Follow

I'm working for a big tech company in California. Yesterday all employees received an email from our security guys.

We have to deactivate all personal assistant gadgets (like Alexa) during worktime in the homeoffice.

They have evidence that these gadgets are recording audio from conference calls.

Nothing new to me but notable that I've got this order.

@vatrox So infact you also have to turn out your mobile. I mean many of them also have digital assistance integrated.

@bjoerns @vatrox What about the Intel Management Engine? That also spies on you I've heard, and that's on a device that's necessary for the conference call.
@Hyolobrika @bjoerns @vatrox the difference is that Intel ME is used by the workplace to spy on their employees, at least to some extent.

@vatrox next week you are going to receive an email stating that they have evidence that personal assistant gadgets contact servers on the internet when you connect the device to your WiFi😂

@vatrox can you share any more details? If so that is a big issue, and bold claims need bold proof.

I'm not personally impacted because those things can GTFO of my life/home/work, but I'm amazed at how people let that into their private sphere.

@dch @vatrox That those things record you and humans listen to the recordings isn't a bold claim, it's been heavily reported in media around the world.

@tfb @dch @vatrox Yea, IIRC there was a data centre in Romania that screened huge volumes of the data going through Alexa, and I think even some of the Irish call centre teams in Cork are rumoured to handle Apple's Siri system sometimes.
It's part of the ongoing training process for the models, sure - anything marginal (got a non-US accent? Got a cold? COPD?) gets shipped off for clarification and validation to train the models.
But also just, if you can't be understood maybe they get someone to tell the model what you meant so you get your answers / they get their data.

@tfb @vatrox the aspect of data being siphoned off to build models, when "alexa <foo>" is said, yes, as you said - well known.

The implication that this can/is being used to collect *all* voice data, even if not summoned (e.g. during conference call), and then processed for nefarious purposes, that is where I'm dubious.

- politifact.com/factchecks/2018
- vox.com/recode/2020/2/21/21032

If the ACLU thinks these devices aren't listening full time, I consider that as reasonable assurance.

@dch @vatrox One of the problems those "assistants" have is exactly false activation. The reports of what was in the recordings made it clear that there's a real problem of recordings being made without the intent to activate the "assistant". If you don't want to risk being recorded, the only thing to do is avoid them completely.

@dch @vatrox @tfb The #ACLU's expertise is in law, not technology. They are not that street wise, which you can see by the #Facebook, #Twitter, & #Youtube links on their website. #Alexa has already been caught recording when it shouldn't. How do you know they fixed the closed-source code?

@tfb @vatrox @dch #politifact is not a good source to cite because they are privacy abusers themselves. Your link sends people to a #CloudFlare website. I had to use the #WaybackMachine to read the article, which states: "technology experts told us it’s against Amazon policy to constantly record customers" <= yet you can't trust #Amazon's word.

@dch @vatrox @tfb Self-respecting tech experts would say you can't trust closed source software, especially after scandals have already been exposed.

@koherecoWatchdog @dch @vatrox @tfb

It's also Yet Another Internet Connected Microphone in your house... just because the manufacturer isn't listening intentionally, it doesn't mean no one else is...

That's why the Secret Service won't let Peloton One into the White House.

Also, privacy policies change at a moment's notice (like Facebook mining WhatsApp data)

@float13 @tfb @vatrox @dch Indeed, it's not only Amazon who Alexa users must trust. It's also worth noting that in the case of the OP, even if Alexa only records what the user expects, staff /can/ talk to Alexa before, after, and during sensitive workplace chatter. So of course it's sensible to have a company policy to deactivate them.

@dch @tfb @vatrox so the solution is simple, just don't have any video meetings with a person called Alexa...

@chebra @dch @tfb @vatrox

It's simpler: Don't have any contact with those people.

I mean, yes, I know what you are going to answer. But in the end, what do you get from those people beyond all kinds of annoyances when interacting with them?

I tell people since years that I will not visit them at home if they have an Alexa running.

And, in the end, this is kind of symbolic, and would urgently need to be enhanced to all people with similar stuff running on their mobile phones.

@pino_ac thats absurd and at best impractical. My best DE speaking friends here: alexa. My best EN speaking friend: alexa. My family: none of these crazy devices because the bandwidth cost in NZ is too high. My extended family has siri enabled all over the place, particularly for the elderly. It's really useful for people who aren't fully mobile.

I would reduce my contact circle by 70% if I chose this, higher even than if I refused to go to people who aren't vegetarian.

@chebra @tfb @vatrox

@dch @chebra @tfb @vatrox

Reducing the contact circle by whatever percentage is not absurd per se. That would need a deeper explanation why it's absurd to exclude idiots from my contacts.

If practical or not is also kind of subjective. For some people it's completely unbearable (so: impractical) to have a contact circle full of fools that put spies around themselves that constantly record audio and send it to "somewhere in the cloud". Better to have less (but useful) contacts maybe.

@tfb @dch @chebra @vatrox

Because I don't want to stay in contact with people who have stuffed spywhere in there life whereever possible??

No... Even if you go completely without the 99% of idiots around you, the remaining 1% is still much more than you can _ever_ interact with. ;)

@vatrox

So-called "smart" devices recording company work...

@vatrox If only someone had warned them before…

Will they publish that evidence? Many of us suspected that for a long time already (and I refused meetings in rooms with activated Alexas) but were ignored. I know of places with paranoid security measures where in the central places they use such gadgets. Always told them that's a security risk, never was believed (only smiled at "knowingly").

@vatrox
I am working on a Project in my freetime which checks exaxtly when a smart device IoT) communicates with the cloud, then it tells you which known pattern (Type of device) it its.
The Main Fokus is on Fingerprinting the device and the Guess the MUD (RFC 8520) URL.

Im am shortly before releasing it officialy but there is a demo instance and Documentation availae already

@tabseverywhere @xtux.org
Will be published this Week.
You can already find API specification here:

legacy.namib.informatik.uni-br

I will check if i can Export the documentation before lunch

@AlarmZK
@vatrox
Would love to learn more too, if you have a doc or source code.
It's it based on traffic timing, or do you have access to the decrypted contents?

@xutz
We are preparing to move from our privat repo to a public repo this week stay tuned.
I can Export the docs for you
@vatrox

@fatboy @vatrox I think because that's not always possible, unfortunately. I can do without Google and Amazon "assistants", but I'm very much attached to my robo-vacuum.

@everlastingrocks @fatboy @vatrox not as far as I know, no. 😉 Nothing in terms of speech commands anyway, which is just the way I like it.

Xiaomi Roborock S5 Max, fwiw.

@doenietzomoeilijk @everlastingrocks @fatboy @vatrox i mean maybe the capacitive coupling of some wires in there varies as they jiggle in sound waves. Or it can do wifi without a wifi chip and detect redshift from vibrating objects.

If you're getting rid of them, i'll buy them. (not seriously) My next phone is a Huawei, i will decorate with commie China covers and make the ringtone the Chinese anthem, btw.

What chance against spying do we stand anyway.

@fatboy @vatrox realistically, they should be resold so the next idiot gets it from the 2nd hand market instead of lining #Amazon's pockets & doing more environmental harm. Failing that, I'd say store it until a FOSS developer finds a way to repurpose the #smartSpeaker.

@vatrox My wife and I decided a long time ago that having a hot mic in our house that is connected to the internet was a bad idea! Who would have thought???

@vatrox

...and your TV, and your toaster, and your vacuum, and your refrigerator, and your doorbell, and The Elf on the Shelf... :)

@vatrox I'm dumbfounded that this issue hasn't occurred to more people.

I don't actually permit Alexa speakers into my house. If it's a Kindle it has Alexa disabled. The same goes for other voice assistants.

@vatrox So, how long you think before we are asked to work from home in a Faraday cage and have our internet brought in over fiber into the cage to ensure privacy?

@vatrox Just imagine you can use a flaw that these 3 assistants can mock or insult each other in an endless loop. Sure it won't do any harm (I guess) as you can always break the loop by becoming loud so they don't "hear" each other.

Or is Google ignoring the voices of the other assistants and vise versa?
@vatrox invidio.us/watch?v=IRmGZSdH2qY - "Alexa, do you work for the #NSA ?" Alexa: Process -> turn off. Answer is clear.

@vatrox I don't own such device but now I want one 😁

@vatrox Imagine keeping a corporate spying device in your house

@vatrox I suppose the company is using some self-hosted libre software for conference calls?

@vatrox I'm still shocked that anyone even uses these surveillance devices...

@vatrox anyone wondering more about these surveillance devices should check out this HOPE 2020 talk from the EFF:
m.youtube.com/watch?v=fAkB-wGF

Sign in to participate in the conversation
digitalcourage.social

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!