fbpx
Site Loader

With enough people opening up an Amazon Alexa-powered device this Christmas to crash the majority of the company’s European servers, many can’t help but worry for their privacy. How else is it picking up your voice if it’s not always listening? What if it’s listening for more than just the wake word? It’s a topic worth talking about, but it’s also one that I see a lot of misinformation about. If you want a quick-fire answer as to whether your smartphone, smart home device or computer is listening to you, the answer is no. It’s not feasible, nor is it worthwhile to companies. If you want to know why it’s not feasible, then read on.

Legality

The first reason this is impossible is due to the legality of always-listening. Companies serving within the EU have to abide by the EU General Data Protection Regulation, or GDPR. The GDPR is why you now have to give explicit consent to companies to use cookies on your computer, but there are other provisions which apply here. GDPR has taken a provision from the Data Protection Act of 1998 and made it so that you can request all data a company has on you for free. Previously, companies could technically charge you for the privilege of accessing your own data that they had on you. Companies only have one month to respond to that request as well. All data that can be identifying to a specific person must be released, which would, obviously, include voice recordings.

But when has the law ever prevented a company from doing something? Surely a company as big as Google could pull it off? Not quite. Facebook, a company of similar stature, has been on the wrong side of regulators in the past few months, coming under fire from every which way. Google has also had its fair share of regulatory issues, facing the largest EU fine yet after it was found to be guilty of antitrust violations thanks to its Android operating system. These weren’t for privacy concerns as such, they were because the company was seen to be “illegally tying” Google Chrome and its search application to Android. Nobody is a fan of Google right now, and if there was even a hint of malpractice, EU regulators would be knocking on their door and it would be discovered very, very quickly. It’s risky – not to mention expensive – for the little gain a company would receive.

Logistics and feasibility

Assume for a second that your shiny new Amazon Echo is always listening, sending off your data to a server somewhere in Europe. If the company is smart, they’d send the data to a server outside of European jurisdiction. For argument’s sake, let’s assume that Amazon has a server in a location where the government facilitates data collection, and that your Echo is always listening and sending off data to that undisclosed location. Now let’s assume that EVERYONE has an Amazon Echo sending data to these servers. That’s a huge amount of data to be collected, analyzed, processed and attached to an account every second. Let’s say a company could somehow pull off providing that server power to process the constant data stream from 50 million devices worldwide, surely there would be a paper trail of some kind? It’s really not hard to monitor your network connection and see what traffic is going through your network. If it were the case that your devices are always listening, there would be evidence of that. A common video I have seen cited as evidence of Google always listening is the one below.

However, the creator himself admits that his testing was not rigorous nor conclusive, and that there were many errors made that skewed the results. A much better and more conclusive video would be the one below, which the creator of the previous video says you should check out.

So, where is the actual evidence? In the case of your computer always listening, it’s extremely easy to check for when a program accesses your computer’s microphone. In the case of a Google Home or an Alexa-powered device, you can just monitor your network traffic. Finally, if it were your smartphone, for an app to access your microphone without your permission is basically just straight up impossible. The battery life would be completely destroyed and it would be easily detected as numerous aspects of Android are open source or easily reverse engineered. For example, with OnePlus, people were convinced that the company was sending data back to Chinese servers after an update was dismantled and trawled through. These aren’t the experts who will be focused on the likes of Amazon and Google’s devices either – for the most part, these are hobbyists looking at the work of a major Android device manufacturer. It’s not a terribly hard job to spot malpractice when it involves using your internet connection and device resources to do so.

But what about wake words? The same applies. It wouldn’t be hard to identify when a device wakes up based on certain words or phrases used. Wake words don’t require a network connection either, so your device doesn’t have to be always connected to the internet. Disconnecting my Google Home Mini from the internet and saying “Hey, Google” gives me a response which suggests that wake word recognition is hardcoded. It’s a non-issue. These wake words, in Android smartphones anyway, are very limited. This is all without even talking about data usage.

So what’s actually happening?

Google figures out what you want to click on based on a number of (arguably creepier) criteria. Google uses the following information (taken from this XDA-Developers article on the same topic) to decide what advertisements it should show you.

These are all linked to your Google Account, so device used doesn’t usually matter.

But why is it that when you mention something out loud, it starts appearing in your search results? There are a number of reasons for this, with the most prominent being known as a cognitive bias. Known as the Baader–Meinhof effect (or just frequency illusion) this is a phenomenon where something mentioned recently seems to appear with increased frequency afterward. It could also be that somebody else on the same Wi-Fi network Googled it having overheard your conversation, so Google thought that it was you.

Conclusion

In conclusion, no, your smartphone, smart home device or computer are not always listening to you. It’s not feasible for companies to do so, it would be easily detected and the ramifications for a company caught partaking in such practices would be devastating. Devices released nowadays are just notcapable of it, and companies aren’t going to invest in infrastructure supporting such a violation of privacy if it meant investing in their own eventual downfall.

While we only talked about Amazon and Google throughout this article, every other social media giant is in the same boat. In fact, companies like Twitter and Facebook don’t make their own operating system, so they are at the mercy of Google or Apple if they want to somehow engage in always listening behaviour. At least on a system level, you could argue that either of those two companies would make use of specialised hardware to always listen in to your conversations, but a mere app on your device obviously would not have access to that.

Hopefully, this article may have put to bed any fears that you may have, and that you can enjoy the new devices that you may have gotten for Christmas worry-free!

Post Author: Adam Conway

An Irish technology fanatic in his second year of a Computer Science degree. Lover of smartphones, cybersecurity and Counter Strike. You can contact me at adam.conway@irishtech.ie.