Internet of things, smart devices, smart speakers, smart home devices

The privacy risks of smart speakers like Amazon Echo, Apple HomePod, and Google Home

Science fiction has officially arrived. Smart speakers and their digital assistants are here, constantly listening to you, waiting to respond to your requests. Yet they are less like helpful bots and more like diligent stenographers, compiling comprehensive reports of every interaction so corporations can monetize your data.

“Alexa, are you listening?” As it turns out, the answer is yes; smart speakers are always listening to you. These devices represent a new frontier of corporate surveillance. The world’s largest tech companies have found a way to escape the desktop and break into our homes.

What do smart speakers do?

Smart speakers are a vocal interface with the Internet. You can have your smart speaker play you a song, look up trivia, tell you what the weather is like, update you on the latest news, or tell you a joke. However, this is just the tip of the iceberg. As we race towards the Internet of things, in which all appliances, devices, and goods will be continuously connected and communicating with each other over the Internet, the smart speaker is positioned to be the hub that allows you to verbally control your home.

Each smart speaker also comes with third-party extensions (Amazon euphemistically calls these extensions “talents” while Google calls them “actions”) that connect your speaker to other apps, like Uber or Netflix. These extensions allow you to call a car or queue up your favorite films on the nearest connected screen without going through all the hassle of unlocking your phone.

Google Home Privacy

It is important to remember how these corporations work, especially Google. Depending on your reliance on Google products, Google knows who your friends are, what’s on your schedule, where you like to hang out, and what topics you are most interested in. However, this colossal amount of data is not enough. Alphabet, Google’s parent company, makes 84% of its revenue(new window) off of advertising. It rakes in billions of dollars a year by selling its users’ data to advertisers, who then use that data to target Google’s users with ever-greater precision. To Google, more data equals greater revenue. So they have worked hard to eliminate friction from the data-gathering process. The result is an Internet-connected speaker that you can put on your kitchen counter and ask questions.

The Google Home makes Internet searches more accessible than ever, which in turn means that Google receives more and more data on you. Anything you say following the Home’s wake word — “Hey Google” or anything it misunderstands(new window), like “A doodle” — is recorded, linked to your account, and kept in Google’s database forever. Moreover, the third-party extensions sweep up even more data and share it with more organizations each time you make a request.

Finally, the Google Home does not just vacuum up your data; it is also a new means of advertising. It is no surprise then, that, despite Google’s assurances that they would not use Google Assistant for ads, users heard what Google called “timely content(new window)” — and what most people would call a commercial — for the film Beauty & the Beast last year. Google later clarified that Google Assistant will likely have ads in the future and that it “may use transcriptions (not raw audio) of these interactions to deliver more useful ads on other platforms.”

Amazon Echo Privacy

Amazon is not as dependent on advertising revenue as Google, but they want your data just as much so they know which of their products they should target you with. All of the same privacy concerns with the Google Home are present in the Amazon Echo. Every interaction with your Echo is recorded, linked to your account, and saved in an Amazon database forever. (If you have a smart speaker and would like to see all the data these corporations have collected on you, here is how to access smart speaker records for Amazon(new window) and Google(new window).) Amazon was more upfront about the Echo’s advertising potential, announcing in January last year(new window) that they would begin using the Echo to deliver ads. However, they also have ruined the name “Alexa” for a generation of women.

Apple HomePod Privacy

Then there is the Apple HomePod. While the HomePod is a live, Internet-connected microphone that sits in your home, Apple anonymizes all interactions. They do not tie the questions you ask your HomePod to your Apple account, and, eventually, Apple deletes all the data from such communications. Apple also does not allow any third-party extensions. As a result, the Homepod is a less convenient and versatile device, but is much more secure and private.

Ever-growing databases

Now that we have allowed private corporations to install live microphones in our homes, the new amounts of data they can gather are staggering. As we have seen, when corporations collect massive amounts of data, it can be leaked, hacked, or accessed by law enforcement. Amazon was forced to share recordings from an Echo (new window)last year as part of a murder investigation, which was only possible because Amazon ties all data from an Echo to a user profile and keeps them forever. It is up to the user to go into their account and delete their interactions themselves.

Recent scandals involving Google+(new window) and Amazon’s leak of user email addresses(new window) have shown disturbing lapses in their cybersecurity. There was also the nightmare case where a Google Home Mini self-activated thousands of times a day(new window) and then recorded and saved snippets of audio of whatever happened to be going on at the time. While Google identified and remedied the problem, it is still a relevant example of the great potential for abuse these smart speakers present.

The invasion of privacy

These corporations know that these devices represent a considerable escalation in their invasion of your privacy, but their need to collect ever-more data will not end with smart speakers. Facebook, another company that requires ever-increasing amounts of its users’ personal data to feed its addiction, has developed its own smart speaker — only theirs also includes a camera. While Facebook delayed the release of the Portal(new window) in the face of the popular outrage over their repeated abuses of personal data, the telescreens from 1984 no longer sound outlandish or even unlikely. The only differences are that corporations have taken the place of Big Brother and that we, private citizens and consumers, are paying for the privilege of this corporate surveillance.

What these smart speakers show is that companies like Google, Amazon, and Facebook cannot accept privacy because any data that is private represents a business opportunity worth billions of dollars. Until the public makes clear that the invasion of privacy is not worth the incremental increases in convenience these companies offer, they will continue creating new devices to peer into our few remaining private spaces. It may be overdramatic to say tech corporations broke into our homes. The truth is we have invited them in.

Proton VPN and Proton Mail are different. We recognize that dissent, free speech, and democracy itself are all weakened when the right to privacy is undermined. Our services are private by design. Proton Mail encrypts users’ emails before they reach our servers so no one but the recipient can access them. Proton VPN maintains a strict no-logs policy meaning that we keep no records of users’ online activity. We do not want to collect user data; instead we want to keep it safe.

We work on a subscription business model where our users pay us for a service. We view our users as a community of supporters whose right to privacy must be protected, not as sources of private data to be capitalized. If you would prefer to be seen as a user and not a product, sign up for Proton VPN and Proton Mail today.

Best Regards,
The Proton VPN Team

UPDATE Nov. 6: Japanese and American researchers found that you can use lasers to give smart speakers vocal commands(new window). The trick worked with Amazon Echo, Google Home, and other devices that work with vocal commands. The team could use a laser to force the smart speaker to carry out any task it was equipped to do, like open a garage door. In one test, the researches were able to control a smart speaker by shining a laser on it through a window from the top of a bell tower 230 feet away.

You can get a free Proton VPN account here.

Follow us on social media to stay up to date on the latest Proton VPN releases: Twitter (new window)| Facebook(new window) | Reddit(new window)

To get a free Proton Mail encrypted email account, visit: proton.me/mail(new window)

Related articles

s AliExpress reliable?
en
  • Privacy basics
Chinese shopping platform AliExpress is undoubtedly cheap. But is it also safe and reliable, or you are likely to get scammed?
How to fix a 502 error
en
In this article, we explain what a 502 bad gateway error is and explore possible ways to fix it as a visitor to a website.
Watch Thanksgiving Day football with Proton VPN
en
Here's how you can live stream this year's Thanksgiving football games using Proton VPN, whether you're watching from home or abroad.
Where to watch Macy's Thanksgiving day parade
en
Here's how and where to watch Macy's Thanksgiving Day Parade live from anywhere in the world with Proton VPN.
What we've been up to, and what's next
en
Here are the main things Proton VPN delivered this spring and summer and the exciting changes that lie ahead on our product roadmap this winter.
Proton VPN for Windows ARM
en
  • Proton VPN news
We’re pleased to announce a new Proton VPN app with native support for Windows devices that use the ARM chipset.