Originally published at: https://boingboing.net/2017/08/30/cheap-used-echo-dots-on-amazon.html
…
I nabbed one when they were available as a refurb for $30 back in July, figuring that it made it across the line into impulse buy territory.
I haven’t been disappointed. I have it wake me every morning, and immediate ask it, “What’s up?” to get a news brief. Then put on some music while I get ready for work. Overall, I’ve been super pleased with its capability. It is hands down $30 worth of cool.
There is a little part of me that is waiting for the other shoe to drop, though. Maybe it becomes known that every single one has a government backdoor? Or worse, advertisers get the ability to tap into it directly. Lord knows where that would end, in terms of seeing what’s in your advertising profile.
That will happen when you start talking in your sleep and order the 50 gallon drum of lube.
That sounds worse than it is. If that happens, I’m just leaving it in my apartment for the next renter. I think I might just for kicks also leave a rack of fine ladles and basters above it.
I wonder how thoroughly Amazon has these buttoned up against 3rd party favors firmware.
I’m one of those old fashioned, entitled, jerks who expects bugging my house to be handled for me by hostile intelligence agencies, not at my own expense; but the Dot hardware is pretty interesting, if it isn’t tivoized to hell and back.
https://www.digikey.com/en/maker/blogs/amazon-echo-dot-teardown/4814734f90dd421fb5f6ecd9a82fbf16
TIVO’ized? Used to be hackable (unofficially, but designed to swap out the HDD), they just tried to protect their special sauce with proprietary binary blobs to keep you from using a third party guide service for free. Last I checked, you could still pull the recordings off for your own use.
The techno trekie futurist in me loves this gizmo, but the wife HATES the idea of the listening device. I agree enough not to argue with her about it.
What I really wanted to talk about was… we are just a few days away from used Amazon shoppers getting ripped off. So did Amazon already fix all of that and we are back to pimping Amazon used market again?
In this context, “Tivoized” has a fairly specific meaning (conveniently summarized by @codinghorror).
It has nothing to do with how restrictive, or not, a device is in terms of being a dick to the user in the UI, refusing to cooperate if asked for files, etc. On those matters, I have no opinion of Tivo.
It specifically refers to the (admittedly darkly elegant) strategy of deploying cryptography early in the boot process; and sometimes at other points as needed, to enjoy the benefits of GPLed software for your device while simultaneously nullifying the ability of anyone else to take advantage of the freedom you were afforded:
Tivo became the name behind the concept because they were one of the early, linux based, and widely distributed devices to employ the strategy; it’s a lot more common now(locked bootloaders in cellphones, any ‘secure boot’ implementation that won’t let you re-key it; basically all remotely contemporary consoles); the principle remains the same.
Even if you fully comply with any GPL or similar requirements; or use well understood and supported hardware, or both; if your bootloader checks for your signature on the binaries; only software you have blessed can be run, period(barring a specific flaw in your implementation; not uncommon; but not good to rely on). I don’t know what Tivo’s original logic was; whether it was something about copyright; a period when they were selling hardware at margins that would be unsustainable if people could modify it to use 3rd party guide services or just use it as a standalone DVR, or something else; but they got in on the game early, so it’s named after them.
A Tivoized device(unless you know you have a vulnerable one that can be kept from ever updating); is the most aggressively useless hardware in existence for anyone who wants to change the device’s behavior, whether in ways large or small. Reverse engineering a complex piece of hardware isn’t easy by any means; and it often never happens; but factoring some large primes to derive a signing key is “not possible within the bounds of our universe” level difficult; and signature and/or hash verification tends to touch both the kernel and all the various ancillary userspace stuff, config files, etc. so that even the partial modifications you might attempt on something too ill-understood for a full firmware replacement are locked out.
A Tivoized device can be varying degrees of hostile or benevolent; as the vendor’s interests dictate; but the important thing is that it is permanently tied to the vendor’s interests, support(if any); and desired behavior.
So why are all these used Dots available? Are they being returned in large numbers?
Probably…that creeping knowledge that “alexa” is just the softened voice of the amazon sales machine, and is always listening and remembering never completely goes away.
In my experience ordering from the Warehouse always added the extra thrill of not knowing which essential bit of the product will be missing when it arrives. Sometimes it’s nothing, or just the instructions, or a useless installation CD; sometimes it is inexpensive easily-sourced hardware; sometimes it is 1/3 of a 3-pack of whatever I was buying. It happens so often that it has become a running joke in the household.
Ahh, the Ikea experience but for used stuff. Nice.
Anybody who uses the echo dot, do you need an external speaker to listen to NPR or music or is the built in speaker passable enough?
Depends on the size of the room. It is fine in a small room. It does supports bluetooth speakers and line out as well.
The echo dot is surprisingly loud. You won’t have problems listening to podcasts if you’re in the same room.
I love it when there is a commercial or someone one on TV says “Alexa” and mine fires up and talks. I think a great ad for buying another one should be broadcasted so existing Dots buy another one themselves.
This topic was automatically closed after 5 days. New replies are no longer allowed.