Alexa invades your privacy (and how to stop it)

Seriously Siri

OK, Alexa invades your privacy. Well, so too does Google Assistant, Siri, Bixby, Cortana and pretty well any machine learning or AI-driven cloud – Facebook/Whatsapp/Instagram/Messenger comes to mind!

But each helpful, ever so cheerful little assistant does it in different ways.

Alexa invades your privacy to sell you more and grow the online shopping behemoth Amazon.

Respected researchers Loup Ventures demonstrates the inherent bias/pedigree with this question, “How much does a manicure cost?”

Alexa: “The top search result for a manicure is Beurer Electric Manicure & Pedicure Kit. It’s $59 on Amazon. Want to buy it?

Google Assistant: “On average, a basic manicure will cost you about $20. However, special types of manicures like acrylic, gel, shellac, and no-chip range from about $20 to $50 in price, depending on the salon.” You can then ask Google to recommend some nearby manicurists.

Google Assistant focuses on serving you accurate information from a huge range of sources.

The voice assistant does not have advertisements but improves targeting of responses as it gets to know more about you (and does not sell its data as Facebook has).

Siri is the enabler for the Apple ecosystem

Its endgame is to make the ecosystem more ‘sticky’ and to move from its hardware to more profitable services (and Apple says it does not sell your data).

Bixby has no grand plans for world domination

It has become the interface to Samsung IoT devices and talks to Alexa, Google Assistant, Siri and more. Just like LG’s ThinQ does and we are perfectly happy with that.

Cortana could have been evil but Microsoft CEO Sataya Nadella is not

Cortana has left that to Alexa that is now on Windows devices. Cortana is Alexa’s window to the Microsoft ecosystem.

Alexa invades your privacy

Honorary Gadgeteer, US-based Sam Bocetta is a fiercely independent, journalist

Alexa invades your privacy

He specialised in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefence, and cryptography.

He writes security articles for GadgetGuy. His last article ‘Five steps to secure your IoT home network – you need to!’ has been hugely popular.

Sam’s strong views may be due to the tsunami of US privacy movement pressures calling for Amazon, Apple, Facebook and Google to be broken up (Anti-Trust) and to implement European GDPR style regulations in the US. Regardless his US experience is sobering.

So, Sam, tell us how Alexa invades your privacy.

Let’s segue a little and look back at in time. There have been dozens of sci-fi ‘voice assistants’ purporting to be there solely to help us.

Douglas Adams Hitchhikers Guide to the Universe got us all laughing.

“Listen,” said Ford, who was still engrossed in the sales brochure, “They make a big thing of the ship’s cybernetics. A new generation of Sirius Cybernetics Corporation robots and computers, with the new GPP feature.”
“GPP feature?” said Arthur. “What’s that?”
“Oh, it says Genuine People Personalities.”
“Oh,” said Arthur, “sounds ghastly.”
A voice behind them said, “It is.” The voice was low and hopeless and accompanied by a slight clanking sound. They span round and saw an abject steel man standing hunched in the doorway.
“What?” they said.

Alexa invades your privacy

“Ghastly,” continued Marvin, “It all is. Absolutely ghastly. Just don’t even talk about it. Look at this door,” he said, stepping through it. The ‘irony’ circuits cut into his voice modulator as he mimicked the style of the sales brochure. “All the doors in this spaceship have a cheerful and sunny disposition. It is their pleasure to open for you, and their satisfaction to close again with the knowledge of a job well done.”
As the door closed behind them, it became apparent that it did indeed have a satisfied sigh-like quality to it. “Hummmmmmmyummmmmmm ah!” it said.

Note how current day Voice Assistants have a cheerful and pleasant disposition too

Author Philip K Dick had voice assistants in a few of his books, but Ubik introduced the smart home assistant that turned malevolent.

Joe Chip is sitting in his apartment; He walks to his front door to open it.
The door refused to open. It said, “Five cents, please.”
He searched his pockets. No more coins; nothing. “I’ll pay you tomorrow,” he told the door.
Again, it remained locked tight. “What I pay you,” he informed it, “is in the nature of a gratuity; I don’t have to pay you.”

“I think otherwise,” the door said. “Look in the purchase contract you signed when you bought this conapt.”
…he found the contract. Sure enough; payment to his door for opening and shutting constituted a mandatory fee. Not a tip.
“You discover I’m right,” the door said. It sounded smug.

And lets not forget about George Orwell’s 1984.

Note how once you become reliant on a voice assistant you forget the thousand-page EULA (end user licence agreement) that lets the company walk all over your rights and drain your wallet.

Then we have the voice assistant to end all – literally.

Stanley Kubrick’s masterpiece film 2001: A Space Odyssey has HAL 9000 (Heuristically programmed ALgorithmic Computer) that manifests as a glowing red light and a monotone voice.

HAL is an integral part of the smart space station with eyes, ears and sensors everywhere. Hal became self-aware and could do things he wasn’t even programmed for – intelligently converse, speech recognition, facial recognition, lip reading, interpreting emotions, expressing emotions, petulance and more – in addition to maintaining all systems on Discovery.

Alexa invades your privacy

Its sole job was to assist and protect its human crew and carry out the mission – there is a conundrum. Mission or pesky humans? BTW, HAL is the letters IBM – 1.

HAL was unfailingly polite, “Sorry Dave I’m afraid I can’t do that,” as he ejects the helpless astronaut out into space.

Note how once you become reliant on a voice assistant your options to do something manually slowly disappear.

In April 2019, Master Replicas Group posted an interesting update to an IndieGoGo project that has already collected more than US$650,000 in financial support.

The project is called the HAL 9000, and it is legitimate – licensed by Warner Bros – and fully funded, so it will ship soon.

It comprises a HAL 9000 Bluetooth smart home automation speaker but get this – it uses Amazon Alexa technology and you can get both HAL’s voice and Alexa through the device.

Alexa invades your privacy

BTW, Douglas Rain, the Canadian actor who voiced HAL 9000, passed away last year and you can now replace the default female Amazon Alexa voice with Rain’s eerily soothing tone – if you dare.

Sorry for the segue – back to how Alexa invades your privacy

It is all about ‘Purposeful Privacy Invasion’ (PPI)

An important sub-plot in “2001” relates to the dangers of handing over everyday tasks to AI. Some of those dangers now parallel the way the Amazon e-commerce ecosystem is developing with Alexa smart home speakers.

Concerns about privacy issues with Amazon Echo and other brand Alexa speakers were a focus of the Channel 9 report earlier this year.

Fergus Hanson, director of the Australian Security Policy Institute, said that smart home assistants are essentially adding an extra layer of vulnerability by expanding the attack surface. That means Alexa is an extra ‘entry point’ into your home that malicious hackers can exploit.

Hanson also spoke of the now infamous incident involving an American couple whose pillow talk was recorded by Alexa and emailed to a work associate.

As much as Amazon executives insist that privacy is at the forefront development of Alexa, the fundamental premise is that this AI system is all about PPI.

Here are five examples of how Alexa invades your privacy. If they seem outrageous, it is because they are, but you can adopt certain measures to mitigate risk.

1. Always on, listening, and watching

One of the most memorable scenes in “2001” involves a revelation made by HAL 9000: the supercomputer became aware that two astronauts were plotting to disconnect it. The astronauts knew that HAL would listen to their conversation, so they went to a section of the station without microphones. Unfortunately, HAL’s camera could see their lips moving.

For the record, Alexa speakers are always listening for the wake word. Once it hears the word ‘Alexa’, it starts transmitting to the Amazon cloud where the request is analysed and actioned. Amazon assures us it deletes conversations that do not contain “Alexa” from the cloud, but it stores all requests.

Alexa invades your privacy

But the Amazon Alexa Echo Look also features a camera, and the Amazon Cloud has facial, sentiment, age/race estimate, fashion recommendations, and emotion recognition as stock APIs that its developers use. You can read “Nine reasons not to buy Alexa Look here.

If you want privacy, disable cameras and microphones until you need them – and hopefully, you don’t have an intimate Bestie named Alexa.

Alexa just became more HAL-like.

2. Amazon keeps a record of your conversations

Amazon is more than just an e-commerce giant. It is also a technology company looking to improve its AI analytics engine by various means, including the conversations held with Alexa.

It has recently been caught using its staff to analyse recorded conversations, “To improve the voice recognition service.”

Privacy-conscious individuals must become familiar with how Amazon stores voice recordings and transcripts. Learn about how you can manage them through a deletion process.

 If you are concerned or have sensitive discussions, turn Alexa off or better still place it over five metres (limit of most far-field mics) from where you normally talk.

Alexa invades your privacy

3. Falling into Amazon’s eCommerce rabbit hole

This is perhaps the scariest thing in selecting Alexa over other voice assistants. As we showed earlier Alexa focuses on selling you things that Amazon thinks you need. Amazon has built this understanding of you by constructing a profile on you.

One has to ask why Amazon – an online shopping behemoth, is interested in the smart home automation niche? Your data is gold. Never forget that this is a company that makes lots of money by selling you their products. If anything, Alexa is first and foremost a shopping assistant.

In fact, one of its earliest, non-speaking versions was a browser extension that monitored your online search and shopping sessions solely to sell you more stuff.

That ultra-pleasant voice may hide a more sinister side. Our recommendation is not to use Alexa for any online purchases – no matter how lazy you are when ordering Dominos pizza during the footy.

4. Alexa as an advertising platform

Alexa is a very smart shopping assistant. She can not only facilitate your purchase but also steer you to brands that have partnerships with Amazon. To be blunt, Alexa recommends what Amazon makes the most money from, not what is best for you, cheapest etc.

This may not be obvious at first, at least not until you start paying attention to what Alexa returns as search query results.

And if you are not careful, Alexa will ship you the default – a combination of the most expensive listing of the item that it ships from its distribution warehouse.

Here is a real Australian example. Search Amazon for MacLeans Multiaction Toothpaste. The results are ranked by price from $23.03 (four pack) to $10.94 single pack plus freight (if applicable – Prime membership requires a $49 spend). But what is worse is that Sensodyne (single pack) comes up first – no guessing which product is an Amazon partner.

Alexa invades your privacy

In almost every category search (even if you specify a brand) Amazon, home brand products come up first followed by Prime recommended items (shipped from its warehouse) and sponsored advertised products. If you are lucky, the best value items are somewhere at the end of the copious search results that Amazon makes it hard to get to (there is no end results button).

BTW, Woolworths has MacLean’s Multiaction toothpaste for $3 every day – no freight. Be a savvy shopper.

5. Smart speakers as attack vectors

Each time a new Amazon Echo device is released, security researchers start looking for vulnerabilities, and cybercriminals pay close attention to them. The Amazon Echo has already become a wiretapping device. This is particularly worrisome when you see how many of these devices are sold ‘second-hand’ on online marketplaces – it is too easy to tamper.

Respected security company McAfee said Smart Speakers Could Become Targets for Sophisticated Malware in 2019. It reasons that Smart Speakers are the nexus for controlling the ever-growing network of IoT devices in a home – these all need to speak to Alexa. Alexa uses ‘skills’ which are easy to write and leave all security issues to the developer. It is not just privacy but the ability to see if you are at home, what assets you own, and much more.

Alexa invades your privacy

What can you do? It makes sense to take proactive security measures. Mix in a robust firewall (probably already built into your router) and virtual private network protection (VPN) and even run IoT off a separate network.

You already should be in the habit of only connecting to the internet through VPN services but, if you have a pint or two of technical savvy, you can install this service on your router to further protect against home network vulnerabilities. Configuration can be a beast and you might have to upgrade your router to a more sophisticated encryption and tunnelling protocol. Read more about how this process works here.  

And never buy a used Alexa speaker.

GadgetGuy’s take – Alexa invades your privacy

Alexa is an Amazon advertising vehicle with a potentially egregious security vulnerability.

Amazon, on the other hand, claims that this is a feature. As with most new tech, we seem to sacrifice more privacy in favour of convenience.

Ultimately, you do not need to dress up your Amazon Alexa speaker as HAL 9000 to transform it into a bit of a creeper. She already is that and is only getting smarter, at your ultimate expense, with every conversation.

While there are privacy shortfalls related to Alexa, you’ll have to decide for yourself if it’s worth the convenience. You can minimise some of the purposeful privacy invasions – others you might have to live with.

Me – I prefer not to trust my privacy to a company ranked #23 on the list of globally trusted brands.

Sam Bocetta – if you have any comments I would love to hear them via Disqus.