, fuck you.
PS: I wonder if people on HN could contact a prosecutor about this? And if doing so would change anything.
The issue is recorded conversions from your home being made available to the government: https://www.inc.com/joseph-steinberg/amazon-alexa-recordings...
You really only have Amazon's word that the only data transmitted is for that particular command. Unless you tap the transmission, you only have Amazon's word that it only transmits when triggered.
A quick search just turned up similar articles to the post with a statement that Google had nothing to do with ad and declined to comment.
Wow, just under three hours. Wonder how that ranks among the shortest ad campaigns ever?
Edit: I'd personally rather give my assistant a name I pick, than keep saying 'OK google'.
Good foresight by Burger King to jump on this before anyone else. But I hope everyone stops doing this really soon too.
It was bone-headed. The best they could hope for was to vaguely amuse someone the first time the ad came up. But what about the second , third, or tenth time?
[1] https://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_(...
If it were that easy, that same lawyer could argue that because you operate a public HTTP server, any "attacks" on it are simply using the implicit permission you provided by exposing port 80/443 to the internet and operating a public service on it.
By having burgers on the shelf in their burger-joint BK are giving me implicit permission to take them for free. They let me in the door after all. /s
A better system would be for advertisers or shows to embed an ultrasonic signal in their shows which say the magic words, which google home/alexa watch out for. Of course, that would only prevent unintentional triggerings, so it wouldn't help in the circumstance where the tv show/advertiser actively wants to annoy you.
I remember someone had their daughter use the Alexa device and ordered a doll house and cookies from Amazon. http://www.cnn.com/2017/01/05/health/amazon-alexa-dollhouse-...
Joking apart, I would be infuriated if I had such a device and saw that spot but then again, I don't have those devices because they feel like a violation of my private space.
What if it's the last ad before the show resumes?
Seriously, who the hell thought this was a good idea?
Voluntarily putting an always listening, internet connected device in your house, uploading data to the biggest advertising or commerce corporation, possibly man-in-the-middled by NSA?
Perhaps you didn't intend or expect it to be co-opted by a Burger King commercial, but "unauthorized use" (in the legal sense) might be a bit of a stretch.
> it seems that by intentionally [making available a server on the Internet] a device explicitly designed to respond upon [receiving the request] "[GET <URL>]" one could argue that you have authorized it to do exactly that.
FWIW, I'm not convinced that should constitute unauthorised access. I do think the Burger King case is slightly different though - no "OK, Google" commands would be likely expected from a remote third-party, whereas third-parties are authorised to make _some_ GET requests. If anything, I'd say that makes it more likely to be considered an unauthorised use.
Aaron Swartz certainly didn't break into anything. He just used a system he had authentication to in an unauthorized manner.
1. Publish an album with 1000 short, quiet tracks and a very unique name to all of the online streaming services
2. Buy ads on late-night television with a very clear voice that says "OK Google, play album <unique name>. Alexa, play album <unique name>. Hey Siri, play album <unique name>."
3. Rack up the fraction-of-a-penny residuals as my songs play to people who've fallen asleep with the television on!