Is it any different than speaking in front of your smartphone?
I don't own an echo or Google whatever but I've definitely mentioned things and then got ads for that thing within the hour/day. Like cat litter when I don't even own a cat, just mentioned it once for cleaning up spills.
More likely there's a bunch of data points it can use. Coming within BT range of someone who does have a cat for example. Otherwise all the major smart phone companies would need to be in collision to keep the secret because the battery drain would be so blatant of it was recording, processing, transfering etc.
I don't have a smoking gun for Google advertising based on conversation, but I mentioned in an email (Gmail) that someone I know was going to the Calgary Stampede, and Google Ads flogged Stetson cowboy hats and the Stampede for weeks after that. It was so conspicuous because normally it's just, "hot singles in your area", "hot Christian singles in your area?" maybe, "hot Christian moms in your area?" Nowadays it's like, "grannies near you want to fuck." FML.
My pastor mentioned a specific verse in his sermon recently. I went to type it in my notes. My phone's keyboard (Gboard) suggested that specific verse immediately. Not just the book. The chapter and verse numbers, too.
It's more likely you're getting those hyper-targeted ads because of location tracking and relationship tracking than because they're listening. It's much cheaper and easier than running voice recognition on shitty audio clips from a mic in your pocket, and honestly much scarier.
People only ever have anecdotes to support the claim that tech companies are listening in on their conversations, but these companies openly admit to targeting ads based on your location data and specifically who you've been associating with.
It's more likely that others in your congregation searched for that verse, so it was suggested to you based on your proximity to others who already searched for it.
It was in my hand. I was taking notes on it. So I doubt the audio was all that bad. My pastor also uses a mic, so his voice is not too quiet for a phone to pick it up.
because of location tracking and relationship tracking
I also find this unlikely because of how specific it got. It got the chapter and verse correct. The only input it got from me was my beginning to type out the name of the book of the Bible.
It's more likely that others in your congregation searched for that verse, so it was suggested to you based on your proximity to others who already searched for it.
While that's possible, I'm not sure it'd work so quickly. I typed the reference in my note-taking app literally as soon as my pastor said it.
Get out of here with your reasoning. It's more fun to feign outrage because it gives me an opportunity to feel smart. If you start to invalidate my superiority by pointing out how arbitrary and dramatic my response is then I'm going to downvote you.
I don't know about you, but I generally turn my phone off completely when I'm at a doctor or hospital, as per the rules they have posted in the lobby asking me to do so.
Dentist office I went to has a private room with an Echo, they use it to switch playlists without having to touch anything, I guess. Figure they didn't really think it through....
But yeah I was a bit uncomfortable with that. Not that anything private was discussed, I simply had a cavity filled. They're excellent dentists tho, best I've ever seen, so I won't be going elsewhere.
In my experience with "mentioning the potential privacy issue" people are aware, it's just an awkward conversation that they'd prefer not to have.
Imagine being a receptionist at a dentists office and some whackadoodle rolls in to the waiting room on their electric scooter, and loudly exclaims... "are you aware that you and all of the staff here are absolutely completely 100% butt naked under your clothes and hosiery? It's unhygienic, unsanitary, non-inclusive, and completely unsatisfactory. I just thought you should know and perhaps talk it over with your boss".
Your reaction to this hypothetical scenario is the reaction you can expect when talking to your dentist about privacy.
Yeah, don’t go looking too hard whenever you’re in a hospital or anything. The number of vulnerabilities I can spot with as little infosec knowledge I have is deeply concerning
You're all missing the real kicker here - this sign is only here for the HIPAA auditor. Everyone knows that no one is actually going to mute the thing.
We're not all like that. Some of us do really care (a whole lot) about the person, and not just "the patient". We get eye-rolled and sighed at sometimes because we speak up; but it doesn't matter because advocating for our patients is one of our top priorities.
Some hospitals have better work-cultures than others, but all of them have at least a few who truly give a damn
No, there is a button to make the Echo stop listening.
If you want to prove me wrong, it should be incredibly easy to press the button and record the Echos network activity. If you're right you'd still see network traffic. But nobody has been able to show this so far. I wonder why?
Yeah I read the other comments after making mine. However everyone keeps calling it a "physical" button, and I don't think that's accurate. It won't be a physical switch that opens a circuit, it will be a button that operates a transistor that opens the circuit.
Still, I see no good reason to trust the device - especially in a medical setting.
This is disingenuous at best and incorrect at worst. The mute button on the Echo is just that, a button; it is not a switch. It is software-controlled and pushing it just sends a signal to the microcontroller to take some action. For instance, one action is to turn on the red indicator light; that's definitely not physically connected to the mute button.
Maybe another response of pushing the button is to disable the transistor used for the microphone, but it's more likely that it just sets a software flag for the algorithm to stop its processing of the microphone input signal. Regardless of which method it uses, the microcontroller could undoubtedly just decide to revert that and listen in, either disabling or not disabling the red light at the same time.
But I personally don't think it listens in when muted. I don't think it spies on us to target ads based on what we say around it. I'm not worried that the mic mute function doesn't work as intended.
But I fully understand that it is fully capable of it, technically speaking.
I don't know the internal workings of the echo, I was responding to a comment that said it "operates a transistor". Which is way different than it being an input to a microcontroller.
If the button is just connected to a transistor, it's not software controllable, since transistors are electronical devices that don't interpret any software. A microcontroller does execute software. There's a big difference.
Transistors are simple electronical devices. They don't run software. You can control their inputs with another device (such a microcontroller) that does run software. You can also control their inputs with a button. You can't control their output with software.
I don't know how an Amazon echo is wired up, but if you just have a button connected to the gate of the transistor, it works basically the same as a mechanical switch.
Which you could easily see by looking at the amount of traffic sent after unmuting, unless you believe that Amazon secretly found an infinite compression algorithm they use only in muted Echo devices.
Tbf to foobar, that should still give a falsifiable and testable data-difference if you are willing to alter your behaviour around experimentation for an extended period of time
Though, there are always more ways to hide traffic
Again: Which you could easily see by looking at the amount of traffic sent after unmuting, unless you believe that Amazon secretly found an infinite compression algorithm they use only in muted Echo devices.
You understand that sending more information means more traffic? Unless - as I stated - they found a perfect compression algorithm, you'd be able to tell.
I’m a little confused as to why you are being so condescending. Every time you say “this is so simple if you do X”. And then I say “what about Y?” And then you’re like “that’s obvious too, just do Z” and kind of insulting me, even though you did not account for it in your prior comment. And it becomes less trivial with each additional test.
Your first method involves simply checking if there is any traffic after muting. Your revised method involves additionally checking if there is any traffic for some period of time after muting (how long?). And now your third method involves doing the first two things as well as gathering data on the average amount of traffic in your requests generally and deciding whether subsequent traffic during requests after muting for an unspecified amount of time is significantly large enough to conclude it is sending information acquired during muting.
But if they send it a little bit at a time, or they just leak a small portion of it occasionally in some requests, I think it would be very challenging to conclude definitively one way or the other.
I’m actually aware that there is no infinite compression algorithm, so you don’t need to keep saying that. And to be honest it just makes you look like you are lacking imagination because it’s not the only way to make detection difficult as illustrated by my responses.
I'm not sure that's the case. We have one at work and if it thinks you're calling out to it repeatedly it will say out loud that its mic is off and that you have to enable it.
It might just be the part that listens for "Alexa" but that audio buffer is available to the device and it can do things with it.
Because - as I've explained in the comment you replied to - it's pretty easy to check it for yourself. Unless you believe that an Echo has a secondary cellular connection that's only used while muted, any traffic must go over your configured connection.
Just look at the amount of transferred data while it's muted. If there is data (beyond extremely low background traffic) I'm wrong. If there is no data, you're wrong.
This is not some hypothetical metaphysical principle we're talking about, it's a product that you can analyse yourself. Put up or shut up.
Why do they even have an Amazon echo if they know it's a fucking security risk?
If you need a speaker, just get a speaker, not one a spyker (sorry, that was shite)
Friendly reminder to pause your bleeple before you buttlebode your over-driver. You do not want (CCF) cloud confederation forces to scuttle your bodes.
Shit like this is why I got a dumb speaker. It just plays audio, it doesn't have a battery (meaning that unplugged = zero power), it doesn't have wifi, it doesn't have an assistant, it just plays the music I ask it to play via Bluetooth.
It is lower audio quality, higher latency, less reliable, causes more interference for wireless networks and other devices. It's also less secure. Those are just the reasons I can think of right now.
Yes, third parties have published complete hardware teardowns of various Echo devices. For what it's worth, I've also personally reviewed multiple Echo device schematics, and have nothing to gain from lying.
Heh. I'll continue to badmouth Amazon for all the internal and external bullshit they pull, but during the decade I worked there, they actually took privacy and security seriously for the in-house devices.
IoT and smart device security only means your data is protected from unauthorized access. It's up to the manufacturer, not the user to decide who can get in.
Big brother is the gov, if you think Amazon has more power than the government especially in oversight like prism and NSA you're wrong, but Amazon does work for them and hands over data to the real big brother
Curious to learn how would you verify it. Wouldn't one has to go as low level as power spikes? Not to sound paranoid but one can't just believe the PR these companies said. Consequently we have to check how the device behaves. It's not because it doesn't send information that it does not process it. One could imagine it logs on specific behavior or keywords and only send information back when "normal" behavior is expected, e.g update check. I'm not trying to imply this is the case, only that verifying doesn't seem "easy" to me.
You can check network activity while it's muted and while it's not muted to see when it's phoning home. And if you're still worried, keep it on mute for an extended period of time and then turn it on again to see whether it transmits the backlog or not. Easy to proof.
Are you saying the size of the upstream packet should be proportional to the mute time? Wouldn't that assume that one knows ahead what such logs include or not? For example if we imagine that the device is listening while on mute for the keyword "potato" and it's not being said once during the mute period, wouldn't that still making an upstream packet of a fixed length, i.e zero, despite being actively listening and able to phone home? Genuinely trying to understand how one can be so confident based solely on packet size as this seems to make some assumption on how the device behaves.
Edit: regardless, monitoring traffic (which I already mentioned, hence aware of but arguing it's not sufficient) using Wireshark or netcat is definitely not "easy" for most people buying such devices.
If the device monitors despite being on mute and does not send packets home while on mute, then it would send more when turned back on, yes. How else would the logged information reach the datacenter? Also, not everyone buying an Echo needs to do an analysis, it's enough if a random tech-savvy person does it. Unless you argue they purposefully build surveillance devices and mix them with devices that are what they claim to be to obfuscate this behavior.
The conspiracy theory is about the muted device spying on you, not whether the activation phrase is recognized while muted. Or maybe I am misinterpreting this comment chain.
I don't think so, here is another example, what if the device counts how many times someone said "fuck", then sending {fuck:0} or {fuck:4,294,967,295} will result in the same size of data being transmitted. In fact imagining that the device is designed to do so, it could always send a large meaningless packet on querying for updates just so that when it actually needs to send data, it would look similar, same approximate number and lengths of packets and can be capped. I'm not saying it's the case now, just technically feasible and I believe hard to detect.
Also on "trusting" someone then answered in https://lemmy.world/comment/4594899 but I'd said it's also not "easy". At least one must trust their institutions able to vet on the person able to review such devices and that the device tested and the one used are actually identical.
Finally I'm not arguing for conspiracy theory or that Echo is spying on users, only that verification for privacy on closed system is not "easy" either through trust of 3rd parties or technical expertise for an "average" user, not somebody working in the domain.
Well that's arguably "easy" but then one must trust these people and thus either know them and their motives or understand the underlying technology (and thus not needing their expertise) so I'd say no really "easy".
No, the microphone literally stops converting sound to electrical signals in that mode. The mute button causes a hardware disconnect; if the mute light is on, the microphone is literally unpowered.
Even if it's verified not to spy on you today, they're all one forced update away from always listening and reporting back, either to corporate or a hacker. Don't trust code you can't see.
Alter the hardware? The firmware would just need to be updated silently. No piece of computer hardware doesn't have some form of software running at a low level.
reminder that the google home tells you that the mic is muted if you call it. it's basically a telescreen. in the case of the echo show, it is literally a telescreen.
Muting puts the microphone on a closed circuit iirc, i.e. it's just a circuit that detects whether you've used the keyword, and is completely separate and inaccessible to its OS beyond it knowing "the user used the keyword", a boolean value if you may.
Exactly, that way it can record your data offline and upload it next time you go back online. They don't send data while muted, they didn't say anything about after...
Technically, per EU and California law, you should be able to download all data they have on you – Google will offer a friendly page with recordings and their transcripts. But who knows if that's all they store? They're a black box.
Yes you do, you trust every paranoid nut spouting conspiracy theories they heard on tiktok - you've just decided to doubt the very clear and logical evidence that refutes them.
As you can see from the graph above, we have sharp spikes of data being sent around the times the hot word and commands were sent. The Google Home performed as expected. As the device booted up, there was some data transfer, otherwise the network was relatively quiet between commands. We also proved that when the device microphone is muted, none of the hot word triggers or talking caused an increase in network traffic.
This is an old article based on an older device but you can test a new one for yourself with some pretty basic networking knowledge and equipment.
As the article suggests: "Should you trust them not to be spying on you?" Hell no!
But we can also use freely available tools to verify this.
This is even more potent on your phone.
A lot of people seem to believe your phone is listening to you all the time and feeding you ads based on your IRL conversations.
That's not happening, and this can be easily verified even without any networking knowledge/tools by taking a look at your cell phone data bill.
Recording and uploading your mundane conversations all day long would be a huge drain on your battery and an expensive addition to your cell data bill. You would likely notice if it was happening.
Again: by all means DO NOT TRUST THESE COMPANIES, but also maybe do a little testing before assuming all private conversations are being recorded.
I mean google literally keeps all your voice to text transcriptions(if you use the feature) and location history by default. It wouldn't be such a far fetch to think the device does basic analysis locally and sends ad recommendations along with everything else
That's quite a terrible test though. I'm not a security expert but even I can think of quite a few ways they could've hidden traffic from such tests, even unintentionally. If Google is that evil, they know they have to be smart about it. And, unfortunately, they are both. So I wouldn't trust anything but a complete software and hardware analysis, painstakingly checking every circuit and processor instruction. But then, why even bother, the whole thing is like hiring a child molester as a kindergarten teacher.
Oh, yes I agree. If you want to be malicious, you can think of many ways to go around it. You could use a physical switch that kills the circuit to the microphone and say "see? it's physically impossible to listen if the microphone wires are not even connected!" and then hide a second microphone inside the speaker chassis. But unless you're a valuable target, I prefer my Occam's razor to be the appropriate kind of sharpness.
Oh, they definitely want to be malicious. Afterall, their livelyhood depends on it, and there's are literal tons of money on the table for knowing exactly the things that people don't want to be known about them. That's why I referred to them as pedos in kindergarten: they look like a data hoarding company, swim like a data hoarding company and quack like a data hoarding company. They might play it nice for now and test waters, but ultimately, what they are after all along is your personal data and especially private data. No way you can bet on them not acting upon this temptation.
Or maybe you don't install a data mining spy device in the office?
Is it any different than speaking in front of your smartphone?
I don't own an echo or Google whatever but I've definitely mentioned things and then got ads for that thing within the hour/day. Like cat litter when I don't even own a cat, just mentioned it once for cleaning up spills.
More likely there's a bunch of data points it can use. Coming within BT range of someone who does have a cat for example. Otherwise all the major smart phone companies would need to be in collision to keep the secret because the battery drain would be so blatant of it was recording, processing, transfering etc.
And all the articles that have said they aren't recording everything, I guess they would have to be in on it too.
I don't have a smoking gun for Google advertising based on conversation, but I mentioned in an email (Gmail) that someone I know was going to the Calgary Stampede, and Google Ads flogged Stetson cowboy hats and the Stampede for weeks after that. It was so conspicuous because normally it's just, "hot singles in your area", "hot Christian singles in your area?" maybe, "hot Christian moms in your area?" Nowadays it's like, "grannies near you want to fuck." FML.
My pastor mentioned a specific verse in his sermon recently. I went to type it in my notes. My phone's keyboard (Gboard) suggested that specific verse immediately. Not just the book. The chapter and verse numbers, too.
It's more likely you're getting those hyper-targeted ads because of location tracking and relationship tracking than because they're listening. It's much cheaper and easier than running voice recognition on shitty audio clips from a mic in your pocket, and honestly much scarier.
People only ever have anecdotes to support the claim that tech companies are listening in on their conversations, but these companies openly admit to targeting ads based on your location data and specifically who you've been associating with.
It's more likely that others in your congregation searched for that verse, so it was suggested to you based on your proximity to others who already searched for it.
It was in my hand. I was taking notes on it. So I doubt the audio was all that bad. My pastor also uses a mic, so his voice is not too quiet for a phone to pick it up.
I also find this unlikely because of how specific it got. It got the chapter and verse correct. The only input it got from me was my beginning to type out the name of the book of the Bible.
While that's possible, I'm not sure it'd work so quickly. I typed the reference in my note-taking app literally as soon as my pastor said it.
I don’t even get “hot singles in your area” anymore.
Where did I go wrong?
Get out of here with your reasoning. It's more fun to feign outrage because it gives me an opportunity to feel smart. If you start to invalidate my superiority by pointing out how arbitrary and dramatic my response is then I'm going to downvote you.
I don't know about you, but I generally turn my phone off completely when I'm at a doctor or hospital, as per the rules they have posted in the lobby asking me to do so.
So keep cell phone in lockers, no smart TVs, and no Alexa or similar devices.
Someone should invent the pocket microwave
They can call it the hot pocket
Sounds dangerous to have anywhere near your groin.
I thought that's what they put inside the Galaxy Note 7.
True, but I shit myself. Trusted a fart and full on shit my pants.
If the patient's name is Alexa, you're gonna have a bad time
If this is a medical facility, I'd never trust them ever again if I saw an echo there.
Dentist office I went to has a private room with an Echo, they use it to switch playlists without having to touch anything, I guess. Figure they didn't really think it through....
But yeah I was a bit uncomfortable with that. Not that anything private was discussed, I simply had a cavity filled. They're excellent dentists tho, best I've ever seen, so I won't be going elsewhere.
Maybe mention the potential privacy issue if they're still using echo on your next visit. They might've not aware of it.
In my experience with "mentioning the potential privacy issue" people are aware, it's just an awkward conversation that they'd prefer not to have.
Imagine being a receptionist at a dentists office and some whackadoodle rolls in to the waiting room on their electric scooter, and loudly exclaims... "are you aware that you and all of the staff here are absolutely completely 100% butt naked under your clothes and hosiery? It's unhygienic, unsanitary, non-inclusive, and completely unsatisfactory. I just thought you should know and perhaps talk it over with your boss".
Your reaction to this hypothetical scenario is the reaction you can expect when talking to your dentist about privacy.
No wonder I keep getting advertisements for AAAAAAAAAAAAA no, it’s fine, go ahead, AAAAAAAAAAAAAP mint.
Design your own website with squarespace! You two can own the address whyarentyouflossing.com
Yeah, don’t go looking too hard whenever you’re in a hospital or anything. The number of vulnerabilities I can spot with as little infosec knowledge I have is deeply concerning
What? What do they say?
You're all missing the real kicker here - this sign is only here for the HIPAA auditor. Everyone knows that no one is actually going to mute the thing.
We're not all like that. Some of us do really care (a whole lot) about the person, and not just "the patient". We get eye-rolled and sighed at sometimes because we speak up; but it doesn't matter because advocating for our patients is one of our top priorities.
Some hospitals have better work-cultures than others, but all of them have at least a few who truly give a damn
I would like to thank you for maintaining integrity when it is not easy. I know it can be frustrating.
Also muting it probably doesn't stop it listening, it just stops its response.
No, there is a button to make the Echo stop listening.
If you want to prove me wrong, it should be incredibly easy to press the button and record the Echos network activity. If you're right you'd still see network traffic. But nobody has been able to show this so far. I wonder why?
Yeah I read the other comments after making mine. However everyone keeps calling it a "physical" button, and I don't think that's accurate. It won't be a physical switch that opens a circuit, it will be a button that operates a transistor that opens the circuit.
Still, I see no good reason to trust the device - especially in a medical setting.
There's not much difference between a direct switch and a transistor, both will cut the signal and neither is over rideable by software
This is disingenuous at best and incorrect at worst. The mute button on the Echo is just that, a button; it is not a switch. It is software-controlled and pushing it just sends a signal to the microcontroller to take some action. For instance, one action is to turn on the red indicator light; that's definitely not physically connected to the mute button.
Maybe another response of pushing the button is to disable the transistor used for the microphone, but it's more likely that it just sets a software flag for the algorithm to stop its processing of the microphone input signal. Regardless of which method it uses, the microcontroller could undoubtedly just decide to revert that and listen in, either disabling or not disabling the red light at the same time.
But I personally don't think it listens in when muted. I don't think it spies on us to target ads based on what we say around it. I'm not worried that the mic mute function doesn't work as intended.
But I fully understand that it is fully capable of it, technically speaking.
I don't know the internal workings of the echo, I was responding to a comment that said it "operates a transistor". Which is way different than it being an input to a microcontroller.
If the button is just connected to a transistor, it's not software controllable, since transistors are electronical devices that don't interpret any software. A microcontroller does execute software. There's a big difference.
Transistors are simple electronical devices. They don't run software. You can control their inputs with another device (such a microcontroller) that does run software. You can also control their inputs with a button. You can't control their output with software.
I don't know how an Amazon echo is wired up, but if you just have a button connected to the gate of the transistor, it works basically the same as a mechanical switch.
If the Echo stored the audio and then sent it sometime after you unmute, it would still pass your test.
Which you could easily see by looking at the amount of traffic sent after unmuting, unless you believe that Amazon secretly found an infinite compression algorithm they use only in muted Echo devices.
Unless some or all of it was sent along during the next time you actually do a voice command.
Tbf to foobar, that should still give a falsifiable and testable data-difference if you are willing to alter your behaviour around experimentation for an extended period of time
Though, there are always more ways to hide traffic
Again: Which you could easily see by looking at the amount of traffic sent after unmuting, unless you believe that Amazon secretly found an infinite compression algorithm they use only in muted Echo devices.
You understand that sending more information means more traffic? Unless - as I stated - they found a perfect compression algorithm, you'd be able to tell.
I’m a little confused as to why you are being so condescending. Every time you say “this is so simple if you do X”. And then I say “what about Y?” And then you’re like “that’s obvious too, just do Z” and kind of insulting me, even though you did not account for it in your prior comment. And it becomes less trivial with each additional test.
Your first method involves simply checking if there is any traffic after muting. Your revised method involves additionally checking if there is any traffic for some period of time after muting (how long?). And now your third method involves doing the first two things as well as gathering data on the average amount of traffic in your requests generally and deciding whether subsequent traffic during requests after muting for an unspecified amount of time is significantly large enough to conclude it is sending information acquired during muting.
But if they send it a little bit at a time, or they just leak a small portion of it occasionally in some requests, I think it would be very challenging to conclude definitively one way or the other.
I’m actually aware that there is no infinite compression algorithm, so you don’t need to keep saying that. And to be honest it just makes you look like you are lacking imagination because it’s not the only way to make detection difficult as illustrated by my responses.
I'm not sure that's the case. We have one at work and if it thinks you're calling out to it repeatedly it will say out loud that its mic is off and that you have to enable it.
It might just be the part that listens for "Alexa" but that audio buffer is available to the device and it can do things with it.
This is the funniest thing I've read today (though I'm not sure if it is a joke).
I just tried it with mine, it doesn't react in any way.
Aww, you actually believe that!
Shouldn't take you more than 5 minutes to prove me wrong. Please do!
It shouldn't take me more than 5 minutes? Why's that?
Because - as I've explained in the comment you replied to - it's pretty easy to check it for yourself. Unless you believe that an Echo has a secondary cellular connection that's only used while muted, any traffic must go over your configured connection.
Just look at the amount of transferred data while it's muted. If there is data (beyond extremely low background traffic) I'm wrong. If there is no data, you're wrong.
This is not some hypothetical metaphysical principle we're talking about, it's a product that you can analyse yourself. Put up or shut up.
And I can do that all in 5 minutes without owning one?
It's fascinating how people know that these devices break their privacy, yet they keep using them.
Convenience is one of the most addictive drugs.
They pay to be watched.
Aw yeah
Some people just don't care about their privacy and I'm not judging them, you do you!
Professionals should care about their client's privacy though. That shouldn't be a debate.
Totally agree with you, i was referring to a private setting!
I do judge them. But I would more say that I came to terms with this ugly fact.
Take as old as time
Why do they even have an Amazon echo if they know it's a fucking security risk? If you need a speaker, just get a speaker, not one a spyker (sorry, that was shite)
Maybe the family brought it in...
Maybe just don’t have any big tech surveillance devices in the hospital/clinic/whatever.
Friendly reminder to pause your bleeple before you buttlebode your over-driver. You do not want (CCF) cloud confederation forces to scuttle your bodes.
rAmen, brother!
May his noodly appendage touch you.
He boiled for your sins.
But Jeff Benzos is the biggest pharamcist in the world now, so it's fine
Shit like this is why I got a dumb speaker. It just plays audio, it doesn't have a battery (meaning that unplugged = zero power), it doesn't have wifi, it doesn't have an assistant, it just plays the music I ask it to play via Bluetooth.
Why not go further and hardwire?
Why not take up the kazoo?
Do you kazoo? I often do.
It does have an aux-in, but I don't have anything to plug into it.
What about your micropenis?
What's wrong with Bluetooth?
It is lower audio quality, higher latency, less reliable, causes more interference for wireless networks and other devices. It's also less secure. Those are just the reasons I can think of right now.
And by muted they mean pull the plug
And by pull the plug I mean smash it with a fucking hammer
I was going to say. Can you even mute them?
Yes, there's a dedicated mute button that literally cuts power to the mic.
Has that been verified by somebody independent?
Yes, third parties have published complete hardware teardowns of various Echo devices. For what it's worth, I've also personally reviewed multiple Echo device schematics, and have nothing to gain from lying.
Sounds like something that someone who has something to gain from lying would say.
Heh. I'll continue to badmouth Amazon for all the internal and external bullshit they pull, but during the decade I worked there, they actually took privacy and security seriously for the in-house devices.
I hate it when acronyms aren't clearly defined... PHI stands for Protected Health Information.
This is almost certainly in a provider setting, in which all covered employees will have received extensive training detailing what "PHI" stands for.
And the several boxes of exam gloves too no less lol
IoT and smart device security only means your data is protected from unauthorized access. It's up to the manufacturer, not the user to decide who can get in.
Remember that S in IoT stands for Security!
We're living in a dystopian future...
Big brother is listening...
Amazon isn't big brother
amazon absolutely is big brother lol
Big brother is the gov, if you think Amazon has more power than the government especially in oversight like prism and NSA you're wrong, but Amazon does work for them and hands over data to the real big brother
FYI: Mutung the echo/Alexa/Google home/etc doesn't stop it from listening, just from making noise itself.
Curious to learn how would you verify it. Wouldn't one has to go as low level as power spikes? Not to sound paranoid but one can't just believe the PR these companies said. Consequently we have to check how the device behaves. It's not because it doesn't send information that it does not process it. One could imagine it logs on specific behavior or keywords and only send information back when "normal" behavior is expected, e.g update check. I'm not trying to imply this is the case, only that verifying doesn't seem "easy" to me.
You can check network activity while it's muted and while it's not muted to see when it's phoning home. And if you're still worried, keep it on mute for an extended period of time and then turn it on again to see whether it transmits the backlog or not. Easy to proof.
Are you saying the size of the upstream packet should be proportional to the mute time? Wouldn't that assume that one knows ahead what such logs include or not? For example if we imagine that the device is listening while on mute for the keyword "potato" and it's not being said once during the mute period, wouldn't that still making an upstream packet of a fixed length, i.e zero, despite being actively listening and able to phone home? Genuinely trying to understand how one can be so confident based solely on packet size as this seems to make some assumption on how the device behaves.
Edit: regardless, monitoring traffic (which I already mentioned, hence aware of but arguing it's not sufficient) using Wireshark or netcat is definitely not "easy" for most people buying such devices.
If the device monitors despite being on mute and does not send packets home while on mute, then it would send more when turned back on, yes. How else would the logged information reach the datacenter? Also, not everyone buying an Echo needs to do an analysis, it's enough if a random tech-savvy person does it. Unless you argue they purposefully build surveillance devices and mix them with devices that are what they claim to be to obfuscate this behavior.
The conspiracy theory is about the muted device spying on you, not whether the activation phrase is recognized while muted. Or maybe I am misinterpreting this comment chain.
I don't think so, here is another example, what if the device counts how many times someone said "fuck", then sending {fuck:0} or {fuck:4,294,967,295} will result in the same size of data being transmitted. In fact imagining that the device is designed to do so, it could always send a large meaningless packet on querying for updates just so that when it actually needs to send data, it would look similar, same approximate number and lengths of packets and can be capped. I'm not saying it's the case now, just technically feasible and I believe hard to detect.
Also on "trusting" someone then answered in https://lemmy.world/comment/4594899 but I'd said it's also not "easy". At least one must trust their institutions able to vet on the person able to review such devices and that the device tested and the one used are actually identical.
Finally I'm not arguing for conspiracy theory or that Echo is spying on users, only that verification for privacy on closed system is not "easy" either through trust of 3rd parties or technical expertise for an "average" user, not somebody working in the domain.
The sources people use here seem to confirm it being a hardware mute that cuts off power to the mic. https://iot.stackexchange.com/questions/2382/is-the-amazon-echo-mic-mute-a-hardware-switch
Well that's arguably "easy" but then one must trust these people and thus either know them and their motives or understand the underlying technology (and thus not needing their expertise) so I'd say no really "easy".
No, the microphone literally stops converting sound to electrical signals in that mode. The mute button causes a hardware disconnect; if the mute light is on, the microphone is literally unpowered.
No software update could bypass such a hardware feature, which is exactly why it was designed thusly.
Huh? It was built that way, and it does it. It's a hardware feature.
Even if it's verified not to spy on you today, they're all one forced update away from always listening and reporting back, either to corporate or a hacker. Don't trust code you can't see.
How do you alter hardware remotely?
Alter the hardware? The firmware would just need to be updated silently. No piece of computer hardware doesn't have some form of software running at a low level.
Again, the power cut & indicator light are implemented in hardware. there is no software running on a single-transistor circuit.
You never said that to me. I had to figure out what your talking about through your comment history with other people.
Do you trust that? Have you opened one up and followed the traces?
I was developing devices for Amazon professionally. Those were the schematics from the actual hardware design.
False. The mute button literally removes power to the microphone. The indicator LED is actually hardwired to indicate the inverse of its power line.
The HIPAA strikes again! 🤣
reminder that the google home tells you that the mic is muted if you call it. it's basically a telescreen. in the case of the echo show, it is literally a telescreen.
It has a separate local thingy that doesn't talk to the internet for voice activation. This is actually proven.
Not saying google isn't shady as fuck but this particular time its legit.
so "Muting" your google home effectively puts it in airplane mode?
Muting puts the microphone on a closed circuit iirc, i.e. it's just a circuit that detects whether you've used the keyword, and is completely separate and inaccessible to its OS beyond it knowing "the user used the keyword", a boolean value if you may.
I don't need a conspiracy nut to tell me that's probably not true to believe that it's probably not true
Companies and the public don't give a shit about privacy
Pretty sure muting it straight up disables the microphone completely.
No. If it’s “muted”, it will recognize “OK google” and tell you to unmute the mic first to enable online functionality.
I have 3 devices and none of them do this 🤷
It's also not "airplane mode" because I can send music to any of them
Exactly, that way it can record your data offline and upload it next time you go back online. They don't send data while muted, they didn't say anything about after...
Technically, per EU and California law, you should be able to download all data they have on you – Google will offer a friendly page with recordings and their transcripts. But who knows if that's all they store? They're a black box.
I trust nothing.
Yes you do, you trust every paranoid nut spouting conspiracy theories they heard on tiktok - you've just decided to doubt the very clear and logical evidence that refutes them.
Projecting
Err, not applicable I think
https://labs.sogeti.com/google-home-spying/
This is an old article based on an older device but you can test a new one for yourself with some pretty basic networking knowledge and equipment.
This.
As the article suggests: "Should you trust them not to be spying on you?" Hell no!
But we can also use freely available tools to verify this.
This is even more potent on your phone.
A lot of people seem to believe your phone is listening to you all the time and feeding you ads based on your IRL conversations.
That's not happening, and this can be easily verified even without any networking knowledge/tools by taking a look at your cell phone data bill.
Recording and uploading your mundane conversations all day long would be a huge drain on your battery and an expensive addition to your cell data bill. You would likely notice if it was happening.
Again: by all means DO NOT TRUST THESE COMPANIES, but also maybe do a little testing before assuming all private conversations are being recorded.
I mean google literally keeps all your voice to text transcriptions(if you use the feature) and location history by default. It wouldn't be such a far fetch to think the device does basic analysis locally and sends ad recommendations along with everything else
But my battery is shit and I’m always connected to Wi-Fi
WiFi makes it easier IMO.
It's very simple to snoop all the WiFi traffic and verify what is being sent while it's more challenging to get those details on cell data
Please do tell what is in the encrypted packets it phoned home with?
Sadly, it’s not my Wi-Fi
That's quite a terrible test though. I'm not a security expert but even I can think of quite a few ways they could've hidden traffic from such tests, even unintentionally. If Google is that evil, they know they have to be smart about it. And, unfortunately, they are both. So I wouldn't trust anything but a complete software and hardware analysis, painstakingly checking every circuit and processor instruction. But then, why even bother, the whole thing is like hiring a child molester as a kindergarten teacher.
Oh, yes I agree. If you want to be malicious, you can think of many ways to go around it. You could use a physical switch that kills the circuit to the microphone and say "see? it's physically impossible to listen if the microphone wires are not even connected!" and then hide a second microphone inside the speaker chassis. But unless you're a valuable target, I prefer my Occam's razor to be the appropriate kind of sharpness.
Oh, they definitely want to be malicious. Afterall, their livelyhood depends on it, and there's are literal tons of money on the table for knowing exactly the things that people don't want to be known about them. That's why I referred to them as pedos in kindergarten: they look like a data hoarding company, swim like a data hoarding company and quack like a data hoarding company. They might play it nice for now and test waters, but ultimately, what they are after all along is your personal data and especially private data. No way you can bet on them not acting upon this temptation.
Have you made sure of that by monitoring the data sent out? If not, well...
https://labs.sogeti.com/google-home-spying/
I'm not sure "no spike" is all that revealing. Looks like the "heartbeat" was still present the entire time.
Your hatred has blinded you.
Perhaps reread the comment and reply to it with a relevant one and leave the childish assumptions for your celebrity slashfic.
Mine doesn't? I scream at it until I get pissed, look at it, and realize the light is orange.
It absolutely does. It screams "THE MIC IS CURRENTLY MUTED" whenever I talk while it's muted. Google mini Gen 2
Well I don't have that model, and mine doesn't. Weird.