Privacy on internet – Part 2/7

Privacy in Smart speakers and virtual assistants (Amazon, Google, Apple)

Privacy is often a balancing act between comfort and privacy. Smart speakers, such as Amazon Echo, Google home etc, are tools in our never-ending pursuit of a comfortable life. We just have to say its name and ask a question or give a command and in a friendly voice we get that question answered or that timer set. It’s like we have our own super smart friend and secretary all rolled into one. Problem is, though, that this friend isn’t very smart on its own. It needs to be connected to the internet and if you have read the other articles on Paranoid Mind you know that this poses a significant risk to privacy and to people with ill will.

What is a smart speaker?

In this definition of smart speakers I will include all stand-alone devices as well as the features we now have on our phones and in operating systems (such as Android, Windows 10 and Apple).

Super short: It’s a wireless speaker or voice command device with an integrated virtual assistant. It’s most often used to handle hands free interactions.

If you want a more detailed description of what a smart speaker are, I refer you to your search engine of choice. There are a plethora of pages out there defining what they are.

How does it work?

I will oversimplify my description on how it works since different smart speakers might work a little bit different.

  1. You turn it on by saying a wake word or keyword. But that, of course, requires it to always have its microphone on. How else can it hear the wake word?
  2. The smart speaker starts to record.
  3. When there has been a silence long enough it stops the recording.
  4. The recording is sent, via internet, to a central point where a voice recognition engine interprets what the recording contains.
    • Part of this service “learns” from your voice, speech pattern, dialect and so on in order to provide a better service and improve the voice recognition.
    • The other side of this is that it saves what you asked or commanded in order to know you and your habits better.
  5. The voice recognition engine sends a response back, via internet, to the smart speaker.
  6. The smart speaker speaks back to you.

Privacy concerns in smart speakers

Since the microphone is always turned on and the device itself isn’t as good as humans in differentiate between a normal conversation and intent, there will always be a risk that the device starts the recording accidently. It has been shown that they, on average, accidently record about 20 times a day. There are even reports that it has recorded conversations and sent it to people on the contact list. One could say that it’s the devices version of pocket dialling.

Since the system can’t, or aren’t that good at, differentiate between speech that has been previously recorded, the radio, or conversation we have a bunch of possible security issues.

We all have been made aware that governments have, more or less, free access to all our data online. In some cases, regardless of if they need it or not. Like citizens, governments strive for comfort. In the past it has been reported that they have their own, backdoor, into our e-mails, internet traffic, and posts on social media. These smart speakers would make an excellent addition for this. Imagine being able to listen in on conversations in people’s private homes. Perhaps set up an automated system that listens to all conversations and alert an analyst when specific key words are said. They can just connect it up to ECHELON and then take a coffee break. Since it has happened in the past and the involved companies first denied giving this free access and later admitted it, one should only make the presumption that they already have that access to smart speakers. Regardless of what companies say. As Facebook, Google, Microsoft and other tech giants, often shown, it’s easier to apologize than to ask for permission.

Microsoft has admitted that humans do listen in on their Skype and Cortana services and there is no reason to believe that the other smart speaker providers aren’t doing the same.

As always when it comes to information it will be processed, used, and sold to third parties. Information is one of today’s currencies and it is bought and sold without scruples. It is handled with less care and consideration than a customer in a grocery store buying ordinary milk.

There is something called voice hacking. If you manage to collect enough of those recorded commands and questions you can edit it to your own voice command and hijack accounts.

Since internet traffic is going both in and out there is always the possibility that the device itself can be hacked. The only way to 100% protect a device is to not have it connected to the internet at all. There are some very clever people out there and what is safe today will be hacked tomorrow. This is, however, not realistic today and would remove all functionality of the smart speaker and render it as useless as that old tech I save in boxes “just in case”.

Possible solutions to privacy concerns of smart speakers

Use the mute button on the smart speaker or turn off the constant listening on your phone or operating system. This, of course, kind of makes the smart speaker useless since you have to physically unmute and mute it every time you use it. Also, you will have to trust that the smart speaker company really mute, or in some way disconnects, the microphone.

If possible, use a separate e-mail and/or username in the device than your main ones. This will separate your information connected with your main e-mail and/or username and allows the device to live in a “bubble” on it’s own.

Before I go into the possible hardware solution, I just want to be 100% clear on this. I am not getting paid nor do I receive any form of benefits or gratitude from the company in question. Also, a reservation, I haven’t actually tested the product but in a mail conversation with the company I have gotten all my questions answered. What’s more, I believe in those answers.

Another option is a product called Paranoid from the Canada based company Pleasant Solutions. I must say that it is an excellent name for a product. I can’t really put my finger on it but it does sound familiar somehow.

Paranoid is a product that, manually, mutes or unmutes the smart speaker. The device itself is not connected to the internet AT ALL, which is very unusual in this day and age when even your smart watch has to have internet to even sync with your phone or computer.

Paranoid Addon

If Paranoid needs updating you play it some music with your phone. I remember a time when I had to play loud static noises to my universal remote control to update it so playing a piece of music to a black little hockey puck (Did I mention it’s a Canadian company?) in order to update it doesn’t sound so bad.

It has its own microphone but since it is not connected to the internet, Wi-Fi, Blue tooth or smoke signals it can’t be hacked or send any recorded messages anywhere. Well, it can be hacked if being played music containing code exploits but then the person has to be on the location or outside with loud speakers. The result would then be that it fails mute or unmute the smart speaker. I would say the risk is minimal and resulting damage negligible. The only ones that would be interesting in doing so are governments that are listening in on the smart speaker. If they go through all this trouble in order to hear your conversations then you have bigger things to worry about.

To allow the smart speaker to listen in you say Paranoid’s wake word “Paranoid”.

Paranoid comes in three different flavours or levels of Paranoid.

  • Paranoid Home Button – It uses the Smart Speakers USB port to physically pushes the mute and unmute button. As mentioned above you will have to trust that the smart speaker company really turns off the microphone.
  • Paranoid Home Wave – It sends static noises directly into the microphone of the smart speaker and that way prevents it from hearing anything else. Not to worry, it shouldn’t be loud enough to distract, disturb or even be heard by human ears, unless you are a super human. When you say the wake word it mutes itself and allow the microphone to hear you again.
  • Paranoid Home Max – This version is built into the smart speaker. It requires you to send the smart speaker to their service centre and they will manually install it into the device. As I understand it, they rewire the microphone into the Paranoid so that the Paranoid circuits enables or disables the microphone.

If you find that Paranoid intrigues you, as it did me, I recommend that you check them out. Link is at the bottom.

Final words
As we can see the balancing act between comfort and privacy is very real with smart speakers. Unfortunately, the smart speakers, of today, cannot work without constantly sending your voice over the internet. Until the day when we get memory cards large enough to contain the entire internet, this is how it will work. Ultimately the choice is yours but as always be careful of what you decide to share.

More information about the Paranoid device can be found here

You may also like...