I know this has been talked about for years, but I'm skeptical to the opt-in requirements for it. I've got a few Google smart speakers, but I also have a pretty good router and network setup that...
I know this has been talked about for years, but I'm skeptical to the opt-in requirements for it. I've got a few Google smart speakers, but I also have a pretty good router and network setup that allows me to see where/when my devices are interacting with. When looking at my smart speakers, their data use is extremely minimal when not in-use. The only DNS requests they make are connectivity checks, and they don't send/receive more than a few kB per hour when not being used. There are occasional larger data exchanges in the night, I assume updates, but I haven't taken the effort to correlate the times those data exchanges are happening with the DNS requests they make at those time periods. But overall, I've never seen any behavior that would make me suspicious that my devices are passively spying on me. I do, however, have infrequent issues with the smart speakers mistakenly understanding something for their "Hey Google" activation phrase, and then listening and/or responding inappropriately. But I would describe that as a separate issue from what the article writes about.
If the devices already do speech to text locally, there wouldn't be a need for more than a few kilobytes of data being sent here and there, because you can just send text. Why spend money...
If the devices already do speech to text locally, there wouldn't be a need for more than a few kilobytes of data being sent here and there, because you can just send text. Why spend money transferring, storing and processing audio data when you can use the victims' own hardware?
Download a list of keywords of interest
Monitor audio for those keywords
Send an occasional report of keywords that were matched recently
That would be a compelling argument, but I counter that Google has already shown their devices to rely on cloud computing, not on-device computing. There's been a few experiments that have...
That would be a compelling argument, but I counter that Google has already shown their devices to rely on cloud computing, not on-device computing. There's been a few experiments that have verified this behavior. I remember reading one extensive write-up on Reddit a few years ago of a user who tested it very thoroughly and objectively, and found that the device was entirely dependent on cloud-computing of user input.
Checking the DNS records, it seems that the request most frequently being made on my own idle speakers is to connectivitycheck.gstatic.com. There's an uptick in requests for play.googleapis.com when I interact with it, but not much otherwise. Also, when comparing the speaker in my office (which I rarely address, but do sit next to during the day) versus the one in the basement (very rarely used, I really just put it down there so I can should "Hey Google, add milk to my shopping list" when I pull the spare milk out of the basement fridge). Their 24 hour data usage is essentially identical, 16 kB vs 18 kB.
I suppose I could install WireShark on my UDM-Pro and more invasively inspect the traffic to/from my smart speaker, but to be honest, I don't have the motivation. One of the best things I did for my privacy was switch to Firefox, started using Containers with containerise and Cookie-AutoDelete, and I found that my targeted advertising went waaaaaaaay down.
Containerise looks neat. If anyone sees that functionality and also is interested in vertical tabs, check out Sidebery. It's the most stable tab manager I've ever used, and being able to quickly...
Containerise looks neat. If anyone sees that functionality and also is interested in vertical tabs, check out Sidebery. It's the most stable tab manager I've ever used, and being able to quickly group tabs (in multiple ways) is awesome.
And not that I'm convinced they are, but: Could easily be the device storing those text logs for the whole day and just phoning them all home at once overnight. It could even be sent as part of...
And not that I'm convinced they are, but:
There are occasional larger data exchanges in the night
Could easily be the device storing those text logs for the whole day and just phoning them all home at once overnight. It could even be sent as part of their update channel to disguise it.
Last year my in-laws tried to give me an Alexa for Christmas. I looked at the specifications for it, thinking maybe I could reformat it and turn it into a home server. The specs on it were...
Last year my in-laws tried to give me an Alexa for Christmas. I looked at the specifications for it, thinking maybe I could reformat it and turn it into a home server. The specs on it were completely pathetic; there's no way these things do speech-to-text locally. Alexa is better thought of as a microphone plugged into Amazon's data centers than as a computer in its own right.
Agreed. This feels like either a set of rogue devices (i.e. AliExpress smart devices), or bullshit marketing. I'm not convinced that this happening, meaningfully.
Agreed. This feels like either a set of rogue devices (i.e. AliExpress smart devices), or bullshit marketing. I'm not convinced that this happening, meaningfully.
I'm... very confused by this from a practical perspective. Where is this "active listening" code actually getting run? Like I know for certain how smart speakers (Alexa etc) handle this, and I...
I'm... very confused by this from a practical perspective. Where is this "active listening" code actually getting run? Like I know for certain how smart speakers (Alexa etc) handle this, and I would have assumed smart TVs and such were similar - there are two separate "listening" modes, basically. The one that's always running is comparatively far simpler, mostly hardware with a minimal software layer, and only listens for the specific combination of phonemes that it understands to be its wakeword. There's a very short recording buffer that's constantly being overwritten - none of that audio is saved permanently. Only after a match is found (or at least heavily enough suspected) does it start the "real" listening, and transmits that audio through the internet for cloud processing to determine the user's intent + an appropriate response. In other words, the data needed to do this kind of marketing analysis literally isn't even captured permanently or sent anywhere usable, which you can also verify from network activity (no data being transmitted over the internet in between wakeword activations - or at least nowhere near enough to account for all the audio recordings of peoples' ambient conversations). So - what gives?
I have the same questions. I'm no expert but if this claim were real then it wouldn't be the capability of just one specific marketing company unless they were explicitly installing malware in...
I have the same questions.
I'm no expert but if this claim were real then it wouldn't be the capability of just one specific marketing company unless they were explicitly installing malware in people's devices. It would be a capability that everyone could leverage, right?
Additionally would a marketing company have the $$$ for the datacenters it would require to analyze voice from thousands if not millions of devices, 24/7? Wouldn't the users notice their phone constantly streaming data?
They could be purchasing data in the form of a user profile that Google/Amazon/whoever has built based on their collecting of your information, then just using rudimentary AI to deliver targeted...
They could be purchasing data in the form of a user profile that Google/Amazon/whoever has built based on their collecting of your information, then just using rudimentary AI to deliver targeted ads to an area with it.
But yeah in general, I don’t believe some solitary marketing company has the brain nor actual power to corner a market like this, this is just flavor text wrapped around some other garbage.
Smart speakers and such have been a prime target for years for security and other research, so if they actually do have some way of passively doing this and it’s been missed all this time, then it’s going to be a huge conspiracy, not a little one.
I mean, it's Cox. As in Cox Communication, Internet and, as part of providing that, home automation. Yep, you can bundle your spyware with your Internet and save!
I mean, it's Cox. As in Cox Communication, Internet and, as part of providing that, home automation.
Yep, you can bundle your spyware with your Internet and save!
Wait, a discussion of how a corporate media company with fingers in many different pies that is currently advertising being able to listen in on people's conversations directly while also...
Wait, a discussion of how a corporate media company with fingers in many different pies that is currently advertising being able to listen in on people's conversations directly while also providing 'smart home services' that only work with their provided router is nothing... nothing more than a probability fallacy?
Again, a company that sells a microphone that listens to you in your house also has it's advertising group telling clients they can listen to your conversations -again, publicly telling clients they're able to listen and target you- and we're just gonna shrug and say pointing that out is a fallacy?
I don't want to turn this into an attack on you but I'm curious to know how you think that's worth dismissing because we don't have any more evidence than a public admission they're targeting your conversations and their sales of home automation devices with always accessible microphones?
I have doubts that it would even be worth it. Assuming this company would just be using existing services for this (I doubt they're building this themselves — its a little hard to tell, but job...
I have doubts that it would even be worth it. Assuming this company would just be using existing services for this (I doubt they're building this themselves — its a little hard to tell, but job listings don't make it look like a huge team), it would get pretty expensive pretty fast. If you want to see some ballpark numbers, you could try playing around with the pricing calculator for the AWS offering for transcription. And of course there'd be plenty of other infrastructure costs to take into account. If all you're doing is targeted advertising, I really think you could build profiles of similar quality from data that's much cheaper to get.
If you're a government trying to spy on someone, sure, recording them from their phone or smart TV would probably be worthwhile. If you're an ad company, I think you'd make more money if you used data that's cheaper to deal with. I think it's pretty likely this is either an over-eager pitch for something that doesn't exist beyond a POC or a straight up snake-oil lie.
I think it’s worth dismissal because you have no actual claim, no evidence to bring, nothing of concrete to discuss - you’re merely stating, “well, they’re a tech company who COULD do it”, which...
I think it’s worth dismissal because you have no actual claim, no evidence to bring, nothing of concrete to discuss - you’re merely stating, “well, they’re a tech company who COULD do it”, which just appeals to a readers imagination to fill in gaps in support of your argument.
No evidence other than CMG's advertising of them having the capability and Cox Telecommunication providing hardware that is advertised as listening, though in fairness to them they advertise that...
No evidence other than CMG's advertising of them having the capability and Cox Telecommunication providing hardware that is advertised as listening, though in fairness to them they advertise that as listening for specific commands.
My claim is that CMG and Cox Residential are collaborating based on these two pieces of evidence. That they advertise listening to your conversations and provide the hardware to do it.
This isn't some unverified Twitter rando claiming they do it and me claiming that Google and the illuminati and Cox are all in cahoots. This is CMG and Cox's official releases.
You're right, I've not done hardware surveys and physically sniffed network traffic between a Cox router, Cox home security system, and the information that travels over Cox provided Internet and for all I know it could all be above board. That said, they're advertising that they listen (People's exhibit a) and they're selling you on a completely Cox provided home security system that only works on their network hardware (exhibit b).
And, hey, that's something we can discuss! Should a company that provides your Internet be able to sell you a locked down home security system and also have an advertising arm that claims to be able to listen to your conversations, whether that's true or not?
So, I've laid out my claim for you. I've provided my evidence and even an essay prompt. Care to discuss?
Don't know much about this field so it's possible I'm way off the mark, but I'm guessing this is how they deal with the technical issues that other tilderinos have mentioned, if they're not just...
While also providing 'smart home services' that only work with their provided router
Don't know much about this field so it's possible I'm way off the mark, but I'm guessing this is how they deal with the technical issues that other tilderinos have mentioned, if they're not just lying. The smart devices send their data to the router, which has the hardware and software needed to transcribe audio, which then sends the much more manageable text data on to the company. The router might be sold at a loss as a result, or maybe the price is made up by long term advertising contracts, like with smart tvs.
As for the efficacy... It doesn't really matter I think. In a sea of data collection, advertisers need some way to distinguish themselves from their competition and convince the people working at businesses that their company is the right one for their marketing needs. Collecting conversation data definitely sounds like it would be revealing to a layperson, even if the current scale of the data on a person would render it moot. It's also a way to try to attract investors eager to get in on the ground floor of a bold new frontier in surveillance capitalism.
Or they could just be lying about the whole thing.
Smart speakers are built down to a price and don’t have any real need for on-device processing beyond wake word detection, whereas phones and TVs have sophisticated processors (often with hardware...
Smart speakers are built down to a price and don’t have any real need for on-device processing beyond wake word detection, whereas phones and TVs have sophisticated processors (often with hardware accelerators for ML tasks on newer models) already.
Purely from a tech standpoint it’s believable to me that a phone or similar could be doing either the full transcription, or at least the “maybe interesting, send this specific 30 second chunk to the server” flagging on-device. It’d be murder on the battery to analyse more than a few short samples one or twice per hour on a phone, but TVs don’t have that issue - and they have far more lax privacy controls too.
That’s the tech angle. From a legal and practical standpoint, I’m less convinced. It just doesn’t seem like the ROI would justify the legal shitstorm or the dev cost when these companies already know everything about us from device and internet activity anyway. Where’s the worthwhile gain in adding voice?
The thought I can’t shake is that if a company were scummy enough to actually do this, and I fully believe some are, they’re equally scummy enough to pretend they’re doing it. Either to garner publicity or to straight up defraud their customers into thinking they’ve got an edge over their competitors. The slightly-too-self-aware tone of the web pages nudges me in that direction too, but I have no evidence beyond gut feeling to back that.
Maybe someone can enlighten me but I've always been a huge doubter of this "conspiracy" theory. I really don't think discussing a product with friends, etc makes it more likely that you get ads...
Maybe someone can enlighten me but I've always been a huge doubter of this "conspiracy" theory. I really don't think discussing a product with friends, etc makes it more likely that you get ads for that product afterward. Partly because voice recognition technology just doesn't seem good enough that the average phone could overhear you from your pocket? But also it seems like a giant case of confirmation bias, and even more than that, people don't want to admit how predictable they are.
Like you hear someone say they were talking about getting a new sound system and all of a sudden got ads for subwoofers. Well no shit given your search history that you're into music and you're the right market demographic to make a bigger purchase like that. Oh you were complaining to your friend about your back pain and now you're getting ads for chairs with lumbar support? Was your phone listening to you or does Google just know you're 30+ years old?
That being said I know shit-all about the actual capabilities of voice recognition and am open to being told I'm wrong. But even articles like this don't really convince me, this article especially since it's not like marketing agencies are known for their measured and humble claims about their own capabilities.
I think in addition people just don't realize how much data about themselves and people around them gets collected by these tech companies. If your friend recently googled subwoofers and their...
I think in addition people just don't realize how much data about themselves and people around them gets collected by these tech companies. If your friend recently googled subwoofers and their phone connects to your wifi, there's a good chance you're gonna see ads for subwoofers. No need for voice recognition when the info is already there.
Alright, so who's going to comment first that everyone paranoid about this was actually searching for everything and that's why they got those results? Now all we have to do is convince the Senate...
Alright, so who's going to comment first that everyone paranoid about this was actually searching for everything and that's why they got those results?
Now all we have to do is convince the Senate they're listening in on their talks with their secret lovers and see if they do anything about this.
Seems like there's a reason we don't bring phones in the SCIF after all, huh?
I know this has been talked about for years, but I'm skeptical to the opt-in requirements for it. I've got a few Google smart speakers, but I also have a pretty good router and network setup that allows me to see where/when my devices are interacting with. When looking at my smart speakers, their data use is extremely minimal when not in-use. The only DNS requests they make are connectivity checks, and they don't send/receive more than a few kB per hour when not being used. There are occasional larger data exchanges in the night, I assume updates, but I haven't taken the effort to correlate the times those data exchanges are happening with the DNS requests they make at those time periods. But overall, I've never seen any behavior that would make me suspicious that my devices are passively spying on me. I do, however, have infrequent issues with the smart speakers mistakenly understanding something for their "Hey Google" activation phrase, and then listening and/or responding inappropriately. But I would describe that as a separate issue from what the article writes about.
If the devices already do speech to text locally, there wouldn't be a need for more than a few kilobytes of data being sent here and there, because you can just send text. Why spend money transferring, storing and processing audio data when you can use the victims' own hardware?
That would be a compelling argument, but I counter that Google has already shown their devices to rely on cloud computing, not on-device computing. There's been a few experiments that have verified this behavior. I remember reading one extensive write-up on Reddit a few years ago of a user who tested it very thoroughly and objectively, and found that the device was entirely dependent on cloud-computing of user input.
Checking the DNS records, it seems that the request most frequently being made on my own idle speakers is to
connectivitycheck.gstatic.com. There's an uptick in requests forplay.googleapis.comwhen I interact with it, but not much otherwise. Also, when comparing the speaker in my office (which I rarely address, but do sit next to during the day) versus the one in the basement (very rarely used, I really just put it down there so I can should "Hey Google, add milk to my shopping list" when I pull the spare milk out of the basement fridge). Their 24 hour data usage is essentially identical, 16 kB vs 18 kB.I suppose I could install WireShark on my UDM-Pro and more invasively inspect the traffic to/from my smart speaker, but to be honest, I don't have the motivation. One of the best things I did for my privacy was switch to Firefox, started using Containers with containerise and Cookie-AutoDelete, and I found that my targeted advertising went waaaaaaaay down.
Containerise looks neat. If anyone sees that functionality and also is interested in vertical tabs, check out Sidebery. It's the most stable tab manager I've ever used, and being able to quickly group tabs (in multiple ways) is awesome.
And not that I'm convinced they are, but:
Could easily be the device storing those text logs for the whole day and just phoning them all home at once overnight. It could even be sent as part of their update channel to disguise it.
Last year my in-laws tried to give me an Alexa for Christmas. I looked at the specifications for it, thinking maybe I could reformat it and turn it into a home server. The specs on it were completely pathetic; there's no way these things do speech-to-text locally. Alexa is better thought of as a microphone plugged into Amazon's data centers than as a computer in its own right.
Agreed. This feels like either a set of rogue devices (i.e. AliExpress smart devices), or bullshit marketing. I'm not convinced that this happening, meaningfully.
I'm... very confused by this from a practical perspective. Where is this "active listening" code actually getting run? Like I know for certain how smart speakers (Alexa etc) handle this, and I would have assumed smart TVs and such were similar - there are two separate "listening" modes, basically. The one that's always running is comparatively far simpler, mostly hardware with a minimal software layer, and only listens for the specific combination of phonemes that it understands to be its wakeword. There's a very short recording buffer that's constantly being overwritten - none of that audio is saved permanently. Only after a match is found (or at least heavily enough suspected) does it start the "real" listening, and transmits that audio through the internet for cloud processing to determine the user's intent + an appropriate response. In other words, the data needed to do this kind of marketing analysis literally isn't even captured permanently or sent anywhere usable, which you can also verify from network activity (no data being transmitted over the internet in between wakeword activations - or at least nowhere near enough to account for all the audio recordings of peoples' ambient conversations). So - what gives?
I have the same questions.
I'm no expert but if this claim were real then it wouldn't be the capability of just one specific marketing company unless they were explicitly installing malware in people's devices. It would be a capability that everyone could leverage, right?
Additionally would a marketing company have the $$$ for the datacenters it would require to analyze voice from thousands if not millions of devices, 24/7? Wouldn't the users notice their phone constantly streaming data?
Sounds like marketing BS.
They could be purchasing data in the form of a user profile that Google/Amazon/whoever has built based on their collecting of your information, then just using rudimentary AI to deliver targeted ads to an area with it.
But yeah in general, I don’t believe some solitary marketing company has the brain nor actual power to corner a market like this, this is just flavor text wrapped around some other garbage.
Smart speakers and such have been a prime target for years for security and other research, so if they actually do have some way of passively doing this and it’s been missed all this time, then it’s going to be a huge conspiracy, not a little one.
I mean, it's Cox. As in Cox Communication, Internet and, as part of providing that, home automation.
Yep, you can bundle your spyware with your Internet and save!
This is nothing more than an appeal to probability fallacy.
Wait, a discussion of how a corporate media company with fingers in many different pies that is currently advertising being able to listen in on people's conversations directly while also providing 'smart home services' that only work with their provided router is nothing... nothing more than a probability fallacy?
Again, a company that sells a microphone that listens to you in your house also has it's advertising group telling clients they can listen to your conversations -again, publicly telling clients they're able to listen and target you- and we're just gonna shrug and say pointing that out is a fallacy?
I don't want to turn this into an attack on you but I'm curious to know how you think that's worth dismissing because we don't have any more evidence than a public admission they're targeting your conversations and their sales of home automation devices with always accessible microphones?
I have doubts that it would even be worth it. Assuming this company would just be using existing services for this (I doubt they're building this themselves — its a little hard to tell, but job listings don't make it look like a huge team), it would get pretty expensive pretty fast. If you want to see some ballpark numbers, you could try playing around with the pricing calculator for the AWS offering for transcription. And of course there'd be plenty of other infrastructure costs to take into account. If all you're doing is targeted advertising, I really think you could build profiles of similar quality from data that's much cheaper to get.
If you're a government trying to spy on someone, sure, recording them from their phone or smart TV would probably be worthwhile. If you're an ad company, I think you'd make more money if you used data that's cheaper to deal with. I think it's pretty likely this is either an over-eager pitch for something that doesn't exist beyond a POC or a straight up snake-oil lie.
I think it’s worth dismissal because you have no actual claim, no evidence to bring, nothing of concrete to discuss - you’re merely stating, “well, they’re a tech company who COULD do it”, which just appeals to a readers imagination to fill in gaps in support of your argument.
No evidence other than CMG's advertising of them having the capability and Cox Telecommunication providing hardware that is advertised as listening, though in fairness to them they advertise that as listening for specific commands.
My claim is that CMG and Cox Residential are collaborating based on these two pieces of evidence. That they advertise listening to your conversations and provide the hardware to do it.
This isn't some unverified Twitter rando claiming they do it and me claiming that Google and the illuminati and Cox are all in cahoots. This is CMG and Cox's official releases.
You're right, I've not done hardware surveys and physically sniffed network traffic between a Cox router, Cox home security system, and the information that travels over Cox provided Internet and for all I know it could all be above board. That said, they're advertising that they listen (People's exhibit a) and they're selling you on a completely Cox provided home security system that only works on their network hardware (exhibit b).
And, hey, that's something we can discuss! Should a company that provides your Internet be able to sell you a locked down home security system and also have an advertising arm that claims to be able to listen to your conversations, whether that's true or not?
So, I've laid out my claim for you. I've provided my evidence and even an essay prompt. Care to discuss?
No.
Don't know much about this field so it's possible I'm way off the mark, but I'm guessing this is how they deal with the technical issues that other tilderinos have mentioned, if they're not just lying. The smart devices send their data to the router, which has the hardware and software needed to transcribe audio, which then sends the much more manageable text data on to the company. The router might be sold at a loss as a result, or maybe the price is made up by long term advertising contracts, like with smart tvs.
As for the efficacy... It doesn't really matter I think. In a sea of data collection, advertisers need some way to distinguish themselves from their competition and convince the people working at businesses that their company is the right one for their marketing needs. Collecting conversation data definitely sounds like it would be revealing to a layperson, even if the current scale of the data on a person would render it moot. It's also a way to try to attract investors eager to get in on the ground floor of a bold new frontier in surveillance capitalism.
Or they could just be lying about the whole thing.
Smart speakers are built down to a price and don’t have any real need for on-device processing beyond wake word detection, whereas phones and TVs have sophisticated processors (often with hardware accelerators for ML tasks on newer models) already.
Purely from a tech standpoint it’s believable to me that a phone or similar could be doing either the full transcription, or at least the “maybe interesting, send this specific 30 second chunk to the server” flagging on-device. It’d be murder on the battery to analyse more than a few short samples one or twice per hour on a phone, but TVs don’t have that issue - and they have far more lax privacy controls too.
That’s the tech angle. From a legal and practical standpoint, I’m less convinced. It just doesn’t seem like the ROI would justify the legal shitstorm or the dev cost when these companies already know everything about us from device and internet activity anyway. Where’s the worthwhile gain in adding voice?
The thought I can’t shake is that if a company were scummy enough to actually do this, and I fully believe some are, they’re equally scummy enough to pretend they’re doing it. Either to garner publicity or to straight up defraud their customers into thinking they’ve got an edge over their competitors. The slightly-too-self-aware tone of the web pages nudges me in that direction too, but I have no evidence beyond gut feeling to back that.
Maybe someone can enlighten me but I've always been a huge doubter of this "conspiracy" theory. I really don't think discussing a product with friends, etc makes it more likely that you get ads for that product afterward. Partly because voice recognition technology just doesn't seem good enough that the average phone could overhear you from your pocket? But also it seems like a giant case of confirmation bias, and even more than that, people don't want to admit how predictable they are.
Like you hear someone say they were talking about getting a new sound system and all of a sudden got ads for subwoofers. Well no shit given your search history that you're into music and you're the right market demographic to make a bigger purchase like that. Oh you were complaining to your friend about your back pain and now you're getting ads for chairs with lumbar support? Was your phone listening to you or does Google just know you're 30+ years old?
That being said I know shit-all about the actual capabilities of voice recognition and am open to being told I'm wrong. But even articles like this don't really convince me, this article especially since it's not like marketing agencies are known for their measured and humble claims about their own capabilities.
I think in addition people just don't realize how much data about themselves and people around them gets collected by these tech companies. If your friend recently googled subwoofers and their phone connects to your wifi, there's a good chance you're gonna see ads for subwoofers. No need for voice recognition when the info is already there.
Alright, so who's going to comment first that everyone paranoid about this was actually searching for everything and that's why they got those results?
Now all we have to do is convince the Senate they're listening in on their talks with their secret lovers and see if they do anything about this.
Seems like there's a reason we don't bring phones in the SCIF after all, huh?