Google is nerfing all Home Minis because mine spied on everything I said(androidpolice.com) |
Google is nerfing all Home Minis because mine spied on everything I said(androidpolice.com) |
I'm surprised that the implementation of a (simple) physical button was done badly.
I'm surprised that the (surely more difficult) hotword detection works so well.
Want to bet the developers all had good clean power while the production units got cheap Chinese bricks?
The real issue here is the same issue we have with government agencies like the NSA and CIA. There is substantially little most people can do to verify the claim. For example, Clapper swore before congress that the NSA wasn't collecting data on millions of Americans. Snowden showed that was a complete lie. The NSA program would have continued without anyone being the wiser without the leaks because the only people that knew that didn't work for the NSA were delivered gag orders. So without some sort of civilian oversight committee that has real teeth, how would anyone actually ever find this information out?
The same is true here with things like Echo, Home Minis, etc. The data being transmitted is encrypted so even if you are technically inclined and know how to capture it on it's way out of your home network, you'll never be able to decrypt it. So how do you really know for sure that it isn't actually transmitting anything and everything you say? The only logical answer is trust. You believe them. That's enough for most people. But to say, as the article does, that ideas like this are from the tinfoil hat crew is kind of absurd. In addition to the PRISM program, we also know that Amazon's Echo is/was being used in at least one murder case and I highly doubt a few seconds before being murdered the victim used a hotword to activate the Echo device. We also know that the NSA has a program called Tailored Access Operations which they can use to intercept online tech purchases and install spyware on them if you are a target of interest.
According to Google.
as well as an unspecified small number of others.
Nothing to worry about, I'm sure. Probably no way to exploit those issues. Probably.
Google never intended for it to happen
Obviously, it's a rookie mistake that anyone could make. And that's why I'm willing to forgive and forget when it comes to multibillion dollar global businesses that make billions more off of the private information they gather and store. Just like I did after Equifax goofed earlier this year. And Yahoo the year before that. And …
Look, I get it that the Google PR people have been super nice and accommodating and embarrassed about the whole thing. Maybe the writer is friends with people on the team, or there might be a job at Google down the road. And, of course, some writers don't want to lose access to free trials and potential interviews.
But I really would like to see specialized news outlets show more backbone when it comes to screw-ups, and not downplay or gloss over serious privacy issues such as this, or take Google's word about what happened. It's a fair question to ask whether the problem(s) may still be present in every other Google device … and if they are potentially exploitable.
Now we have “news” services like HaveIBeenPwned.com
These are the most powerful non-governmental agencies in the world (and more powerful than almost all governments). Developers have to stop giving in particular Google a free pass on virtually everything. We need to stop setting Google DNS servers to be the default in software or in example code. We need to stop pretending that turning separate URL and search boxes into a single omnibox is a great convenience or efficiency of space and recognize that it's just more comprehensive collection of user data. We need to stop turning that ever-smaller remaining free space on the internet, the Web, into another massive spiderweb of signals sent to Google and Facebook, with as many as ten or twenty requests sent to Google from a typical webpage, many of which no longer function when these requests are blocked, because the functionality of the site, and not just the advertising, now comes from Google servers.
Acquiescence to this status quo is easy and probably good for one's career, but it's also dangerous for democracy, dangerous for innovation, dangerous for independence of thought...
This story from today's Washington Post is relevant:
Google took it seriously because of the potential for bad press -- the company clearly is sloppy on testing and protecting users' privacy, an issue they don't want to bring attention to, considering Google aims to have hundreds of millions of these listening devices in people's living rooms, bedrooms, and even bathrooms in five years' time.
This person also had the contact info for Google PR, which changed the nature of the interaction with Google.
If that had instead said "started by long press," I think this may have been easier to figure out as a button issue versus a voice recognition issue by the user.
Is that a fake static field in the log, or what?
Team Member A: "We're going gold next week, Product decided we'll be including touch support after all - the Hardware guys worked out the kinks just in time"
Team Member B: "Hmm, that's a little tight. Perhaps it can be a simple change, we will re-use the tested code paths and only test additional touch integration"
Result: on_longpress(trigger_hotword());
Perhaps: Some guy’s defective Google Home recorded everything and they had extraordinary customer support and fixed it.
The Google Home Mini supports hotword activation through a long press on the touch panel. [Google said it] is seeing the touch panel register “phantom” touch events.
How widespread the production defect is remains to be seen, but it is a newly introduced feature that apparently has seen too little testing.
Google jumping to fix it now helps their bottom line as much as their reputation, and is just smart business. Trying to cast it in a negative light seems biased, its more a "common sense/good business decision" than a positive or negative action.
[edit] to clarify I think speech to text can be done on a device today, that's why this bothers me.
I'm not sure this is true, it's just that since they are phoning home anyways, why commit to extra local hardware to change sound bytes into text words?
I would love to see an offline version of one of these with an easy API (do any high quality ones exist?). If I then wanted a generic Google request to give me the first Google response, so be it.
Hot word detection would suggest that voice is easy. "Accent" and "Intent" recognition is the hard part.
So many words to explain a very obvious (since it indicated it was listening) bug.
That's interesting and more than somewhat disconcerting, coming from a tech journalist.
Follow the money and take all journalism with a healthy grain of salt.
But otherwise, yes, this is stellar. Also, hardware is hard.
But -- I also realize that they literally can (and clearly do) collect your audio data 24/7. In this case it was a "mistake" on the part of Google, which they quickly worked around by commenting out some code in the firmware. But all it would take is probably a few lines of code and an automatic update to turn on 24/7 audio collect for all Google Home users.
My theory with Amazon's Alexa (and probably Google Home) is that they lose money on these things, because they don't actually care about making a profit on them. The whole idea is to collect as much audio data as possible to improve their machine learning models.
It's a race to see who can collect the most data on their customers, and ultimately develop the best and most comprehensive speech recognition model on the market.
Soon someone will bring one out called a telescreen, and people will but them voluntarily.
These kinds of things always make me wonder ('Member that whole Apple-Deleting-iTunes-Library-Thing).
I'd love that kind of support.
Sounds like a software button.
I am totally opposed to these devices in my home and am, frankly, aghast at the notion that they would see wide deployment or that "voice is the future ... blah blah".
However, I do have the ability to consider other viewpoints and when I do, I am completely underwhelmed by the proposed use-cases of these devices. According to Amazon themselves, the things I could do with Alexa include:
"What's on sale today ?"
"Find me a Chinese restaurant"
"What's the weather"
These are use-cases that suggest a user who either has no particular preferences or is satisfied with extremely simple, non-nuanced information (or both). These use-cases are the literal manifestation of dumbing yourself down far enough for the computer to pass your (very easy) turing test.
Other use-cases like "play my party playlist" are a wash in terms of simplicity or speed vs. just (pressing whatever play button you have in the system you use).
Are there any examples that I would find interesting or nuanced or definitive improvements over existing tools ?
But what irks me most is the flimsy excuse that sending their recordings (or even a post-processed textual rendering) to the cloud is necessary to perform these trivial operations. We've had desktop voice recognition of the quality necessary to perform these operations for a long time now.
> "What's on sale today ?"
This could access an Amazon (store) API directly.
> "Find me a Chinese restaurant"
This could use a Yelp API directly, as if it were a web browser.
> "What's the weather"
This could use a Weather Underground (or whatever) API. Ideally the device could be configured to source data for these inquiries from various options.
> "play my party playlist"
This shouldn't generate any off-network traffic at all.
Or I could just curate my playlists more carefully.
Everything else is either too low information density (this is why I get the weather from an app, not The Weather Channel) or more efficiently handled manually (music control, search queries) in most situations
We might just not be the target market.
(assuming you have one)
Is it because, although your smartphone has the ability to listen to you in the same way, it is not the stated aim of the device?
(I know technically it was feasible to use phones as listening devices decades ago, but storage and processing infrastructure was not there to do it on mass scale, and your phone could talk to one company only at any given time.)
With assistants, OTOH, you have a device whose sole purpose is to record and transmit your voice over the Internet. With our cloud-based computing world, this kind of makes the posssibilities obvious.
(Also, I have a particular distaste for solutions that use Internet connection for things that should be done entirely locally. For instance, me asking Google Now for current time, should not require sending data halfway around the planet.)
So for me the answer would be that - while my smartphone can certainly listen to things (as every thing with a microphone can. Who covered all the microphones in their laptops?) - a smartphone offers these things as optional features.
For Google Home and Alexa etc.: The 'listen all the time' (for hotwords at least..) is the single use of these devices. And as soon as you buy into this stuff you might as well allow the cloud storage of your recordings for 'better recognition'.
A smartphone could do the same. But it has a lot of value without doing any of that.
I can see how smartphones make that possibility less obvious and more palatable even to users who are aware of it.
As phones get better and more capable, I do get more worried about this though.
I do use a phone I don't control, and it is mostly sandboxed into social activities. Yes, it does potentially listen to me, and I am aware of it, but it won't take control of anything that is not a social activity.
I have a fair amount of home automation kit deployed which I find fun to monkey around with but the rest of the family never really cared to interact with until the Echo came into play.
[Alexa, self destruct (yes, it knows that one; and responds with a number of alternatives - "Command code not recognized, self-destruct not initiated", "Auto-destruction in 5,4,3,2,1,boom, hmm that did not go as planned" and more)]
These are not big things, but there are lots of little things where before I might have to take my phone out (or find it), or realize with my hands full I forgot to turn the TV off, have to put stuff down and go back into the living room to turn it back off, then pick my stuff up.
I agree: Voice input is cumbersome for anything complex, and I also read fast enough and have a visual enough memory to not want it to read to me. So I only use a fraction of what it's useful for. But the ones I use it for have quickly become very ingrained little conveniences. Turns out you can do a lot with just turn on/off [device/group].
I suppose it's possible that it's still listening, at the same risk you run by having any device with a microphone connected to the internet.
I agree with other commenters who aren't sold on voice commands as efficient, but even my four year old (who can't read) can play music on the Tap.
Though, I have to wonder if the response was so urgent because the author is a journalist who specifically writes about Google products (which he indicated to them right away). They really had no choice but to respond immediately.
The average user will not get anything remotely like this response, and it's dangerous to hold this up as a positive representation of Google's support - their support was never even involved.
You'd think we'd have some sort of baseline for an "acceptable" number of queries. Alarm bells should probably go off if a home thinks people are talking to it 24/7.
Disclaimer: I work at Google and don't actually have any idea how any of this works.
"I iz here frum da Google tu replace unit, yes?"
This issue should be caught earlier. Instead of pushing people to work on Friday evening, give them more time to test the crap out of the stuff that you want to release.
(Just a random issue on Google's support forum that has been open for ages)
ask them why your adsense got cut off and see the response time.
Of course there isn't. This is the problem with surveillance: inherent in its nature is the fact that if it is done competently, its existence is indistinguishable from its absence.
Note that I'm not saying that Google is acting in bad faith. What I'm saying is that the following is fallacious reasoning:
1. This incident turned out not to be a case of bad-faith surveillance.
2. Therefore, Google never engages in bad-faith surveillance.
This is called the "hasty generalization" fallacy.
at least it should check for drm and weather you paid parking tickets or resell the song otherwise
https://landing.google.com/sre/book/chapters/data-integrity....
Another reference for Fi: https://www.linkedin.com/in/pliu1/ "Redesigned and refactored the Fi user data deletion system to ensure compliance with data deletion policy, to add instrumentation, and to improve performance"
There is a dedicated team that tracks compliance for all products. (source: I was at Google)
"Said: set alarm for 6:30 in the morning"
"Said: set alarm for 7"
"Said: set alarm for 7:30"
"Said: set alarm for 7:45"
Now all the folks who can be frivolous and blase inspite of the growing mountain of evidence must be similarly dismissed.
Sometimes it really does hit the fan, and sometimes it really does need to be now. That is the nature of the industry. We just need to make sure it’s remarkable for the right reasons.
These are exceptional examples, but completely normal, and acceptable.
A lot of phones already listen to audio nonstop. Take the Android phones that listen to "OK Google" or the Apple phones that respond to "Hey Siri". Those features require the phone to listen to and process audio nonstop. Sure, if you don't like that then you can turn it off, but I don't understand why people have concerns about stationary always-listening devices moreso than phones with the same functionality. These base stations or hubs are the same concept, except they're present in a room instead of part of your phone.
All other things equal, I think mobile phones are a much greater threat vector than home hubs. Mobile phones are juicy targets with large, complex attack surface areas. See the various remote code execution exploits in Android that could be triggered by sending someone a message. See the various high levels of privilege that applications have that can be used to spy on you. Did you see the article about how Uber had secret privileges that allowed the app to record iPhone screens? [1]
There are multiple reasons why an attacker would want to compromise your phone (e.g. to steal your data, not just record your voice). Many people have phones, so sophisticated adversaries are more likely to invest the energy into developing attacks. There's a lot more to compromise (apps). Home hubs are less likely to see that same level of scrutiny, and they're less likely to be vulnerable to the same types of attacks and issues because they're much simpler devices (they don't run "apps", they don't communicate on the network except with their vendor).
If you're worried about being spied on, then you should also be worried about other people's phones, which you may not even realize are in the room with you! By comparison it tends to be pretty obvious / known to everyone when there's a home hub present in a room. Your phone probably doesn't have a hardware-level light that tells you when it's recording you, like your home hub does. The list goes on.
[1] http://bgr.com/2017/10/05/uber-app-privacy-issues-iphone-scr...
I think you have to be careful about what it is you care about. Listening isn't it. To the extent that modern phones "listen non-stop" you're just one step away from saying that all microphones are non-stop-listeners.
What matters is what data is available, where it goes, and who can get access to it. If my phone truly only has a small ring buffer with specialized hardware purpose-built to listen for "OK Google", which it is reasonably accurate at, then it's not a privacy issue. The problem is that by visual inspection I can't distinguish that from a system that is listening for "OK Google" and also other politically interesting keywords, or a phone that is just sending all my audio up, etc.
Now, I am a very technically aware person compared to the general population, and I have good reason at the moment to still believe that phones aren't actually spying on the audio level as much as people believe on the grounds that it is technically impossible due to both battery and mobile data consumption. However, it is not entirely comforting that those are the only reasons I believe it is not happening, and improvements in battery technology, CPU efficiency, and/or mobile bandwidth are going to eliminate those assurances for me.
(By contrast, location spying, activity spying, and abundant marketing-based tracking clearly does happen.)
I agree smartphones are bad, but can see how they perceived not as bad as hubs.
In this particular case as far as I understand, disabled means no recording at all, while keeping private means your data is already transferred and access is granted to parties based on how private is defined in the tos.
The compensation varies based on the tier.