Alexa is listening to what you say – and might share that with developers

Amazon is considering handing transcripts of everything Alexa hears over to third-party developers, according to sources close to the matter cited in a report from The Information.

One developer who used to be a product head on Amazon’s Alexa team, Ahmed Bouzid, says that current access only gives developers “70% of what they need to know” to get better at doing customers’ bidding. The Information reports that some teams already have access to full recording data, though it’s not clear which developers get added to that list and why.

This would be the first time that full transcripts from Amazon’s voice assistant were shared with third-party developers.

Amazon told CBS This Morning that it wouldn’t do this kind of thing without opt-in:

We do not share customer-identifiable information to third-party skills [apps] without the customer’s consent.

That’s not particularly reassuring. It’s common for data-gorging companies to point to a lack of identity details and equate that lack to a privacy shield. But in these days of Big Data, the claim has been proved to be flawed. After all, as we’ve noted in the past, data points that are individually innocuous can be enormously powerful and revealing when aggregated. That is, in fact, the essence of Big Data.

Take, for example, the research done by MIT graduate students a few years back to see how easy it might be to re-identify people from three months of credit card data, sourced from an anonymized transaction log.

The upshot: with 10 known transactions – easy enough to rack up if you grab coffee from the same shop every morning, park at the same lot every day and pick up your newspaper from the same newstand – the researchers found they had a better than 80% chance of identifying you.

At any rate, at this point, Amazon’s smart assistant only records what’s said to it after it’s triggered by someone saying “Alexa” (or one of the other trigger words you can choose for the device).

But it’s certainly possible that the voice assistant can be triggered by mistake. In January, San Diego’s XETV-TDT aired a story about a six-year-old girl who bought a $170 dollhouse and a small mountain  of cookies by asking her family’s Alexa-enabled Amazon Echo, “Can you play dollhouse with me and get me a dollhouse?”

Viewers throughout San Diego complained that after the news story aired, their Alexa devices responded by trying to order dollhouses.

The Google Home voice assistant has its own history of miscues: a Google Home ad, which aired during the Super Bowl in February, featured people saying “OK Google,” causing devices across the land to light up. As well, in April, fast-food restaurant Burger King aired a TV ad that triggered Google Home devices.

Arkansas police, for their part, are hoping that an Amazon Echo found at a murder scene in Bentonville might have been accidentally triggered on the night of a murder. If by any chance it was set to record, the recordings could help with an investigation into the death of a man strangled in a hot tub.

Amazon’s fight to keep Echo recordings out of court was rendered moot when the murder suspect voluntarily handed them over. But the case raised a bigger question: with Echo/Alexa, Siri, Cortana and Google’s Home assistant in many homes these days, and knowing that some of the technology is listening and recording, who might be able to exploit that?

In the Arkansas case, we know that it’s law enforcement who were after device recordings. But in the future, it could be hackers. In Amazon’s case, it’s looking like third-party developers are going to be in on the pony show. With all these ears eager to listen in on us, it’s smart to know the risks and take the appropriate defensive measures.

We’ve passed on these tips for locking down voice assistants in the past, and they’re worth repeating:

  • Not currently using your Echo? Mute it The mute/unmute button is right on top of the device. The “always listening” microphone will shut off until you’re ready to turn it back on.
  • Don’t connect sensitive accounts to Echo On more than a few occasions, daisy chaining multiple accounts together has ended in tears for the user.
  • Erase old recordings If you use an Echo, then surely you have an Amazon account. If you go on Amazon’s website and look under “Manage my device” there’s a handy dashboard where you can delete individual queries or clear the entire search history.
  • Tighten those Google settings If you use Google Home, you’re already aware of the search giant’s appetite for data collection. But Google does offer tools to tighten things up. Like the Echo, Home has a mute button and a settings page online, where you can grant or take away various permissions.

You can also prevent an Alexa device from storing recordings. Here’s how:

To delete specific recordings:

  • Open the Alexa app on your phone
  • Select Settings
  • Select History
  • Choose the recordings you’d like to delete

To delete entire history:

  • Open Amazon.com
  • Select Manage My Content
  • Click on Alexa
  • Delete entire history


from Naked Security – Sophos http://bit.ly/2twW0tF
via IFTTT

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s