(Virtually) No one should ever own an Echo or any other "voice assistant" product


Yeah, I just tried to make the same point. People will get all tinfoil-hat about this but security labs confirm that they don’t send data when the trigger hasn’t been uttered and the sizes of the packets are reasonable for the few seconds recorded.


Would you say it was better or worse than a big-box-specific gift card for the same amount? I never give gift cards, as they seem so impersonal, and worse than just money, but maybe this is an angle I hadn’t considered…


Absolutely true there is a risk for cons. I am on high alert for my mother getting conned by all manner of “Nigerian princes” or email attacks. I talk to her about it constantly, and have her rightfully worried enough that anytime something even slightly unusual comes up, she asks me first.

Except once - she clicked on some link or ad on a site and it brought up a popup window with a loud audio alert warning her that her computer had been infected and that she needed to call a phone number to solve the problem. Needless to say, she was a perfect mark for this scam. She dutifully called the number, was warned about how bad of a virus situation she now had on her iMac, and dutifully handed over her credit card information to pay for the $350 service which would “rid her iMac of the virus”.

She felt terrible once she realized she had been scammed and we were able to get the bank to cancel the charge and replace her card. It’s those kinds of scams I worry about with her, not a con person hacking into her personal Echo Dot. I suppose it’s possible, but it would require a tool that hasn’t been identified yet on Boing Boing. I read this blog every day, so if that tool is identified, I’ll be removing the Echo Dots from her house.

As for Amazon itself, I can’t imagine they would stoop to any cons beyond suggesting she put a more expensive pair of comfort shoes in her cart, as the publicity blowback would be bad. But with the richest, greediest man in the world at the top of that rapacious company, I’m not naive about it and watch her and her financial habits like a hawk.

So yes, utility is high for the Echo in this case. For an elderly person, the risk is high with literally everything (driving, managing money, buying shoes), so I felt it was worth the tradeoff.


Well, since it was well north of $100 and I usually get gift cards in the ca. $50 realm it was much better :wink:


The sounds of you doin’ it.


I have an Echo in my kitchen. I use it to do the following things:

  • Set timers over voice command while cooking.
  • Control my Sonos or play music. (somewhat poorly)
  • Play/pause music / audiobooks / etc from my phone over bluetooth.
  • Turn the TV on and off.

If someone sold an open source or at least totally localized piece of tech that did the same thing, I’d buy it instead, because really very little of that requires internet access. But since they don’t, the ability to do all those things handsfree while cooking is a huge bonus to everyday life. I mean, the TV less than the others.

Ultimately the problem I have here with this article’s premise is that the cat’s ALREADY out of the bag when it comes to this. If your point is ‘one inch is TOO FAR’ then throw your cellphone in the garbage and hope the battery runs out soon. Clearly the point isnt ‘there are tradeoffs here’ given the clear language and description used, so I have no idea what the point is.

I’m happy to have a discussion about privacy. I think it’s very important that people are spending a lot of time thinking about this and tinkering with these devices and releasing real information about security work.

But ultimately this boils down to ‘BURN THE WITCH! Oh, but not THAT witch. I really LIKE that witch. She has reddit.’


I really struggle to see this as anything but silly, tech-phobic fear-mongering. The article exploits people’s natural desire not be be spied on with scare words and half-developed premises expressed in about the most hyperbolic way possible.

These devices only listen for a wake word before sending your voice input to the cloud for processing.

Assuming they could be hacked to no longer need the wake word… …why?

With all the means of surveillance out there–my phone, my computer, my neighbors, the guy in that van parked outside of my house-- I’m supposed to avoid using a piece of tech that I’ve come to find extremely useful and convenient because “someone” might use it to overhear me asking my wife if the dishes in the dishwasher are clean, or asking my dog if he needs to go pee?

Maybe if I was an international drug dealer, I’d think twice, but spare me the bullshit hand wringing about the privacy risk I’m taking having one in my kitchen. Thanks, but so many ridiculously unlikely things would have to fall in to place before that even became a remote possibility I think I’d have plenty of lead time to deal with it. Until then, I’ll keep using my Echos.

I’m also annoyed by the implication that I’m risking my privacy for something “trivial”. I use my Echo all the time, it’s in no way trivial to my lifestyle. The only trivial thing is the exceedingly remote risk to my privacy having the device presents. Dismissing it as trivial and unnecessary because you don’t see the value smacks of those “who would ever need a computer in their house?” type statements from years ago.


I am extremely skeptical about the claims that your Echo or gHome will be hacked and used to blackmail you. Do Amazon and Google ship buggy software? Hell yeah - but how many people will have these devices exposed to the public internet, instead of behind a firewall? All three of them probably already had their Samsung smart TVs hacked anyhow.


i found the reizen talking calendar to be one of the best helpers while caretaking my grandmother with dementia. she got to calling it “my boyfriend”.

the big clocks with date/day/time simply had too much information for her to process and became frustrating for her.

another great tool for mid-to-late stage was this: (it really helped stop the “need for breakfast” after waking up from every nap)



“We do know that Amazon will hand over your Echo data if the gadget becomes involved in a homicide investigation. That very thing happened earlier this year, and while Amazon had previously refused to hand over customer data, the company didn’t argue with a subpoena in a murder case.”

I dislike voice assistants and don’t have one. Both “OK Google” and “Hey Siri” are disabled on my phones. HOWEVER, in this case, Amazon REFUSED to comply with the court order UNTIL the owner of the device asked Amazon to send the recording(s) to the court. Presumably, the owner/defendant figured that the recordings would help demonstrate his innocence.


I love using the Echo to listen to music. Telling Alexa to play something is so much better than navigating through an app or other control.

I do have a plan to avoid the big brother-ish downsides of a continually monitored audio environment at home. I’m going to wait until the hardcore hacker community who obsessively tracks these issues tells me that the Echo is no longer phoning home only after it hears the activation word. At that point I’ll unplug it and ask Amazon for a refund.


This is the thing that gets me. That Amazon/google are intermediaries for any interaction with these devices. It’s also the very thing that allows them to exist in the first place.
Now, just saying that you personally don’t find these devices useful doesn’t get us anywhere, that just puts you a little bit closer to being a luddite. Nothing wrong with that. But that doesn’t make them useless.
The thing we should be pushing for here, and it is not limited to the Echo, is the ability to operate them without phoning home, but that business model is all too pervasive now, it’s been there before these assistants existed and I would argue, it’s the only major flaw with them.


and i see so much risk in using a mobile device i don’t own one. i refuse to pay money to own a tracking device that can be hacked by any government and any major criminal organization. so far i don’t have any friends who own one of the above-described objects because i wouldn’t go into a house that has one.


See, I think this is basically the intellectually honest thing to do if you’re REALLY concerned about these devices - no cell phone, no devices of any kind with microphones and internet connections. Notably, I think it’s crazy, but I can respect it.


This. so very much this!

You lost me here. Privacy is valuable, even banal conversations about taking out the trash. If I can’t keep uninteresting conversations safe, what hope do I have of keeping anything else private?

I agree, my Echo dot is probably the least of my worries, privacy wise. That doesn’t mean that I don’t expect my interactions with it to be if not private, at the very least, confidential, which in this day and age, is just another layer of privacy.


I also think this is reasonable - I don’t have an echo in my bedroom or in my office where I discuss actual financial stuff with my wife. I have some modicum of concern about it, but it’s mostly just like ‘I shouldn’t ask Alexa to remember my SSN’.


As long as people like yourselves rid themselves of any internet-connected device containing a microphone, you’re at least being consistent and true to your paranoia.

As others have mentioned, it’s people who won’t go into homes with Echo devices (or their like) but will cheerfully use Gmail or mobile messaging or webmail and think they’re somehow “avoiding all surveillance” whom I really think are silly.


When you’re not using your voice assistant, keep it from getting bored with some ambient noise.


The NSA has been doing exactly this for decades, to whit: Keyword searches on the raw cellular take of multiple continents simultaneously. This is not only possible, it is common.

Yes, really. What did you think they needed exabyte-scale storage for…?


I share Cory’s disdain for these devices, but I do have another use case. I have an adult daughter who has a severe cognitive disability.

Things like Siri and the Google Assistant have been a godsend for helping someone who has enormous difficulties reading and managing complex tasks to be have access to these tools.

Putting these in standalone devices make these sorts of tools that the rest of us take for granted accessible to a wide range of people who simply cannot use traditional computing devices.