They’re bad folks, everybody knows it, everybody says it. But they’re simultaneously better and worse than you think, because apparently nobody actually knows how these products actually work. (I’m mostly going to be discussing google home, because that’s what I’m familiar with; I assume echos use similar technology, but I can’t speak for them).
So to get started, no, your smart speaker isn’t always listening. At a hardware level, there’s two boards and a tiny bit of cache. Your speaker is constantly listening for the trigger words, and processing about 2 seconds of audio stored on the cache at a time. However, this is all done at a local level on the first board. Only once it recognizes the trigger words does it establish a connection to the cloud, and use that to process your request. Once your request is complete, it goes back into standby mode. You can look at the packets coming out of the device, and see that it only connects to the internet when it needs to. The onboard cache is small, and constantly being overwritten, so there’s literally no way for it to constantly be monitoring you, by design.
However, what IS nefarious is the amount of permissions you have to give google in regards to the data it does capture. Of course, they use the captured audio for expected things like training their voice recognition AI, but you also give them permission to store all that data indefinitely, with metadata tracing it back to you, AND it’s not off limits to engineers.
That’s right, there’s the possibility, however small, that real people will be listening whenever you ask google to play your erotic jazz playlist. Once that audio is on the cloud, you basically don’t own it anymore, and google can do whatever they want with it.
So should you be worried? If you want to be, I guess. I resigned to the fact that I lost all my digital privacy before I was even born, and will happily tell google to turn off my lights while laying in bed like a fat sack of shit, but it comes down to what you’re comfortable with. Either way, I just want people to actually understand what they are and how they work, because there is a lot to criticize, so it pays to be criticizing the right things.
can I just say that I really hate the Internet of Things? Fuck smart light bulbs, I'll press the switch on the wall. Fuck smart fridges, I'll be maintaining the cooler on the one I've got that was manufactured in the 90s. Fuck smart dildos, I'll work the clit myself.
I hear that, but check this out (fumbles in pocket for phone) just one second (swipes to find app) it'll be really cool I promise (opens app) ok (app takes a second to load) no, wait (app loads) alright, watch this! (Turns on lights)
But you need to updates your toilets firmware to give you the super flush™️ functionality, otherwise you'll clog the drain
I was still running my bidet on the corrupted 0.1.6.31b firmware package and the machine vision-enabled laser targeting module worked, but the jet stream ran at 500% pressure and made my asshole bleed
Cursed future
The fact that it doesn’t upload all the time under normal circumstances does not change the fact that it could be made to upload with relatively little effort if they wanted to. There’s fundamentally nothing preventing that behavior from being changed from an external program connected through the internet.
That’s not wrong, but again you can just look at the packets. As soon as google does do this you’ll know about it, because it’s gonna be a big fuckin news story.
you're assuming it gets turned on universally rather than targeted at undesirables via an NSL from the state.
Again though, the data being uploaded by the device can be monitored locally. If you’re paranoid, monitor the data. Yes, it can happen, but also there’s no need to fear technology just because it’s technology. It’s not all skynet out there.
obviously. but the closed firmware and closed source make it hard to validate what's really happening on the device so you have to rely on other systems to monitor it. and once you're doing that, you're talking about something that requires serious technical knowhow to actually operate, more to interpret the data you get back. but these devices are sold as convenience packages to laypeople.
if your threat model includes the state (as everyone here presumably does), you have two choices. saddle yourself with a bunch of work to maintain vigilance over devices in your home that, strictly speaking, aren't necessary -- assuming that you have the knowledge and skills to hold that vigilance in the first place -- or you choose technologies that are easier to validate and support an actual base of trust.
no? most political activists don't have that kind of technical training?
For me the biggest downside of a smart home ( not the voice activated music playlist) is having all of your local control activities being sent to the cloud.
Like a smart light switch. ALL smart switches should be LAN only as an option. They aren't. That means that if the internet goes down, you can't turn your lights off or on. That means that if the company goes under or decides to stop supporting the product you now have useless hardware.
Look at insignia
Two years ago or so they shut down their insignia connect cloud services, bricking their connected products, and refusing to provide open access to the platform or additional support. Their switches and outlets were completely bricked.
RIP. I just have some headphones, an Ethernet-to-USB connector, and a Bluetooth dongle from them.
That means that if the internet goes down, you can’t turn your lights off or on.
You can still do it at the switch itself. But then it's just an expensive dumb switch.
Some switches can be controlled by something like Home Assistant from a local device. For example my Lutron Caseta dimmer switch is supported, classified as "Local Push" which means it'll work locally without an internet connection.
Home Assistant has support for a pretty large number of devices, so it's usually not too hard to find a device you know will work without an internet connection. Assuming you are able to setup and maintain the local server anyway.
Leave it to capitalism to make a sci-fi dream a dystopian nightmare in reality.
Smart TVs screenshot what you're watching at a regular interval and sell your viewing habit data, or access to it, to marketers. This happends regardless of which video input you're using.
- You watch TV. Your TV watches back. (Use a paywall bypass extension to view, or just read your smart tv privacy policy lmao)
- Vizio Admits Modern TV Sets Are Cheaper Because They're Spying On You
They'll also display ads whenever they want because fuck you.
Some smart TVs will also try to connect to open Wi-Fi networks to send this data home , regardless of whether you've set up networking. Once they start putting sim cards in these you'll need to start opening them up and wiring a resistor in place of the antannae or something. Or stick to using dumb TVs.
Also if you're going to build a smart home, use FOSS software like Home Assistant and stick to hardware that either doesn't need an internet connection to operate or can be flashed with an alternative firmware to work locally.
Or stick to using dumb TVs.
Does anyone even make those anymore? Though my sample size is pretty much only from the walmart here, but I haven't seen a normal ass TV for close to years.
I suppose you could use a large computer monitor and a TV tuner if you really can't find one.
I got a 55” 4k dumb tv from walmart last year. So maybe they do still.
if you wanna see something real weird, go to myactivity.google.com
Counterpoint: if I act like it doesn’t exist then it doesn’t. Checkmate, libs
I doubt deleting anything or turning it off has the effect you think it would. It just means you can't see that data, they still can.
this post is really about voice control though
voice control sucks, no thanks, but I do like having my lights come on at a certain time every day
Did you send this message via carrier pigeon to the Chapo.chat server?
You forgot to mention they have used accidental recordings in court and just let random contractors listen to it to train the ai better, so theres a solid chance a person may hear you saying "ok google" at some point.
We need an open source voice assistant like mycoft imo.
I don't mind Google home too much but I keep them muted with the switch and work just as a speaker
Katey Sagal is always nice though. and it was directed by LeVar Burton!
The only way I would do it if there was some sort of open-source ecosystem for this stuff that really took off (not that I will literally ever be able to afford a home anyway) and had a ton of community support. Having all these closed source widgets sucks. What's the point in placing a distributed network of thermometers throughout the place if you cant use ML to analyze all the data and weather trends to program your thermostat to intelligently react and reach peak efficieny?
Also, check out this article https://www.techtimes.com/articles/183339/20161024/massive-dyn-ddos-attack-experts-blame-smart-fridges-dvrs-and-other-iot-devices-why-your-internet-went-down.htm these things have already gotten tied up in botnets because some shitty silicon valley startup is never going to spend the adequate resources to ensure that security is implemented properly
i have a local home assistant instance which is offline and open source. any smart device i get (besides speakers because those are hard) are zwave. _
you can and should stick them on a separate network
