They’re bad folks, everybody knows it, everybody says it. But they’re simultaneously better and worse than you think, because apparently nobody actually knows how these products actually work. (I’m mostly going to be discussing google home, because that’s what I’m familiar with; I assume echos use similar technology, but I can’t speak for them).

So to get started, no, your smart speaker isn’t always listening. At a hardware level, there’s two boards and a tiny bit of cache. Your speaker is constantly listening for the trigger words, and processing about 2 seconds of audio stored on the cache at a time. However, this is all done at a local level on the first board. Only once it recognizes the trigger words does it establish a connection to the cloud, and use that to process your request. Once your request is complete, it goes back into standby mode. You can look at the packets coming out of the device, and see that it only connects to the internet when it needs to. The onboard cache is small, and constantly being overwritten, so there’s literally no way for it to constantly be monitoring you, by design.

However, what IS nefarious is the amount of permissions you have to give google in regards to the data it does capture. Of course, they use the captured audio for expected things like training their voice recognition AI, but you also give them permission to store all that data indefinitely, with metadata tracing it back to you, AND it’s not off limits to engineers.

That’s right, there’s the possibility, however small, that real people will be listening whenever you ask google to play your erotic jazz playlist. Once that audio is on the cloud, you basically don’t own it anymore, and google can do whatever they want with it.

So should you be worried? If you want to be, I guess. I resigned to the fact that I lost all my digital privacy before I was even born, and will happily tell google to turn off my lights while laying in bed like a fat sack of shit, but it comes down to what you’re comfortable with. Either way, I just want people to actually understand what they are and how they work, because there is a lot to criticize, so it pays to be criticizing the right things.

  • ssjmarx [he/him]
    ·
    4 years ago

    can I just say that I really hate the Internet of Things? Fuck smart light bulbs, I'll press the switch on the wall. Fuck smart fridges, I'll be maintaining the cooler on the one I've got that was manufactured in the 90s. Fuck smart dildos, I'll work the clit myself.

    • TheJoker [he/him]
      hexagon
      ·
      4 years ago

      Ok boomer

      -Sent via twitter for Samsung Smartfridge

    • aaaaaaadjsf [he/him, comrade/them]
      ·
      4 years ago

      But you need to updates your toilets firmware to give you the super flush™️ functionality, otherwise you'll clog the drain

      • Sushi_Desires
        ·
        edit-2
        4 years ago

        I was still running my bidet on the corrupted 0.1.6.31b firmware package and the machine vision-enabled laser targeting module worked, but the jet stream ran at 500% pressure and made my asshole bleed

        Cursed future

  • FailsonSimulator2020 [any]
    ·
    4 years ago

    The fact that it doesn’t upload all the time under normal circumstances does not change the fact that it could be made to upload with relatively little effort if they wanted to. There’s fundamentally nothing preventing that behavior from being changed from an external program connected through the internet.

    • TheJoker [he/him]
      hexagon
      arrow-down
      1
      ·
      4 years ago

      That’s not wrong, but again you can just look at the packets. As soon as google does do this you’ll know about it, because it’s gonna be a big fuckin news story.

      • the_river_cass [she/her]
        ·
        4 years ago

        you're assuming it gets turned on universally rather than targeted at undesirables via an NSL from the state.

        • TheJoker [he/him]
          hexagon
          ·
          4 years ago

          Again though, the data being uploaded by the device can be monitored locally. If you’re paranoid, monitor the data. Yes, it can happen, but also there’s no need to fear technology just because it’s technology. It’s not all skynet out there.

          • the_river_cass [she/her]
            ·
            4 years ago

            obviously. but the closed firmware and closed source make it hard to validate what's really happening on the device so you have to rely on other systems to monitor it. and once you're doing that, you're talking about something that requires serious technical knowhow to actually operate, more to interpret the data you get back. but these devices are sold as convenience packages to laypeople.

            if your threat model includes the state (as everyone here presumably does), you have two choices. saddle yourself with a bunch of work to maintain vigilance over devices in your home that, strictly speaking, aren't necessary -- assuming that you have the knowledge and skills to hold that vigilance in the first place -- or you choose technologies that are easier to validate and support an actual base of trust.

          • the_river_cass [she/her]
            arrow-down
            1
            ·
            4 years ago

            no? most political activists don't have that kind of technical training?

  • OgdenTO [he/him]
    ·
    4 years ago

    For me the biggest downside of a smart home ( not the voice activated music playlist) is having all of your local control activities being sent to the cloud.

    Like a smart light switch. ALL smart switches should be LAN only as an option. They aren't. That means that if the internet goes down, you can't turn your lights off or on. That means that if the company goes under or decides to stop supporting the product you now have useless hardware.

    Look at insignia

      • OgdenTO [he/him]
        ·
        4 years ago

        Two years ago or so they shut down their insignia connect cloud services, bricking their connected products, and refusing to provide open access to the platform or additional support. Their switches and outlets were completely bricked.

        • blobjim [he/him]
          ·
          4 years ago

          RIP. I just have some headphones, an Ethernet-to-USB connector, and a Bluetooth dongle from them.

    • eduardog3000 [he/him]
      ·
      edit-2
      4 years ago

      That means that if the internet goes down, you can’t turn your lights off or on.

      You can still do it at the switch itself. But then it's just an expensive dumb switch.

      Some switches can be controlled by something like Home Assistant from a local device. For example my Lutron Caseta dimmer switch is supported, classified as "Local Push" which means it'll work locally without an internet connection.

      Home Assistant has support for a pretty large number of devices, so it's usually not too hard to find a device you know will work without an internet connection. Assuming you are able to setup and maintain the local server anyway.

    • Tankiedesantski [he/him]
      ·
      4 years ago

      Leave it to capitalism to make a sci-fi dream a dystopian nightmare in reality.

  • git [he/him, comrade/them]
    ·
    4 years ago

    Smart TVs screenshot what you're watching at a regular interval and sell your viewing habit data, or access to it, to marketers. This happends regardless of which video input you're using.

    They'll also display ads whenever they want because fuck you.

    Some smart TVs will also try to connect to open Wi-Fi networks to send this data home , regardless of whether you've set up networking. Once they start putting sim cards in these you'll need to start opening them up and wiring a resistor in place of the antannae or something. Or stick to using dumb TVs.

    Also if you're going to build a smart home, use FOSS software like Home Assistant and stick to hardware that either doesn't need an internet connection to operate or can be flashed with an alternative firmware to work locally.

  • eiknat [comrade/them]
    ·
    4 years ago

    if you wanna see something real weird, go to myactivity.google.com

        • TheJoker [he/him]
          hexagon
          ·
          4 years ago

          Counterpoint: if I act like it doesn’t exist then it doesn’t. Checkmate, libs

        • eduardog3000 [he/him]
          ·
          4 years ago

          I doubt deleting anything or turning it off has the effect you think it would. It just means you can't see that data, they still can.

  • emizeko [they/them]
    ·
    edit-2
    4 years ago

    this post is really about voice control though

    voice control sucks, no thanks, but I do like having my lights come on at a certain time every day

  • 0xACAB [she/her]
    ·
    4 years ago

    You forgot to mention they have used accidental recordings in court and just let random contractors listen to it to train the ai better, so theres a solid chance a person may hear you saying "ok google" at some point.

    We need an open source voice assistant like mycoft imo.

    I don't mind Google home too much but I keep them muted with the switch and work just as a speaker

  • buh [she/her]
    ·
    4 years ago

    Not Disney Channel’s best original movie IMO

    • Goovis__young [he/him]
      ·
      4 years ago

      Katey Sagal is always nice though. and it was directed by LeVar Burton!

  • Sushi_Desires
    ·
    edit-2
    4 years ago

    The only way I would do it if there was some sort of open-source ecosystem for this stuff that really took off (not that I will literally ever be able to afford a home anyway) and had a ton of community support. Having all these closed source widgets sucks. What's the point in placing a distributed network of thermometers throughout the place if you cant use ML to analyze all the data and weather trends to program your thermostat to intelligently react and reach peak efficieny?

    Also, check out this article https://www.techtimes.com/articles/183339/20161024/massive-dyn-ddos-attack-experts-blame-smart-fridges-dvrs-and-other-iot-devices-why-your-internet-went-down.htm these things have already gotten tied up in botnets because some shitty silicon valley startup is never going to spend the adequate resources to ensure that security is implemented properly

    • eiknat [comrade/them]
      ·
      4 years ago

      i have a local home assistant instance which is offline and open source. any smart device i get (besides speakers because those are hard) are zwave. _

      you can and should stick them on a separate network