Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Google Microsoft Technology

Uncovered: 1,000 Phrases That Incorrectly Trigger Alexa, Siri, and Google Assistant (wsj.com) 53

An anonymous reader quotes a report from The Wall Street Journal: As Alexa, Google Home, Siri, and other voice assistants have become fixtures in millions of homes, privacy advocates have grown concerned that their near-constant listening to nearby conversations could pose more risk than benefit to users. New research suggests the privacy threat may be greater than previously thought. The findings demonstrate how common it is for dialog in TV shows and other sources to produce false triggers that cause the devices to turn on, sometimes sending nearby sounds to Amazon, Apple, Google, or other manufacturers. In all, researchers uncovered more than 1,000 word sequences -- including those from Game of Thrones, Modern Family, House of Cards, and news broadcasts -- that incorrectly trigger the devices.

"The devices are intentionally programmed in a somewhat forgiving manner, because they are supposed to be able to understand their humans," one of the researchers, Dorothea Kolossa, said. "Therefore, they are more likely to start up once too often rather than not at all." When devices wake, the researchers said, they record a portion of what's said and transmit it to the manufacturer. The audio may then be transcribed and checked by employees in an attempt to improve word recognition. The result: fragments of potentially private conversations can end up in the company logs.
The research paper, titled "Unacceptable, where is my privacy?," hasn't yet been published, although a brief write-up of the findings can be found here.
This discussion has been archived. No new comments can be posted.

Uncovered: 1,000 Phrases That Incorrectly Trigger Alexa, Siri, and Google Assistant

Comments Filter:
  • by Tablizer ( 95088 ) on Wednesday July 01, 2020 @05:14PM (#60252062) Journal

    "Alicia, are you serious about the size of my goo goo?"

  • Well duh (Score:5, Insightful)

    by Rosco P. Coltrane ( 209368 ) on Wednesday July 01, 2020 @05:21PM (#60252092)

    When devices wake, the researchers said, they record a portion of what's said and transmit it to the manufacturer. The audio may then be transcribed and checked by employees in an attempt to improve word recognition. The result: fragments of potentially private conversations can end up in the company logs.

    Oh come on: if you buy one of those awful devices, you *know* whatever you say to it will be shipped off to some server somewhere - and the data mishandled, and whatever private information you give it milked for all it's worth - even if it records exactly what you want to say to it and nothing more.

    I don't get people who are okay to ask "Alexa, what's the best cure for the claps?" or "Google, pay the milkman with my credit card number XXXX" but get their pants in a knot when the damn device triggers unexpectedly when their TV blurts out something unfortunate.

    If you're truly concerned, stay clear the hell away from those services. If you use them, don't come crying afterwards when Big Data invades your privacy. It's that simple.

    • Re:Well duh (Score:5, Interesting)

      by AmiMoJo ( 196126 ) on Wednesday July 01, 2020 @05:43PM (#60252148) Homepage Journal

      Google is moving towards having all the transcription done locally. The Pixel 4 does it locally in some situations such as voice transcription/typing, real time subtitles on media and when screening calls. It's more responsive that way.

      If course complex queries are still handled by Google servers but stuff like app launching its entirety local.

      It would be nice if there was a local only mode.

      • by DogDude ( 805747 )
        I would be shocked if even if they're doing some stuff locally, that they're still not saving, archiving, and analyzing everything that goes through those devices.
        • by Geekbot ( 641878 )

          You have to remember that Google as a search company has nothing of value except for your data. To me that makes them the most trustworthy of search engines. If public confidence in Google was lost, they would lose the data that makes them valuable. So they have every reason to be at least as privacy conscious as the next guy.

          • by DogDude ( 805747 )
            s. If public confidence in Google was lost, they would lose the data that makes them valuable. So they have every reason to be at least as privacy conscious as the next guy.

            You're assuming the public cares about their data. I would take serious issue with that assumption.
        • by AmiMoJo ( 196126 )

          Unlikely, at least in the EU where it would be a huge GDPR violation since they need to ask explicit permission and don't.

      • Google is moving towards having all the transcription done locally.

        That's not really relevant. The information still needs to come from somewhere and do something. This will almost universally result in a Google search, a change in your Google account such as a calendar entry, a request via google's cloud for your phone to do something etc. etc.

        But then on the flipside, who cares. Your data is like the coca cola recipe for Google. It is kept locked away and used to make money, and not just handed over wholesale to a 3rd party. There are lots of places I don't want my data

    • Who doesn't use them? That smartphone in your pocket has exactly the same trigger words.

      • Who doesn't use them? That smartphone in your pocket has exactly the same trigger words.

        Only if you havent figured out a way to disable it yet.

  • Its obviously a spy and provides dubious convenience, yet people keep buying them.

    • by friedmud ( 512466 ) on Wednesday July 01, 2020 @05:42PM (#60252146)

      Dubious it is not.

      Every light in my house is a connected light. My thermostat and front door are too. I have a google home in every room - it becomes absolutely second nature to talk to them to do all kinds of stuff. Everyone in my hous interacts with them all day long.

      Now - is it worth the privacy tradeoff? For me, it is. Would I rather them not send my speach somewhere else. Definitely. But, they are incredibly useful so they are here to stay.

      Apple is doing more and more "on device" now. iOS 14 (just announced) will do most Siri processing right on the phone without sending it somewhere else. I suspect this will end up in a Homepod soon as well. That's definitely the future...

      • I feel like you must have a terrible home layout if that crap is saving you more time than it cost you to buy and set up. Alternately you've suffered a loss of physical functionality, in which case I celebrate your access to this technology.

        • See my reply to someone else below. Once you get used to it, and it's in every room - and every light/thermostat/door lock/TV is connected it changes the way you move and interact with your house. The house fades into the background - you do the things you want to do and the house responds.

          You may not find utility in that - but I can tell you that I thoroughly enjoy my connected home.

        • I feel like you must have a terrible home layout if that crap is saving you more time than it cost you to buy and set up.

          Do you use a remote control for your TV or do you get up and walk over to it every time you want to change the channel?

        • crap is saving you more time than it cost you to buy and set up.

          Why does everything have a cost associated to it? Do you calculate the dollar value of standing up to change a TV channel when you bought your first TV with remote? I didn't think so.

      • Found the person too lazy to get their ass off a couch to turn the light off. /s

        • See my reply to someone else below. If you haven't lived in a fully-connected house then you can't understand just how convenient it is. Your habits change and your house (lighting/temperature/etc.) does what you want it to when you want it to.

      • by DogDude ( 805747 )
        You use light switches generally twice a day. To flip a light switch takes a fraction of a second. So you're potentially saving a few seconds a day, in exchange for giving an advertising company a 24/7 permanent recording of everything that happens in your house. That's an interesting decision to come to.
        • You know how every other episode of Investigative Discovery heavily implies that you should not take your gps-equipped locating device to a murder?

          With cameras everywhere outside your home, often to the detriment of overzealous law enforcement officers, the convenience-loving, "If you have nothing to hide" crowd, is perhaps too quick to forfeit the last vestige of privacy... inside your home.

        • Maybe _you_ only flip switches twice a day because it's inconvenient. I change the lighting all the time, throughout the day and night - changing brightness, turning on and off sets of lights. Not too mention automation which turns off all my lights automatically when I leave the house or go to sleep.

          A couple of concrete examples with my toddler:

          He's all dirty, I'm carrying him into the bathroom - the light automatically comes on because it senses it's dark but not yet bedtime. I can put him in the tub w

          • I could be mistaken, but it sounds to me like you prefer to control ambient light rather than employ task lighting and mood lighting. I would find that kind of environment very stressful.

          • by DogDude ( 805747 )
            .... and you're Ok with some giant corporation keeping (and owning) a permanent audio and video record of all of this. Wow. I have a really hard time understanding how somebody could come to this decision.
            • .... and you're Ok with some giant corporation keeping (and owning) a permanent audio and video record of all of this

              I'm curious what you think the giant corporation is going to do with it.

              • by DogDude ( 805747 )
                Does it matter? Unknown number of strangers have 24/7 audio (and video?) of your family in their house. Personally, that's creepy enough for me.

                But, considering the advertising owns the recordings, they could literally do anything with them. Sit around and laugh. Jerk off. Stalk you. Use the audio/video in commercials. Who knows?

                Again, I thought that most people would not want random strangers to have 24/7 recordings of the inside of their house, but hey, if it helps flip those darned pesky ligh
                • Does it matter? Unknown number of strangers have 24/7 audio (and video?) of your family in their house. Personally, that's creepy enough for me. But, considering the advertising owns the recordings, they could literally do anything with them. Sit around and laugh. Jerk off. Stalk you. Use the audio/video in commercials. Who knows? Again, I thought that most people would not want random strangers to have 24/7 recordings of the inside of their house, but hey, if it helps flip those darned pesky light switches for ya', I guess it's worth it...?

                  So, it sounds like you aren't so concerned about what the corporation could do for business purposes (they clearly couldn't use the audio/video in commercials), but about what random employees of the corporations could do. Would it make any difference if you could have an ironclad guarantee that no humans would ever be able to access the data?

          • Once you get used to this it becomes absolutely second nature.

            Wait 'til your "toddler" learns to talk. His first words will be "Hey Google..." and you'll be ripping those devices out as fast as you can find a claw hammer.

            • by AmiMoJo ( 196126 )

              Fortunately Google can be set to only respond to your voice and ignore everyone else.

              • Spoken like a true non-parent.

                You think all those parents out there want their kids to play with their expensive iToys? Even after breaking three of them? The kids are doing it anyway, it's the only way to keep them quiet.

          • by AmiMoJo ( 196126 )

            My lights are still manual with a remote control but I can confirm the utility of being able to change them. I use full 4000k for working on stuff, trimming my nails etc. 2600k for relaxing in the evenings. Dimmed for getting ready to sleep.

            The main problem is that you have to import these lights and getting replacement bulbs can be tricky. In some countries they are widely available but not here.

      • Would I rather them not send my speach somewhere else. Definitely.

        Your speech is irrelevant. You want something done with your speech and that will result in your devices sending instructions somewhere to something. The people saying it's better to do everything locally seem to forget the result of their local efforts is typically a Google search, or Google API call tied to your account.

        There's nothing that can be done with these devices locally other than maybe setting a timer for 10 minutes, and then a $2 kitchen clock from ebay can get that job done.

    • by cusco ( 717999 )

      Oh, good grief, your conversations at home aren't really that interesting to the rest of us. You're not an international spy or CEO of a multinational corporation so your conversation with the cat are perfectly safe because no one really gives a shit.

      • You totally do not get the point.
        Next you will say "Trust the cops, they won't shoot you without reason."

        • by cusco ( 717999 )

          You're right, I really don't get the point. Unless you've named your Fleshlight 'Alexa' it's exceedingly unlikely to catch anything even vaguely interesting by accident.

      • you're not a ... multinational corporation so [no one cares about] your conversation with the cat are perfectly safe because no one really gives a shit.

        Not true. They're trying to find the few conversations where the cats DO talk back. A few of Elon Musk's catgirls have gotten out and they're searching for them any way they can.

        Just because YOU don't have anything to hide doesn't mean that *I* don't.

        Hmmm? What's that you want? What, again?

    • by hey! ( 33014 )

      Because it's not obvious to people who don't habitually think about how things they buy actually *work*.

    • You mean, devices like that smartphone in your pocket, that is triggered by exactly the same trigger words?

  • Oblig. (Score:5, Funny)

    by Megahard ( 1053072 ) on Wednesday July 01, 2020 @05:26PM (#60252108)
  • by rworne ( 538610 ) on Wednesday July 01, 2020 @05:56PM (#60252182) Homepage

    Been done before.

    Funny and creepy to watch [cdnja.co], but not experience I guess. This is a video of someone trolling a live streamer.

    A word of warning: Do not play loud if you have Apple devices within earshot.

  • Siri is still stateful but has gotten really good at some things (as has iPhone dictation). I had it set to require a press of the power button to start Siri but since staying at home just kept it on. I donâ(TM)t have a TV to trigger it and telling Siri to set an alarm or timer while technically very simple is extraordinarily robust at recognition. It just works and is opt in already.

  • I remember voice commands systems that used to require you train a specific template for each voice that wanted to use them. The required no network and worked reasonably well. I would really like to see more of that type of system of the market, been thinking of writing one for my phone. Anybody know of one out there already or some kind of an a good Open source starting point?

news: gotcha

Working...