Privacy on internet – Part 2/7
Privacy in Smart speakers and virtual assistants (Amazon, Google, Apple)
Privacy isoften a balancing act between comfort and privacy. Smart speakers, such asAmazon Echo, Google home etc, are tools in our never-ending pursuit of acomfortable life. We just have to say its name and ask a question or give acommand and in a friendly voice we get that question answered or that timer set.It’s like we have our own super smart friend and secretary all rolled into one.Problem is, though, that this friend isn’t very smart on its own. It needs tobe connected to the internet and if you have read the other articles onParanoid Mind you know that this poses a significant risk to privacy and topeople with ill will.
What is a smart speaker?
In this definition of smart speakers I will include all stand-alone devices as well as the features we now have on our phones and in operating systems (such as Android, Windows 10 and Apple).
Supershort: It’s a wireless speaker or voice command device with an integratedvirtual assistant. It’s most often used to handle hands free interactions.
If you wanta more detailed description of what a smart speaker are, I refer you to yoursearch engine of choice. There are a plethora of pages out there defining whatthey are.
How does it work?
I will oversimplify my description on how it works since different smart speakers might work a little bit different.
- You turn it on by saying a wake word or keyword. But that, of course, requires it to always have its microphone on. How else can it hear the wake word?
- The smart speaker starts to record.
- When there has been a silence long enough it stops the recording.
- The recording is sent, via internet, to a central point where a voice recognition engine interprets what the recording contains.
- Part of this service “learns” from your voice, speech pattern, dialect and so on in order to provide a better service and improve the voice recognition.
- The other side of this is that it saves what you asked or commanded in order to know you and your habits better.
- The voice recognition engine sends a response back, via internet, to the smart speaker.
- The smart speaker speaks back to you.
Privacy concerns in smartspeakers
Since themicrophone is always turned on and the device itself isn’t as good as humans indifferentiate between a normal conversation and intent, there will always be arisk that the device starts the recording accidently. It has been shown thatthey, on average, accidently record about 20 times a day. There are evenreports that it has recorded conversations and sent it to people on the contactlist. One could say that it’s the devices version of pocket dialling.
Since thesystem can’t, or aren’t that good at, differentiate between speech that hasbeen previously recorded, the radio, or conversation we have a bunch ofpossible security issues.
We all havebeen made aware that governments have, more or less, free access to all ourdata online. In some cases, regardless of if they need it or not. Likecitizens, governments strive for comfort. In the past it has been reported thatthey have their own, backdoor, into our e-mails, internet traffic, and posts onsocial media. These smart speakers would make an excellent addition for this.Imagine being able to listen in on conversations in people’s private homes.Perhaps set up an automated system that listens to all conversations and alertan analyst when specific key words are said. They can just connect it up toECHELON and then take a coffee break. Since it has happened in the past and theinvolved companies first denied giving this free access and later admitted it,one should only make the presumption that they already have that access tosmart speakers. Regardless of what companies say. As Facebook, Google,Microsoft and other tech giants, often shown, it’s easier to apologize than toask for permission.
Microsofthas admitted that humans do listen in on their Skype and Cortana services andthere is no reason to believe that the other smart speaker providers aren’tdoing the same.
As alwayswhen it comes to information it will be processed, used, and sold to thirdparties. Information is one of today’s currencies and it is bought and soldwithout scruples. It is handled with less care and consideration than acustomer in a grocery store buying ordinary milk.
There issomething called voice hacking. If you manage to collect enough of thoserecorded commands and questions you can edit it to your own voice command andhijack accounts.
Sinceinternet traffic is going both in and out there is always the possibility thatthe device itself can be hacked. The only way to 100% protect a device is tonot have it connected to the internet at all. There are some very clever peopleout there and what is safe today will be hacked tomorrow. This is, however, notrealistic today and would remove all functionality of the smart speaker andrender it as useless as that old tech I save in boxes “just in case”.
Possible solutions toprivacy concerns of smart speakers
Use themute button on the smart speaker or turn off the constant listening on yourphone or operating system. This, of course, kind of makes the smart speakeruseless since you have to physically unmute and mute it every time you use it.Also, you will have to trust that the smart speaker company really mute, or insome way disconnects, the microphone.
If possible, use a separate e-mail and/or username in the device than your main ones. This will separate your information connected with your main e-mail and/or username and allows the device to live in a “bubble” on it’s own.
Before I gointo the possible hardware solution, I just want to be 100% clear on this. I amnot getting paid nor do I receive any form of benefits or gratitude from thecompany in question. Also, a reservation, I haven’t actually tested the productbut in a mail conversation with the company I have gotten all my questionsanswered. What’s more, I believe in those answers.
Another option is a product called Paranoid from the Canada based company Pleasant Solutions. I must say that it is an excellent name for a product. I can’t really put my finger on it but it does sound familiar somehow.
Paranoid is a product that, manually, mutes or unmutes the smart speaker. The device itself is not connected to the internet AT ALL, which is very unusual in this day and age when even your smart watch has to have internet to even sync with your phone or computer.
If Paranoidneeds updating you play it some music with your phone. I remember a time when Ihad to play loud static noises to my universal remote control to update it soplaying a piece of music to a black little hockey puck (Did I mention it’s aCanadian company?) in order to update it doesn’t sound so bad.
It has itsown microphone but since it is not connected to the internet, Wi-Fi, Blue toothor smoke signals it can’t be hacked or send any recorded messages anywhere.Well, it can be hacked if being played music containing code exploits but thenthe person has to be on the location or outside with loud speakers. The resultwould then be that it fails mute or unmute the smart speaker. I would say therisk is minimal and resulting damage negligible. The only ones that would beinteresting in doing so are governments that are listening in on the smartspeaker. If they go through all this trouble in order to hear yourconversations then you have bigger things to worry about.
To allowthe smart speaker to listen in you say Paranoid’s wake word “Paranoid”.
Paranoidcomes in three different flavours or levels of Paranoid.
- ParanoidHome Button – It uses the Smart Speakers USB port to physically pushes the muteand unmute button. As mentioned above you will have to trust that the smartspeaker company really turns off the microphone.
- ParanoidHome Wave – It sends static noises directly into the microphone of the smartspeaker and that way prevents it from hearing anything else. Not to worry, itshouldn’t be loud enough to distract, disturb or even be heard by human ears,unless you are a super human. When you say the wake word it mutes itself andallow the microphone to hear you again.
- ParanoidHome Max – This version is built into the smart speaker. It requires you tosend the smart speaker to their service centre and they will manually installit into the device. As I understand it, they rewire the microphone into theParanoid so that the Paranoid circuits enables or disables the microphone.
If you findthat Paranoid intrigues you, as it did me, I recommend that you check them out.Link is at the bottom.
As we can see the balancing act between comfort and privacy is very real with smart speakers. Unfortunately, the smart speakers, of today, cannot work without constantly sending your voice over the internet. Until the day when we get memory cards large enough to contain the entire internet, this is how it will work. Ultimately the choice is yours but as always be careful of what you decide to share.