cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CISOScott
Community Champion

We are listening....

In an article NEST has "hidden" microphone, Google admits it didn't tell users about hidden microphone, but you know, it wasn't meant to be a "secret"....

 

Every time I win one of these at a conference I let my kids sell it. I already have my smart phone, smart TV and other stuff "listening" to me I don't need another...

9 Replies
CraginS
Defender I

 

 


@CISOScott wrote:

In an article NEST has "hidden" microphone, Google admits it didn't tell users about hidden microphone, but you know, it wasn't meant to be a "secret"....

 


Google "forgot" to tell consumers that the mic is there "for future features."

You know.. like they "forgot" to turn off the Google StreetView camera cars' WiFi feature that recorded all flow content on every WiFi device they cataloged as they drove along. 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
CISOScott
Community Champion

I remember learning several years ago about how Google could pinpoint your location even if you had location services turned off on your phone. They would just see what wi-fi devices you were near and they could find out where you were. They supposedly "turned it off" on the phones several years ago.

CraginS
Defender I


@CISOScott wrote:

I remember learning several years ago about how Google could pinpoint your location even if you had location services turned off on your phone. They would just see what wi-fi devices you were near and they could find out where you were. They supposedly "turned it off" on the phones several years ago.


For many years both Google and Apple have had their phones reporting locations of identifiable WiFi and Bluetooth access points, building a huge geolocation database that actively supplements GPS location. This is how your phone can drill down and indicate what building you are in but even what part of the building.

It is also why  pop-up tells you to turn on WiFi or Bluetooth if either are off when you activate location services.

 

I have tested this location tracking with WiFI and Bluetooth only by opening a map on an iPod Touch to download a local map, then use it on a Metro train. It tracks fairly well, given there is no cell tower link and no GPS. 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Shannon
Community Champion

 

This reminds me of something that happened a few days ago at work. I was talking to a colleague about an implementation in our department, and some 20 minutes into our conversation his iPhone's virtual assistant (Siri) abruptly voiced an opinion!

 

What it said wasn't relevant to the topic, but I was really surprised 'coz it ran even though: -

 

  1. The phone was on the desk, so no buttons were pressed.
  2. No part of what we'd said sounded anything like 'Hey Siri.'
  3. My colleague never set Siri to be triggered by other things.
  4. The phone had both Bluetooth and WiFi turned off on it.

 

I'm aware of the fact that voice-recognition software has its risks --- & this was no-doubt a scary reminder... 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
CISOScott
Community Champion

One of the things I ask people when they turn these "features" on is this:

1) How does it know when you said "Hey, Siri?" (or whatever your device's catchphrase is).

It MUST be listening all the time in order to be responsive.  Or is Siri a psychic?

2) Once it does think you awakened it on purpose, how does it know how to interpret what was just said?

It MUST send the request off to be analyzed.

3) Does it analyze everything you said or just look for keywords?

If you say "Alexa, what is the weather today?" Does it just gather your location data, which it already knows, and regurgitate the weather forecast for the current day?

And WHO is doing the analyzing?  A machine or a human?

Once the analyzing is done, what is done with the conversation? Do they store it like they do every other detail about your Internet life?

In 5 or maybe 10 years have they recorded enough of your conversations to be able to piece together a full conversation in your voice?

Maybe a little cynical thinking but who knew that 10-20 years ago that we would be at this point now?

 

CraginS
Defender I


@CISOScott wrote:

One of the things I ask people when they turn these "features" on is this:

1) How does it know when you said "Hey, Siri?" (or whatever your device's catchphrase is).

It MUST be listening all the time in order to be responsive.  Or is Siri a psychic?

2) Once it does think you awakened it on purpose, how does it know how to interpret what was just said?

It MUST send the request off to be analyzed.

3) Does it analyze everything you said or just look for keywords?

If you say "Alexa, what is the weather today?" Does it just gather your location data, which it already knows, and regurgitate the weather forecast for the current day?

And WHO is doing the analyzing?  A machine or a human?

Once the analyzing is done, what is done with the conversation? Do they store it like they do every other detail about your Internet life?

In 5 or maybe 10 years have they recorded enough of your conversations to be able to piece together a full conversation in your voice?

Maybe a little cynical thinking but who knew that 10-20 years ago that we would be at this point now?

 


All my experience is with Alexa, but here is what I have learned.

For all three major players (Amazon's Alexa, Google's OK Google, and Apple's Siri) the companies claim that unless you have switched the mic off (there is an easy way to do so) the devices are, as you suggest, listening at all times for the trigger word. However, there is no recording within the device or transmission to the mother ship, until the trigger word (Alexa/Computer, OK Google, or Siri) is recognized by the local device on-board computer. At that time, the device fires up communication with the mother ship, and all it hears that begins within 5 seconds of the trigger word is sent to the Big AI in the Sky(net). 

The home office AI interprets the command and responds accordingly with reply or action. Yes, Alexa does already know the device location, so it is easy to provide the local weather, news, and transportation information. 

I cannot speak to Google or Apple, but yes, Alexa does preserve all of the recorded conversations. The account holder can review them and delete selected recordings if desired. Also, I am sure that part of the learning at the home office for each account is to recognize recurring commands, like my "Alexa, play Willie Nelson," to speed action when a repeat command happens. 

 

Even more fascinating is the Google effort, and apparently soon the Alexa plan, to distinguish separate recurring voices, so a profile can result for each household member, to speed replies and suggestions.  

 

As for the persona data and profile accumulation over the coming decades, i think we have more to worry about the police-linked public surveillance cameras in London, Nwe York, Chicago, etc., than from these commercial services.

That said, BE VERY WARY of legislatures pushing laws requiring government access to the commercial databases. 

I recommend membership in EPIC and EFF.

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
CraginS
Defender I

Of course, we should also consider how much to believe the three companies when they tell us how their programs work.

 

Note the Google NEST microphone debacle in another thread.

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Shannon
Community Champion

 

Since we're talking about Google listening, another area you'd probably have noticed this is with Gmail --- but we'd probably want to refer to it as 'reading' in this case.

 

The AI includes the features of Smart Compose, Smart Reply and Nudges. I consider the first 2 a nuisance, & prefer not to become dependent on the 3rd. Fortunately, all can be disabled in the settings, shown below: -

 

Gmail settings.png

 

 

Another feature --- supposedly part of Google Labs --- which I haven't found any specific setting for, relates to the attachments. When I first encountered, I found it a bit amusing and posted something about it on LinkedIn.

 

Given that it hasn't appeared since, perhaps Google's AI has somehow understood that I don't appreciate it too much.

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Badfilemagic
Contributor II

So many companies these days have products and business plans that would have made the Stasi drool -- and people bring these things into their homes and lives on purpose! It's baffling to me -- but then, the experiences of Europe in the 20th century are surely informing GDPR, etc. If someone wants to bug my thermostat, they're going to have to do it the old fashioned way -- with a black bag, a Polaroid camera  and some drugged dog treats.

-- wdf//CISSP, CSSLP