- There is not evidence that these devices record and transmit without an activation word triggering this behavior
- However, there is nothing to stop companies from breaking this assumption
- Some people think the risk of one of these companies flipping a switch and recording everything is negligible
- Some people think the risk of one of these companies flipping a switch and recording everything is warrants serious concern
- These two groups will not agree, and that's fine :)
There is hard evidence [1][2] you can remotely operate Echo recording capabilities without a wake word. Hope this puts the 'hardware limitation' claim to bed.
Nice summary. For those who believe that one of these companies might (intentionally or accidentally) "flip the switch", would a project like this really do that much to persuade you that the device had now become safe for use? Or would you simply avoid knowingly purchasing any such devices? (In that sense I'm struggling to understand the true customer for a neat hack like this.)
While I appreciate the sentiment...unless you actually think Google and Amazon devices are recording irrelevant ambient sound deliberately (they aren’t), this doesn’t help anything. Unless the software here is better than theirs at recognizing the trigger word (very unlikely), there will be even more false positive activations on this device than there are on the originals.
Edit: It’s very unlikely because Amazon and Google pay for false positives, so they have a strong incentive to develop really good trigger word detection.
Every cellphone in the world has a microphone that could be listening all the time and sending data anywhere. So does most every computer. It's a better threat vector by 1000x, more stealthy, easier to conceal traffic. But all anyone ever talks about is a device designed to listen to you talk because hey, so obvious, big brother MUST be listening in there!
Cell phones have batteries, so it would be even less practical for phones to be "phoning home" a stream of what's going on around it at all times than a "smart speaker".
You have a point, but what makes you believe that such things are not happening for some people? Do you have any proof that the low power microphone is not recording voice all the time?
So doesn't Alexa already not record until you say the trigger word? If we don't trust that that is the case, then sure this device covers that, but it doesn't change the fact that they are still collecting data on every command you issue to the device.
This is a brilliant idea. I'm curious about a lot of the implementation specifics like how audible the white noise is in a silent room and what kind of UX trade offs it brings.
Yeah, I'm wondering how it should work when you say the wake word too. Like if I say "Sister Assumpta, what's the weather like?" is it just going to repeat the same command but replace "Sister Assumpta" with "Hey Google?" Thus slowing the whole thing down?
I'm curious whether it will handle the audio trigger as well as Google/Amazon/Apple. It takes some pretty advanced audio algorithms to catch "hey Google" in a busy kitchen. It would be pretty frustrating if this device caused these devices to trigger even more inconsistently.
Everything about this is radical aside from the way they made it resemble an actual fungus growing on a device. This is the most extreme skeuomorphism I’ve ever seen.
You could also just not buy one of those awful things. I have never seen a legitimate use for it that wasn't misplaced adolescent tech fantasies (omg I can tell big brother to make coffee and my keurig starts up!). But maybe my line of business has made me excessively paranoid / niche
I would like to make an edit: functionality for those with disabilities is a huge use-case I did not consider. Thank you for your insightful comments
I like to be able to play music, ask simple questions, etc. without pulling out my phone. I don't understand why those aren't "legitimate" use cases. Maybe you don't like the tradeoff you're making in using such a device, but if I'm fine with it, how are my uses cases not legitimate?
I have four. I like being able to ask a question while I'm still typing away. I like being able to turn on my TV and change the volume without having to find a remote control that is always somehow somewhere it shouldn't be. I like being able to turn off every light in the house and the iron by just saying "alexa, turn off everything" as I head out the door. My son loves being able to turn off the lights in his room and start a playlist to help him go to sleep with "alexa, good night". I love being able to start any playlist from anywhere in the house without touching any buttons, or turning the lights on or off when my hands are full without putting things down. Or asking for the time. Or when the next bus leaves the nearest bus stop.
Any one of those things are just a tiny little convenience, but it adds up, and while I bought one just to see what they'd be like not expecting to use it that much, I now use them dozens of times a day.
I'm probably biased because I lived my early childhood behind the Iron Curtain but I can't for the life of me understand why someone would buy these. The cost-benefit is just not there.
Do you have kids? I have three small ones, and they are just starting to desire technology. From my perspective, letting them control music (which they want, and I want them to have) is much better using a Google Home device than giving them access to my phone or tablet.
If you don't have kids, you have no idea how loud and aggressively they will scream when they want something, and especially when these devices are visible to them (if you "need" to respond to a text message, etc).
Yes, it is a devil's bargain. Yes, I'm sure some families are able to, through sheer force of will, completely restrict access to technology. In my family, we are acknowledging we have lost the battle to prevent them from using technology and are seeking solutions that help them manage their desires and create healthy boundaries. I guess we can all argue over what is "healthy" and "normal."
Things like Google Home and Family Link (all from Google) do allow us to control access in a way that I prefer.
So, this "hack" is really exciting because I do care that my two year old already knows Google as a brand.
I'm open to hearing suggestions and have even attempted to build my own open source alternatives, but using voice is a modality that is preferable for so many reasons, and I don't see alternatives that won't be worse.
It's somewhat poignant that you say "adolescent" because I know a number of octogenarians and nonagenarians for whom these are indispensable. I won't buy one at this phase in my life, but there will come a point in most people's lives where having an omnipresent corporation listening in will become a net positive.
I would of course prefer dear friends listening in, but who knows what life will bring.
Never seen a single use case? How about a kitchen assistant, especially with dirty hands, or a task doer for the elderly or otherwise mobility disabled. It’s a generic time saver, and time=money for most people.
I mostly agree with you but there is a legitimate use.
Imagine if you couldn't use your hands or interact with technology due to a disability - these devices would make the world so much easier to interact with.
Anyone who grew up watching Star Trek has probably dreamt at some point of being able to simply say "Computer" and then send a voice command. We just didn't expect the tech to become popularized by advertising/retail companies.
My dad just had some major health issues, and has a much harder time getting around the house. He finds these things pretty useful to save him some trips around the house.
I'm privacy conscious and bought a couple of minis. I don't use the mics but I thought I had a legitimate use case without one. It's falling short and I'm looking around for replacement devices.
I flipped the hardware mic switch off on it, to try to make it a dumb wifi speaker instead of a "smart" one. Then I built a software alarm clock that forces me to leave the room after I wake up in order to turn it off.
For me, it's very important for my alarm clock to be both effective, and to always work. The alarm clock runs as a remote task and connects directly to the mini, telling it to play an MP3 from the local network (by IP because the mini ignores DHCP DNS server). If I hit the mini touch controls to turn it off, the software starts playing a different MP3 a second later. If I try to unplug the cable from the device, duct tape stops me. Thoughtful wrapping of the cable around a solid furniture post prevents any yanking from being effective at tearing it out of the wall. If one mini is down (fairly rare but possible point of failure), the other one is attempted.
So, it's fairly impossible for me to just turn it off without waking up and giving it a bit more thought. I have to leave the room and tap a button on a touch screen (ubuntu in kiosk mode reaching web app on local network).
The unfortunately fatal flaw is that after months of effective use, I recently discovered that my highly available alarm clock was not actually highly available. It breaks when the internet is out. I could not connect over local network. There's always the possibility that something else was a factor, but I reproduced it a couple of times intentionally.
It also concerns me that the mini doesn't require authentication. Anyone on the local network can directly reach the device and do the same thing. A script meant as an alarm clock could turn into a device of psychological torment in someone elses hands. This lack of authentication, and the ability to auto-discover the speakers, is probably something they consider a 'feature'. I don't like seeing Chrome waste system resources in its attempt to scan my local network on the off chance that Google's speakers are there. And I don't want it to reach out to those speakers when it does find them. But it does it anyway.
In the end, with the microphone disregarded, it's a cheap wifi speaker. I won't count Chrome's bad behavior against it, but its software could be improved by offering (any) secure connection options. The lack of internet as a single point of failure dooms any kind of gadgetry with a reliability requirement from using it. It can't be considered reliable enough for serious tasks like waking you up for work or a flight unless they fix the software to work in a local-network-only mode. But, it is cheap, and, well, mostly available, which is often good enough for to-hand use cases.
Speculation: Is the lack of mini's heartbeat phoning home Google's own way of determining network reliability across wide geographic areas (eg, the lack of data in an aggregate area)? But they probably know this already from the wide spread of Android devices. Or do they maybe just not want their device to work unless it can reach back to them?
I love this idea. I've wanted to do something similar for a long time, but I was thinking about building a home assistant where the always-on mic was a complete separate board that only listened for wake words and had no internet access. The main mic would only be powered on when the smaller board woke it up. Alias achieves the same thing in a much simpler way to where I might actually consider buying a home assistant now.
How is this different than an actual echo device as it sits now?
You're still relying on a piece of software to make the wake-word assessment and hand off the audio to the cloud. Now you're just adding more hardware parts to fail.
If your argument is that you trust your software more than Amazon's, then you shouldn't need anything more than a single microphone anyways because why would you surveil yourself?
I'm much less interested in gating audio recording (which I have reasonable confidence in the device itself doing) and much more interested in being able to use a device like this without turning on all of the various histories. Google Assistant refuses to do most of its interesting functions (other than trivial things like setting an alarm) without turning on search history, location history, voice history, and various device information.
There's no good reason for it to require that information for a request like like "play XYZ on YouTube".
> which I have reasonable confidence in the device itself doing
A few horror stories related to Alex hint that it might not be doing a very good job. The grammar/syntax it uses to wake is much more complex than what Alias is proposing as a safe alternative. The most blatant example would be the Portland, OR couple that found the Alexa device making phone calls to people as they had a discussion near it.
Do Alex and Google have software APIs? Can you make a hardware device (eg Raspberry Pi) that listens for a wake up then sends to the API? Seems more elegant.
As a bonus, maybe your device could understand "Alexa..." and "OK Google..." and send to the relevant API. Use Alexa for shopping and Google for searches?
Google assistant has an API here [0], and Alexa has a fairly large amount of documentation here [1]. In theory, the devices already claim to do this. If you don't trust that they do, you probably shouldn't have one full stop.
Hm, I don't quite understand how this works. So, if you say "Alias", then Alias has a built-in speaker that whispers "Hey Google" (or the equivalent) into the microphone. What if I start the question before Alias has finished analyzing my speech and playing the "Hey Google"?
Assuming they didn't do that already, a couple more mics in the device base with noise cancelling circuitry if implemented the analog way or in software will defeat this project in no time.
I applaud the intent, but unless one knows for sure how many mics are there, including tiny MEMS devices like accelerometers that can be used as such, and can physically disconnect them all, there's no way to know the device isn't listening.
Scary stuff, don't read HN past bedtime! It's probably more tricky to pull of this trick with complicated brains, but who really knows how we tick and who is running us.
Access to privacy equals business today.
Therefore turning this "promise of privacy" project over to the business sector would be a contradiction in terms.
Most of the world does not care that companies/governments have access to their privacy.
Snowden is a good example of this principle.
The few that do care would not be enough to sustain this "promise of privacy" business model.
Therefore the responsibility is upon each individual to make their own Alias in order to protect their own privacy using this open source maker project. Great work to all those that worked on the Alias project!
This is going to mess up the voice detection. It's keyed off of the original trigger word and knows who is talking to it so you get reminders and other items specific to that person.
That is, use Google Home/Alexa/Apple Home for their speech recognition abilities while ensuring it doesn't eavesdrop and works with any other smart device that you have (e.g. there is no way to directly control Nest using Apple Home).
There's really no need for that. Google at least has a speech recognition API that you could send audio to directly; no need to use a Google Home as a middleman if that's all you want.
“Echo woke up due to a word in background conversation sounding like “Alexa.” Then, the subsequent conversation was heard as a “send message” request. At which point, Alexa said out loud “To whom?” At which point, the background conversation was interpreted as a name in the customers contact list. Alexa then asked out loud, “[contact name], right?” Alexa then interpreted background conversation as “right”. As unlikely as this string of events is, we are evaluating options to make this case even less likely.”
"For these instances, Amazon claims that the devices were likely triggered by false positive commands."
in my mind, it's not a question of if the device is recording you, because that's exactly what it's made for. it's a question of, if the company or even worse, govt. want to use these devices for spying or info gathering.
we already know the NSA has back doors and exploits they explicitly decide to keep open so they can access devices for information gathering i.e spying.
[+] [-] maybelater|7 years ago|reply
- There is not evidence that these devices record and transmit without an activation word triggering this behavior - However, there is nothing to stop companies from breaking this assumption - Some people think the risk of one of these companies flipping a switch and recording everything is negligible - Some people think the risk of one of these companies flipping a switch and recording everything is warrants serious concern - These two groups will not agree, and that's fine :)
[+] [-] withinrafael|7 years ago|reply
[1] https://news.ycombinator.com/item?id=18905161
[2] https://m.youtube.com/watch?feature=youtu.be&v=Mme9d-ojpNo
[+] [-] VMG|7 years ago|reply
[+] [-] dweekly|7 years ago|reply
[+] [-] wrs|7 years ago|reply
Edit: It’s very unlikely because Amazon and Google pay for false positives, so they have a strong incentive to develop really good trigger word detection.
[+] [-] creeble|7 years ago|reply
Every cellphone in the world has a microphone that could be listening all the time and sending data anywhere. So does most every computer. It's a better threat vector by 1000x, more stealthy, easier to conceal traffic. But all anyone ever talks about is a device designed to listen to you talk because hey, so obvious, big brother MUST be listening in there!
[+] [-] philsnow|7 years ago|reply
[+] [-] spacedog11|7 years ago|reply
[+] [-] goda90|7 years ago|reply
[+] [-] iratewizard|7 years ago|reply
[+] [-] Spellchamp|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] hcurtiss|7 years ago|reply
[+] [-] whalesalad|7 years ago|reply
[+] [-] mnsc|7 years ago|reply
[+] [-] WAthrowaway|7 years ago|reply
I would like to make an edit: functionality for those with disabilities is a huge use-case I did not consider. Thank you for your insightful comments
[+] [-] michaelmior|7 years ago|reply
[+] [-] vidarh|7 years ago|reply
Any one of those things are just a tiny little convenience, but it adds up, and while I bought one just to see what they'd be like not expecting to use it that much, I now use them dozens of times a day.
[+] [-] decebalus1|7 years ago|reply
[+] [-] xrd|7 years ago|reply
If you don't have kids, you have no idea how loud and aggressively they will scream when they want something, and especially when these devices are visible to them (if you "need" to respond to a text message, etc).
Yes, it is a devil's bargain. Yes, I'm sure some families are able to, through sheer force of will, completely restrict access to technology. In my family, we are acknowledging we have lost the battle to prevent them from using technology and are seeking solutions that help them manage their desires and create healthy boundaries. I guess we can all argue over what is "healthy" and "normal."
Things like Google Home and Family Link (all from Google) do allow us to control access in a way that I prefer.
So, this "hack" is really exciting because I do care that my two year old already knows Google as a brand.
I'm open to hearing suggestions and have even attempted to build my own open source alternatives, but using voice is a modality that is preferable for so many reasons, and I don't see alternatives that won't be worse.
[+] [-] melling|7 years ago|reply
https://h4labs.wordpress.com/2017/09/27/groundhog-day-amazon...
No one cares if you don’t want to use it. No one needs to justify why they want to use one to you.
[+] [-] lukeschlather|7 years ago|reply
I would of course prefer dear friends listening in, but who knows what life will bring.
[+] [-] cityofdelusion|7 years ago|reply
[+] [-] SketchySeaBeast|7 years ago|reply
This seems a lot like "old man yells at cloud". The same could be said for personal computers 40 years ago.
[+] [-] tjr225|7 years ago|reply
Imagine if you couldn't use your hands or interact with technology due to a disability - these devices would make the world so much easier to interact with.
[+] [-] glitcher|7 years ago|reply
[+] [-] creato|7 years ago|reply
[+] [-] frogpelt|7 years ago|reply
But do we really need technology to save us any more time? Are we really filling the empty time with worthwhile activities?
[+] [-] Kiro|7 years ago|reply
[+] [-] kingnothing|7 years ago|reply
[+] [-] heroprotagonist|7 years ago|reply
I flipped the hardware mic switch off on it, to try to make it a dumb wifi speaker instead of a "smart" one. Then I built a software alarm clock that forces me to leave the room after I wake up in order to turn it off.
For me, it's very important for my alarm clock to be both effective, and to always work. The alarm clock runs as a remote task and connects directly to the mini, telling it to play an MP3 from the local network (by IP because the mini ignores DHCP DNS server). If I hit the mini touch controls to turn it off, the software starts playing a different MP3 a second later. If I try to unplug the cable from the device, duct tape stops me. Thoughtful wrapping of the cable around a solid furniture post prevents any yanking from being effective at tearing it out of the wall. If one mini is down (fairly rare but possible point of failure), the other one is attempted.
So, it's fairly impossible for me to just turn it off without waking up and giving it a bit more thought. I have to leave the room and tap a button on a touch screen (ubuntu in kiosk mode reaching web app on local network).
The unfortunately fatal flaw is that after months of effective use, I recently discovered that my highly available alarm clock was not actually highly available. It breaks when the internet is out. I could not connect over local network. There's always the possibility that something else was a factor, but I reproduced it a couple of times intentionally.
It also concerns me that the mini doesn't require authentication. Anyone on the local network can directly reach the device and do the same thing. A script meant as an alarm clock could turn into a device of psychological torment in someone elses hands. This lack of authentication, and the ability to auto-discover the speakers, is probably something they consider a 'feature'. I don't like seeing Chrome waste system resources in its attempt to scan my local network on the off chance that Google's speakers are there. And I don't want it to reach out to those speakers when it does find them. But it does it anyway.
In the end, with the microphone disregarded, it's a cheap wifi speaker. I won't count Chrome's bad behavior against it, but its software could be improved by offering (any) secure connection options. The lack of internet as a single point of failure dooms any kind of gadgetry with a reliability requirement from using it. It can't be considered reliable enough for serious tasks like waking you up for work or a flight unless they fix the software to work in a local-network-only mode. But, it is cheap, and, well, mostly available, which is often good enough for to-hand use cases.
Speculation: Is the lack of mini's heartbeat phoning home Google's own way of determining network reliability across wide geographic areas (eg, the lack of data in an aggregate area)? But they probably know this already from the wide spread of Android devices. Or do they maybe just not want their device to work unless it can reach back to them?
[+] [-] lftl|7 years ago|reply
[+] [-] amdavidson|7 years ago|reply
You're still relying on a piece of software to make the wake-word assessment and hand off the audio to the cloud. Now you're just adding more hardware parts to fail.
If your argument is that you trust your software more than Amazon's, then you shouldn't need anything more than a single microphone anyways because why would you surveil yourself?
[+] [-] tantalor|7 years ago|reply
[+] [-] JoshTriplett|7 years ago|reply
There's no good reason for it to require that information for a request like like "play XYZ on YouTube".
[+] [-] ddtaylor|7 years ago|reply
A few horror stories related to Alex hint that it might not be doing a very good job. The grammar/syntax it uses to wake is much more complex than what Alias is proposing as a safe alternative. The most blatant example would be the Portland, OR couple that found the Alexa device making phone calls to people as they had a discussion near it.
[+] [-] ape4|7 years ago|reply
As a bonus, maybe your device could understand "Alexa..." and "OK Google..." and send to the relevant API. Use Alexa for shopping and Google for searches?
[+] [-] maccard|7 years ago|reply
[0] https://developers.google.com/assistant/sdk/overview [1] https://developer.amazon.com/alexa
[+] [-] mLuby|7 years ago|reply
[+] [-] arnarbi|7 years ago|reply
[+] [-] lqet|7 years ago|reply
[+] [-] squarefoot|7 years ago|reply
[+] [-] MichaelMoser123|7 years ago|reply
Here it says the fungus is pulling this trick only on its favorite ant species, amazing:
https://www.livescience.com/47751-zombie-fungus-picky-about-... https://www.sciencedaily.com/releases/2014/08/140825142124.h...
Wikipedia has a list of mind altering parasites; it turns out that this not a unique hack. https://en.wikipedia.org/wiki/Category:Mind-altering_parasit...
Scary stuff, don't read HN past bedtime! It's probably more tricky to pull of this trick with complicated brains, but who really knows how we tick and who is running us.
[+] [-] cheriot|7 years ago|reply
[+] [-] seheaven|7 years ago|reply
[+] [-] ars|7 years ago|reply
[+] [-] LawnboyMax|7 years ago|reply
That is, use Google Home/Alexa/Apple Home for their speech recognition abilities while ensuring it doesn't eavesdrop and works with any other smart device that you have (e.g. there is no way to directly control Nest using Apple Home).
[+] [-] kelnos|7 years ago|reply
[+] [-] mikeyg|7 years ago|reply
[+] [-] who-knows95|7 years ago|reply
-https://www.kiro7.com/news/local/woman-says-her-amazon-devic...
amazons statement is:
“Echo woke up due to a word in background conversation sounding like “Alexa.” Then, the subsequent conversation was heard as a “send message” request. At which point, Alexa said out loud “To whom?” At which point, the background conversation was interpreted as a name in the customers contact list. Alexa then asked out loud, “[contact name], right?” Alexa then interpreted background conversation as “right”. As unlikely as this string of events is, we are evaluating options to make this case even less likely.”
-https://www.theverge.com/2018/5/28/17402154/how-to-see-amazo...
amazon
"For these instances, Amazon claims that the devices were likely triggered by false positive commands."
in my mind, it's not a question of if the device is recording you, because that's exactly what it's made for. it's a question of, if the company or even worse, govt. want to use these devices for spying or info gathering.
we already know the NSA has back doors and exploits they explicitly decide to keep open so they can access devices for information gathering i.e spying.
-https://www.wired.com/story/eternalblue-leaked-nsa-spy-tool-...
so, i feel if you don't wish to open yourself up to the idea of a device spying on you, that's perfectly acceptable.