Are voice controlled devices like Amazon Echo really spying on you?
Voice controlled digital home assistants are quickly becoming extremely popular as the technology behind devices such as the Amazon Echo and Google Home improves drastically.
From blasting out your favourite playlists and calling your family members, to remembering your shopping list and changing the thermostat. Home assistants are able to connect to an increasingly large number of third party devices, allowing their owners to have increasingly easy control of their homes.
But with the added convenience comes added privacy concerns. Such voice controlled home assistants have been very publicly accused of constantly spying on private conversations and broadcasting them to strangers across the Internet. Many breathless headlines claim that devices like the Amazon Echo are always listening, and having them in your home means giving up on your privacy.
So we discuss how such devices work, and evaluate the actual privacy ramifications of this emerging and already popular technology.
How do voice controlled home assistants work?
The first question people usually ask is, are these digital home assistants really always listening to us? And the short answer is yes. Most of us will know that such devices are activated when a trigger word, known as a “wake word” is spoken. The default wake word for the Amazon assistants is “Alexa” and the Google Home is “OK Google“. For the device to activate upon hearing this word, it always has to listen out for it. If it didn’t listen, it simply wouldn’t know when to activate.
That’s simple enough, but does listening equate to spying? Of course this could depend on your interpretation of the word spying, but the short answer is not really. That’s because the device doesn’t broadcast any of the information it “hears” until the wake word is heard.
Sponsored Content. Continued below...
It works as follows –
1. The device continually records 1-secondish snippets of what’s going on.
2. The Echo analyses these audio snippets, and if the wake word isn’t heard, that recording is deleted immediately and replaced by the next. These recordings never leave the device. They don’t get broadcast on “the cloud”, they don’t get translated, and they don’t end up getting heard by anyone else (the exception being bugs or faults, which we go into later.) The only thing the device does with those recordings is to analyse whether they contain the wake word. If not, it gets deleted.
3. If the wake word is heard, both the Amazon Echo and Google Home light up, so you know it’s in activation mode. This is where any subsequent words it hears can be recorded and transmitted over the Internet. Of course in the vast majority of cases, the user is aware of this since they would have been the person to activate the device. If the device hears the wake word and no subsequent information, it returns to listening only mode.
When the device is activated, words need to be broadcast over the Internet because the device needs to know what you’re saying and what you want (i.e. a specific song to be played.) The servers of Amazon or Google, for example, are then able to translate your instructions and send back the desired information back to the device for you.
This is how most mainstream voice controlled home assistants work, including the Amazon Echo and Google Home. Now we understand this, it is apparent that claims that the devices are constantly spying on you, or recording you, are overly alarmist. Yes the devices are always listening, but only for that wake word. If they didn’t, they couldn’t work.
Claims that devices such as these keep history logs of past interactions and request are true. At the time of writing, both Amazon and Google allow users to see these recordings and delete them.
However any review about such assistants needs to cover the faults and vulnerabilities that have occurred in the past.
Faults and Vulnerabilities
Of course, as with most technologies, faults and bugs have occurred.
This includes the incident in Portland when a couple discussing hardwood floors had their conversation recorded and sent to a phone contact. Amazon investigated the incident at the time, and put forth the below statement –
Echo woke up due to a word in background conversation sounding like ‘Alexa.’ Then, the subsequent conversation was heard as a ‘send message’ request. At which point, Alexa said out loud ‘To whom?’ At which point, the background conversation was interpreted as a name in the customer’s contact list. Alexa then asked out loud, ‘[contact name], right?’ Alexa then interpreted background conversation as ‘right.’ As unlikely as this string of events is, we are evaluating options to make this case even less likely.
A rare occurrence indeed, but with so many people using such devices, incidents like this are going to happen. This includes the TV news program that featured a story about a girl who inadvertently instructed her Amazon Echo to purchase a dollhouse. During the story, the news anchor repeated the girls instructions, which duly instructed Echo devices in the vicinity of televisions playing the news program to try and do the same thing!
Sponsored Content. Continued below...
Then there was the security company that found a vulnerability in the Amazon Echo’s ‘re-prompt’ feature that could potentially allow an attacker to keep the device recording after the Echo asks the user to repeat what they said, while muting the device so the user wouldn’t necessarily be aware that the Echo was still recording. Amazon soon claimed to have fixed the vulnerability.
Our conclusion
Devices like the Echo and the Home represent the next stage in technology must-haves for the home, and given that they must constantly listen to their surroundings for instructions, they will naturally garner privacy concerns. It is important that such devices are always monitored, evaluated and improved to ensure that faults and vulnerabilities happen as infrequently as possible, and that their developers don’t overstep the mark to invade our privacy.
But it’s equally important not to let alarmist accusations or misinformation confuse a very serious concern. Claims that these devices are always recording, or always spying on us, are misleading.
We understand the apprehension that many consumers will inevitably have when it comes to installing a device in their home that is constantly listening to them, but this is a choice that consumers should make in full possession of the facts, which we’ve tried to outline here. Ultimately, however, we rank most of the accusations about such devices as either misleading or overly alarmist, but accept that such devices will inevitably pose privacy concerns.
It’s of course ultimately up to the end consumer whether they want such a device in their home.
If you are thinking about getting one, help support our website so we can provide more privacy and security related content and grab one through our affiliate links below.
US Readers –
Check out the Amazon Echo here – $99.99
Check out the Amazon Dot here – $49.99
UK Readers –
Check out the Amazon Echo here £89.99, £69.99 (22% off) & 3 month free subscription to Amazon Music Unlimited.
Check out the Amazon Dot here £49.99, £34.99 (30% off) & 3 month free subscription to Amazon Music Unlimited.
Check out the Google Home here.