Hacker News new | past | comments | ask | show | jobs | submit login
Police are requesting data from smart speakers (wired.com)
230 points by seigando on Oct 5, 2020 | hide | past | favorite | 226 comments



It is absolutely not unexpected. Any vestiges of privacy are being eroded. Not that recently, inside of the car was relatively safe from eavesdropping. Cell phones and Alexa devices changed all that.

What I do find odd, however, is the weird distribution of those devices. In my immediate social circle, its either old people who want to show they have something cool and hip and young tech enthusiasts. My sample may be completele skewed as I am not the most social person ever though. The trend may be much more pronounced.

Still, it boggles my mind. Why would you voluntarily do it? My parents only invited trusted friends to ensure nothing 'questionable' made it to the authorities ( former soviet republic ). People today brazenly broadcast it.

I honestly do not get it.


If I become bedridden, I will welcome a smart speaker. Until then, nope. Even if it wasn't about privacy issues, being too lazy to get up and turn a knob is terrible for one's health.

I've also considered one for my shop, so if I get pinned under the car or something I can yell for 911. But I'd only turn it on if I was about to do something dangerous. I might also get one if I decide I'm at risk for "I've fallen and I can't get up". (That happened to a relative, it took her 2 days to inch across the floor to get to the phone.)


Just FYI, there are devices specifically designed for this. It's basically a phone you hang around your neck, and it detects falls and uses an audio prompt (calling 911 on your behalf if you don't respond in 60 seconds, or something). My grandmother uses one since she's had a lot of falls.


Good to know, thanks.


>Good to know, thanks.

And it's not new either. I remember these TV ads[0] from when I was a teenager (1980s) and my peer group and I found them quite amusing.

These days, the same folks take a more threatening tack[1] (a sign of the times, perhaps?), which I find pretty galling.

[0] https://en.wikipedia.org/wiki/I've_fallen,_and_I_can't_get_u...!

[1] https://www.ispot.tv/ad/IXwc/life-alert-tragic-outcome


Haha, I wondered if anyone would catch the reference. Sadly, they're disappearing along with "plop plop fizz fizz", "where's the beef", "hey mikey", "hello betty" or "gee your hair smells terrific".


Yep. One of my personal favorites was "We make your dreams come true!"[0] which was a local thing where I come from, but is truly iconic!

Not to mention the "Lullabuy of old Broadway."[1]

[0] https://www.youtube.com/watch?v=1uosIpj-CRs

[1] https://www.youtube.com/watch?v=UwlvkUMsDgI


This was one of my tops. https://www.youtube.com/watch?v=fucxG-he2qU Keith Hernandez, Emmitt Smith, and Walt Frazier. There were older commercials for this, but Emmitt was just soo funny in it. "Ohhh it's bad"


That's definitely a good one, but I always dug the "Rejected!" "No play for Mister Gray!"[0]

[0] https://www.youtube.com/watch?v=dQNkKTlDilY


I accept disability of some sort as a valid reason to use it. I know I would. You already have to make hard trade-offs. But an average person? I just don't get it.

And that does not even touch the corporate world. How does a company protect against disclosure of things that are otherwise a corporate secret ( especially in today's increasingly WFH world )?


> How does a company protect against disclosure of things that are otherwise a corporate secret

My work is all open source, so no problems there :-)


> I've fallen and I can't get up

The apple watch has fall detection, it will automatically call emergency services if it detects a fall and you don't cancel the SOS.


Can't you use your phone for this? I always make an effort to put my phone on the floor next to my car when I'm working under it.

Of course, either way, it's only really helpful if you're able to speak.


Dialing 911 on your phone will get the EMTs sent to your house if you say nothing.

Having the phone in your pocket works if you can move. Having the smart speaker works if you can speak. If you can do neither, hope somebody finds you soon.


Oh, I meant saying, "<Okay Google>|<Hey Siri>, it's an emergency" Which should work just as well on a phone as it would with a smart speaker.

But that last point is important, I always tell people before I'm about to do something dangerous: "if you hear a noise, please come and check on me."


> old people who want to show they have something cool and hip

These are always pretty amusing. I went on vacation with a girl I was dating one summer, and her parents brought their Alexa with them. Her dad thought it was so cool, and he loved to show me by saying "alexa, play <music>" three times until he got frustrated enough to just do it with his phone. Then, he'd say "hey alexa, you're a b*tch," and laugh when it responded by telling him that was rude.

Why would anyone pay money for that???


I tell people who show me their smartwatches and features "oh yeah? My watch tells me the time!"


Mine has a calculator.


oh yeah? Mine tells the time.


I only know one person that actually uses the "smart" feature on one of those speakers.

I wonder if in a lot of cases, for the people it is not actually about the smart stuff (that might be a plus or just out of curiosity), but convenience and aesthetics. Most people I know, don't have a traditional sound setup at home anymore and instead just use a bluetooth speaker. But the ones made for outdoor use look pretty ugly indoors, whereas the smart speakers are more designed to disappear in the home decor.

Personally I think, bookshelf speakers with bluetooth functionally would be a better option for most, but from what I have seen people are often not even aware of their existence and the ones with good audio as well a modern look (in case you don't like the classical black or brown boxes) tend to be in higher price classes than the smart speakers.


The speakers are convenient and most people aren't worried about these kinds of invasions of privacy.


I know your statement is accurate, but my immediate question is that of why. The information is there. If it is there, it is going to be used. Why wouldn't an average person be worried? Because it did not affect them yet? It is not part of the culture?


It's not clear to most people how the information they give to a smart speaker could be used against them. What will the government do to me if it knows that I asked for directions or ordered a pizza?

I remember a few years back when Google let you view a map of your daily movements over the past few years or something. I saw this map and turned off location tracking. Most people I talked to thought this was neat and forgot about it shortly after, because no one is using this information to hurt people in visible ways.


>I remember a few years back when Google let you view a map of your daily movements over the past few years or something.

This still exists: https://www.google.com/maps/timeline


Do you think people would start caring of that information affected their credit scores and health insurance? "You visited Dominos 3 times this week."


You need to give up your data in order to enjoy modern conveniences. Do you trust your credit card not to secretly sell information to your health insurer? What about your grocery store's rewards program?


You do have a point. In case of credit card, when you volunteer your information ( and your permission to check information about you ) for the convenience of plastic, you technically do give up your data. But as a counter argument I would like to point out that that trade is restricted by various laws and compliance can be onerous. Now, I still did not see credible news of credit card companies selling personally identifiable data of, say, dunkin donuts users. But then, we all know of the story about store sending baby stuff to a family before parents knew their kid told them she is pregnant.

I don't use rewards programs ( though now those seem to have migrated to collecting phone numbers ).

But no, to answer your question, I don't trust them not to abuse this information so there are things I simply pay cash for. I think last time that issue came up for me was when one bank seemingly decided ( and backtracked ) that legal gun purchases are verbotten ( https://dailycaller.com/2013/01/16/bank-of-america-credit-de... ). Though that particular cases again seemed to deal more with individual specialist decision and was not a policy decision.


Do you trust your credit card not to secretly sell information to your health insurer?

Yes. But I live in Europe, where that trust is anchored in laws that still have some teeth left.


>Why wouldn't an average person be worried? Because it did not affect them yet? It is not part of the culture?

Because the average person doesn't understand the pervasive nature of the surveillance capitalism model.

In fact, as Shoshanna Zuboff[0] discusses in her book, The Age of Surveillance Capitalism[1], those engaged in such activities take great pains to make sure that you don't notice it.

We're only talking about this here, now because it's highly visible and the state has taken an interest in using such surveillance data for its purposes.

You might think it's a good thing that people are starting to notice, and on some levels it is. However, this sort of activity has been going on for so long and is so embedded in the culture that people just don't pay attention any more.

But this sort of thing has a long history of happening, mostly unimpeded in the US at least. Credit reporting agencies/scoring and the data brokers that go with them have been around for decades.

Advertising Research[2][3] goes back a century, with automated data analysis reaching back to the late 1960s. Statistical techniques developed then were refined in the early to mid 1970s at Grey Advertising among other agencies and moved into the advertising mainstream by the 1980s with projects like Backer Spielvogel Bates' GlobalScan[4].

However the costs of collecting primary data across the globe was prohibitive for all but the largest advertising agencies/consumer products companies.

This limited both the scope and effectiveness of such research.

Since the advent of "Social Media" the sorts of data collected by projects like GlobalScan at the cost of millions/annum are now freely provided by vastly more people.

That drives the thirst for more data, more detail, more ability to identify target markets. And that's great. For marketers. Less so for those who are constantly bombarded by increasingly individualized ads for products, services and political messages.

This wholesale collection of data about people has been so successful that it has become an important part of many organizations -- even if data collection/analysis/brokerage isn't their core business.

What we see now with Amazon Echo/Ring, Google Nest, etc. is just the logical (if incredibly evil) evolution of this market trend.

That law enforcement wants to tap into this enormous stream of data isn't remarkable. They've been data mining pen registers[9] and phone location data (using the Third-Party Doctrine[10] as justification) via telecom records. And Stingray[5] tracking has been a thing for quite some time.

They also dig through social media too.

And the hubris/liberty endangering partnership of Amazon (with Ring devices) and law enforcement[6] is quite frightening.

And this isn't the first time that police have attempted to access conversations from "smart" speakers to use in criminal prosecutions[7][8].

[0] https://en.wikipedia.org/wiki/Shoshana_Zuboff

[1] https://en.wikipedia.org/wiki/The_Age_of_Surveillance_Capita...

[2] https://en.wikipedia.org/wiki/Market_research

[3] https://thearf.org/about-arf/

[4] https://www.coursehero.com/file/p7tsoeb/Backer-Spielvogel-Ba...

[5] https://en.wikipedia.org/wiki/Stingray_phone_tracker

[6] https://www.washingtonpost.com/technology/2019/08/28/doorbel...

[7] https://www.thedailybeast.com/police-seek-amazon-echo-data-i...

[8] https://www.engadget.com/2019-11-02-florida-police-obtain-al...

[9] https://en.wikipedia.org/wiki/Pen_register

[10] https://en.wikipedia.org/wiki/Third-party_doctrine

Edit: Added detail about Pen Registers and the Third-Party Doctrine.


>However, this sort of activity has been going on for so long and is so embedded in the culture that people just don't pay attention any more.

"The Social Dilemma" on Netflix may help with that. As someone already in tech it wasn't particularly enlightening for me (and the "reenactment" acting they included was way over the top), but it is accessible and apparently a good eye opener for "lay people" I know who've seen it.


[flagged]


> they expect it to be inflicted on people who aren't them.

I strongly oppose excessive force by police. But I'm aware that police are people, and I am fully cognizant that they have a gun and I do whatever is necessary to assure them that I am not a threat to their safety.

For example, during a traffic stop I keep my hands firmly visible and on the steering wheel. When the cop asks for my license, I say it is in my right front pocket. I do not move my hands to get it until he says ok. I do not reach for the glove box until he says ok.

I do not berate officers, I don't argue with them, I don't move unless they tell me to. Yes, I have been held at gunpoint by the police.

I never lunge for my cell phone in my pocket. I do not run at the cop or away from him. I do not try to touch the cop. I do not reach for the cop's weapon.

Back in the 60's, when toy guns looked like real guns, my dad (WW2 and KW combat vet) gave me one. I am white and lived in a small all white town. My dad said if I ever pointed it at anyone, I was liable to be shot, and he didn't want me to be shot. Being a rather stupid boy, I pointed it at people, and he took it away.

Always remember you're dealing with an armed person who does not know you're a sweet old gent with a cellphone in his pocket. Never force him to make a split second decision at night in poor visibility as to whether you're whipping out a cell phone or a gun.


By all means take protective measures when interacting with American police, but by no means should this expectation of submission be considered normal in a developed country. Not should it be assumed to offer much protection; US police are sufficiently trigger-happy that they'll kill people even for following their commands.

American police kill 35 people per ten million population; in Canada that figure is 9.7. In Europe, the UK, Australia, NZ, and Japan, that figure is under 4.[0] The problem with American policing is the police, not the fact that too many Americans 'lunge' for cell phones during police stops.

[0] https://en.wikipedia.org/wiki/List_of_killings_by_law_enforc...


It would be fair to compare that with statistics on how many cops are killed by civilians.

Also consider the wildly different statistics on gun possession in the populations.


Could be the problem in America is the drug problem, the glorification of the drug culture, the glorification of gangsters, the glorification of violence in sports and video games. I wouldn't put these issues squarely on the police officers in our country. When the number one hit record in your country is WAP (I'll let you look up that one), maybe the policing isn't your biggest problem.


To an extent. Ultimately, the US problem is insecure employment, bullshit jobs, income inequality, and multiple generations of compounding wealth inequality. People without opportunity turn to destructive behaviors, including glorifying gangsters because they are the only people they see in their neighborhoods who have any kind of wealth or self-determination.

Poor communities didn't turn into the kind of places you describe until after the jobs went away. I do not see this as a racial issue, however.

Poor communities in the US have broadly similar attitudes, and social problems, regardless of their ethnic identity. That problem hit urban African American communities many decades ago and is hitting rural white communities now.

People need money and personally meaningful work. Unless they have it, things go wrong. When people don't have it for generations, ghettos and violence are what you get.


If you're a parent, please have a conversation about this with your kids. It's not something they should learn the hard way. I learned most of this when I was young and a middle aged white colleague at work had been quite the rebel as a youth, and had many encounters with the police. He gave me quite an education.


It is interesting. Looking back, my first 'training' was when my dad took me to the backyard, gave me an airsoft rifle and said a fair amount of things including you do not point unless you are ready to shoot ( and to be ready to accept the results ).

I never got that much into it, but the lesson stuck with me.


Obviously, one should comply with direct orders given by a cop. But this culture of hyper-submission to avoid being summarily shot has to end. The details of your proactive responses indicate fear, and the citizenry should not fear the police in a free society. If a cop cannot handle the stress of aggressing on ordinary citizens while remaining calm and purely defensive, they need to find a new job.


I get told my advice is excessive all the time, even by cops. But I haven't been shot or arrested. I prefer to err on the side of caution so I can go home and sleep in my own bed that evening.

I'm also extremely careful with my table saw. You describe this as fear, I describe it more as risk minimization. It costs me nothing, I am not degrading myself, I simply avoid things that trigger fear in the cop.

My father served in combat in WW2 and the KW. He received a couple medals for bravery. But he always did everything he could to minimize any unnecessary risk. If it was a tough mission, he'd often be asked to lead because the other pilots knew he'd bring 'em back with fewer holes in their airplanes while still pasting the target.


Despite all tour precautions, you were still held at gunpoint - I think it's fair to say in most countries people have to take fewer precautions and do not experience being held at gunpoint.


> Despite all tour precautions, you were still held at gunpoint

He came up behind me. I had no idea he was there.


Pragmatically, sure. But giving it out as advice perpetuates this culture where when a cop turns a traffic stop into a murder, the victim is scrutinized for eg not preemptively putting their hands on the steering wheel. In a free society, nothing less than deliberate disobedience warrants escalation.

Also if my table saw turned itself on and started walking at me while I was doing something else, I'd get a new one. And if all table saws tended to do this, I'd question whether I needed one at all.


Unfortunately, cops have to take precautions at traffic stops, specifically because cops have been killed at traffic stops.

Some traffic stops happen because the cop sees something suspicious and decides to investigate/explore the situation. I'm grateful they do. It helps keep trouble at bay, to an extent.

> the victim is scrutinized for eg not preemptively putting their hands on the steering wheel.

A cop would be an idiot to not make judgements, and change his behavior based on the situation.


You haven't really said much besides the same one-sided narrative that frames the situation as cops just doing some inevitable job, ignoring the overbearing techniques they've developed that make the situation much more dangerous for all. It completely leaves out the perspective of the motorist, who finds themselves in a tense escalating situation that they did not ask for. In a society based around individual liberty and a government subservient to the People, this is unacceptable.


> You haven't really said much

Well, between the 2 of us, we seem to have covered the 2 sides.


I think you may be onto something. I spoke with wife ( she turns out to be a reliable predictor of US white populace ) recently about matters surrounding BLM and there is definitely an implicit level of trust in US that was not present in the old country. But even then, it only takes one bad actor to turn it on its head? Isn't that one bad apple sufficiently scary?


> Still, it boggles my mind. Why would you voluntarily do it? My parents only invited trusted friends to ensure nothing 'questionable' made it to the authorities ( former soviet republic ). People today brazenly broadcast it.

> I honestly do not get it.

Perhaps the important differences between us and the USSR are having a democratic legislative process and a fair judicial system, and the relevant extent of our surveillance apparatus is a secondary concern.

(Obviously, there are problems with our legislative and judicial systems - the point is that they are better than the former soviet republics'.)


It's about convenience. Cooking while having full control over what's playing in the background. Following along with recipes. Asking random questions you might usually take out your phone to Google. Coming home after a long day, sinking into your couch, and able to say "play some relaxing music" to soothe your mind.

Not saying that the privacy aspects aren't valid concerns or that convenience should outweigh them, but quite a few people here seem to not be able to see any upsides.


To each it’s own, i find all that tech for just listening music stressing, also add the maintenance aspect of it (accounts, passwords, updates, create playlists, share) for me there’s nothing like selecting a vinyl pulling it out, put in the player and just listen to it in my old Hi-Fi.


Not to mention the better sound quality.


Not only do users violate their own privacy, they make it harder for everyone else to keep their own. At least in the US, its getting harder to have a screen/computer-free home audio setup! Receivers all have embedded streaming devices; many speakers do too. Playback devices are all becoming niche, and eventually even the used market will eventually dry up, too.


"Hey wire tap, whats a good recipe for pancakes?"


> I honestly do not get it.

You underestimate the power of social status and conspicuous consumption[1]. I would say it's been the fundamental driver of our society for quite some time now (maybe since early 1920's?, briefly paused for WW2)

[1]: https://en.wikipedia.org/wiki/Conspicuous_consumption


I think that may be a factor, but I also remember that Mark Zuckerberg goes to some lengths to protect his privacy ( https://nypost.com/2020/07/04/mark-zuckerberg-accused-of-col... ). It would appear that true power can buy privacy, while gadgets are for the hopeful arrivals.

edit: added link


>Why would you voluntarily do it?

I can tell you why I personally don't care. First off here in Germany I'm pretty sure it's not legally possible for authorities to request my voice commands randomly and due to GDPR I can delete all my recordings at any point, and turn off personalisation meaning they wouldn't use my individual data.

Secondly I just don't say anything in my home that's super secret, I live in an apartment and I'm pretty sure the neighbours can hear me talking on my balcony, and I'm in voice chats most of the day these days due to covid which probably accidentally means more people listen in because I forget to press mute than some guy at Amazon.


> I'm pretty sure it's not legally possible

Legality wasn't really an issue for authorities in Germany before, even if it contradicted our basic law. Of course it was for national security. It is my goto excuse too if I break any laws.

There is a lot of room between paranoia and being extremely naive in context of state powers.

> Secondly I just don't say anything in my home that's super secret

Then why would the state need capabilities to get this not super secret data?

I honestly expected more from Germany in this regard, especially with the experience of the past.


After years of listening to ex-soviets speaking nostalgically about how things were better under the Soviets, the people in the West have unconsciously fallen for the full spectrum mommy state and our overlords are merely addressing this unspoken popular demand to live in a surveillance state. This state of affair naturally reflects the West's advancement relative to other parts of the globe. So "resistance is futile but if you join early you can have a short id!". So don't lose your place in the line bothering yourself over triffles such as overwhelming asymmetries of your social existence. The future is now comrade, buck it up [bsts: /s]


Yep, I have a few google minis (freebies, hmm...), I'm thinking about tossing them, honestly. Beyond asking about the weather or setting a kitchen timer they just aren't very useful.

And I fully believe such devices are going to be used (if they aren't already) to identify persons engaging in "wrongthink" by listening in on the private conversations in peoples' homes.


To my understanding, these smart speakers only phone home when you say the keyword, right? They aren't storing or sending everything they hear throughout the day. So the cases where this could be abused by police has to be small. Seems like it would likely be used to verify that someone was home when they said they were because they asked Alexa a question at that time.

In other words, I don't think Amazon ever receives the "wrongthink" Alexa hears, unless you say it directly to Alexa.


I haven't seen evidence either way and I don't own one. It should be pretty easy I'd think. You can measure the traffic volume when nobody is there + 8 hours or so and when you're having lively conversation + 8 hours or so (in case there's some kind of delay)

I know lack of evidence doesn't mean it doesn't exist, but if that came up empty then it'd be hiding pretty good.

Although honestly I'd delay transmission until user interaction and then hide in that noise - it'd be the first thing I do.

Eh, look at the traffic anyway


As you figured out, there would be many options to hide the "secret" calls. There is also no need to send these secret calls from all devices, it could be used only by a set of devices that are owned by "interesting" people. Assuming that is true, if a security researcher looked into things no longer proves anything.


Sure but there's probably provable ways to look for hidden stuff as well unless they are sending empty data.

You can do multiple runs of feeding pre-recorded messages into say multiple speakers and do the trial over many days. Then on a series of other speakers you can do a robust sequence of pre-recorded conversations followed by the same pre-recorded messages at the same time and then do statistical analysis on traffic volume.

I just presume these things are listening to everything and recording everything. I think that should be the general assumption if you bring essentially an "internet microphone machine" into your home.

If not by the company who sold it to you then by 3rd party hackers, clever app developers, or some other group. Every marketer wants to know what their customers are saying in the privacy of their own home.

As a tangent I've long wanted to have fun with this ... start a campaign to start collectively talking about a ridiculous product (say a vacuum cleaner with elephant ears that flap in proportion to the amount of dirt it picks up) in private conversations and see if a company releases it by listening in. "There's significant consumer demand for the dumbo-vac!"


> Sure but there's probably provable ways to look for hidden stuff as well unless they are sending empty data.

Isn't this equivalent to the halting problem? Even with source code, there is a chance the compiler was compromised. In practice, these devices are closed source, so you would need to verify all the possible code paths.

Moreover, we know that NSA coerced phone companies into exposing metadata. What is the probability NSA has not requested backdoors of Amazon, Google, and the like?


I don't think it is however there is an unprovable element here in that it's difficult to prove absence. However, depending on implementation it may not very difficult to demonstrate presence! If you run the basic tests and there's clearly a substantial difference between the two you're done. If there isn't, you need to dig deeper.

This is just the nature of indirect observation. People in the natural sciences deal with this problem all the time.


Apart from targeted spying being a thing, the keyword recording trigger is not so reliable that it acts as a good filter.

https://moniotrlab.ccis.neu.edu/smart-speakers-study-pets20/


Unless these devices have enough performance to do on-device speech recognition, they could have to stream audio on an ongoing basis.

I think the data stream from uploading compressed audio for an extended period would be difficult to hide.


> To my understanding, these smart speakers only phone home when you say the keyword, right? They aren't storing or sending everything they hear throughout the day.

Yeah, but there are mistriggers as well - I think you should see them in myactivity.google.com with Assistant filter enabled.


At least for Google/Nest devices, you can turn on notification sounds.


The hardware is still there, and all it takes is an exploit or a firmware update to disable notifications and enable recording.


The context is accidental triggers. A mass exploit would have millions of ISP cry out in terror as their upstream usage suddenly jumps.


I.e. Apple contractors 'regularly hear confidential details' on Siri recordings:

https://www.theguardian.com/technology/2019/jul/26/apple-con...


Not any more.


> To my understanding, these smart speakers only phone home when you say the keyword, right? They aren't storing or sending everything they hear throughout the day.

1) There has been various cases of such devices being triggered incorrectly and uploading chunks of recordings

2) It's all implemented in software. It's extremely easy for the vendor to enable more keywords or record for longer times.

3) It's impossible to prove that 2 is not happening already in limited cases

4) There is a proven long history of very effective global surveillance programs targeting every electronic device (phones, cell towers, carrier-grade routers, PCs, servers).


To echo izacus's comment, they are very sensible and there's dozens of variations of the keywords that they accept.

We have a Nest Hub, and saying Google twenty times a day was a deal breaker so we all use some other variation that works 99% of the time, and looking at history it accidentally triggers itself a few dozen more times during the day.

It has a real value for us for now, but privacy issues are real in my opinion.


I've taken a more cautious approach to assistants and only tend to use Alexa if it requires a physical keypress first, e.g., a Fire TV 4K rather than having bespoke Echo devices throughout the house. There's _some_ value on the home automation side of the offering until I can make everything closed-circuit around here.

The Google Mini that Spotify sent me, however, went straight into a pile.


>> To my understanding, these smart speakers only phone home when you say the keyword, right? They aren't storing or sending everything they hear throughout the day.

This is the intended behavior.

But - there is a non-zero rate of false positives (when the device detects something that it thinks is the wake word, but is not), in which case, the audio is streamed to the cloud. This audio could (should?) be used for model training to improve the future precision of wake word detection. But, it could also potentially end up being subpoenaed by a law enforcement agency.


The wake-word is different in different regions/languages right? That suggests they either have special silicon for each language (unlikely) or it's programmable. Is it reprogrammable over-the-air? Even if it can't be given more than one wakeword, it could presumably be reprogrammed to use a very common word, like 'the.' When in this surveillance mode it would remain quiet unless you also said the traditional wake word.


Yes, there are multiple different wake words and they can be updated / reprogrammed via firmware updates.


There are some 7000+ languages in the world. Baking recognition for 7000+ words in silicon is not a huge task.


I think it's unlikely that's what they actually did.


The thing is it doesn't need to record anything (to spy on you).

Voice recognition is 'on' all the time as it needs to recognise 'keyword'. All you need then is simple transcription into text.


Yes but that's not records that they actually have. The reason you need a wake word is because that processing is done locally on the device, it's not until you say the wake word that it starts streaming the audio data to the central server for processing.

Its certainly possible for Amazon/Google/Whoever to send your device a firmware update that turns it into an always-on microphone, but it doesn't do that by default


Voice recognition is 'on' all the time as it needs to recognise 'keyword'

Not to say it's not a concern, but that's not really how these devices work – at least in the Alexa case. They're just matching for a specific hotword, rather than constantly performing speech-to-text (which is computationally expensive and done remotely). Think of it more like Shazam or the other audio fingerprinting services – you don't have to actually transcribe the text to understand if a particular word has been heard.


You think it is phoning home with transcriptions 24/7? My understanding is that this is probably inaccurate, and it only phones home when the on-board electronics recognize the wake word.


How many kb of text do you speak per day? It is just gonna be noise compared to when the JS framework of the week is updated. Amazon and Google can hide that.


> these smart speakers only phone home when you say the keyword, right?

Without it being open source, there's no guarantee though?


You can get a pretty good idea from power usage, storage, and internet usage. Unless there's multiple hidden revolutionary breakthroughs in speech transcription or compression, nothing unsavory is happening at scale.


...most didn't know about the Intel ME chip. A designated onboard black-box chip for transcriptions, that doesn't rely on an a server, would seriously benefit tech corps

Would it really be the first time we were lied to/surveilled?

When will we stop giving the hyper-growth oriented Silicon Valley startup world the benefit of the doubt?


No, someone (Google I think) admitted that they collect more than the audio around recognised keywords because in order to use ML to improve their voice recognition they need the data. More than just false positives. But guess what, they have to have humans to determine that, so they have people sitting around listening to very concerning things (the article said suspected domestic violence) and then having PTSD from it.

And if one of them is doing it, they all are, they all think the same and have the same incentives. This entire play is about the data.


I'm fairly sure there have been multiple stories about smart speakers sending things they hear without the keywords.


Could you please stop creating accounts for every few comments you post? We ban accounts that do that. This is in the site guidelines: https://news.ycombinator.com/newsguidelines.html.

You needn't use your real name, of course, but for HN to be a community, users need some identity for other users to relate to. Otherwise we may as well have no usernames and no community, and that would be a different kind of forum. https://hn.algolia.com/?sort=byDate&dateRange=all&type=comme...


Have you taken any steps to disable the always-on microphone in your smartphone?


Hell yes. No phones allowed in my house with Siri or Google always-on. No echo/googlehome/etc allowed.

Of course you can't completely trust it. But make it hard for them.


Could you please provide a guide or directions on how to do it for a Samsung or an iPhone cellphone?


For iPhone, go to Settings -> Siri & Search and ensure ‘Listen for “Hey Siri”’ is toggled off.


Step 1.) buy PinePhone.


I use them to play music. I can ask it to tell me who the artist/track is. I use it as a radio, I can play FM stations around the country. I use it to set a timer, countdown, alarm. I use it for a calendar. I ask it to read bedtime stories, or to entertain the kids, what sound does a horse make, etc. You can do a lot with it, but it's really worrisome too. Sometimes I turn it off, but I hate that I have to walk over to it. I'll like a switch I can control from my phone or an external device...


My Amazon Alexa Listens to conversations to suggest items to purchase the next time I go on amazon. I hate this.

Also I pretty much only use it to listen to the radio.


How do you know this?


I did a very non-scientific and possibly irrelevant test. Together with a few other people we decided to "test" some smart assistants and phones+app combinations to see if any of the data they might collect leaks. We came up with some random but easily identifiable keywords that we'd normally never use in day to day conversation and consistently dropped them in fake conversations. I tested an Echo Dot with "Whirlpool washing machine". Others tested Google home, or the Android Facebook app.

Bottom line is that Amazon and Facebook somehow decided to show exactly the random stuff we fed them. None of the stuff fed to Google, Microsoft, or Apple ever made it out in an obvious enough way for us to notice it.

It's not something to draw a solid conclusion on, I'm sure the experiment had plenty of flaws but the degree of suspicion it raised was way above the noise floor and it was enough for me personally.


Are you certain that nobody searched for those keywords or entered them anywhere?

If I search for something, it immediately shows up in the facebook feed of the person I live with. We aren’t even friends on facebook.

However we share an IP address via NAT, and I’m sure location data has leaked enough to correlate us.

I have never yet come across an example of this where there aren’t correlating variables other than the always listening mic theory.


I'm as confident as I can be that the chosen keywords were never spoken in casual conversation (especially since none of us speak English around the house) or searched from that IP. Every mobile device in the household is permanently connected to my network via VPN. The entire Amazon usage is comprised of 2 browsers on 2 different PCs. The Echo was used just as an experiment (came as a freebie) and spent most of its time hearing me "randomly" drop the "Whirlpool washing machine" stuff in conversation. As far as I was told everyone else controlled the experiment just as I did.

We even tried to make sure the terms are "plausible" given all other data the companies may have had on us. Age, social status, etc. We picked things where we're comfortably but not too obviously in the target audience (no "energy drink for student gamer" type thing).


All the devices being on the same network would be enough to correlate them.

I can’t tell from your description whether this was adequately controlled or not.


The idea was that different households picked different devices/services/companies and fed each with a random but plausible keywords to see if this is actually covertly picked up and ends up coming back to us on some other channel later on.

I had an Echo that I installed in a spare room in the house and used for a short time exclusively to have these made up conversations next to it and keep talking about a "Whirlpool washing machine" without ever using the Alexa hot-word. The keyword really couldn't leave that room except via the Echo. After a short time to my surprise I started seeing this in my Amazon. I have no doubt that the Echo is (at least occasionally) listening and sending information without any indication that it does.

My friends tested their own stuff in their household with their own keywords in much the same way that I did. Google Home, Apple Homepod/Siri, Facebook, Microsoft Cortana. The only 2 people who saw their keyword pop up again were myself with Amazon and one other with Facebook.

I can't draw the conclusion that Google does not do this, maybe they just do it smarter. But I can certainly say I cannot under any circumstances give Amazon the benefit of the doubt.


Sounds good - I wouldn’t give Amazon the benefit of the doubt either.

So - are you absolutely certain that nobody in your household used the term ‘whirlpool’ in any text based online interaction?

For example - is it possible that you emailed someone while you were coordinating these tests and you or they are Gmail users?


I am as certain as I can reasonably be. Most of the "coordination" was actually done over a picnic when we came up with the idea, and then tweaked over several other social meetings but the actual keyword was picked in my head. There's only one Amazon account in the household, using a dedicated email address, the Echo was in an unused room, and the language of the household isn't English. I picked whirlpool because it doesn't sound like anything in my native language and I have no interest in the actual appliances. I'm sure that quite literally the only way for that word to be "served" back to me on Amazon is either the most incredible of coincidences, or the Echo leaked it.


Could you get a DAB or digital radio instead? Though I suppose the speaker quality wouldn't be as good.


We use them extensively in our house- but we listen to music with them 95% of the time, and having multiple groups makes it easy to do.

That, and lists (shopping list, costco list, etc), are our two main uses. I hardly ask it the weather, and only use it as a kitchen timer 1/3 the time too.


I'm not saying you're wrong. Here was always my take on having them. They are an indicator that someone might be listening. Everything can listen now, you're phone, your computer, your tv. Heck even your car. Things most people don't think about. I find them to be fun gadgets that I use and make life more convenient in certain things. I also keep them around for another reason. Everyone knows they have mics that listen. To me they are also a visual indicator that something you might say could be recorded.

In 1984, they got caught because they thought no one could hear them. That was their mistake. What I learned from it (well ok many things), but what that taught me is to be careful if you are going to do something you shouldn't. Never assume that someone isn't watching when you're doing something illegal. I'm just posting signs for everyone else in the house, this area isn't secure.


This is exactly the type usage of unnecessary surveillance devices and subsequent attitude (chilling effect) that is the problem.


We will see the same social cooling effect[1] with smart devices.

We will only listen to the right thing on smart speakers, watch the right thing on smart TVs, smoke the right thing on smart cigs, and of course, drink the right coffee on our smart coffee maker.

[1]: https://news.ycombinator.com/item?id=24627363


> Consider a potential suspect who can’t prove where they were at 11 pm on a Thursday, because they live alone. Something as simple as ordering pizza through a speaker would show the time and location of the request and, if voice recognition is enabled, who made the request. “It might be benign information that someone was ordering a pizza, but it might also be an alibi for somebody,” Orr says.

Got it — have a timed recording of my voice order a pizza while I'm out kicking puppies.


Same idea prominently featured in Ferris Bueller's Day Off in 1986. Audio recording as an alibi. I'm sure there are earlier examples.

Only he wasn't kicking puppies.


A couple of Colombo episodes too


Something similar is in Agatha Christie's Murder of Roger Ackroyd.


The problem is, absence of evidence is not evidence to the contrary.

Just because someone didn't order pizza or something during that time while at home alone, doesn't mean that they were not at home.


The receipt from the pizza store doesn’t work?


I suppose it would be tougher to prove it was the suspect placing an order and not someone merely placing it from their home (or to their address.) Not justifying this data collection, just pondering how the police will justify it.


Who keeps those?


I understand the concern, but what makes a smart speaker any different from a smart phone? They also have a microphone that can eavesdrop on conversations, are harder to monitor for unexpected traffic and also provide location information.

How many people that refuse to have a smart speaker also refuse to have a smart phone?


There’s a clear difference in power limitations between phones and speakers. Phones are almost always on battery, so what they can gather is limited. Speakers always have full power, so keeping the electronics active all the time has no downside.


There's also a clear difference in hardware limitations. Phones are orders of magnitude more powerful than smart speakers.


Phones only listen when you use them. Speakers listen all the time. Phone calls are usually not transcribed where speaker recordings are, and can be searched back in time as well. Phone calls are not recorded, though metadata is.

So basically a “smart speaker” is like having 24/7/365 surveillance in your home.


Maybe a Google engineer can correct me but I'm pretty sure there is no meaningful distinction to be drawn between the Google Assistant running on the Home devices and the Google Assistant running on phones.

Having a "smart phone" is also like having 24/7/365 surveillance in your home.


Voice assistants on phones can be set to only trigger on manual interaction, and they can be turned off entirely.

Having an always on voice assistant is like having 24/7/365 surveillance in your home, regardless of what device it's on. But having a smart phone does not require you to have an always on voice assistant.


The entire point is that you're trusting the manufacturer that the device implement the behavior the manufacturer says it does. If you have a smart speaker, you're trusting they don't upload all speech.

With a cell phone, it is actually tougher, because you're also trusting the manufacturer that their security model is such that 3rd party software can't violate the privacy policy you're expecting. Many, many free phone apps today collect data you don't want them to.


> If you have a smart speaker, you're trusting they don't upload all speech.

Well, you shouldn't be doing that because we've known for a while that smart speakers have a false-positive problem.

That's the advantage of a physical gesture; the AI won't get it wrong. A physical action like holding down your home button is much less likely to trigger on accident.

Not to mention, you can also full-on disable the voice assistant on your smartphone, in which case, there's practically zero risk of a false positive.

> With a cell phone, it is actually tougher, because you're also trusting the manufacturer that their security model is such that 3rd party software can't violate the privacy policy you're expecting.

Stealing my contacts is bad, getting access to my microphone is worse.

If the argument is, "my phone might get malware, so having an always-on-microphone is exactly the same", that just seems really fatalistic to me. These are different risks that belong in different categories.


Sure, but without the phone OS source code, you can't know whether "disabling the smart assistant" just displays "disabled" and then keeps recording. Without a hardware switch, it could just lie to you.


The risk of my phone OS being theoretically compromised to spy on me is different than the risk posed by a device that I know is listening to me, and that I know regularly misinterprets wakewords.

It's fatalistic to say, "I can't see the source code, so I might as well install another microphone in my bedroom."


Yep, you're right on this front. It's not a binary thing. That is, you are concerned at inadvertent data leakage that could be used against you.

For what it's worth, there's a hardware switch on Echos by the way.


Are there any custom ROMs for home assistant microphones?


I don't believe so.


But how is the action (e.g. an over-the-air patch/hack) needed to secretly convert an Alexa to always-listen-and-transmit-home different than it would be for a smartphone?


I'm not worried about an over-the-air patch or hack[0], I'm worried about the existing problem Alexa has with false positive wakewords. Voice recognition isn't reliable enough yet to use as a security feature.

https://www.vox.com/recode/2020/2/21/21032140/alexa-amazon-g...

https://www.independent.co.uk/life-style/gadgets-and-tech/ne...

[0]: I mean, I am, but not in this specific case. I don't think smart speakers represent a particularly unique risk where hacking is concerned (Nest devices excluded).


Both the phones and smart speakers start listening on wake words. I haven't seen any thing to suggest the smart speakers are constantly listening and sending everything to Amazon/Google/Apple. But both clearly could be constantly recording, not just when you're making a phone call. They're the same threat model, in my opinion. Plus the phone goes with you to places the speaker doesn't.


If it's not listening, then how does it hear the wake word? Hint, it is. It just doesn't start parsing the request until it hears the wake word.


Unless you explicitly turn it off.


I think the difference is that speakers are meant to be always-listening. This is less possible on a phone where it would be detectable.


Phones are equally always-listening.

They respond to "Hey Siri" or "Hey Google".

There is absolutely zero difference between a phone and a smart speaker in this regard.

I don't know why you think anything would be more detectable on a phone.


There's a ton of difference. My phone is not always listening -- its voice controls aren't enabled, and even if they were enabled they would be hidden behind a button press.

Sure, somebody could hack my phone and take over the microphone, but that's a very different threat model than "this AI might misinterpret a random sound as a command and start uploading my conversations to the phone."

To the extent that normal people leave their phones in always-listening mode, we should be educating them about the privacy implications of that as well.


iPhone: if I say 'Hey Siri', I see an onscreen animation indicating it's listening and ready for my next command. Alexa: if I say 'Alexa', I see the ring lights animate indicating it's listening and ready for my next command.

Putting Amazon/Apple's privacy and security implementations aside, how are these different? Aren't they both 'always listening'?


You can set your phone to require a physical action before it will start listening. On Android, I think it's a long press on the home button, or it was the last time I was looking at the controls. You can also disable both 'Hey Siri' and 'Hey Google' on your phone entirely.

If you are using a voice assistant on your phone, and if you have it set up to always listen, then it's almost the same as a smart speaker (minor quibbles about the positioning and quality of the microphone aside). But those are two pretty big ifs.

Usually this argument gets pulled out to shut down people who have concerns about smart speakers in general, saying that any effort to make smart speakers more private or avoid them is pointless because of course their phone is always listening to them. That's not necessarily true. If someone wants to get rid of their smart speaker, owning a phone doesn't immediately make them a hypocrite. They can keep their phone and still have better privacy.


you are assuming the physical action before listening will always remain a faithful setting. If the NSA wanted Apple to play ball one day, that setting would be merely cosmetic.


I'm not assuming anything, I just understand that the risk of the NSA forcing Apple to install malware on my phone is lower than the risk of my local police office following an already legal process to get data that I know Amazon is inadvertently collecting from people today.

You're correlating risks that aren't related to each other; these are two different devices with different threat models. If the NSA wants to bug you, it will bug your house. That doesn't mean you should bug it for them.


You can mute the mic on a smart speaker too. Doesn't change the fact that the vast majority of people have them always on, just as they do with their phones.


It's far, far easier in practice to use an unambiguous gesture like a button press on a phone than it is to use an unambiguous gesture with a smart speaker.

Most normal people could get by with a voice assistant on their phone that required manual prompting, but a voice assistant like Alexa that required you to walk across the room and push a button to use it would be useless -- at that point carrying your phone in your pocket would be a better UX experience.

How the products are designed and implemented in the real world matters: phones are designed to be in-reach of people, smart speakers are not. You can't just stick a mute button on a smart speaker and say it's the same UX as phones now.

> How many people that refuse to have a smart speaker also refuse to have a smart phone?

If somebody is avoiding a smart speaker out of privacy concerns, but they have an always-on voice assistant on their phone, the correct response to their concerns is not to tell them to stop worrying about smart speakers. The correct response is to educate them about their phone settings so they can change them and exercise more agency over their lives.


Power usage and data usage are much much obvious on a mobile device. But not on a wall-powered home-wifi smart speaker.


The speakers are always-listening in exactly the same way that most smartphones are always-listening: They are always passively listening for the wake-word. Without the wake-word (or at least something that sounds like it) they do not record or transmit audio data. All the major smart speaker brands clearly indicate when they have been activated with lights and/or sounds. For the truly paranoid there is generally a switch to disconnect the microphone.


Orwellian doublespeak. If they have microphones in them, they're not "speakers'. Customers are paying for the privilege of a 24/7 wiretap, which isn't 'smart'.


Specific Orwell reference:

"He thought of the telescreen with its never-sleeping ear."

https://en.wikipedia.org/wiki/Telescreen


Even if they don't by default record everything they could trivially be told to and our lovely government or any arm thereof could order the oem to update to a firmware that enabled cop mode.

Our nation is working hard to pass legislation that would make such orders legal right now.


You have got to expand on that last line, it's very interesting. It sounds like something we should be thanking you for.


Pretty sure the EARNIT act is a major one. Could be mistaken though.


EARNIT does NOT provide provisions for protecting us from surveillance. If anything, it does the opposite.


The OP suggested the EARNIT act provides provisions to put surveillance in your speakers, not provide piracy.


The market for smart speakers boggles my mind. Are people really willing to sacrifice their privacy for a minor upgrade in usability? Is it really that hard to just tap play on your smartphone instead of yelling out "Alexa play Despacito"?


It boggles the mind the people would carry around always-on personal trackers that not only perfectly pin-point your location, know who your family and friends are, and can also listen to your conversations.

Smart speakers are not all that scary if you know how they work and that information, in detail, is all out there. They go to a low-power mode waiting for the keyword and only then do actually turn on the main CPU and do any processing.

They may the safest least privacy leaking Internet device you actually own. Your TV is probably taking screen shots of what you're watching. Your phone is leaking data to dozens of different entities all the time. Your computer is constantly sending stuff out. A smart speaker is tame by comparison.


It's not mind-boggling; we've just forgotten what it's like to buy and carry physical maps (or give/remember directions, or a stand-alone GPS device), have a physical address/contact book, use a tape recorder, etc. Now those things are all in one device. It is extremely convenient, but in general none of those features need to exfiltrate data from your device.

If you ask me, device owners should have unimpeachable control over what data, if any, is sent from their devices.


generating directions from point A to B (which physical maps couldn't do).

Standalone GPS navigators are perfectly capable of navigating without a network connection. The only thing you lose is real-time traffic info, which in a better parallel universe would be broadcast in the open by every DOT.


Excellent point; I've amended my comment.


I assume the strawman you are propping up is a mobile phone. There is a significant difference there of course, which is that the phone performs a function impossible to obtain in any other way, namely mobile telephony. The "smart speaker" performs functions trivially replicated in other ways.


Yes, but the point is that they're so much safer than your mobile phone that the trivial usage is perfectly fine. I have an Alexa and while I only use it for basically trivial things I use it for those trivial things all the time. It's really quite nice to have.

I also have my phone on me, all the time, even while at home so really my privacy issues aren't increased by having that Alexa.


I understand where you're coming from. I'm uneasy about the privacy implications of smartphones.

But the utility is too great to ignore. My smartphone is integral to how I communicate, travel and even run my business.

Smart speakers are just gimmicks


Considering the speakers are dumb like pretty much all "smart" devices, I’d always avoid using the voice interface. When possible. It’s extremely convenient while, for example, cooking with no clean hands free.


I have a friend who owns an Alexa, and this is the one use case I agree is very nice. I would buy a non-networked device with only this functionality, or an app (with no network permission) that does the same.


Because I really started loving having a voice interface in a pinch (and because I want a less natural and more usable device), I started planning on building my own replacement with Rhasspy, but so far I haven’t gotten past the planning stages.


Those Alexa commercials make setting a timer look so fun.


I bought my HomePod mainly for its value as a speaker first -- at $199 I don't think any Sonos or Harman competitor can produce such high-fidelity sound.

I also put more trust into Apple/Siri than I do with Alexa or Google. Their differential privacy and anonymized Siri requests have limited the speaker to few features which in my experience work well with the latest 13.x OS.


I had a roommate who I told, if he ever got an Amazon assistant, I'd smash it with a hammer. I don't get it either. There are open source alternatives if you want to setup your own assistant that doesn't transmit all your data back to Google/Amazon/Apple.

The one caveat, I do know someone who is blind who uses the speech-to-text on her Google device a lot. She has all the fonts set to their maximum size, high contrast colors, and various other accessibility features enabled. Speach to text helps her greatly.


> There are open source alternatives if you want to setup your own assistant that doesn't transmit all your data back to Google/Amazon/Apple.

Really? The Mycroft project claims to be just that, and it shows promise, but it still seems really clunky. And right now, as far as I can tell, you need to set up an account on their service so it can do things like voice recognition, which is a pretty critical component to this type of thing.


I haven't tried them yet, but there's also Rhasspy (https://rhasspy.readthedocs.io) and voice2json (https://voice2json.org)


It really depends on what devices you use. For example, I have Homebridge set up on a Raspberry Pi to link my array of unsupported 'smart' devices to Apple's Homekit. I tried using Home Assistant (Hassio), but found the lack of support for several brands a dealbreaker. I wish the dev communities communicated more, between the two.


>Forensic experts tell WIRED that information from the devices is valued because it can offer a timeline of a person’s activities, their location, if they’re alone, and can verify statements made during questioning.

I am sure police will be eager to use this sort of data as exculpating evidence. I mean, they don't have a history of doing this with normal evidence, but when we hand them more data (knowing data = power) I am sure they will start operating in a totally different fashion. I believe in our institutions.

Ordering smart speakers for all my rooms, Nest and Ring.


It is not the job of any executive branch organization to proactively need this data, nor even to have the gall to submit such a request. The argument of serving as alibis is so laughable; like, how ever did governments survive this long without smart speakers listening in to citizens in the Roman Empire, or in 18th century France, or to America’s rebellious, tax-evading Founding Fathers. Guess the authorities of those people’s times should have stopped the “rebels”? It seems producing smart speaker alibis is really the only way any future government could survive given our IG/TikTok addicted population is so smart? Not to mention that governments are fundamentally just ideas of people coming to temporarily to work together, that come and go.


Step 1: Record yourself giving your smart devices commands. Step 2: Schedule playback while out committing crimes. Instant alibi!


/s

?


There is nothing in this report that suggests this is anything more than the record of actual requests to the devices. So no, these devices are not "spying on you". When you send out a request to a 3rd party service, yeah, it's going to be subject to this sort of thing.


> So no, these devices are not "spying on you".

- False positives for smart speakers aren't zero, the 3rd-party contractor controversies from a while back should have already killed this myth.

- Most normal people probably aren't thinking about the implications of sending requests to 3rd parties when they set up these devices in their kid's rooms, and the marketing of the devices doesn't make any of that risk clear.

- Most normal people outside of HN probably aren't even fully aware of the fact that their recordings are stored for this long.

And even if it doesn't technically fall under the banner of "spying", it still has privacy implications, and we should be working to educate both technical and nontechnical people about what those privacy implications are; otherwise they won't be able to make informed choices about what level of risk they feel comfortable taking on.

Nontechnical people do not have the instincts or training to think about how device information can be stored, who can recover it, and how that information can be chained together and used against them. It is unambiguously good for publications like Wired to educate them about those risks.


Yeah this doesn't seem significantly different than what police can already request of your Internet traffic and search history. It's obviously a privacy issue, but not one of an increased scale...in the way that say, having the devices be switched to always-on-always-transmitting would be, e.g. akin to the FBI breaking into Tony Soprano's basement and planting a wire in his lamp, but being able to do it remotely.


People already pay for Telescreens in their houses.

Smart speakers almost seem like a downgrade from that.

https://en.wikipedia.org/wiki/Telescreen


I want a smart speaker in the kitchen, because for a few functions (timer, weight conversions and arithmetic) it's really useful, and hands-free which in that particular context is really important. I feel like I could build something that did this for me myself iff I could get the wake-word functionality. Does anyone know of any open-source wake-word detection that's feasible to run on a Pi?


Apparently there are at least a few:

https://openassistant.org

And MyCroft, as another commenter has already mentioned:

https://au.pcmag.com/gallery/64879/how-to-make-your-own-open...

Haven't personally used any of them (this stuff isn't interesting to me).


Mycroft ?


If there is data, there will be someone who requests it. If you are lucky they have good intentions and act on a solid constitutional base with good oversight and abuse prevention.

Planning for being lucky is however a bit naive, which is why not spring certain data in the first place could be the more civilized decision.


I was gifted an Alexa, I set up a few routines to announce the time and temp and occasionally I use it for Pandora. I leave the microphone disabled unless I momentarily want to give it a command.

Based on take aparts done by other people I'm reasonably confident it is really disabled.


In my network of friends and family, only 3 households have taken up using Google Home. I've asked what they use it for and they've all responded with, "I ask it to play jazz and tell me the weather."

I brought up the concept of Big Brother and concerns about privacy. 2 of them responded with, "Well I've got nothing to hide." The holdout said, "yeah..."

We tried asking Google Assistant an interesting question about the world and some rankings of countries. It disappointed.

I've asked them all to turn off the device when I'm present.


>I've asked them all to turn off the device when I'm present.

You might want to try a variation on this[0] to make sure. Yes, it's obnoxious. But not nearly as obnoxious as exposing you to surveillance, IMHO.

[0] https://xkcd.com/1807/


Time to invest into open source smart devices which work fully offline. We have Vosk for offline speech recognition, there is TensorflowTTS with very good synthesis quality even on mobile phones. NLU and dialog management is also not a big problem.

Interesting if there are projects to create a local internet snapshot to cache/hide search queries effectively.


I believe Home Assist has some options?


Is there any reason to believe that privacy concerns about smart speakers do not also apply to smart phones that are configured with a wake word? "OK Google" seems to work the same way on a speaker and a phone.

I have my iPhone set so that it takes a button press to trigger Siri, for this reason.


I imagine this will happen to self driving cars if they become the norm.

E.g. a crime happens nearby and all the self driving cars in the area get subpoenaed for their camera footage.

Definitely a bit dystopian in the sense of surveillance all around us.


I really wish there was a way to jailbreak these devices. Like the nest hub has a nice screen. All I really want is the weather and when the next train comes.


"I don't care about online privacy because I have nothing to hide."

This persona's ethos is finally starting to show visible cracks.


I completely agree with your position, but putting that phrase in quotes as you did implies that it is a quote from the article. That phrase appears nowhere in the article, even though the sentiment is certainly there.


The only interesting thing here is recorded conversations. Searches and food orders are already easily tracked and subpoenaed.


Makes me wonder why my electric company keeps offering me discounted smart speakers and devices... Surely disconnected right?


Its important to realize that all technology runs on code that is not visible to the user. For example, clicking a button may not do what the button says. Pressing the Off button only turns off the light, but not the device. Maybe device goes into a low-power minimum functionality state. Don't listen to big tech that is trying to talk you into paying for hardware they use to spy on you.


Totally unsurprising. I mean you basically have a always online bug that you don't control.


This article seems to pertain mainly to Echo.

Does anyone know of the applicability of this to HomePod/Siri?


As far as I know recordings from Apple devices are anonymized. Also you can opt out of having them use recordings of your requests in their training data.


Why anyone would put a smart speaker in their home is beyond me.


I have many reasons why I put them all over my house. What would you like to know that's not already been discussed many times here?


Do you not feel violated knowing that every word you say is/can be recorded by big tech companies? Even if you turn permissions off theres always that "whoops it was a glitch" moment that inevitably comes down the line.


This website is filled with ads and unusable for me.


Use uBlock Origin. No ads at all.


Or just hit the back button. The discussion here is probably more interesting anyway.


This is a thin wrapper around a Wired article from two months ago [1]. The link should be updated to point to the original. Previously discussed on HN [2].

1: https://www.wired.com/story/star-witness-your-smart-speaker/

2: https://news.ycombinator.com/item?id=24258078


Thanks for calling that out.

The original Wired article is by Sidney Fussell.

The Organic Prepper article is by Robert Wheeler -- but it goes well beyond what I would consider fair use and copies a good portion of the Wired article (24 paragraphs).

I would guess Wired/Fussell would have a pretty good case for copyright infringement ... although assuming the Organic Prepper is a small fry, it's probably not worth pursuing beyond a DMCA notice.


Moreover, content on that site is licensed as a "Creative Commons":

https://www.theorganicprepper.com/about-daisy/

>The information found on this website is protected by a Creative Commons copyright. That means that you are welcome to republish any content in part or in full in a digital format, but you must leave all links intact and provide full credit to the author with a link back to this website.

On Wired:

>The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast



I don't have anything to hide, etc, etc. But I just don't see the value of smart speakers and the like, relative to the downsides. Honestly, how hard is it to just use your dumb bluetooth speakers?


If you don't have anything to hide, would you publish your email/text/social media activity, browser history, bank statements, health records, and location history?

Wanting privacy is not criminal, but spying on people often is.


In the context of legal system like we have in the US, where police are required to obtain a warrant and provide sufficient evidence to a court, I see no problem with this. We've been doing it with cell phone data for decades now. I'm all for data privacy, but in the event of a crime being committed we need to allow every tool available to find the truth. This can exonerate innocent people just as easily as it can convict.


There is a very big difference between what I may say over the phone and what I might say in my home. When on the phone everything I say is with the knowledge that someone (the receiver) is listening. In my home I make no such assumptions.

Furthermore, who will be making sure whatever conservation has been overheard is simply not a tv show, radio broadcast, or even the neighbor having an argument in their garden ?

While various governments have been busy assuring us that they’ve always had this possibility, they’re lying. They’ve had the possibility to do surveillance, but never retroactive. The ability to sift through not only what you’re going to say, but also what you’ve said in the past X months before you became a suspect is quite new.

Anything you say can and will be used against you, possibly in a court of law...


Not disagreeing with you- but I'm always amazed at how shocked people are too discover that their standard cable boxes have had microphones in them since ~ the early 90's, with the capability to send recordings back over the cable lines. Not retroactive (that we know of), but still.

And that the FBI and police have actually used them (with warrants) to get criminal convictions. Publicly available court transcripts confirm this.

That's the legal use. Who knows how the NSA has actually been using those in situ capabilities.


Do you have a reliable reference about cable boxes having microphones in them?

The only thing I could find about this was a claim that it was a hoax: https://www.snopes.com/fact-check/camera-obscura


Exactly, this is an important distinction. Self-censorship in the most intimate private sphere means one's freedom of expression is fundamentally limited in a severe way.


> There is a very big difference between what I may say over the phone and what I might say in my home. When on the phone everything I say is with the knowledge that someone (the receiver) is listening. In my home I make no such assumptions.

Assumptions, maybe no. But i think people need to be better educated on when those assumptions are false. We put recording devices in our homes and are shocked when those recording devices turn out to be recording.

Ideally, the devices should be legally required to give you strong indicators to when it actually is recording. Be it your phone, speakers, w/e. But still - we've got recording devices all around us. If we don't acknowledge that then privacy is just for show.


>When on the phone everything I say is with the knowledge that someone (the receiver) is listening. In my home I make no such assumptions.

I don't see how this point is relevant when the police can bug your house with a warrant.


As already explained, there is still an important distinction. One would first have to be the subject of some kind of criminal investigation, and then your house could be bugged from that point in time.

When data is requested from a device like a smart speaker, suddenly everything that has been said, even before a potential investigation, would be accessible.


They can bug my house, but they can still only listen in on what is being said after the bug was installed.

Smart speakers transcribe everything they hear, meaning you lose all tone and nuances of speech patterns, creating a very dangerous cocktail when allowing law enforcement to do text searches or even worse, let AI sift through it.

Imagine a speaker that is “always on” while watching black hawk down, or Air Force one, transcribing every line, or worse, a line here or there.

I have the same opinion of wide surveillance as DNA registers. It allows for law enforcement to be lazy, and does not guarantee the right person is convicted. In fact it moves the burden of evidence from the prosecutor to the defendant. Suddenly you have to prove your innocence instead of law enforcement having to prove your guilt.


The same functionality to remotely enable the microphone is available on both cell phones and smart speakers. They are largely similar hardware under the surface.


Have you seen under what pretexts people have gotten arrested? A few days after 9/11 there was this Egyptian guy who had bought a copy of MS Flight Simulator and who had spilled a box of powder sugar, he ended up in custody, and these days there's all sorts of Chinese postdocs under FBI surveillance.

And you want to invite FBI into your living room?


> I'm all for data privacy, but in the event of a crime being committed we need to allow every tool available to find the truth

Are you sure? This isn't the future I signed up for. The justifications for this surveillance tech are so incredibly flimsy


Historically it would take quite a lot before the police would try to eavesdrop on someone's private conversations. So far the availability of this kind of data has tended to lower the bar for police to get access significantly, which brings us closer to a surveillance state.


“ I'm all for data privacy, but in the event of a crime being committed we need to allow every tool available to find the truth.”

What kinds of crime do you think this is appropriate for?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: