Amazon's being greasy about Alexa user data. Again.

Remember when Amazon introduced the ability for folks easily delete their conversations with any of the Alexa wiretap they'd foolishly allowed into their homes? Boom! Gone! No more voice history! Everyone with one of the company's smart speakers could rest easy knowing that their personal information and shopping habits wouldn't be available for the marketing world to get its grubby meathooks on. HAHAHAAHAHAHA Yeah, that was bullshit. Even if you wipe your conversations with Alexa from your Amazon devices, Amazon still retains some information.

From CNET: ... Amazon noted that for Alexa requests that involve a transaction, like ordering a pizza or hailing a rideshare, Amazon and the skill's developers can keep a record of that transaction. That means that there's a record of nearly every purchase you make on Amazon's Alexa, which can be considered personal information.

Other requests, including setting reminders and alarms, would also remain saved, Huseman noted, saying that this was a feature customers wanted.

It gets better: Amazon says that they use this personal information to train Alexa to be an even better wiretap than it already is. What they don't say, however, is what third-parties, such as outside Alexa skill developers and marketers, are allowed to do with this leftover data.

Apparently, the only way to be sure that all of a customer's user data has been obliterated from the company's servers is for them to call customer service and demand that the personal information be nuked from orbit. Of course, given that the company has already been all kinds of greasy about promising to make personal data deletion a simple task for folks to undertake once, there's no guarantee that they won't quietly screw their users again. Read the rest

Vintage Apple TV and Alexa

Thomas Martin Lewins V has done what they said was impossible. He's made modern technology work with old fashioned devices.

First, he installed Apple TV on his big, clunky floor console television and now he can watch TV apps, like Netflix and Hulu, on it.

He writes:

Best Buy said it couldn’t be done. The internet said it was impossible. Eat my ass Best Buy, eat my ass internet.

HDMI to rca, rca to vcr, vcr to coaxial, coaxial to antenna.

After months of pulling my hair out and eating it. I present to you.

Vintage Apple TV.

Then, he installed Alexa on a bunch of vintage devices around his house.

Might have went a little overboard on this one,

The police were called to my house twice for noise complaints. (worth it)

I present to you,

Vintage Alexa.

Impressive! Read the rest

Amazon unveils a new Echo Dot surveillance device for children

The latest addition to Amazon's line of always-on, ever-listening, networked, insecure (1, 2, 3, 4, 5, 6, 7) snitchy smart speakers is the new rev of the Echo Dot Kids Edition, whose "kid-friendly" Alexa is like surveillance Barbie without the pretense of being a toy. Read the rest

New Amazon patent application reveals "solution" to missed Alexa instructions: always on recording

When you talk to Alexa and other voice assistants, you have to phrase your requests by starting with their "wakeword" ("Alexa" "OK Google" "Siri" etc). Read the rest

Illinois almost passed a bill that banned devices that record you without your consent -- and then Big Tech stepped in

This week, Keep Internet Devices Safe Act was gutted by the Illinois senate: it would have allowed people sue manufacturers if they determined that a device had engaged in remote recording without notifying its owner. Read the rest

Amazon stores recordings of Alexa interactions and turns them over to internal staff and outside contractors for review

Bloomberg reporters learned that -- despite public pronouncements to the contrary -- Amazon has an "annotation team" of thousands of people all over the world, charged with reviewing recordings made by Alexa devices in the field, with both staffers and contractors listening to conversations that Alexa owners have had with and near their devices. Read the rest

EFF's guide to creepy, surveillant Christmas gifts

Topping the Electronic Frontier Foundation's don't-buy for Christmas list: Facebook's Portal in-home spycams, followed closely by Alexa/Google Home and other "home hubs"; Verizon's "AppFlash" spyware-equipped phones; and even the Elf on the Shelf gets a look in (normalizes surveillance!). Read the rest

Alexa-enabled Big Mouth Billy Bass. Pre-order it for $40.

You can preorder an Alexa-enabled Big Mouth Billy Bass for $40. Read the rest

Hackers find exploitable vulnerabilities in Amazon Echo, turn one into a listening device

At Defcon, Tencent's Wu HuiYu and Qian Wenxiang presented Breaking Smart Speakers: We are Listening to You, detailing their work in successfully exploiting an Amazon Alexa speaker, albeit in a very difficult-to-achieve fashion. Read the rest

Voice assistants suck (empirically)

New research from legendary usability researchers The Nielsen (previously) Norman (previously) Group finds that voice assistants are basically a hot mess that people only use because they are marginally better than nothing. Read the rest

Amazon: 'Unlikely' string of events led to Echo recording a family's private chat & sending to some random guy

Amazon has now publicly responded to today's bombshell news that an Alexa/Echo personal digital assistive device recorded and then leaked a Portland family's private conversation to a third party acquaintance in Seattle. An "unlikely" string of events led to the freak occurrence, says Amazon. OK. Sure. Read the rest

Alexa listened to a couple's conversation and sent it to the husband's employee without permission

A couple in Portland is accusing Alexa of doing exactly what many people have feared she might do. They say she listened in on a conversation and sent it to a random contact of theirs – one of her husband's employees.

The woman, whose name is Danielle but whose last name hasn't been disclosed, says that two weeks ago she got a call from her husband's employee, who said, "Unplug your Alexa devices right now. You're being hacked."

According to KIRO-7 in Seattle:

"We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'no you didn't!' And the (recipient of the message) said 'You sat there talking about hardwood floors.' And we said, 'oh gosh, you really did hear us.'"

Danielle listened to the conversation when it was sent back to her, and she couldn't believe someone 176 miles away heard it too.

"I felt invaded," she said. "A total privacy invasion. Immediately I said, 'I'm never plugging that device in again, because I can't trust it.'"

Danielle says an Amazon engineer investigated.

"They said 'our engineers went through your logs, and they saw exactly what you told us, they saw exactly what you said happened, and we're sorry.' He apologized like 15 times in a matter of 30 minutes and he said we really appreciate you bringing this to our attention, this is something we need to fix!"

When KIRO-7 questioned Amazon, they responded with this: “Amazon takes privacy very seriously. Read the rest

Security researchers can turn Alexa into a transcribing, always-on listening device

Checkmarx researchers including Erez Yalon have created a "rogue Alexa skill" that bypasses Amazon's security checks: it lurks silently and unkillably in the background of your Alexa, listening to all speech in range of it and transcribing it, then exfiltrating the text and audio of your speech to the attacker. Read the rest

Alexa Ruins Families, cartoonified

Cartoonist Lauren eLL secretly recorded a funny family video, then turned it into a charming cartoon about how Alexa Ruins Families. Read the rest

Make your own Alexa-controlled toilet

Inspired by the $6,000 Alexa-controlled toilet at CES, Jonathan Gleich hacked together his own one-tenth the cost. The base of this smart throne is the Brondell Swash 1400 Luxury Bidet Toilet Seat, available for $650 from Amazon. The other components are a $46 auto flusher, $23 infrared link, and $17 Adafruit Feather HUZZAH microcontroller.

Gleich posted directions to make your own over at Instructables: "Alexa Controlled Toilet"

(via Make:) Read the rest

EFF tells the Copyright Office: we don't know how to make voice assistants better, but here's how not to make them worse

Every three years, the US Copyright Office asks for proposals for exemptions to Section 1201 of the DMCA, which bans breaking DRM; in 2015, the Electronic Frontier Foundation won a broad "jailbreaking" exemption to modify the firmware of phones and tablets; this year, we're asking for that permission to be extended to smart speakers like Alexa/Echo, Google Home, Apple HomePods, and the smaller players in the market. Read the rest

Adversarial examples: attack can imperceptibly alter any sound (or silence), embedding speech that only voice-assistants will hear

Adversarial examples have torn into the robustness of machine-vision systems: it turns out that changing even a single well-placed pixel can confound otherwise reliable classifiers, and with the right tricks they can be made to reliably misclassify one thing as another or fail to notice an object altogether. But even as vision systems were falling to adversarial examples, audio systems remained stubbornly hard to fool, until now. Read the rest

More posts