Hacker News new | past | comments | ask | show | jobs | submit login
Google says Nest’s built-in mic not listed in specs was not meant to be secret (businessinsider.com)
490 points by temp1928384 29 days ago | hide | past | web | favorite | 268 comments



Having worked at large companies before, I'm almost certain that more than one person working on the product raised the point "this has a microphone, why isn't it documented?" or "this has privacy implications", but was silenced.

(Or it could be that everyone working at Google has been carefully chosen to not have such concerns; I do get that feeling sometimes too.)


Contrast this to Amazon: during design of the original Echo at Lab126, an engineering discussion took place where they determined that implementing the mute function in software would be less expensive in terms of component requirements than implementing a physical disconnect of the mic circuit.

The engineering team refused to take the less expensive route, and insisted that the mute button physically disconnect the circuit, so that no future engineering team could decide to stealth "unmute" the microphone through software.

To this day, you can disassemble an Amazon Echo device and you will find a physical disconnect of the mic circuitry when you push the mute button. Don't want an "always listening" smart speaker? Just keep it muted, and a red LED circle informs you that the mic is physically disconnected.

I'm proud of the approach that Amazon takes to privacy. Privacy of customer data is considered the most important thing to Amazon, and this customer obsession (the #1 leadership principle) permeates the organization.

Disclaimer: I'm a principal engineer at Amazon.


In this story, it was only lower-level engineers that took a stand for user privacy. It was them against everyone above them at Amazon. Doesn't sound like Amazon-the-company deserves credit.

Update to clarify reasons for this characterization: Parent used the words "refused" and "insisted," which strongly suggest conflict between the pro-privacy engineers and others at Amazon involved in the project. And "so that no future engineering team could decide to stealth 'unmute'" suggests a lack of trust in long-term company management. Nothing in this story supports the later statement that "Privacy of customer data is considered the most important thing to Amazon."


The company fully backed their decision. They did not have to fight anyone.

This type of product design decision happens all the time. Whenever you're considering component costs, you have to evaluate all of the options. You're mischaracterizing it as a fight between engineers and management.


That's not fair. First of all, the OP didn't say it was only "lower level engineers", it could have been the entire engineering team, for all we know.

And second, Amazon did the right thing and listened to them, when they didn't have to. They could have given the project to a different team, reassigned people, or even fired them.

Instead, they had the sense to listen to their engineers, which was the right thing to do.


Doesn't matter if it's lower-level engineers or a janitor, So long as they worked at Amazon and Amazon finally agreed. Amazon deserves credit.


is this the same company that's shilling Rekogition to police departments and governments?

for some reason i'm thinking this point of view isn't held company wide.


>> shilling Rekogition to police departments and governments

That's a rather poor choice of words. I prefer "helping police departments catch criminals", myself. 'cuz, you know, police departments exist for a reason.


Both of these POVs are a bit extreme versus actual real-life implementation.

Police have a legitimate, important societal purpose, and have historically abused and over-surveilled minority populations in a way that's highly problematic.

There's a compelling use case for facial recognition in law enforcement. There's also a compelling case that it needs to be closely scrutinized and regulated.


[flagged]


I do think you don’t need citations to know that over-surveillance is a consistent happening, my apologies if you aren’t American.

New York recently finished settling and paying out a case where they were accused of heavily, unreasonably surveilling a number of muslim people and properties. In the end, they still admitted to no misconduct.

https://www.nytimes.com/2018/04/05/nyregion/last-suit-accusi...

This is just a single drop in heavy policing that NYC pushed for and is still dealing with the effects of doing so. Stop and Frisk comes to mind: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=846365


[flagged]


That's because you're looking at US law enforcement as a unified system. It is not and never has been a unified system. I don't think the FBI is still running surveillance on all civil rights leaders so they can blackmail them, but that happened - I don't really doubt that the police department in Baltimore is planting drugs on people though, as was shown on their own video cameras in the last year.


> without heavy policing a large city with very high income inequality like NYC would quickly turn into a dystopian shithole

A lack of order is not what I'm 'proposing', but more the factor that 'order' is very obviously skewed towards minorities as shown by various sources you could seek now. One could also discuss how it's based on crime statistics, but that would reach to "systematic oppression" fields: You can't continuously punish random people of a certain race just because statistics say they're 'likely' to commit crime, this is systematic. What you see as a dystopian shithole is already just that for those who can't have their peace without law involvement, and ML tools will not skirt around this, the bias will only transfer and amplify such shit.

> I also believe countermeasures are necessary to prevent Islamic radicalization (and any other kind of radicalization as well).

The department responsible for the spying disbanded and confirmed in 2014 that they hadn't generated a terrorism related case since 2008, as stated in the previous NYT article. You'd frankly figure that after 9/11, American Muslims — Let alone those in New York, would be actively against any kind of 'radicalization' unless you consider simply practicing religion as 'radicalization', which NYPD practically did here.

> Don't try nothing - won't be nothing

I mentally envy the ability to state such a thing, to be honest.


> What you're missing though is that without heavy policing a large city with very high income inequality like NYC would quickly turn into a dystopian shithole.

Citation needed.


How about a citation (with actual data) about the NYPD's work slowdown[1] in 2014-2015. Contrary to fears about NYC into a dystopia and the traditional authoritarian claims about "broken window" policing, lower police activity resulted in lower crime rates.

https://www.washingtonpost.com/news/monkey-cage/wp/2016/07/2...


> What you're missing though is that without heavy policing a large city with very high income inequality like NYC would quickly turn into a dystopian shithole.

Sounds like an argument for addressing income inequality.


Yeah, that was my initial reaction.



[flagged]


Sub in "law enforcement" for "police" if you want to be that pedantic, and I did say "historically".

If you want more recent examples, Chicago was disappearing people to black sites for interrogation this decade.

https://www.theguardian.com/us-news/2015/feb/24/chicago-poli...

and torturing suspects for decades, well into the 2000s:

https://www.theguardian.com/us-news/2015/feb/18/guantanamo-t...


>Citation needed

See: South Africa


Where I come from the police used to hunt and kill "undesirables", and bury the bodies up in the mountains. One of the first things my dad taught me was how to recognize those long skinny headlights on a cop car, you had to learn to avoid them at all costs to survive if you didn't have the appropriate skin color.

They aren't always good guys, and it's ok to have legitimate concerns about cooperation with law enforcement.


Police departments exist to perpetuate the interests of the state and those in power. They exist to defend private property. I would strongly disagree with your assertion especially in America. :)


> The engineering team refused to take the less expensive route, and insisted that the mute button physically disconnect the circuit, so that no future engineering team could decide to stealth "unmute" the microphone through software.

Who are these engineers? Have they ever spoken publicly about this stance?


That was a bit more dramatic than it should have been. The engineering team said a software mute button would be a security issue due to back door enabling, so they implemented it as hardware. This wasn't really dramatic, engineers said no and the higher-ups respected their expertise.


Good job. Thank you/the team for standing up for good basic principles.


Does this apply to the Sonos one, also? It has Alexa integration, but is a sonos project.


I don't believe this applies to any 3rd party products. Those manufacturers have to make their own design decisions.


One anecdote I remember from the Steve Jobs biography was how he'd discovered that a speaker could also be used as a microphone. Is there any risk of some of these devices using that capability to convert their audio output tech into audio input tech?


I don't have a direct answer to your question, but it piqued my curiosity so I did a quick search. I found this informative little post:

https://security.stackexchange.com/questions/154343/can-a-sp...


Some on-chip gyros/accelerometers can also work as microphones – and may be even harder to separate those via an external cut-off switch.


So can capacitors - a common factor to avoid in amplifier design - and at the limit, so can just about any semiconductor.


I remember someone in a recent HN comment thread mentioning that, as an ex-Googler, Google today feels like Microsoft under Ballmer.

So while I agree with you, it _also_ wouldn't surprise me if someone raised the concern, but that person was on a different / more silo'ed team and therefore the concern never reached the execution stage. Herego too many management layers and/or nodes of entropy for communication.

But that's just a hypothesis.


Or was "yes, yes, we'll add a story to the backlog to add it to the specs" and it just flat out got forgotten. I've seen this happen so many times where I've been the one to raise the issue and because I've passed it off, I've forgotten about it only to circle back around 2 months later when someone says "Oh, we need to do this" and I say "I raised this 2 months ago, I thought X had put it in the backlog."

And when you go looking, sure enough, there it is in the backlog down in Priority "We'll get to it when we get to it, after all these other more important things that needed to be completed by last week."


I am sorry but I do not buy this "added to backlog and forgot" theory, especially for a resources-packed company like Google. Are you implying that everyone from PM to devs to QA all ignored the microphone sitting in there? All electronics needs to be compliance tested at a gov labs in Northeast (Baltimore area) because of electromagnetic signature since Nest devices have WiFi. Are you saying even they forgot to bring it up as well?


I'm not saying the microphone was ignored or forgotten about, I'm saying the "add that line to the specification sheet for public release" was forgotten about.


I work in Google and my org of over a hundred engineers has a single tech writer assigned. I assure you she never sees the bottom of her backlog.


This is so common in so many companies I've worked with that it doesn't even begin to surprise me. This is an accepted way of life at most tech companies.


Sure, that seems plausible. If the existence of the microphone wasn't a secret internally, why would PM or devs or QA or government inspectors be disturbed to see it?


Although this is all possible and perhaps even more plausible than the alternative, it's still more fun and conspiratorial to view Google as the new Evil Empire, so I'll just keep doing that, thanks.


As a current googler, this seems like the most plausible explanation. Entirely likely that the person who noticed didn't actually know which other team to escalate to....


Reminds me of the time that school issued laptops where the camera could be remotely turned on when the student was using it at home (including in their bedroom), and somehow no one realized the pervy implications.

https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School...


Oh they absolutely knew the pervy implications, they didn't think they would ever be caught:

https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School...

"The school district intentionally did not publicize the existence of the surveillance technology. It also actively sought to conceal it.[23][41]" https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School...


It seems at least as likely that the microphone feature, as a non-working component of a future product upgrade, was omitted at the request of attorneys reviewing the product literature so as to not create a false expectation of that unreleased feature.

I've worked on several products that had capabilities that we were told by attorneys could not be "advertised" (i.e., no references to them) until the complete feature was ready to be announced.


Yeah, I think it's most likely that. Seems very plausible Nest wanted to have some voice features but they got cut before launch. The mic's still there because changing hardware is hard, it's not announced because it doesn't do anything.


Product Marketing does not 'document' they position, and write about features. If the 'mic' isn't part of feature or proposition, why would it even be in their radar?

The '1st order' response of marketing doing their job is 'who cares?'. Few people care about tech tidbits that are not user oriented.

There's already tons of things to worry about and address - and every single bit of copy takes up valuable space.

The issue also does not fit into the standard communications framework: Hey, should we should tell people that there is a microphone, even if it is not working and does nothing? How do we even do that? "Hey, your alarm has a microphone!" Wouldn't that seem odd, why does it have a microphone?! You'd even have to kind of explain it: "Your product has a microphone so that one day in the future, you might enable some other features that don't exist yet"

"this has privacy implications" - no - it only has the perception of privacy implications. Because Google is not actually intervening on people's privacy, it's unlikely they really thought about the need to give people an unneeded affirmation.

Maybe they had a discussion about it, maybe it just didn't rise to the level of 'very important'.

Only with a very specific concern for a subgroup of customers who are wary of these things, would someone have enough leverage to get that "Hey, there's a microphone that does nothing!" notice on the box.

Google is not doing specific evil. They are not trying to infiltrate your homes and take nude pictures of you so they can look at them or sell them.

They are systematically evil, in the sense that it makes sense for them to sell you voice/video features that you want in order that they might provide you even better services. And their AI will use nudies of you in a backwards way to learn more about you.

They're getting evil due to their scope of influence, and negative externalities, much like FB has problems with 'Russian interference in elections' - i.e. not a problem they are trying to create, not a problem they want, just a sensitive byproduct of their product and massive success.


>`"this has privacy implications" - no - it only has the perception of privacy implications. Because Google is not actually [intruding] on people's privacy [...]`

I've got to disagree here: it has privacy implications because at Google's end they can issue a software update and now be monitoring all audio, and the T&C no doubt say they can be unilaterally varied without notification. That all means that Google think I accept Google snooping on me; of course I don't but in court Google lawyers would say I did, and them being in a position to do that is important.

Also, if Google can enable the mic at some point then it's likely that's a possibility for a third party (crackers), OR that Google could do it in response to a legal demand from a government.

There seems no good reason to me that the specification summary can't say "microphone - not in use yet, reserved for future applications"; with a sentence somewhere expanding on that explaining they want the ability to improve the device later and do shipped a mic because it could be useful to expand the products capabilities.

Some of us actually do read instruction books; it would no doubt get some column-inches in a positive way ("what changes might Google make").

Google know everything they make is going to get a tear-down and that mics are going to be discovered in short-shrift: it's ignorant to not anticipate that. In fact one really has to assume they knew this "issue" would come up.


Google is not going to all of a sudden start recording you in your home without your knowledge, and then say 'hey look, you signed a contract'. That would be an obvious PR disaster, not an 'I forgot disaster'.

If/when Google enables this tech, it think it will be clear enough. If not, then definitely would be time to raise a real fuss.

"There seems no good reason to me that the specification summary can't say" - I agree with you there - however, I suggest that they mighn't have even have thought of it. That would be the prudent thing to do, but again, there's no established procedure for it.

There probably was not even a legal review hint etc. because as I say, they were not using it.

So it's questionable, weird, but not nefarious.

What they will do, with your ostensible permission, with a signed T&C - is to me, far more nefarious.


Documented where? Honest question. The marketing department isn't going to list something that's totally non functional. Is there a privacy oriented spec sheet somewhere (that people will actually read)?

I can see this slipping through the cracks between different job roles' responsibilities, although after this incident they'd probably go through a post mortem and find a way to incorporate new checks into the product launch process.


I doubt that they were silenced, more like the concern was raised but it was given some random answer at first and said to be discussed at a later date and then forgotten.


Or their voice is just echoed down a chain of managers that don't understand why it was brought up in the first place.

Not a good look for Nest...


My take is that maybe by that point that someone noticed all the product material had been printed or generated and someone else didn't want to redo it, or forgot, and hoped it would blow over.


Oh wow, this is amazing. There's been a lawsuit in court about someone in Germany who sued their landlord because the landlord has put a Google Nest fire alarm into their flat against their will, ignoring offers by the renter to put in a non-google-non-iot fire alarm at the renter's expense. The landlord won because apparently the court was not convinced that the fire alarm could spy on conversations [1]... What would have happened if Google had secretly put a microphone into their fire alarms as well, not just their home security system?

[1]: https://www.bundesverfassungsgericht.de/SharedDocs/Entscheid...


> What would have happened if Google had secretly put a microphone into their fire alarms as well, not just their home security system?

You could have found it by dismantling the device and the renter would have won their case against the landlord.


I hope you all know that Nest fire alarm aka Nest Protect v2 features microphone for automatic sound (health) checks.


Yeah so the nest protect is, when you look at it objectively, a ceiling mounted general purpose remote sensing package. It’s basically only lacking a wide angle camera and I suspect that’s because they figured it would cross too far into “creepy” for it to be saleable.

It seems to me like a team sat for a while, looked at all the possible ways they could get people to mount a package like this in every room and settled on calling it a smoke alarm.

At the most optimistic they started with a smoke alarm and gradually realised they could build a general purpose platform based on the hardware being deployed in lots of rooms and many types of sensors being dirt cheap now.

Decided they could enable new capabilities (and data goldmines!) in software later.

It’s a pity there’s not an actually customer controlled version of it.


Are there any alternatives to nest protect that would: Sense Carbon Monoxyde AND smoke AND fire off some event to mobile phone via wifi/sms/whatever?


There's the first alert onelink. May have the same issues though, it has a microphone and an alexa integration. Also support homekit, unlike the Nest Protect.

Are there any best practices for using a device like this but not having it communicate with the wider world? I.e. It can communicate with you via a homekit hub, but can't connect outside your LAN

https://onelink.firstalert.com/withalexa/


Yes, depending how comfortable you are with soldering.

https://hackaday.com/2014/07/29/a-cheap-diy-smoke-detector-t...


I use a z-wave smoke detector to supplement the wired smoked detectors in my house: https://www.amazon.com/gp/product/B00KMHXFAI

I then paired it with https://www.home-assistant.io/ to send alerts to my phone, google home, etc.

Haven't had to actually test that the carbon monoxide alarm works yet because testing that is hard/expensive, but for smoke it works just fine.


They don't have to be connected to a network in order to work. The will even happily do self-check without network access - something I realized when I wanted to mute a self-check only to find out that I had done some network changes. Had to use a schtick, like in the old days.

Given that these devices are battery powered and meant to last for years on a single charge you can imagine how often they actually connect to the wireless network. And how much traffic they send.

And again, they work perfectly fine without Internet access. Or network access for that matter. I love them, and as someone with an irrational fear of being in a fire they have helped a lot. They're much more sensitive (without being an issue, due to pre-alarm) than the alternatives.


The sound check takes literally a couple of seconds. How did you even have time to try to silence it?


It tells you in advance and you get a push to your phone if you're on the same network.

"This is a test. The alarm will sounds. The alarm is loud."

(or something like that)


I assumed you didn't get the push notification since your alarms weren't connected to the network properly.

Do you have a 1st gen? I wonder if they're louder. Mine (2nd gen) test pretty quietly. It's not the full-on alarm shriek. It a a medium-volume beeping and only happens for a couple of seconds.


>Had to use a schtick, like in the old days.

What is that? Google's not helping.


usually people use that word when they are suggesting "that's someones schtick" which is like their habit or what they are known for.

Like trump's schtick is getting people riled up


Uhh that’s clearly not what it means here though which is why I asked.


Stick, written weirdly.


No, it's Yiddish parlance for an act, gimmick or commonly employed routine.


That makes no sense in this context. Typo or dictation error (stick -> schtick) makes far more sense.


I read it as "stick" as well. Like how people would use a broom stick to press the 'test' button on classic smoke detectors.

(Admittedly, I have no idea if the Nest version has a similar test)


it wouldn't the case was dismissed, because it's the wrong court. second it was dismissed because just because it's modern and has several technology that can be missused doesn't mean that it will be missused. in germany you need to actually have evidence to really get something like that dismissed. Especially since the landlord actually also offered that she can use her own fire alarm (when she buys it)


As people could - in theory - have with the security system, yet apparently didn't.


And then they probably would have been fined for disabling a fire safety device...


Probably a DMCA violation thanks to our benevolent overlords.


The microphone / motion sensor issues aside I would never sleep in an apartment where someone could remotely silent an alarm.


Keep in mind, you won’t be able to silence Nest Protect if smoke is above levels specified by law. This is an industry rule that all alarms follow. https://nest.com/support/article/How-do-I-silence-Nest-Prote...


I doubt the landlord said the tenant couldn't put up a second fire alarm.


AFAIK, you have to be in close physical proximity to the nest alarm to silence it.


Unless you're the CIA/NSA.


[flagged]


projecting much? :)

I personally agree with the point being afraid of incompetence, not malice.


It’s not as if someone is going to experience a false alarm in their own system, accidentally access your system via a giant security failure and random account mangling, while your system is experiencing a real alarm at the same moment, and then unintentionally silence your alarm. The level of coincidence here is absurd.

The alternative concern that Nest is so incompetent that they somehow issue an automatic silence command (either to all alarms or just yours) seems no more plausible than First Alert being so incompetent that your alarm simply doesn’t work. Especially in combination with the fact that this incompetence must either be undetected permanently (i.e. they always silence your alarm and never notice the horrendous bug) or coincidentally tied to an actual fire in your home, this is probably roughly as likely as a meteorite flattening your house.

The only “viable” concern here is to that an attacker might silence your alarm maliciously, which implies a lot of dedication from an enemy, because they are literally trying to murder you. Presumably this enemy is also an arsonist because otherwise there’s likely no alarm to silence and if there is, it’s likely a false alarm.


your landlord will get the notification about carbon monoxide on their phone. Then they will call you. It might be a false alarm twice. Then it might be real the third time but then they decided to not call you and just silence it.

lot's of thing can happen by incompetence, not even have to go too far on the scenarios.


Why would they silence the alarm? It's just a notification on their phone. Silencing doesn't accomplish anything for them.

The first time my landlord silenced a "false alarm", I'd tell them not to ever do that again. The second time, I'd reset the device and register it under an account they don't control.

But yes, I do see your concern now. I was not initially thinking of the landlord actually controlling the device, merely installing and allowing the tenant to control it. There's a lot less ridiculous coincidence required for a landlord to stupidly silence the alarm.


:D in my country, i never saw anyone with an alarm on their house :D maybe the issue is not to remotely silent the alarm, but that it's needed in the first place :D


Do you also live in a country where homes never catch fire?

“Not needed” implies that there is no fire risk or that the risk is so low that you don’t care.


Legal obligation on landlords in any developed country


Fire codes in many developed regions also require working smoke alarms whether the property is rented or owner-occupied.

Add to that the economic incentives involved when you wish to insure you property against fire and liability, or mortgage it (which almost always imposes a requirement to insure the property).


Replying to myself as I can't edit it any more: Apparently it wasn't a fire alarm from google but "Brunata Metrona Funksystem Star" [1]. It is still wirelessly connected though, not to the internet but to a ground station in the house, outside of the flats of the renters. Then once per year the station is read out by someone who connects a cable to it.

[1]: http://www.justiz.nrw.de/nrwe/ag_koeln/j2015/220_C_482_14_Ur...


to be fair it was silly that this was handeld at the BVerfG. In now way could that be a "verfassungsproblematische" entscheidung. I mean the person argued, that the lower court argued wrongly about his informational self-determination which is stupid because the person had the chance to buy her own fire alarm (on her own expenses).


The renter did not have the chance to buy the fire alarm, read it again. Instead, the renter offered it but the landlord refused.


Read it again. The landlord refused to buy it, not that the renter could not use it:

> 1. Der Beschwerdeführer wurde von der Vermieterin (im Folgenden: Klägerin) seiner - in einem Mehrfamilienhaus gelegenen - Wohnung auf Duldung des Einbaus von Rauchwarnmeldern in Anspruch genommen. Er lehnte das von der Klägerin ausgesuchte Gerät ab, weil es nicht lediglich dem Brandschutz diene, sondern mittels Ultraschallsensoren und Infrarottechnologie dazu geeignet sei, Bewegungsprofile von Personen zu erstellen, die sich in der Wohnung aufhielten. Sogar die Aufzeichnung von in der Wohnung geführten Gesprächen sei technisch möglich. Der Beschwerdeführer bot der Klägerin an, auf eigene Kosten ein einfacheres, ohne Funktechnik ausgestattetes Modell in seiner Wohnung zu installieren. Dazu war die Klägerin unter Hinweis auf die Vorzüge des von ihr gewählten Gerätetyps nicht bereit. Das Funksystem diene lediglich dem Zweck, eine Fernwartung sämtlicher im Haus befindlicher Geräte über ein im Hausflur installiertes Steuerungsgerät zu ermöglichen.


Yeah, the landlord refused to buy it, but instead wanted to install the wirelessly controlled fire alarm. Surely the renter could buy it for themselves but then there'd be two alarms, one bought by the landlord and one by the renter. The question was about the alarm the landlord installed.


The right to "informational self-determination" (ugly translation from German, sorry) relates as much to things you do not want to do/use/provide as it relates to things you want.


Read it again. The renter offered to install their preferred solution on their own cost, instead of the owners preference. The owner refused, insisting on having the one they picked.


Infosec dramas are getting more and more tiresome. Between this and the Singapore Airlines story, it just seems like people need to ratchet everything up to 11.

You have two options, choose one:

- 1. Google wants to spy on you with a hidden mic

- 2. They had future plans for the mic, but it was disabled, so it wasn't mentioned by the marketing department

For the Singapore Airlines story, you have two options, choose one:

- 1. Singapore Airlines wants to record you

- 2. The infotainment devices in the seats are just off the shelf Android devices

One option gets you lots of clicks and let's the infosec drama crowd tweet obnoxious things and sound insightful. The other is the pretty obvious explanation.


For Google, I'm not sure how option 2 is supposed to be acceptable either. It is perfectly reasonable to be concerned about introducing an internet-connected microphone into your house. It doesn't even require assuming a malicious Google to see potential problems with this. You're one decent security flaw (in an IoT device no less) from anybody having a microphone in your house.


> You're one decent security flaw (in an IoT device no less) from anybody having a microphone in your house.

Many people already have Android smartphones, so there is already a Google microphone in your house. The big difference is that you know that it has a microphone.


Which of course makes a big difference. We are all adults. We can weight pros and cons and then make an informed decision. Not so if we don’t know all the details. This is what you’re betting on when leaving “details” like this out.


Lots of technology now incorporates the idea that people are better not given too many choices. DRM/trusted computing, root-locked phones, software and operating systems that decide what information they send where, without any explicit consent or choice to disable.


The smartphone requires a battery, which drains away noticeably if it is sending all your conversations. The Nest is connected to the house power, so it can stream audio non-stop.


Additionally a user is likely to pay a lot more attention to their phone than to their Nest devices. A compromised Nest device will likely stay compromised until Google find the exploit...


Are you sure about that battery drain?

A malicious actor could easily conceal their activity by making 24-hour-long recordings and sending them in the night (or whenever connected to WiFi and plugged into power).


The main trick smartphones use to have their battery last long enough, is to power off every piece of hardware that's not in use, for as long as possible. Doing a 24-hour-long recording would require the main CPU to be awake far more often than usual (and in fact, I would suspect it would have to be pretty much constantly awake, unless the phone had a large dedicated hardware buffer for the recorded audio samples).


Not to mention, that Android phones seem to pick up "ok google" activation pattern from random conversations, and start sending voice to Google's servers for speech-to-text processing. Even after repeated attempts to find and turn off voice activation from settings.


And many people don't have Android phones, so this could be pretty significant.

Besides, the attack vector for a non-Google attacker to access this mic may be different than for accessing the mic on a phone


While true, the upgrade situation for Android is way better than for most IoT devices, which is saying something. And this is the sort of thing you may well keep for a decade. While you may still have other Google microphones, I would be a lot more worried about this one specifically being vulnerable at some point.


I don't know which specs exactly people are referencing, but if its marketing specs or the specs you would see on the box then I don't expect consumer products to have "microphone (disabled)" for unused hardware just as I wouldn't expect it to list some unused PCB circuitry.

It might be reasonable to be concerned about this kind of thing in the tech crowd, but the vast majority of people aren't.


> I don't expect consumer products to have "microphone (disabled)" for unused hardware

This should absolutely be the expectation. A note of "microphone (disabled in software)" at minimum. Since when is it OK for a company to sell you a product with hidden functionality that can be used to harm you by either the manufacturer or third parties?

(The obvious defense is that they're not selling it to you, they're renting it out. Such is the pathology of turning products into services. It's a sick market dynamic.)


How many things built into products have obsolete hardware or unused functionality that would have to be listed? I understand being reactionary to a microphone but where is the line? How do you draw it?

Do I need to list all the capabilities of some SoC even if I don't take any advantage of them? If a component has thermal sensors I'm not using do I have to list every one of them on the box?


The tech crowd are their first customers. There's no downside to listing the microphone, so why not do it?


I'm sure (this is not sarcasm) that the people behind the leak of recordings of confidential doctor-patient phone calls had no malicious intent.

So, I agree no malicious intent is needed to make things turn very bad.


>- 1. Google wants to spy on you with a hidden mic

- 2. They had future plans for the mic, but it was disabled, so it wasn't mentioned by the marketing department

How about both 1. and 2.? Google wants to spy (for ad context etc) with a mic that will be enabled in due time?

And why move the Overton window to "it's ok to have hidden mics in a bloody thermostat, as long as they're not enabled"?


That's getting close to conspiracy territory


Yes. It’s crazy to think an IoT device would be constructed to aggressively spy on its owners for advertising purposes (https://nakedsecurity.sophos.com/2018/07/09/smart-tvs-are-sp...).


I think Google is well past conspiracy territory. They are a company whose bottom line depends on collecting as much user data as possible; in an economy that compels them to improve their bottom line by any means available.

Is there really any doubt that google can and will spy on you if given the slightest opportunity?


Yes, I have 100% doubt anyone is spying on anyone. I think most of it is paranoia.

I also think this kind of paranoia is detrimental to our evolution as a species.

We should be sharing more, not hiding in our caves.


"Yes, I have 100% doubt anyone is spying on anyone."

You can not possibly examine the evidence and claim 100% that there is no interest in spying on anyone.

Doubt that this particular case has that as the core issue? Sure. But be utterly convinced that literally no one, in any intelligence agency, against any target that might be near some sort of microphone-enabled device, has ever had the thought cross their mind that these things might be useful? No intelligence agency has ever looked at one of these companies hoovering up all the data they can get and installing all this stuff everywhere they can and stroked their chin for a moment?

You're basically claiming the NSA, CIA, Mossad, KGB, MI5, and all other such things have never existed, do not exist, and will not exist. The evidence for this is pretty poor.

I'm not asking you to wake up tomorrow and worry about whether your toaster is secretly sending all your thoughts to the alien overlords, but come on. Live in the world a bit. We're 7-ish billion people here on Planet Earth and they are not anywhere near all to a person nice, wholesome people who wish you all the best and would never even dream of exploiting you even a tiny little bit while they joyously enable you on your life journey of exploration and wonder. You're begging for exploitation.


" they are not anywhere near all to a person nice, wholesome people who wish you all the best" that is exactly how most people are. working and travelling around the world taught me as much.


> We should be sharing more, not hiding in our caves.

I suggest you start, your profile here is even slimmer than mine.

More seriously: while there surely is some paranoia going on, recent events have made me more careful, not less.


you could build a whole internet persona of myself just from the few bits i have written on these forums.


Good point, that has occured to me as well : )

I probably should make a new account every year.


>We should be sharing more, not hiding in our caves.

Ironic coming from a non-eponymous account, and in an era when we share two orders of magnitude more stuff than any other, even pictures of what food we had at diner...


A better version of humanity wouldn't be risking anything by sharing excessively and would get all the benefits of transparency. The humanity of reality is still plagued with bad actors who would throw away everyone's future, throw away civility, seek out despotic rule, etc. We have an elaborate system of incentives and disincentives we rely on to maintain good faith participation in society, and despite our best efforts that system is flawed and also fragile enough that it could worsen dramatically. The way we are centralizing wealth, data, knowledge and power right now is really dangerous in my opinion.


thank you for this high quality comment.

i agree with you in spirit.


>Yes, I have 100% doubt anyone is spying on anyone.

Really? Did you ever hear of a guy named Snowden? Do you understand that our government spends tens of billions of dollars annual to spy on people? Do you understand that Google, Facebook and every other search, advertising and social media company have billion-dollar business models based almost entirely on surveillance and information hashing? I hope you are being sarcastic here.


this is exactly what i was writing about: the paranoia. what does Snowden and the billions of dollars spent on spying have to do with what i buy and what i consume? nothing. no one is coming for us. we're way too unimportant.


Tell it to the Chinese and rapidly expanding system of total surveillance and social credit scores. On the contrary, they are coming for all of us, only here we are opening the door and inviting them in.


coincidentally, i am a BIG fan of that system and fully support any company that brings it over here.


>We should be sharing more...

Why? And what else should we be sharing?


everything. anonymity via transparency.


> We should be sharing more...

The Spanish Inquisition would certainly agree.


Yelling "Conspiracy" at everything is quickly becoming the new "Think of the children"

It is in no way close to conspiracy to question if Google or any other company supported by Targeted Ads where they need massive amounts of Human Intelligence to perfect their ad targeting, would want to spy on their consumers


Yes? Obviously it's not far fetched to fear that Google will spy on their alarm users, as its core business depends on it.

Conspiracys is not a nutcase dellusion it happens all the time but the term is somehow tainted, which in itself is somewhat of a conspiracy...

"the microphone has never been on", Google say about a passive device as it matters. More accurate would be "we did not record the microphone" but that might sound bad ...


They depend on having at least some reputation left so that they can siphon huge amounts of ad targeting data a lot more then on getting a few dark secrets in a super underhanded manner.


First of all, is this a "conspiracy"?

https://www.popularmechanics.com/technology/security/a145332...

Is this maybe?

https://www.theguardian.com/technology/2015/jun/23/google-ea...

Is this?

https://www.geekwire.com/2018/heres-amazon-say-investigating...

Perhaps this?

https://nakedsecurity.sophos.com/2018/07/09/smart-tvs-are-sp...

That said, "conspiracy territory" gets close to a knee jerk reaction.

History is full of conspiracies.

A conspiracy is just many people doing each other favors under the table and taking covert action to promote their private interests or political beliefs, something which happens all the time.

Heck, didn't a President resign because he conspired (including eavesdropping) against the other party?

Wasn't another in bed with mafia leaders? [2]

Haven't a third had friends profiteering of a trillion+ dollar war effort (Haliburton, etc), even using false testimony [3, 4]?

Don't tons of ex-politicians usually end up on boards of private companies they helped pass favorable legislation for and done favors to?

Haven't large corporations strong-armed whole nations, toppled governments, pushed for their own lackeys, etc [5]?

Wasn't the head of the FBI targeting, spying on, and blackmailing his personal opponents and for his personal gain? [6]

Just to mention a few examples, just the tip of the iceberg...

As Gore Vidal once wrote: "Americans have been trained by the media to go into Pavlovian giggles at the mention of the word "conspiracy," because for an American to believe in a conspiracy, he must also believe in flying saucers or, craziest of all, that more than one person was involved in the JFK murder" (Gore Vidal)

[1] https://en.wikipedia.org/wiki/Watergate_scandal [2] https://www.theguardian.com/world/2000/oct/07/michaelellison [3] https://en.wikipedia.org/wiki/Nayirah_testimony [4] https://en.wikipedia.org/wiki/Halliburton#Controversies [5] https://en.wikipedia.org/wiki/Banana_republic [6] https://en.wikipedia.org/wiki/J._Edgar_Hoover


I think there are two ends on a diagram of skepticism and scrutiny.

On one end you have individuals who will find nearly any conspiracy viable for whatever reason. That most conspiracy theories are eventually shown to be false doesn't really seem to bother them. On the other end you have individuals that will never believe anything could possibly be true, so long as a government or corporation has plausible deniability. The lengthy list of conspiracy theories that turned out to be true, or other conspiracies that nobody knew of - only revealed decades after due to declassification, don't really seem to bother them.

I suppose we could call both ends naive. Naively trusting to naively untrusting. The 'right' degree of scrutiny is somewhere in the middle. In this case you have the largest ad delivery corporation in the world. They've "accidentally" engaged in behavior such as snooping and logging data from unsecured wifi connections with their street view vehicles, continued to track users' locations on Android devices even when tracking was "disabled", and so on. Google is also one of the companies that known is known to be collaborating with intelligence agencies including, but not limited to, the NSA. Most recently they were one of the first companies fined for refusing to abide the GDPR regulations for a variety of actions including lack of legal basis for the information they were collecting, lack of transparency in what/how it was collected, and enrolling users in tracking without their permission. And while not directly related, I think it speaks to the true character and ethos of the company that one of the words they plan/planned to black-list in their tracking enabled censorship driven search engine in China is literally "human rights." [1]

And now they "accidentally" forgot to include on the packaging information that an internet connected device installed centrally within homes also had a recording device. I mean given the context of who you're talking about where do you think the idea that this device, and omission might be less the benign, ranks on the scale of 'naively trusting -> naively untrusting' scale? The connotation of conspiracy theory, as in your usage, is implying it's naively untrusting. I do not think this is a logical conclusion.

[1] - https://theintercept.com/2018/12/01/google-china-censorship-...


>That most conspiracy theories are eventually shown to be false doesn't really seem to bother them.

Which "conspiracy theories" are eventually shown to be false?

The ones concerning aliens and lizard overloads or illuminati?

Because there are plenty corporate, political, and economic conspiracies going on all the time, including tons of "conspiracy to commit fraud/murder/etc" at smaller and larger scales, as acknowledged by courts of justice every single day.


The big ones are things that are shown to have a timeline. For instance one conspiracy theory is that Operation Jade Helm 15 [1], a military training exercise, was really a precursor to imminent declaration of martial law or some sort of a government takeover of Texas. There were lots of derivatives of this including Obama somehow trying to hold onto the presidency beyond his term limits.

Needless to say this did not come to pass.

Another one I found amusing was people believing that SpaceX's retropulsive landings, when they were first being successfully executed, were actually just launches played back in reverse. This conspiracy died pretty fast after they did it over and over, to say nothing of people being able to freely go and watch the landings. But it could also be shown to be false beyond any doubt by reversing the landing footage which, suffice to say, looked nothing like a takeoff. There were also more technical ways to debunk these things such as by looking at individual phenomena (birds, etc). It wasn't a good conspiracy theory, but there were plenty of people that believed it for a while.

But yeah, I'm not really sure what's up with people who seem to think that conspiracies don't happen and on an extremely regular basis. Even some absolutely awful things. Operation Northwoods [2] was very much a real idea that made it way all the way through the intelligence agencies and joint chiefs of staff. It was literally one signature away from being carried out. If we had a president of lesser moral character, not only would it likely have been carried out but we'd probably be none the wiser today. JFK was a great man.

[1] - https://en.wikipedia.org/wiki/Jade_Helm_15_conspiracy_theori...

[2] - https://en.wikipedia.org/wiki/Operation_Northwoods


FWIW the Nest product in question is the home security/alarm system Nest Secure, rather than the Nest Thermostat.


> 2. They had future plans for the mic, but it was disabled, so it wasn't mentioned by the marketing department

If you design in something which is later not used, you don't populate that part of the circuit board. Not unless you're intending to use it later, anyway. Components cost money.

A software equivalent would be "we had plans to offer an integrated backup system but that didn't happen, although we still upload your contacts list and the contents of your SMSes to our servers."


  If you design in something which is later
  not used, you don't populate that part of
  the circuit board.
In this case the microphone was discovered when Google added built-in 'Google Assistant' support to the 'Nest Guard'.

I think there is no doubt they intended to start using it later, because they did.


You can add hardware features in order to support features you want to support in the future, but not advertise them in case those features for some reason don't come to fruition. If they had advertised "contains a microphone" there could be users who claim false advertising if they can't use the microphone. It's stupid but I can see a lawyer making the argument.

As long as the microphone never recorded anything, they're no legal downside to including it and not documenting it. There could be a slim but potential issue with advertising a microphone that the customer can never use.

The response to this incident is showing that that view is changing though.


An extra co-processor or something, sure. A device which the capacity to invade the user's privacy and/or compromise their security? Not so much. It'd be like having a 3G connection hidden in a security camera and not telling anyone.


Tesla has a suite of sensors installed that are not currently used because they intend to solve the self-driving car problem with them in the not-too-distant future.

Nintendo released multiple generations of consoles in the US with expansion ports for peripherals that ended up not making market sense to bring to the US.


A fair point, but then again, if people don't react to #2 now, how long until it turns into #1?

Things would be much simpler if companies were up front about what they're selling, instead of giving you incomplete information optimized to placate the unsophisticated buyers.


Disclosure of things like microphones on internet-connected devices is the type of no-brainer regulation that our regulatory bodies should be promoting. No need for real behavior changes, no need for giant Surgeon General's warnings, just a mention in printed user documentation, the same way products attest that they aren't in violation of FCC regulations on airwaves. There can be a healthy debate about whether this needs to go even further, e.g. legally requiring what Apple does for its laptop cameras in that a hardware light is lit whenever the recording system is powered up. But at least documentation-level transparency seems like a no-brainer. Unfortunately our regulatory bodies seem incapable of common sense these days, but that's a topic for another day.


This is not really about infosec, this is about privacy and data protection. And you can try to play this down as much as you want, but I think this is another symptom how much the current discussion about how much data gathering is OK is needed.


The same logic could be applied to the Trojan horse.

“Don’t worry, those soldiers won’t come out. It’s just in case we want to use them in the future.”


If the mic is on the BOM it's not disabled.

It's just not being currently used.

Maybe.


Right. If it's ended up on a production board that means one of two things.

1. They intend to use the microphone in the future

2. They disabled the microphone after having the boards manafactured right before shipping - what changed?

If they knew they weren't going to use it, why didn't they leave the microphone unpopulated? It would save on their BOM cost too, there had to be a reason.


In this instance, the microphone was discovered when Google added built-in 'Google Assistant' support to the 'Nest Guard'.

So yes they planned to use the microphone in the future, to do precisely what they have done here.


This is the most accurate explanation. In other words, it's a mic like any other. The 'disabled' in this context means nothing. Just wait till Google gets served with a warrant. Suddenly, those mics won't be disabled anymore.


Every small creepy thing can be dismissed, but all these missteps shift the overton window.

- so what it's recording now, it only checks if you're still watching.

- so what they're storing it, the plane is a public place and there are cameras on the airports anyway.

- so what it's uploaded to the cloud, everything is cloud-processed these days.


Metadata equals spying (= "future plans for the mic")

https://www.schneier.com/blog/archives/2013/09/metadata_equa...


Maybe if companies like google weren't so creepy and privacy invading they'd get the benefit of the doubt. But in the world of constantly expanding corporate surveillance I default to believing the worst. Only occasionally am I pleasantly surprised to be wrong.


I don't get why you've got downvoted, I have the same opinion. There were a lot of scandals related to privacy lately (and I'm not talking only about Google), it's easy to understand why people stop trusting large corporations. It's sad that we use the downvote button to suppress opinions that are different, instead of using it for marking low quality content.


option 3 >> Tech companies get special treatment from governments when they include potential surveillance capabilities that are 'disabled for general use'.


> - 1. Google wants to spy on you with a hidden mic

You mean "gaining consumer insights to continually develop and improve our products".

Given the existence of a whole industry sector that is all about covertly gathering information about users and selling them off, I don't see what would be that particular far-fetched about this scenario.


False choice. Google has future plans for the mic: to spy on you. Singapore Airlines is using off the shelf spyware/Android devices [but I repeat myself] because it wants to record you.


1 is the correct answer for Google.


>You have two options, choose one:

Your analysis is sensible. Where we should choose the most likely explanation, it might become sharper:

- In case you're not familiar with it, one helpful tool is prior probability (Bayesian thinking). This video is short and accessible: https://www.youtube.com/watch?v=BrK7X_XlGB8

- There is a public intelligence budget in 2018 of $54.9 billion in the United States[1], as compared with the combined annual R&D expenditure of Apple, Google, Intel, and Microsoft at $53.2 billion[2]. This employs over 100,000 people[3].

- According to Snowden, they covertly use microphones.[4] He had reporters put their mobile phones in a fridge/microwave, since they could be turned on remotely.

A sensible assumption is that you are unlikely to chance upon a covert surveillance mechanisms if one is installed. (For example, speakers could also be used as microphones.) Where a bug is present, I think assigning 1% to the probability of finding it is reasonable.

In view of the above, after you find an undisclosed and apparently (but not physically) disabled microphone in a product, which is more likely?

1. One of the 100,000 people mentioned, using some of the $59,900,000,000 annual budget mentioned, put it there. They do this thousands of times per year, and you've just found one of them. However, the chances of your finding it are low. (1%).

2. It was put in there as part of normal product design but left unused. Perhaps it will be legitimately enabled in a future version. Perhaps Google will use it for OK Google, its voice assistant. It has no covert intention. Google spends a lot of effort on ensuring privacy. The chances of your finding it are very high (90%) - it's not meant to be hidden and is no secret.

If the chances of your finding a covert device is 1% in case there is one, and the chances of your finding an unused but not physically disconnected microphone is 90% if there is one, then to complete your analysis of which is more likely, you should know how many times the scenarios in 1 and 2 occur.

I hope these additional tools - Bayesian probability and some figures about the base rate, could make your analysis sharper. Personally, I feel it's likely that a 1% chance of discovering a covert bug, multiplied by the thousands of such bugs (devices) out there, makes it more likely than the 90% chance of finding a totally unused and unadvertised microphone in a product, since there would be few such cases.

--

[1] https://en.wikipedia.org/wiki/United_States_intelligence_bud...

[2] https://www.statista.com/statistics/265645/ranking-of-the-20...

[3] https://en.wikipedia.org/wiki/United_States_Intelligence_Com...

[4] Pick your reference: https://www.google.com/search?q=snowden+microphones


> Google spends a lot of effort on ensuring privacy.

HAHAHAHAHHAHA, you can not be serious

Next to Facebook, google is the most personally intrusive company there is in the world today


Infosec dramas are getting more tiresome? Are you really saying this on hacker news in an environment where we know governments, corporations, etc are actively trying to spy more and more on everyone?

It's strange how you think the latter options are the pretty obvious explanations. "Google wants to spy on you with hidden mic" seems to be the fairly obvious one to me.

What's strange is the amount of pro-government and pro-google comments on hacker news the past few years. I wonder what the two options for why that is?

Also, you are offering a false dichotomy. This isn't an either-or situation. There could be other reasons. Could be that "google wants to spy on you with a hidden mic AND they planned it for the future". Another option is "The mic was put there by mistake". Another is that "the supplier screwed up". Or another is that the "supplier intentionally put it there".


I'm saying this on a site where I assume people are able to think a little beyond the basics, yes.

Google spying on its customers would result in an amazing lawsuit. People tear apart and reverse-engineer these things for fun and it would have been discovered in due course. Google knows this. So, no, it's not an "obvious" option at all.

You're starting from a position of "of course google is evil". I'm starting from "how much sense does that make?". We've reached different conclusions because of this.

Pedantically listing a bunch of other options is missing the point, and they basically all fall under option 2.

As for your perceived "pro-government" and "pro-google" views on HN: people have different views on many topics. Maybe this is the only place you encounter views that differ from your own?


I agree with you that Google, an advertising company, would benefit greatly from secretly including a microphone (a-la Facebook giving you ads for stuff you've only spoken about out loud) however I disagree with your insinuation that the person you're replying to is a pro-government or pro-Google shill. I think Occam's razor in this scenario can lead you to two different conclusions.


Cameras in a public space? Oh no! Call the police right now!

On the other hand, Google conveniently forgetting about the mics they installed in people's private residences is actually a big deal. This is exactly the reason I would never buy garbage devices like this. Google couldn't make a better case against such devices if they tried. There's no hint that the disabling of the mic wasn't or couldn't be reversed by Google or other parties. But even if it was secure and didn't record anything, Google broke customers' trust by including a hidden mic. Whether they had future plans or not, they lied to all their customers. If they came out and offered free replacements of any systems, I'd maybe buy their apology. As it stands, it's clearly PR bullshit that this was a mistake. One would have to be extremely stupid, gullible, or both to buy that especially given Google's history. That mic was put there on purpose. I also don't buy it that they never recorded anything with it. Of course, we won't be able to prove it and Google won't tell. But once again, their history tells all.


One would have thought that in post-Snowden world, such reassurances would be completely unacceptable. Yet many people even here are dismissing the case with the "conspiracy" catch-all label.


If there's one thing we've learned from post-Snowden world, it's that most people don't care enough to dodge the surveillance because most people didn't respond by voluntarily throwing out all their computing devices, smartphones, ISP service plans, etc.


Another thing we've learned from the post-Snowden world is that people invoke the post-Snowden world as an excuse to abandon critical thinking and skepticism and assume all conspiracies are valid, and often don't actually understand what, specifically, Snowden did and didn't demonstrate. People still believe the PRISM program was about companies giving the NSA direct and unlimited backdoor access to their databases, and that every logo on a single slide is more or less an NSA front.

It's a similar phenomenon to the "post-Hilary" world of the Wikileaks email docs. People assume there was hard evidence proving a criminal conspiracy by the DNC to rig the election somewhere in there... mostly because that's what other people told them. Not because they've bothered to look.

People's cynicism has led them to put more trust in the metafictional reality of leaks than actual reality. Which, ironically, makes them easier to manipulate even as they believe themselves to be somehow above indoctrination and control having reached enlightenment through the "Snowden revelations."


> People still believe the PRISM program was about companies giving the NSA direct and unlimited backdoor access to their databases,

I agree that the sentence exactly as you've written it describes a possible conspiracy theory that some people may hold.

I also believe you're hedging a bit-- it's possible for people who didn't follow the leaks to infer from your exact wording that a) NSA did not access those databases at scale using the PRISM program, or even b) NSA did not access those databases using PRISM, or maybe even c) NSA did not access those databases using PRISM or any other NSA program. None of those are true.

Here's something relevant from Wikipedia about PRISM:

> Documents indicate that PRISM is "the number one source of raw intelligence used for NSA analytic reports", and it accounts for 91% of the NSA's internet traffic acquired under FISA section 702 authority."

Can you speak to the veracity of that sentence?


My take away from the Snowden leaks was basically non-technical and simply an appreciation for how public-private partnerships have assembled a new sort of surveillance industrial complex. One which resembles the military industrial complex and may in the future even replace it? It felt like a warning along the lines of Eisenhower and even Snowden’s role as a whistle blowing contractor felt symbolic of our government’s diminished role in it all.

Would you consider that as misguided? It certainly encourages a general distrust of all those company logos in the slides.


I would consider it misguided to assume that one can determine whom to trust and whom not to trust based on whether or not their logo appeared on a slide leaked onto the internet, yes. I would also consider it misguided to implicitly believe stories that conform to any particular ideological bias, because misinformation, manipulation and deception can take place everywhere.

It leads to things like people implicitly trusting DDG because they weren't on the PRISM slide, or implicitly trusting Facebook and Reddit because they aren't the "mainstream media."


Not all conspiracies are valid, however, the particular conspiracy of "NSA covertly uses devices and implants to conduct mass surveillance both in the US and elsewhere, and has special relationships with the largest internet companies including Alphabet" is now quite valid and confirmed. Which means that in cases like that, it should necessarily be considered as a valid concern.


You're saying not all conspiracies are valid, while asserting that all conspiracies involving the NSA implanting bugs in hardware in collusion with tech companies should be considered valid.

You're supporting my point rather than refuting it, in that you appear to have drawn an arbitrary line in the sand and decided to doubt everything on one side and believe everything on the other. That's not a rational point of view, it's religious dogmatism.


No, I am saying that there _was_ at least one valid conspiracy by NSA. It doesn't makes any particular conspiracy case like this one automatically valid, but it gives some Bayesian evidence for it, in my opinion, enough to at least consider it, not dismiss automatically.


> It also said the microphone was originally included in the Nest Guard for the possibility of adding new security features down the line, like the ability to detect broken glass.

Detecting broken glass with a microphone? Does the device even have enough CPU power (and RAM) to add advanced advanced audio processing features? Or was this going to upload the audio to Google's servers to do the work? If it's the latter, that would necessarily[1] require uploading audio without a wake-word trigger.

Either they just admitted to wanting always on microphones in the home, or they are blatantly ling about why the microphone hardware was included. Designing hardware for a large market usually involves a lot of value engineering to reduce the number of parts or replace a feature that requires expensive parts with a functionally similar design that is cheaper. Saving $0.01 (or less) by removing an optional resistor doesn't sound like a lot, but it adds up if you're selling >100k units. A microphone is much more expensive[2]. A part that costs $0.366 (or more[3]?) needs a good reason to be included, and "for the possibility of new features" isn't good enough. So what was the real intended use that justified including a moderatly expensive part?

[1] The robber about to break your window isn't going to call out "Ok, Google" first so the Nest Guard knows it can upload an audio clip.

[2] https://www.mouser.com/Electromechanical/Audio-Devices/Micro...

[3] $0.366 when buying >10,000. Up to $0.75 in lower quantities. (prices from a random example: https://www.mouser.com/ProductDetail/DB-Unlimited/MO064402-4... )


You don't need "advanced audio processing" to detect a glass window breaking because it is loud, and has a distinctive spectrogram. It's a lot easier to detect glass breaking than a wake word, and you can buy standalone acoustic glass break sensors for under $30.

[1] https://www.amazon.com/Honeywell-Intellisense-FG-1625-Acoust...


Ok, so it could at least plausibly have been local processing. I haven't been able to find out what kind of CPU/etc is in the device, and most of the features would have been easy to implement on the almost any hardware. It would have been even stranger to also include a powerful (expensive) CPU to do a bunch of audio processing, but if there are techniques that work on $30 devices, that opens up a much broader range of cheaper hardware.

(I still think it's insane that the bean counters and value engineers let them include a microphone that wasn't needed.)


> I still think it's insane that the bean counters and value engineers let them include a microphone that wasn't needed.

Having worked on hardware products, the features planned sometimes (even often!) change after the hardware has been prototyped and an initial production order has been placed. It is cheaper to simply not ship the feature than it is to change the board.

Many in this comment section do not really seem to have much experience with hardware. It is fairly common for products to ship with unused hardware and it much more believable than malicious intent, especially given how disorganized Google is internally.


You may have to mute your device when watching action movies, though!


Broken glass alarms based on sound are really really common, and are effectively just a slightly modified The Clapper (that maybe cares more about specific frequencies) attached to an alarm that calls the police. My house had one when I was growing up (though it didn't call the police: we turned that part off as it went off every time my father belched ;P).


> Or was this going to upload the audio to Google's servers to do the work? If it's the latter, that would necessarily[1] require uploading audio without a wake-word trigger.

Couldn’t it run a local model to detect possible incidents, and when a local confidence threshold was exceeded, upload to Google to run a more intense model? I’m pretty sure this is how things like “Hey Siri” and “okay Google” are implemented.


>Detecting broken glass with a microphone? Does the device even have enough CPU power (and RAM) to add advanced advanced audio processing features?

Remember the time google lied about performance impact of adblockers in chrome so they wanted to remove function that lets adblockers work? They changed their position after being pointed out that's a huge lie. It was last week.


What never ceases to amaze me, is the absolute inability of companies like google to understand what their actions look like for somebody who is concerned about privacy.

Maybe they understand and do not care, because there are many vocal critics. But having a microphone in a product and not disclosing it? If not even google can keep track of what they should tell us, how on earth do they think they deserve trust?


It never ceases to amaze me, that despite the pattern of behaviour, people continue to be willing to consider that Google/FAANGs/politicians/etc are just a bit thick and don't get it.

(Not a dig incidentally, just that at some point the pattern of behaviour must reach a point that swings Occam's Razor to malevolence being the most likely explanation)


Exactly.

1. History of privacy violation? Check.

2. Increasing pace and scope of privacy violations? Check.

3. Financial incentive to continue and expand privacy violations? Check.

4. Lack of legal oversight deterring continuing and deeper privacy violations? In every single nation, check.

At this point the onus is firmly with Google / Alphabet to prove the ethics of their actions, because we already know their intent.


You are assuming that the people talking to us have any chance of knowing. Even in a company with a relatively flat hierarchy there are walls of "they don't need/want to know that detail" between the engineers & budgeting[1] and top-brass & marketing. Sometimes this comes from the technical side ("I won't include that detail, it'll only confuse them") sometimes the other way ("That huge document you sent through, could you distil it down to a side or two of key points?").

I suppose they could try to instil a whistle-blowing culture whereby people are rewarded for highlighting potential problems list this to other silos[2], but then like external bug bounties you get into a new family of argument about what the problem is worth, who truly found it first, and the race to be first will lead to a lot of noise around any useful signal.

[1] the engineers will know it is there as they are designing the thing, the money people will know as they will have been involved in the "it is cheaper to just leave it and disable it than to redesign it out" decision-making process.

[2] no matter how flat/heterogenus/other-all-together-now-buzzword-compliant-word-of-the-momemtn a company claims to be, there will be siloed groups within it, and within them like Russian dolls in larger organisations.

> how on earth do they think they deserve trust

They probably don't, individually. They are like us, with similar concerns.

But they don't need to think they deserve it individually as long as the company overall can convince enough of us that they do (and convince enough of us that will never be convinced of that, that it doesn't really matter in the long run anyway).


who's "concerned about their privacy" and why?


Privacy is a important factor in the stability of free democratic societies.

Today we have a asymmetry of transparency: institutions and companies are intransparent while the individual isn’t. This assymetry in information translates into an asymmetry of power.

The traditional way citizen of free societies dealt with asymmetries of power was to divide them.

A government could easily sentence and jail anybody if it weren’t for some strangely roundabout rules that made this hard.

The privacy movement is part of a powerplay between individuals and entities that go beyond single persons.

Of course you also have those who think it is about their dick pics..


"The cause is in my will."[1] It's no one's business why I don't want FAANG snooping on me. That's what a right to privacy means.

[1] http://shakespeare.mit.edu/julius_caesar/julius_caesar.2.2.h...


It wasn't listed in tech specs, but it was never hidden or kept secret. It probably could have been more explicitly detailed, but in the FAQs for the Nest Secure it even tells the user:

> Can Nest Secure detect breaking glass? No. We’re working on bringing glass break detection to Nest Guard, the main hub of Nest Secure. Nest Detect, the open/close motion sensor, doesn’t have a microphone, so it can’t detect breaking glass. But its motion sensors can detect movement by intruders as well as when a door or window opens and closes depending on how it's installed.

https://nest.com/support/article/Frequently-asked-questions-...

This was listed before this big announcement.


It’s really sad to see companies like google buy companies like nest, or more recently amazon and eero. These little companies build fantastic devices, then the companies get acquired and the elegant products get mutated to serve their new owners. Finally a new player enters the market and the cycle continues.


What's sad is that those companies accept. I have been offeredd job interviews at google and facebook and politely refused.

Yes, millions are a much bigger temptation, but you still have a choice. In the hand, either they decided those companies where matching their ethics, or they gave up on ethics for money.

Given our entreprenarial culture, is that surprising ?


Often, the offer is much harder to pass. "We will buy you or we will build a better you and destroy your business" - it's not just a money offer to refuse when you think about it. Part of the decision process is also the feeling that a huge company wants to enter the market with the same product. Can you compete?


An example that went the other way? Snapchat. Facebook just made their own.


Suunto still exist after garmin and samsung entered the market.

It is possible. Not saying it's easy, but it's still a choice.

The we still make the choice to give the bullies more power in the end.


A job interview is just a smidge different than a life changing $3.2 billion for a company that only raised $80 million.


No doubt. I don't pretend I would have made a different choice.

Yet it is still a choice. It's just a question of how much your values are worth.


Don't forget that all your investors that took that chance on you want their return too. It is different than one person who bootstrapped and can do whatever they want. When you take someone else's money, you have a legal and ethical responsibility to them.


I think you're assuming anticapitalist values in a game played by capitalists with venture capital.

This isn't an aberration; it's the goal. Startup companies are group-funded technology incubators that, if they succeed, are consumed by larger technology holding and aggregation companies.


In the case of Eero, I think they just knew it was surrender or be killed in another year or two. They were already starting to face heavy competition.


Eero was VC funded, right? That means they're basically forced to exit unless they think they can keep growing quickly.

(I used to share an office building with Eero's early team. They seemed nice.)


I agree, and I'm not saying they should have done otherwise.

I'm saying it's still a choice.

We, sadly, prefer one option to the other.

Or maybe there is a third option we don't see.


Those companies accepting these offers is often the goal-state of creating the company in the first place.

This is the flow of the Silicon Valley startup ecosystem.


If the little company with a fantastic device did not really have a business model besides eventually getting bought out they have been working for one of the big five (or whatever the current count is) from day one, they just did not know which one exactly.


I often think, and i may be completely wrong here, that these little companies (Nest) get acquired with the intentions of the larger company (Google) to be as hands off as possible. You don't want to screw up the little companies culture.

However, what i think happens is that you see a headline "Google buys Nest for $3.2 billion" but the reality (again, i'm assuming here) is that in order for Nest to get that $3.2 billion, they need to reach certain sales goals. So now the little companies drive ends up being to reach sales goals.

So i'm not sure the elegant products get mutated so much to serve the new owners, i think the acquired company gets mutated to cash out.


Its not like Nest wasn't making some pretty horrible mistakes with the product before they got bought. There's a fair number of stories about the device failing, frozen pipes, and the like.


If you believe nest became more like Google, you clearly never met Tony.

At least in that case, you have it very very backwards. Nest made Google more like Nest, not the other way around.


I think it's fair to say most people reading this comment haven't met Tony. I don't mean to be excessively demanding, but maybe you could share some more specific insight because I'm genuinely curious what you mean.


I agree. FB + oculus rift


Fun fact: any device with a speaker can be turned into a microphone because a speaker is fundamentally the same thing as a microphone (a membrane connected to a coil/magnet).


Yes, any speaker can become a mic, but only if you plug it into an amp's input channel. Unfortunately for the CIA, they're all plugged into output channels.


input and output channels are not always physically different pins, sometimes it's just a software configuration. see https://news.ycombinator.com/item?id=13014435


I wonder if Singapore Airlines has something new to say about the cameras in their IFE system?

https://twitter.com/vkamluk/status/1097008518685573120


Of all places to 'spy' on folks, on a cramped airplane seems like the worst. Most people will be 1) asleep, 2) pissed off, 3) eating shitty food, 4) watching bad movies. It's likely that they decided to shove in some cheap android tablets that someone else sold them. It's unlikely that they are actively watching everyone, though the possibility of them switching on the camera to watch/record you shifting in your seat to get away from your neighbor trying to use your shoulder as a pillow is always there.


For security a lot of (most?) new aircraft have Cabin Video Monitoring Systems (CVMS). Depending on where you are seated they may be able to see everything you do or just your head. An aircraft shouldn't be considered a private place, as you are probably already being watched.

In 2008 a study was carried out that attempted to use facial recognition to identify passengers for signs of terrorist activity [0], so maybe they are used for that.

On the other hand, as you say it was probably just cheaper to use an off the shell Android tablet that has a built in camera...

[0] https://www.newscientist.com/article/dn14013-in-flight-surve...


Noticed these on an Emirates A380 recently. Cameras in the ceiling at the front of each seating section.


I used to go to a gym where the exercise machines all had Windows tablets built in. They all had a camera and Skype installed. I'm still curious who ever wants to Skype all sweaty during an exercise, but probably the same person who wants to Skype on an airplane.


I'm still curious who ever wants to Skype all sweaty during an exercise

Maybe a variation of this old meme might help explain: "The great thing about going to the gym isn't exercising, it's showing everyone online that you did."


> who ever wants to Skype all sweaty during an exercise

I should imagine there's a non-zero number of fetishists who would pay $ for a live Skype call and/or webcam show with an exerciser.


At some point someone at SIA would have thought about covering up the cameras (surely?), I imagine it would have been:

1. Accept the OEM design (cameras uncovered) but possibly have to deal with people not liking a camera shoved in their face (camera active or inactive)

2. Modify the OEM design (cover the camera, costing money) and nobody even knows that there was a camera there in the first place

So I'm curious as to why they chose #1. A pure cost-saving exercise? Reserving use of the cameras at a later time? Didn't have the option of modifying the design? Didn't think people would mind the thought of being filmed?


OT meta execute-our-code-or-else: "We've detected that JavaScript is disabled in your browser. Would you like to proceed to legacy Twitter?"

[Yes]

rhetorically... Why?


'Friendly' friction. At least its not the abhorrent red it.


I love Google for the service values they provide, but if this were to come from another company then I might have believed it was in fact an error.

Privacy has always been an important factor when people consider any Google products, and they are fully aware of that so this topic must have always been on their list of priorities. For a company like Google with rigorous testing/approving processes in place before a product is even launched, to come back and say that it was an accident is pretty hilarious, though realistically what else could they have said?

I still like them. It's a love-hate relationship, we have passed the denial phase and entered the acceptance stage long time ago.


Why does Google get a pass? They're an advertising company, and listening to conversations is very relevant to that business model.

In fact, I think it's more plausible that this entire foray into IOT is to collect even more data for use in advertising (e.g. get more microphones in more places). Why else would an advertising company get into such a wide array of businesses?

Yes, their products are convenient and typically get good QA testing, but there's still no way I'll be convinced that they're not trying to get as much data as possible to contribute to their core advertising business.


And if they later activated the microphones through a software update and didn't tell anyone, I guess that would be an "error," too.


Mods,

Can you change the title to say "Nest Gaurd's", because this has nothing to do with the Nest Thermostat, which is called, "Nest".


Yeah, I was worried it was the thermostat too. Hopefully that day will NOT come when they tell us all their products have microphones in them.


Will they recall the product or offer a replacement without the mic? If not, they are not sorry, the breaking glass claim is false and this invasion of privacy was always the intent.


This thread has been comprehensively derailed and is an embarrassment to informed discussion. Imagine if a major Chinese firm had 'forgot' to document a microphone, how many people here would be making excuses? This is an astonishing reflection of the quality of technical discussion.

Anyone who is even remotely familiar with hardware design will know this cannot be an accident in any way and form. It's there because its designed to be there. The fact that its not documented takes it firmly in the territory of extreme malice and dystopic surveillance unconstrained by any ethical concerns.

The only folks for whom this is not a concern are those unburdened by any sense of societal or ethical concern. They represent those sections of the tech community who have zero compass or qualms and do not see any problem building a toxic dystopic society.


Literally, "Oh, we're sorry. We thought it was obvious we were spying on you by now". Guess their conditioning program isn't yet complete...


When a person hires a personal assistant, the person doesn't generally turn around and accuse the assistant of spying on them because the assistant listens too attentively.


Sure, but the assistant also doesn't typically record all conversations and give them to the service they work for, and they also don't typically bug the entire house so they can hear every conversation throughout the house.

There's no way I'm getting a digital personal assistant like Google Home or Amazon Alexa. It's a novelty that trades privacy for a little convenience, and I'm not that lazy.


That's a personal choice you are welcome to make. I have a Google Home Mini sitting on the shelf behind my head right now, and it really doesn't bother me.

(... in fact, I tend to think about it in just the opposite way: if I'm ever murdered in my home, I want the cops to be able to subpoena Google to get evidence on who the killer was. It's nice to have a system watching my back all the time).


The Nest is not a personal assistant like the Google Home. It's a thermostat.


The microphone is not part of the Nest thermostat, it's only part of the Nest Secure, the keypad which is included as part of the Nest Guard.


Nest makes many products. This one is a security/alarm system.


And most of the rich people in my neighborhood have complete voice devices in their homes, Amazon’s device and Google’s I refuse to have these devices in my home regardless of how cool they seem.


What event down the road do you think will vindicate your decision? How do you think your neighbors will be harmed?


Some people have no problem putting a little webcam in their toilet bowl so that the world can watch them eliminate every morning. Personally I prefer to keep my business private. I don't need any "vindication" to be happy with my decision to protect my privacy. If you don't understand the value of privacy nobody can explain it to you - but they may watch your morning broadcasts.


You don't see any difference between people getting a Google-connected device (like a Google Home or Pixel phone) and those that install a public webcam in their bathroom?


The Google-connected monitoring device is arguable much more intrusive.


It's almost as bad as a smartphone with Google's software installed.


Political turmoil. Putting this data in the hands of FAANG means it's just one NSL away from being used by the government. It's foolish to think that the relative stability of western governments since the 1950s is a permanent condition. This is a blink of an eye in historical terms.


Is it worse than a smartphone which is a far more personal device with a lot more sensors?


At it's core, this is just "whataboutism". Yes, phones have a lot more sensors. Phones also give you some control around what gets recorded when. Even if phones were just as bad, doesn't mean the solution is capitulating completely and putting listening devices all over my house. Quite the opposite actually.

As an aside, this is why I would never use an Android phone. At least Apple, for all their faults, allows me to keep my data on my phone and treats privacy, user consent, and app permissions as serious matters. Meanwhile, Onavo is still available in the Play Store[1].

[1] https://play.google.com/store/apps/details?id=com.onavo.spac...

Edit: It's telling that you didn't respond to my reasons for why this technology is potentially harmful, and instead just reached for "but what about phones?" I would love to hear your argument for why corporate or government abuse of data from always-online, always-listening devices like Alexa and Google Home is not a real concern.


I reached for "what about phones" because these devices seem very similar except they have a better speaker and fewer sensors. The Google one even runs Android IIRC. If I say "OK Google, who does Hunter Pence play for?" and my Google Home answers the query rather than my phone, what's the difference?

Frankly, they seem like less of a privacy concern to me than a smartphone because they don't also track my movements.

> I would love to hear your argument for why corporate or government abuse of data from always-online, always-listening devices like Alexa and Google Home is not a real concern.

It is a concern, just not a big one. I use an Android phone (and an iPad) so I figure that horse have left the barn. I'm willing to accept some risk if there are benefits. For example, I risk my life every time I drive my car. If I'm willing to take on that very real risk, why would a hypothetical about an internet connected device doing much less harm scare me?

Your point about using Apple exclusively is a good one. If I were more worried about it I would do the same.


I believe there's either a trigger somewhere in Amazon's or Google's PR to post the classic 'but what about ur phone' whenever someone is pushing back against IOT recording devices or we've become so brainwashed that we do their job without even realizing it. I don't know which of the two is sadder.


What's the difference between a Google Home and a Pixel phone sitting side-by-side on the table, which one is the bigger threat to my privacy? What about when I leave the home and take my GPS-capable phone and leave the Google Home on that table? Which is a bigger threat now?


I have no idea. I refuse to use Android phones.


Now I'm going to have to take my Google Wifi points apart to check for "forgotten" microphones


If you've got Google wifi points in my opinion you're simply inviting them to spy on you anyway.


Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: