Hacker News new | past | comments | ask | show | jobs | submit login

The monitoring for keywords is done in the hardware or firmware. Nothing ever gets sent to Amazon until "Alexa" or "Echo" is recognized.

Do you really think it would be easy to hide a persistent audio datastream to a central server?




> The monitoring for keywords is done in the hardware or firmware. Nothing ever gets sent to Amazon until "Alexa" or "Echo" is recognized.

I think that what you mean is that the monitoring is done in the hardware or firmware using closed-source code that can and will be regularly updated remotely and hopefully securely. And that Amazon told us that it would wait until it thought it heard "Alexa" or "Echo" or anything that sounds sort of like it, or whatever they decide to change the software on your particular device to listen for in the future.


Yes, that's definitely a more precise statement of the facts as we know them today. Please allow me to expand on it:

Amazon has told us that this product we paid to have in our homes won't spy on us, and has (to my knowledge) given me or anyone else ZERO indication that they'd suddenly decide: "Privacy? Fuck that! Let's see if someone is saying something salacious in that bedroom in Watertown, NY; that customer seems to be buying a lot of lube." Or, less sarcastically, violate their paying customers' expectation of privacy to suit their own ends, whatever those may be.

Google, however, has "snuck in" code to actively listen to the microphone in their browser, which we don't pay for. I won't use the old "if you're not the buyer, you're the product" routine here, but I will say that I trust the privacy protections of a free browser with portions of black-box, closed-source code a hell of a lot less than I trust the same protections of a paid-for product with portions of black-box, closed-source code.


There's enough people out there hacking the echo and looking at the data getting sent back and forth that anything suspect would be all over HN and reddit within hours of the update that caused it. It has some closed source bits but watching the traffic is pretty trivial. Not saying they're not doing or won't do anything sneaky, but there's a good chance it'll get noticed if it does. Hell amazon already has so much info on me just from what I've willingly given them in account details and activity I'd almost be interested to see what more they think they'd get from eavesdropping and my everyday life. Maybe my ads will start being for things i want instead of things i just bought.


Now would be a good time for a third-party audit of the Amazon Echo firmware updating process.

It would probably also be fodder for frontpage HN, in case anyone needed some attention out there.


An audit would be wonderful. I worked on the Echo, and the updating process was extensively tested and audited, both internally and by third parties.


That's great! (And I'm a fan of my [two] Echos!) Do you have a link to said third-party auditing?


Would not need to be persistent or audio to get the job done


The same thing could be done to the billions of devices people carry on them around the world ("mobile phones").


Which all have the same background monitoring feature (e.g. Hey Siri or OK Google).




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: