Amazon Won't Say If It Hands Echo Data To The Government

rgMekanic

[H]ard|News
Joined
May 13, 2013
Messages
6,943
It's been 3 years since Amazon finally relented and became the last major tech company to release a transparency report on what requests for data it receives from the government. ZDNet is now reporting that those reports, were not so transparent. Aside from not publishing how many users are affected by data requests, it turns out that the transparency reports published in the past, focused solely on Amazon, and not AWS. Amazon also refused to say which products, services, and divisions the data in the report related to.

It's a bit frightening how much data companies like this have on it's consumers, with no way of knowing what they are doing with it. And the fact that Amazon, at least appears to be obfuscating the data as much as possible only makes matters worse. I still find it silly to pay $100 for a 7 microphone, beamforming, noise cancelling, wiretap; but for those that do it, it's important to know how much of, where that data ends up.

What started as a debut transparency report attempt, with all the hallmarks of aiming to appease its AWS customers (and misconstrued by this reporter), quickly became, albeit three years later, a successful effort to mislead and confuse by deliberately avoiding answering a simple question.
 
Of course it does. Amazon has the data, and if the government provides them with a subpoena or National Security Letter, they have to, it's the law.
 
A device that's always listening what can possible go wrong? :)

Ahhhh,...you know the ones who bought those devices are going to come in here and tell you it does not listen all the time?

Try bouncing back with, "but does it have the ability to do so?" and see what happens.

They will also try the "what do you have to hide?" argument.

Try this, "Well, why should I give away what is worth so much to them?"


I am going to grab some popcorn and a drink. :)
 
In the 80's, there was an electronics magazine that had a DIY plan for a laser listening device. You'd have a laser point at a window, and bounce off. The receiving end would translate those vibrations from the movement of the window into audio. Easy, DIY spying.

If you're wanting privacy, go somewhere that you know is secure. I have several Dot's in my home, my information is out there. If I want a private conversation, I have places I can do that. Aside from those physical things (mic's in the trees, lasers at windows, etc..).

If I appear to be an open book, then they would think they have everything on me. If they can't see/hear/track those 'private' times, then they don't exist. They think they have the whole picture, but they don't see my underground bat cave/sex dungeon/sheep farm.
 
Amazon says... which means it already has but it can't admit it because of anti-terrorism laws.
 
In the 80's, there was an electronics magazine that had a DIY plan for a laser listening device. You'd have a laser point at a window, and bounce off. The receiving end would translate those vibrations from the movement of the window into audio. Easy, DIY spying.

If you're wanting privacy, go somewhere that you know is secure. I have several Dot's in my home, my information is out there. If I want a private conversation, I have places I can do that. Aside from those physical things (mic's in the trees, lasers at windows, etc..).

If I appear to be an open book, then they would think they have everything on me. If they can't see/hear/track those 'private' times, then they don't exist. They think they have the whole picture, but they don't see my underground bat cave/sex dungeon/sheep farm.

So because someone could, hypothetically, bounce a laser off your window to listen to you, you're ok with a non-hypothetical device that is absolutely listening to you and feeding it into a corporate database?

It's not about having something to hide, it's about giving corporations/government enough data to monetize, and potentially influence and control, every aspect of human existence.
 
One of the reasons I don't want an ecobee 4, trying find a decent price on the 3. I don't need a listening device sending everything I utter to some giant corporation, nor do I need them handing it over to the govt.
 
So because someone could, hypothetically, bounce a laser off your window to listen to you, you're ok with a non-hypothetical device that is absolutely listening to you and feeding it into a corporate database?

It's not about having something to hide, it's about giving corporations/government enough data to monetize, and potentially influence and control, every aspect of human existence.

Well, since you put it that way, yes. Giving them ways to monetize things (more taxes to pay) is a good idea. More jobs for hard working Americans.

I give more information to the internet, really.

I have Dot's. I'm fine with it listening and providing me with a service. At this point, if you're posting here, you're already part of the system that you don't like. What sites you visit, where you shop, etc. are all in a corporate database. You're never really truly 'off the grid' these days. Big Brother took over your privacy decades ago. Now, instead of them taking, we're just giving. Do I like it? No. Do I trust them? No. Do I feel that I'm at risk of being fucked by them? Not really. Not right now, anyway. If I had any doubts, I wouldn't be posting here, and I wouldn't have anything powered on, including my cell phone. I'm just not to that point yet. If I feel I'm getting fucked in the ass dry by Amazon or Big Brother, I'll reconsider. Right now, it's just business. They provide me with a service, I provide them with my information.

And, yes, I do know that Facebook (and others) listen to conversations. Others have said the same. Have a conversation with someone and a day or two later you start seeing ads or posts about that product in the conversation.

So, have a nice spot where you can talk about midget tranny porn in private, otherwise you'll see that shit on Facebook. Which isn't that bad, just a little too censored for my taste.

I used to be paranoid about Big Brother and shit, but now I've pretty much accepted it and know when/where I have actual privacy. Not that they'd want to come after me, anyway. I just like my privacy at times. I don't care if they know about my browsing habits, porn preferences, products I buy, etc.. It's just when I fuck a troll and get warm goo on me that I want to remain private.
 
Can someone tell me what really the difference between one of these devices and your cell phone that you carry with you everywhere? I mean in theory they could do the same thing with your cell phone, right?
 
Can't comment on Google devices, but I have several friends who work for the Alexa division at Amazon, and much of the workings of the Alexa/Echo devices are public knowledge if you are a skills developer or connected home, etc. tech partner so I'm not really revealing any major secrets here.

The Echo units have two main "modes." The first is a small firmware chip wired to the microphone that only contains about 50-60k of onboard memory. Its only purpose is to listen to the wake word, "Alexa," "Echo," etc. It doesn't do any actual language processing for this, but only listens for distinct combinations of syllables. This is why they can't be programmed to respond to arbitrary words.

Once the firmware chip hears the wake word, it powers up the main ARM chip, which runs a stripped down version of Linux. This startup process takes just under a second, during which time the firmware chip has barely enough memory to buffer what you're saying if you immediately start talking after the wake word without pausing. Once the ARM chip is on, the blue ring on the top illuminates and recording begins. The firmware chip dumps its buffer to the start of the recording and then serves as a pass-through for the mic. Only this main ARM chip and OS has access to the networking interface, in or out.

The purpose of this next stage is to wait until it's heard what sounds like a real natural sentence or question. Amazon is not interested in background noise -- that would be a waste of bandwidth and resources. So there is a rudimentary natural language processing step done locally to determine when you've said a real sentence and stopped speaking. It also handles very simple "local" commands that don't need server processing, like "Alexa stop." Only at that point is the full sentence sent up to the actual AWS servers for processing.

It is physically impossible for the device to be secretly constantly listening, as the mic, networking, main wake chip, blue LED ring, and main ARM chip just aren't wired that way from a power perspective. If you are curious to confirm any of the above, try disconnecting your home internet and playing around with the Alexa a bit, and you'll see that it only even realizes something is wrong at that very last step, when it goes to upload the processed sentence to the servers.

As for the stories about "eerie" advertising coincidences popping up due to things you've said around Alexa, it just goes to show how spooky accurate advertisers' overall profiles are of you these days. They can track everything you have done across every device you own, and then make such educated guesses about what you're probably interested in that they don't even need to listen in your home.[\quote]

 
If you dont like it then dont use it or their services. You have to realize that they can and will be not only turning over the data when required to do so by the courts but also selling your data to the highest bidder. Anyone who thinks a company that is collecting any sort of data on you wont use it to their advantage is just stupid.
 
I still find it silly to pay $100 for a 7 microphone, beamforming, noise cancelling, wiretap; but for those that do it, it's important to know how much of, where that data ends up.

Besides the fact that I won't put a wiretap in my house voluntarily. I also find it silly to pay to be the product. Most things that make the consumer the product are free.
 
So might as well just be echoing everything to the government (and anyone who will pay).
 
If you dont like it then dont use it or their services. You have to realize that they can and will be not only turning over the data when required to do so by the courts but also selling your data to the highest bidder. Anyone who thinks a company that is collecting any sort of data on you wont use it to their advantage is just stupid.
So this is not new and shouldn't be posted as news so we then can't make informed decisions? We just assume? Remember the old joke?
 
"It is physically impossible for the device to be secretly constantly listening, as the mic, networking, main wake chip, blue LED ring, and main ARM chip just aren't wired that way from a power perspective."

As an electrical engineer that does mostly firmware these day, I don't believe this. They'd have to do a totally weird design to have it physically impossible.
 
Amazon, one of the most visited sites in the world, and which generates tons of idiosyncratic data for each visitor, is also the largest business partner of the CIA and specifically has data-management contracts with the CIA. They're certainly sending loads of user information to the US government. I wouldn't be surprised if Amazon is sending ALL user information to the US government.

And, in return, and perhaps also to assist creating more particular data for Amazon to send back to the US government, the US government is directing dozens of billions of dollars in business to Amazon.

https://theintercept.com/2017/11/02/amazon-amendment-online-marketplaces/
https://www.huffingtonpost.com/norman-solomon/why-amazons-collaboration_b_4824854.html

http://www.businessinsider.com/cia-600-million-deal-for-amazons-cloud-2013-3


I buy lots of stuff from Amazon. But the fact is still that Amazon is a CIA asset (and Bezos is probably literally a CIA operative), and when you're purchasing from Amazon, all data from your purchase is going towards creating a virtual profile of yourself, just like Facebook, Twitter, Microsoft, and others do. The difference is that the virtual profile that Amazon creates of you goes into CIA records. Well, that actually could be easily be happening with Microsoft and other companies' data, too.

And that's why I wouldn't ever recommend people use Amazon's in-home delivery service, or install their keypad. Because Amazon is going to exploit those things, as well, and the keypad probably also sends telemetry to Amazon, and then the CIA is also going to know your home / away patterns, and exploit that, if they ever have an interest in doing so. And it doesn't take a person to be involved in any crime for the CIA to want to exploit their home.
 
Last edited:
I would never ever put one of these spy devices in my house. It's like this thing was made for stupid lazy people.
 
Can someone tell me what really the difference between one of these devices and your cell phone that you carry with you everywhere? I mean in theory they could do the same thing with your cell phone, right?

Yes. People worry about one thing yet are ok with another thing that can/does do the thing they are afraid of. Try saying "ok google" to your phone or "Siri". The phone's mic is always listening.
 
Yes. People worry about one thing yet are ok with another thing that can/does do the thing they are afraid of. Try saying "ok google" to your phone or "Siri". The phone's mic is always listening.

I tried both and nothing happened. How's that False Equivalence working out for you?
 
"It is physically impossible for the device to be secretly constantly listening, as the mic, networking, main wake chip, blue LED ring, and main ARM chip just aren't wired that way from a power perspective."

As an electrical engineer that does mostly firmware these day, I don't believe this. They'd have to do a totally weird design to have it physically impossible.

Forget where I read this, but basically these listening devices listen for 3 seconds, then when the command is not given, the process starts again. Non command data (silence / noise) isn't saved.
 
CONSPIRACY THEORY

Don't believe everything you read on the internet.

The government can't tell it's ass from it's elbow. What makes you think for one second that they would have the ability to orchestrate something THIS complex involving thousands of individuals?
 
Don't believe everything you read on the internet.

The government can't tell it's ass from it's elbow. What makes you think for one second that they would have the ability to orchestrate something THIS complex involving thousands of individuals?

Well, that's kind of like asking how the US gov't would be able to orchestrate an illegal invasion of Iraq based on false information, or how it would be able to orchestrate the mass infiltration of US news outlets, the inclusion of backdoors in firmware and software in US software, or the gathering of user data from thousands of US tech companies (PRISM program), or the use of Best Buy's Geek Squad to snoop on people's PCs. These things aren't conspiracy, but proven fact. And I don't see what's very complex about it. There's really nothing overly complex about it, and the US gov't is known to have been doing this stuff for over a half-century.

And these days, everything is gathering telemetry and compiling it into profiles for each individual user of an item or software. Even vibrators are gathering telemetry and transmitting the usage data back to the manufacturer. And with thousands of US companies partnering with the US government to share data, do you think that Amazon, who is in bed with the US government more than any other company and which creates more valuable user data than just about any other company, is sitting on the sidelines? Amazon likely makes a huge ton of money from sharing data with the US government (the US gov't direction billions in business to Amazon is likely a part of their arrangement), which is likely the reason why those 'thousands' of other US companies do the same. If Amazon wasn't providing access to that data willingly, the US gov't would infiltrate their company and networks to get it, like they do with everything from servers, to mobile phone, to motherboard firmware, to OSes. And the PRISM program proved that many of the US' largest tech companies are sharing data with the US government. So, why do you think what is already confirmed to be reality is conspiracy?
 
Last edited:
Forget where I read this, but basically these listening devices listen for 3 seconds, then when the command is not given, the process starts again. Non command data (silence / noise) isn't saved.

So, it's just the way the firmware is written, not that it's physically impossible.
 
I tried both and nothing happened. How's that False Equivalence working out for you?
Just because they don't answer, doesn't mean their not listening. Ok, Google is optional, but is pushed very hard. It works because your phone can listen all the time, it has that function. You're saying the Echo is listening all the time because it can. No difference with your phone. In the 90's the government took down mobsters by remotely listening through Cell Service with their phones. That ability has not gone away. Now you have the Multimedia and Data capabilities added to it that doesn't have the electronic footprint of a phone in use. It just looks like more data. Phoning home is so constant from you android, nobody claims to understand it all.
 
I guess if the firmware was out of the equation, then anything goes.

And since the source is not available, we don't really know what firmware switches or debug modes they may have that could change the operating mode(s) of the device.
 
Well, that's kind of like asking how the US gov't would be able to orchestrate an illegal invasion of Iraq based on false information, or how it would be able to orchestrate the mass infiltration of US news outlets, the inclusion of backdoors in firmware and software in US software, or the gathering of user data from thousands of US tech companies (PRISM program), or the use of Best Buy's Geek Squad to snoop on people's PCs. These things aren't conspiracy, but proven fact. And I don't see what's very complex about it. There's really nothing overly complex about it, and the US gov't is known to have been doing this stuff for over a half-century.

And these days, everything is gathering telemetry and compiling it into profiles for each individual user of an item or software. Even vibrators are gathering telemetry and transmitting the usage data back to the manufacturer. And with thousands of US companies partnering with the US government to share data, do you think that Amazon, who is in bed with the US government more than any other company and which creates more valuable user data than just about any other company, is sitting on the sidelines? Amazon likely makes a huge ton of money from sharing data with the US government (the US gov't direction billions in business to Amazon is likely a part of their arrangement), which is likely the reason why those 'thousands' of other US companies do the same. If Amazon wasn't providing access to that data willingly, the US gov't would infiltrate their company and networks to get it, like they do with everything from servers, to mobile phone, to motherboard firmware, to OSes. And the PRISM program proved that many of the US' largest tech companies are sharing data with the US government. So, why do you think what is already confirmed to be reality is conspiracy?

Would you like a tin foil hat?
 
Just because they don't answer, doesn't mean their not listening. Ok, Google is optional, but is pushed very hard. It works because your phone can listen all the time, it has that function. You're saying the Echo is listening all the time because it can. No difference with your phone. In the 90's the government took down mobsters by remotely listening through Cell Service with their phones. That ability has not gone away. Now you have the Multimedia and Data capabilities added to it that doesn't have the electronic footprint of a phone in use. It just looks like more data. Phoning home is so constant from you android, nobody claims to understand it all.

They took down those mobsters by using the Onstar capability in their GM truck; GM even removed the 'call' message that would normally appear on the head unit for them to make it easier (post-crash mode). That just highlights the need for open review of hardware. Prior to that, analog cell was easily eavesdropped on with a pre '91 scanner that had access to the frequencies. PCS raised the bar but wasn't much more difficult to deal with. For my current phone to transmit data all the time would be easily noticeable as there aren't enough goddamned antennas around to support normal phone calls much less an open transmitter. The battery drain would also be visible. It is in no way comparable with a AC powered unit plugged into your high-speed network at home.
 
I'm curious, why do some folks here have concerns about the privacy of these devices? Maybe I missed it, but I don't hear any concerns about smart phones, and those have much greater potential for snooping on us.

I don't own one of these. I just don't have any interest. But, if I did, I guess I would consider that my privacy is probably already totally gone with the devices I already own.
 
Their refusal to give an answer of "no" says everything we need to know.
Indeed. I asked one (not mine) if she talks to the NSA and the response was Amazon takes privacy very seriously and to look it up in the web app. So I did.
While Alexa does not drink, smoke, nor is she evil, I did lose all confidence when she could not play Beethoven's 8th symphony :confused:
 

Attachments

  • alexa.jpg
    alexa.jpg
    62.8 KB · Views: 10
Back
Top