The latest generation of chatbot toys listen to your kids 24/7 and send their speech to a military contractor


Agreed. I’d classify these stories more as truthy than fake.


Relevant article with more technical details on how these kind of devices work


That’s naive. Really naive. The reason you train them to learn a specific phrase is to avoid false positives that would cause it to wake up when that was not the user’s intention. If the goal is to record all conversations then waking up on any phrase would require no training at all. Just enough factory programming to recognize sounds in the typical human frequency range.

You’ve got the requirements for surreptitious recording completely bass-ackwards.

Furthermore there is no need for real-time transmission of recordings back to the mothership. That’s only a requirement when the user is actively engaging with the device. An eavesdrop-mode could record to local flash memory and then batch up transmission when the user deliberately interacted with it. Just 4GB of flash could easily hold 24 hours of compressed speech, which would probably cover at least a week of eavesdropping since people won’t be talking around it non-stop. And if it runs out of local storage, no big deal, just throw out the old recordings to make room because the goal would not be perfect coverage, just to get whatever is easily gettable.


I’m thinking “hilariously misguided”


Again, this is making up a problem that doesn’t not exist. We’re discussiong how this process ACTUALLY works, and it does NOT work as Doctorow described it.


Except that due to the completely open-ended terms of service that’s the way it could actually work tomorrow - the hardware is capable of it today. Hell, for all we know, that’s the way it is working today - all we are going on is trust that the way we’ve been lead to believe it works is the way it currently works.

There is precedent. Vizio tvs do low-rez framegrabs of everything you watch regardless of source (catv,dvd,pvr,roku,etc) and stream them back to the mothership. That was not publicly known until someone went full wireshark on one and discovered it.


I think the amount of credulity that people display around “but {corporation} says it only sends my active requests to the server, so that must be the truth now and for all future updates to the Terms & Conditions” is pretty astonishing considering that total, constant surveillance is the openly pursued goal of every state & corporation with the means. The digital assistants may not currently be spying on you, for whatever your personal definition of ‘spying’ is, but they are absolutely capable of doing so at any time.


If I had an inquisitive kid in my family who wanted to learn a language, I’d get them an Arabic course… and one of these toys to practice with :grinning:


No, I will not, and I don’t appreciate being asked.


Great! It’s got a bunch of crap including: movies and TV that I watched, podcasts, YouTube, random music, etc. Incidental speech happens a bunch more than me speaking.


Yes. A list of what you watched / listened to and at what time is valuable data. See the above reference to vizio selling their customers viewing habits. We’ve also seen reports of commercials embedding ultrasonic audio beacons to help eavesdropping apps figure out what content people are watching.


Nuance’s offerings are a bit of an alphabet soup; but the major breakdown is between the ones that do speech to text locally(the boxed retail ‘Dragon Home’, its ‘legal’, ‘medical’, ‘law enforcement’ and ‘professional’ flavors; and the Dragon SDK, client and server) and the various faces of Nuance’s cloud-based service; either sold under one of their brands(“Dragon Anywhere”, “Dragon Medical One”) or integrated into 3rd party products through their SDK.

Of note, their ‘standard’ SDK appears to be cloud-only; and points users with medical needs to their healthcare specific offering which offers

“Global, enterprise-class, speech
platform with hosted (USA only)
and on-premise (EMEA, APAC,
and LATAM only) configurations”

so, apparently, in the US the answer is “Our cloud is totally HIPAA compliant, so like it.”; but I can only assume that somebody in the EU and elsewhere sent them a stern nastygram about storing and processing medical data in American jurisdiction.

The one somewhat curious thing is their “Dragon Anywhere” offering. They pitch it as being an ‘enterprise’ thing; and it is included in the upsell with some of their volume licence-management stuff for professional versions of Dragon; but all the “Data Policy” has to say is

“By using Dragon Anywhere, you expressly consent and agree that Speech Data, which may contain personal information, shall be stored and processed in the United States. “Speech Data” means the audio files, associated text, transcriptions and log files provided by you or generated in connection with Nuance Products.”

Which does tell you what jurisdiction ‘the cloud’ is in; but isn’t much of a privacy policy. The datasheet notes that “All client/server communication is encrypted” and “user accounts are password protected” and “Dragon Anywhere does not access content on your device, such as contacts or your location. You control what data is available to the system, based on what you dictate”; all of which beat the alternatives; but still don’t amount to much of a privacy policy for what you do dictate; what with dictation being the whole point and all.

So, um, that’s my rambling not-really-answer. There’s the client/local server stuff; the “I’m Hip to HIPAA” cloud for Americans, the locally hosted version of that for foreigns; and the ‘it’s private as in hopefully protected from hackers’ consumer cloud stuff.

Presumably, customers more serious than the ‘Emerald’ SDK tier get their own privacy policy; and may also get to run the cloud-ified versions of Dragon locally on their systems, if their checks are big enough; but that would be between them and Nuance.


Norwegian Consumer Council had someone look into how these work: They somewhat support Cory’s conclusions…


So “Small Soldiers” isn’t that far fetched after all?

closed #36

This topic was automatically closed after 5 days. New replies are no longer allowed.