The FBI Can Neither Confirm Nor Deny Wiretapping Your Amazon Echo

[HardOCP News]

Okay, let's be honest for a minute. You and I both know that, if you filed a Freedom of Information on the existence of aliens, you'd probably get the same response this guy did when he asked about spying and the Amazon Echo.

 

[Deleted member 278999]

This post may and or may not exist. It depends on how you look at it.

I completely understand the confirmation that they can not confirm whether or not that inform exists, or not. It certainly exists in some state. Where you've been, from where and by what means is certainly logged. I doubt that the communications themselves are logged. But they are most certainly categorized.

There's probably some arbitrary score that calculates whether you are on 'the list' and whether or not you warrant further investigation.

 

[pothb]

Unless you're suing or something... why do you need a definitive answer? Just assume you are because....... well... you probably are.

 

[mullet]

We are all going to have to be hardware experts to find all the mic's and hidden camera's.

 

[lcpiper]

Unless you're suing or something... why do you need a definitive answer? Just assume you are because....... well... you probably are.

I wonder, let's put this to a sort of test.

So if we are going to assume that you are .... being monitored say, because you probably are, then what percentage of the population must be being monitored in order to say that, you probably are?

Is 50/50 possibly or probably? I think for probably we have to go higher than 50/50. How about 3 chances in 4, a 75% chance that you are being monitored. That would become pretty much the same as saying that 75% of the population that is "monitorible", is being monitored right?

Let's see,
USA
Population: 318.9 million (2014)
Not everyone is actually monitorible right? We need more demographics.

Let's start by excluding the homeless and for shits and giggles, everyone in prison.

In January 2015, 564,708 people were homeless on a given night in the United States.

Snapshot of Homelessness

and

According to the US Bureau of Justice Statistics (BJS), 2,220,300 adults were incarcerated in US federal and state prisons, and county jails in 2013.

Incarceration in the United States - Wikipedia, the free encyclopedia

So right there we can remove 2.8 million from 318.9 million leaves .... 316.1 million people.

But how many are kids ?

Today, the number of children (under age 18) in the United States is at an all-time high of 74.2 million.

The Changing Child Population of the United States - The Annie E. Casey Foundation

Super, 316.1 - 74.2 = 241.9 million.

OK, I'm cool with this as a ball park figure. Let's take 75% of 241.9 and we have 181.4 million people being listened and spied on on any given day.

Now, how much data would that be?
What shall we estimate one spying sound byte to be worth in file size? Is the equivalent to a ten minute MP3 song per person every day? Ahh, let's go with that.
From the following link we have a really nice chart on audio file size calculations by bit rates.
AudioMountain.com

I think 32 kbps sampling should suffice. So, at 32 kbps a 10 minute recording should be about 240 KB * 10 minutes, 2,400 KB or 2.4 MB once a day for all 181.4 million being listen to.

435360000 MB or if I get this correct, 435.36 Terabytes every day ? Someone check my math, but I think I am pretty close. That is over a petabyte every 3 days.

this wiki has some interesting examples and we might can extrapolate a reasonable comparison.
Petabyte - Wikipedia, the free encyclopedia

Telecommunications (capacity): The world's effective capacity to exchange information through two-way telecommunication networks was 281 petabytes of information in 1986, 471 petabytes in 1993, 2,200 petabytes in 2000, and 65,000 petabytes in 2007

Telecommunications (usage): In 2008, AT&T transfers about 30 petabytes of data through its networks each day

And if these guys are recording over 1.2 petabytes every 3 days, hmm, 365 days a year / 3 = 121.6 days a year * 1.2 = 146 petabytes per year.

Hey, from what I see, this is entirely possible ..... if they only listen for 10 minutes of the day.

But what if in order to say probably, don't they need to listen longer than just 10 minutes out of the day? How much of the day do they have to listen in order to rate "probably"? Well, if we sleep for 8 hours and that is one third of a day, then can we say a nice even 12 hours of listening rates probably?

A 10 minutes we had 1.2 petabytes every three days, but there is 72 times that much in 12 hours so that is like 86.4 petabytes every three days. Hmmm that's a more serious number I think.

Google processed about 24 petabytes of data per day in 2009

Wow, how lucky is that? , 24 petabytes a day, * three days is exactly 72 petabytes so it would be equivalent to everything Google was processing every day back in 2009.

I am thinking that using the word "probably" might be a stretch. But hey, I'm just taking a guess.


(Don't take this too seriously pothb, I'm mostly just screwing around and wasting some time at work before the end of the day).

 

[BreezeDM]

It really is a non answer. If you asked them if they bug hello kitty walkie talkies, they would respond the same way. That is the response they give to anything that isn't ludicrous. If they could give you a straight answer, I wouldn't ask the FBI this question.

 

[MongGrel]

The way facial recognition even has worked on consoles for awhile now, it wouldn't surprise me it's monitored also.

It's not like you'd get a straight answer asking about it

 

[pothb]

I wonder, let's put this to a sort of test.

So if we are going to assume that you are .... being monitored say, because you probably are, then what percentage of the population must be being monitored in order to say that, you probably are?

Is 50/50 possibly or probably? I think for probably we have to go higher than 50/50. How about 3 chances in 4, a 75% chance that you are being monitored. That would become pretty much the same as saying that 75% of the population that is "monitorible", is being monitored right?

Let's see,
USA
Population: 318.9 million (2014)
Not everyone is actually monitorible right? We need more demographics.

Let's start by excluding the homeless and for shits and giggles, everyone in prison.

Snapshot of Homelessness

and



Incarceration in the United States - Wikipedia, the free encyclopedia

So right there we can remove 2.8 million from 318.9 million leaves .... 316.1 million people.

But how many are kids ?


The Changing Child Population of the United States - The Annie E. Casey Foundation

Super, 316.1 - 74.2 = 241.9 million.

OK, I'm cool with this as a ball park figure. Let's take 75% of 241.9 and we have 181.4 million people being listened and spied on on any given day.

Now, how much data would that be?
What shall we estimate one spying sound byte to be worth in file size? Is the equivalent to a ten minute MP3 song per person every day? Ahh, let's go with that.
From the following link we have a really nice chart on audio file size calculations by bit rates.
AudioMountain.com

I think 32 kbps sampling should suffice. So, at 32 kbps a 10 minute recording should be about 240 KB * 10 minutes, 2,400 KB or 2.4 MB once a day for all 181.4 million being listen to.

435360000 MB or if I get this correct, 435.36 Terabytes every day ? Someone check my math, but I think I am pretty close. That is over a petabyte every 3 days.

this wiki has some interesting examples and we might can extrapolate a reasonable comparison.
Petabyte - Wikipedia, the free encyclopedia





And if these guys are recording over 1.2 petabytes every 3 days, hmm, 365 days a year / 3 = 121.6 days a year * 1.2 = 146 petabytes per year.

Hey, from what I see, this is entirely possible ..... if they only listen for 10 minutes of the day.

But what if in order to say probably, don't they need to listen longer than just 10 minutes out of the day? How much of the day do they have to listen in order to rate "probably"? Well, if we sleep for 8 hours and that is one third of a day, then can we say a nice even 12 hours of listening rates probably?

A 10 minutes we had 1.2 petabytes every three days, but there is 72 times that much in 12 hours so that is like 86.4 petabytes every three days. Hmmm that's a more serious number I think.



Wow, how lucky is that? , 24 petabytes a day, * three days is exactly 72 petabytes so it would be equivalent to everything Google was processing every day back in 2009.

I am thinking that using the word "probably" might be a stretch. But hey, I'm just taking a guess.


(Don't take this too seriously pothb, I'm mostly just screwing around and wasting some time at work before the end of the day).

Trust me dude, I can't take it seriously because I don't think I can read a post that long.

Thats way too much effort you put into that man.

 

[Spidey329]

Trust me dude, I can't take it seriously because I don't think I can read a post that long.

Thats way too much effort you put into that man.

I think we've established he works in the industry in some capacity. Post something about the NSA and he'll be alerted on his phone or some shit, it's like a bat signal.

His calculations are flawed because the FOIA request pertains to Amazon Echo. You can't calculate 75% of the adult US population if only .001% own an Echo. When you take in account that the devices market saturation is considerably lower, the feasibility of it being monitored/saved is way higher.

 

[Naieve]

I wonder, let's put this to a sort of test.

So if we are going to assume that you are .... being monitored say, because you probably are, then what percentage of the population must be being monitored in order to say that, you probably are?

Is 50/50 possibly or probably? I think for probably we have to go higher than 50/50. How about 3 chances in 4, a 75% chance that you are being monitored. That would become pretty much the same as saying that 75% of the population that is "monitorible", is being monitored right?

Let's see,
USA
Population: 318.9 million (2014)
Not everyone is actually monitorible right? We need more demographics.

Let's start by excluding the homeless and for shits and giggles, everyone in prison.

Snapshot of Homelessness

and



Incarceration in the United States - Wikipedia, the free encyclopedia

So right there we can remove 2.8 million from 318.9 million leaves .... 316.1 million people.

But how many are kids ?


The Changing Child Population of the United States - The Annie E. Casey Foundation

Super, 316.1 - 74.2 = 241.9 million.

OK, I'm cool with this as a ball park figure. Let's take 75% of 241.9 and we have 181.4 million people being listened and spied on on any given day.

Now, how much data would that be?
What shall we estimate one spying sound byte to be worth in file size? Is the equivalent to a ten minute MP3 song per person every day? Ahh, let's go with that.
From the following link we have a really nice chart on audio file size calculations by bit rates.
AudioMountain.com

I think 32 kbps sampling should suffice. So, at 32 kbps a 10 minute recording should be about 240 KB * 10 minutes, 2,400 KB or 2.4 MB once a day for all 181.4 million being listen to.

435360000 MB or if I get this correct, 435.36 Terabytes every day ? Someone check my math, but I think I am pretty close. That is over a petabyte every 3 days.

this wiki has some interesting examples and we might can extrapolate a reasonable comparison.
Petabyte - Wikipedia, the free encyclopedia





And if these guys are recording over 1.2 petabytes every 3 days, hmm, 365 days a year / 3 = 121.6 days a year * 1.2 = 146 petabytes per year.

Hey, from what I see, this is entirely possible ..... if they only listen for 10 minutes of the day.

But what if in order to say probably, don't they need to listen longer than just 10 minutes out of the day? How much of the day do they have to listen in order to rate "probably"? Well, if we sleep for 8 hours and that is one third of a day, then can we say a nice even 12 hours of listening rates probably?

A 10 minutes we had 1.2 petabytes every three days, but there is 72 times that much in 12 hours so that is like 86.4 petabytes every three days. Hmmm that's a more serious number I think.



Wow, how lucky is that? , 24 petabytes a day, * three days is exactly 72 petabytes so it would be equivalent to everything Google was processing every day back in 2009.

I am thinking that using the word "probably" might be a stretch. But hey, I'm just taking a guess.


(Don't take this too seriously pothb, I'm mostly just screwing around and wasting some time at work before the end of the day).

They wouldn't monitor themselves buddy. They would use key word algorithms matched with differing types of indicators to cherry pick what they want. This isn't the 1980's. It's 2016.

They didn't build the largest data center in the world for shits and giggles. Not to mention they have already been caught illegally spying on US citizens, and had to pass retroactive immunity for the telecommunication industry. The DEA then uses parallel construction to build a case, and neglects to mention to the court the entirety of it is illegal.

Whistleblowers freely admit the government spy machine is being abused.

 

[Todd Walter]

I wonder, let's put this to a sort of test.

So if we are going to assume that you are .... being monitored say, because you probably are, then what percentage of the population must be being monitored in order to say that, you probably are?

Is 50/50 possibly or probably? I think for probably we have to go higher than 50/50. How about 3 chances in 4, a 75% chance that you are being monitored. That would become pretty much the same as saying that 75% of the population that is "monitorible", is being monitored right?

Let's see,
USA
Population: 318.9 million (2014)
Not everyone is actually monitorible right? We need more demographics.

Let's start by excluding the homeless and for shits and giggles, everyone in prison.

Snapshot of Homelessness

and



Incarceration in the United States - Wikipedia, the free encyclopedia

So right there we can remove 2.8 million from 318.9 million leaves .... 316.1 million people.

But how many are kids ?


The Changing Child Population of the United States - The Annie E. Casey Foundation

Super, 316.1 - 74.2 = 241.9 million.

OK, I'm cool with this as a ball park figure. Let's take 75% of 241.9 and we have 181.4 million people being listened and spied on on any given day.

Now, how much data would that be?
What shall we estimate one spying sound byte to be worth in file size? Is the equivalent to a ten minute MP3 song per person every day? Ahh, let's go with that.
From the following link we have a really nice chart on audio file size calculations by bit rates.
AudioMountain.com

I think 32 kbps sampling should suffice. So, at 32 kbps a 10 minute recording should be about 240 KB * 10 minutes, 2,400 KB or 2.4 MB once a day for all 181.4 million being listen to.

435360000 MB or if I get this correct, 435.36 Terabytes every day ? Someone check my math, but I think I am pretty close. That is over a petabyte every 3 days.

this wiki has some interesting examples and we might can extrapolate a reasonable comparison.
Petabyte - Wikipedia, the free encyclopedia





And if these guys are recording over 1.2 petabytes every 3 days, hmm, 365 days a year / 3 = 121.6 days a year * 1.2 = 146 petabytes per year.

Hey, from what I see, this is entirely possible ..... if they only listen for 10 minutes of the day.

But what if in order to say probably, don't they need to listen longer than just 10 minutes out of the day? How much of the day do they have to listen in order to rate "probably"? Well, if we sleep for 8 hours and that is one third of a day, then can we say a nice even 12 hours of listening rates probably?

A 10 minutes we had 1.2 petabytes every three days, but there is 72 times that much in 12 hours so that is like 86.4 petabytes every three days. Hmmm that's a more serious number I think.



Wow, how lucky is that? , 24 petabytes a day, * three days is exactly 72 petabytes so it would be equivalent to everything Google was processing every day back in 2009.

I am thinking that using the word "probably" might be a stretch. But hey, I'm just taking a guess.


(Don't take this too seriously pothb, I'm mostly just screwing around and wasting some time at work before the end of the day).

I won't quibble with your premise but you're allocating way too high a sample rate. 3000Hz is sufficient for recognizable voice and most early PCM voice mail solutions went with 6000Hz. We've also got some modern CODECS to choose from. For this sort of system you would simply look for trigger words on a buffer and then flag the stream for secondary processing and followup so no full processing used until it's needed.

 

[Jagger100]

Let's fear monger over what might happen to an amazon product in your home while we ignore that Google tried to recruit a small army of douches to were a camera and microphones up in your face everywhere. No there's no bias in the media.

 

[panhead]

saying that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about freedom of speech because you have nothing to say.
--Snowden

 

[lcpiper]

Trust me dude, I can't take it seriously because I don't think I can read a post that long.

Thats way too much effort you put into that man.

I hope you feel a little honored.

 

[lcpiper]

I think we've established he works in the industry in some capacity. Post something about the NSA and he'll be alerted on his phone or some shit, it's like a bat signal.

His calculations are flawed because the FOIA request pertains to Amazon Echo. You can't calculate 75% of the adult US population if only .001% own an Echo. When you take in account that the devices market saturation is considerably lower, the feasibility of it being monitored/saved is way higher.

I wasn't responding to pothb's comment as if it was specific to the echo. He had been talking about all the devices we use which have microphones.

Would you like some time to re-read his post and perhaps change your stance?

I'm an [H] member. I check what's going on. I post on what interests me. Yes I work in the industry whatever industry it is you were referring to, but that isn't a secret. I've told people what I do, what I used to do, etc.

I'm an old Army Intel guy who retired and was hired because of my work experience and has reshaped his career into mainstream IT work. My family is settled here in Arizona at the Army's Intelligence Center and School, so those are the contracting organizations I work for. Since the work I did in the Army was underneath NSA control, I find the topic interesting.

The NSA has always had a huge mission even before cell phones. The advent of the cell phone has certainly increased the scope of their work, but I always find it odd that people make comments as if this is the only thing the NSA does when it is but a fraction of the whole. Anyway, now you don't have to guess why the topic draws my attention or why I am so quick to respond, although I am rarely first in line.

 

[lcpiper]

I won't quibble with your premise but you're allocating way too high a sample rate. 3000Hz is sufficient for recognizable voice and most early PCM voice mail solutions went with 6000Hz. We've also got some modern CODECS to choose from. For this sort of system you would simply look for trigger words on a buffer and then flag the stream for secondary processing and followup so no full processing used until it's needed.

It seems you have some good knowledge relative to my post. Perhaps, instead of looking at what is required, you would instaed look at the majority of electronic devices in question and look for common specifications and capabilities. Saying that 3000Hz is sufficient is fine, but if all cell phones have a low end of 9000Hz then I am thinking we would need to base calculations on that number instead.

 

[Todd Walter]

CODECs used for voice are variable on the fly. The spy software would only need to examine the major blocks,and they could offload the inquiry to the device as they all ship with some form of voice processing for the hands-free control.

It's still an enormous amount of data to sift, which is why self-teaching AI is ask the rage. It's not going to remain an infeasible task for very long.

 

[OutOfPhase]

So test it. Say "blackbriar" and see if asassins come at you.

 

[danmoody]

Let's fear monger over what might happen to an amazon product in your home while we ignore that Google tried to recruit a small army of douches to were a camera and microphones up in your face everywhere. No there's no bias in the media.

Best post 2016

 

[pothb]

Ah... the google glass.... sigh, a cool concept filled with BS.

Actually... now that I think about it... with Vive and Rift having all these privacy stuff discarded... I wonder about the Hololens... cuz that's the one I really want... I wonder if it's going to have the same bullshit attached.

I only just heard of the Echo...

 

[MRAB54]

"Alexa, ask Mom Jokes to tell me a joke."
"Alexa, ask Mom Jokes to tell me a joke."
"Alexa, ask Mom Jokes to tell me a joke."
"Alexa, ask Mom Jokes to tell me a joke."
"Alexa, ask Mom Jokes to tell me a joke."

...

This guy really likes yo momma jokes - NSA

 

[Todd Walter]

So test it. Say "blackbriar" and see if asassins come at you.

Lol, no thanks. I've seen what that Bourne fella does to property insurance rates!

 

[HardUp4HardWare]

I wonder, let's put this to a sort of test.

So if we are going to assume that you are .... being monitored say, because you probably are, then what percentage of the population must be being monitored in order to say that, you probably are?

Is 50/50 possibly or probably? I think for probably we have to go higher than 50/50. How about 3 chances in 4, a 75% chance that you are being monitored. That would become pretty much the same as saying that 75% of the population that is "monitorible", is being monitored right?

Let's see,
USA
Population: 318.9 million (2014)
Not everyone is actually monitorible right? We need more demographics.

Let's start by excluding the homeless and for shits and giggles, everyone in prison.

Snapshot of Homelessness

and



Incarceration in the United States - Wikipedia, the free encyclopedia

So right there we can remove 2.8 million from 318.9 million leaves .... 316.1 million people.

But how many are kids ?


The Changing Child Population of the United States - The Annie E. Casey Foundation

Super, 316.1 - 74.2 = 241.9 million.

OK, I'm cool with this as a ball park figure. Let's take 75% of 241.9 and we have 181.4 million people being listened and spied on on any given day.

Now, how much data would that be?
What shall we estimate one spying sound byte to be worth in file size? Is the equivalent to a ten minute MP3 song per person every day? Ahh, let's go with that.
From the following link we have a really nice chart on audio file size calculations by bit rates.
AudioMountain.com

I think 32 kbps sampling should suffice. So, at 32 kbps a 10 minute recording should be about 240 KB * 10 minutes, 2,400 KB or 2.4 MB once a day for all 181.4 million being listen to.

435360000 MB or if I get this correct, 435.36 Terabytes every day ? Someone check my math, but I think I am pretty close. That is over a petabyte every 3 days.

this wiki has some interesting examples and we might can extrapolate a reasonable comparison.
Petabyte - Wikipedia, the free encyclopedia





And if these guys are recording over 1.2 petabytes every 3 days, hmm, 365 days a year / 3 = 121.6 days a year * 1.2 = 146 petabytes per year.

Hey, from what I see, this is entirely possible ..... if they only listen for 10 minutes of the day.

But what if in order to say probably, don't they need to listen longer than just 10 minutes out of the day? How much of the day do they have to listen in order to rate "probably"? Well, if we sleep for 8 hours and that is one third of a day, then can we say a nice even 12 hours of listening rates probably?

A 10 minutes we had 1.2 petabytes every three days, but there is 72 times that much in 12 hours so that is like 86.4 petabytes every three days. Hmmm that's a more serious number I think.



Wow, how lucky is that? , 24 petabytes a day, * three days is exactly 72 petabytes so it would be equivalent to everything Google was processing every day back in 2009.

I am thinking that using the word "probably" might be a stretch. But hey, I'm just taking a guess.


(Don't take this too seriously pothb, I'm mostly just screwing around and wasting some time at work before the end of the day).

Nice WOT, but I think you are missing something.

They don't have to store anywhere near that much. All they need to do is monitor and create risk profiles based on what they hear in real time.
They wouldn't store anything from a "normal" non-threatening individual.

Once your risk profile is elevated they start recording maybe, bring in other data from your other activities and put the focus on you. This would still be a shit ton of data over time but would be easily manageable.

I don't think everyone is being monitored, but I do think they are working toward something like that. The new data center in Utah is probably being built for that purpose.

It is kind of funny in an Orwellian way. It is not enough that the country are a bunch of mind controlled sheep. They want to tag and control all of the sheep as well.

Once tagged and fat and plump and ready.....then comes the abattoir....

 

[lcpiper]

Nice WOT, but I think you are missing something.

They don't have to store anywhere near that much. All they need to do is monitor and create risk profiles based on what they hear in real time.
They wouldn't store anything from a "normal" non-threatening individual.

Once your risk profile is elevated they start recording maybe, bring in other data from your other activities and put the focus on you. This would still be a shit ton of data over time but would be easily manageable.

I don't think everyone is being monitored, but I do think they are working toward something like that. The new data center in Utah is probably being built for that purpose.

It is kind of funny in an Orwellian way. It is not enough that the country are a bunch of mind controlled sheep. They want to tag and control all of the sheep as well.

Once tagged and fat and plump and ready.....then comes the abattoir....

Never said anything about storage but you have to find away to process it and unless all those devices are going to do the work for you locally then you are going to need to pull that data across a network. So what I am saying is that I do not think you would be pulling that amount of data acrossed the networks without people being aware of it and asking what all that traffic is. Even if all you did was rapidly process it and dump everything that wasn't immediately important, you still have to gain access to the data. Now you could push out the processing to "satellite" points and make it much harder to see just how much of that data was actually related to the task. But I still think that someone would be piecing that together because I think it's too much to hide.

 

[Todd Walter]

Never said anything about storage but you have to find away to process it and unless all those devices are going to do the work for you locally then you are going to need to pull that data across a network. So what I am saying is that I do not think you would be pulling that amount of data acrossed the networks without people being aware of it and asking what all that traffic is. Even if all you did was rapidly process it and dump everything that wasn't immediately important, you still have to gain access to the data. Now you could push out the processing to "satellite" points and make it much harder to see just how much of that data was actually related to the task. But I still think that someone would be piecing that together because I think it's too much to hide.

Bear in mind that the data is going across the carrier's network, not your local branch. Every major CO has a locked room with a fat pipe in it; tapping at the backend is already provisioned. So if you have a local device that trips on a predefined trigger it just has to notify the backend to start duplicating packets. You'll never even know.

 

[lcpiper]

Bear in mind that the data is going across the carrier's network, not your local branch. Every major CO has a locked room with a fat pipe in it; tapping at the backend is already provisioned. So if you have a local device that trips on a predefined trigger it just has to notify the backend to start duplicating packets. You'll never even know.

Wait a second. You are telling me the mic in my laptop, or my TV, or even my phone which is using my wireless home network for data access to save on my monthly bandwidth limit, that that data isn't going to go through my ISP and be noticed? For all the customers of that ISP, they wouldn't see this?

Cause I am thinking no, they will see it.

In fact, we actually need to boost my estimates by quite a bit. See, for the suspicion to prove out, then it wouldn't just be one device in your home transmitting from it's mic. It would be several depending on what you own so we could be talking much more data than I originally proposed.

Of course I am not claiming accuracy of my scenario. I am just using it as a means to show that the concept that we should all assume we are being recorded all the time from microphones in our devices is perhaps a little unrealistic. I would scale back that statement of probability from probable to possible.

 

[rezerekted]

I should buy one just so I can troll the FBI. Hey Achmed, how's the timer in that clock coming along?

 

[Todd Walter]

Wait a second. You are telling me the mic in my laptop, or my TV, or even my phone which is using my wireless home network for data access to save on my monthly bandwidth limit, that that data isn't going to go through my ISP and be noticed? For all the customers of that ISP, they wouldn't see this?

Cause I am thinking no, they will see it.

In fact, we actually need to boost my estimates by quite a bit. See, for the suspicion to prove out, then it wouldn't just be one device in your home transmitting from it's mic. It would be several depending on what you own so we could be talking much more data than I originally proposed.

Of course I am not claiming accuracy of my scenario. I am just using it as a means to show that the concept that we should all assume we are being recorded all the time from microphones in our devices is perhaps a little unrealistic. I would scale back that statement of probability from probable to possible.

No, I'm saying the voice recognition system would just need to be programmed with phonemes of interest, disguised as an update. Then, it would flag your conversation as interesting, this could be done in a single frame transmission. If you wanted to be especially subtle you would use the slack in the frames already used for other things. Unless you use your own data meter to compare to what your ISP/carrier As well as full packet verification you're unlikely to detect this.

 

[lcpiper]

No, I'm saying the voice recognition system would just need to be programmed with phonemes of interest, disguised as an update. Then, it would flag your conversation as interesting, this could be done in a single frame transmission. If you wanted to be especially subtle you would use the slack in the frames already used for other things. Unless you use your own data meter to compare to what your ISP/carrier As well as full packet verification you're unlikely to detect this.

I get ya. But now this means someone is in the business of writing code it "corrupt" your device software.

Are you going to be like the FBI and call it a NIT and push it out to targeted individuals who have been downloading kiddie porn from an FBI seized and operated website, with a warrant? Is that how we are going to reach "probably"? Or are we just going to push it out to everyone everywhere and hope no one catches on?

See, I am not letting go of this concept people have that we all should assume that we are being listened to at all times. I want people to have a realistic concept of what they are talking about and the logistics and issues involved.

So far, in order to achieve "probably", we either need to be able to send massive amounts of data across the country's networks, amounts that could not be disguised or go unnoticed. Or we have to subvert the device firmware/operating system update processes for most of the major players in the electronics/computing market in order to push malware onto millions of devices which amount to illegal searches conducted on a massive scale. This would be orders of magnitude greater/worse than what the NSA's telephone meta-data program amounted to. And I am thinking there is no way you could pull this off without people knowing and talking.

 

[westrock2000]

Data Sampling could cut that number down significantly. Some simple religious/racial/social/activity profiling would help.

Wow, how lucky is that? , 24 petabytes a day, * three days is exactly 72 petabytes so it would be equivalent to everything Google was processing every day back in 2009.

I am thinking that using the word "probably" might be a stretch. But hey, I'm just taking a guess.


(Don't take this too seriously pothb, I'm mostly just screwing around and wasting some time at work before the end of the day).

 

[Todd Walter]

I get ya. But now this means someone is in the business of writing code it "corrupt" your device software.

Are you going to be like the FBI and call it a NIT and push it out to targeted individuals who have been downloading kiddie porn from an FBI seized and operated website, with a warrant? Is that how we are going to reach "probably"? Or are we just going to push it out to everyone everywhere and hope no one catches on?

See, I am not letting go of this concept people have that we all should assume that we are being listened to at all times. I want people to have a realistic concept of what they are talking about and the logistics and issues involved.

So far, in order to achieve "probably", we either need to be able to send massive amounts of data across the country's networks, amounts that could not be disguised or go unnoticed. Or we have to subvert the device firmware/operating system update processes for most of the major players in the electronics/computing market in order to push malware onto millions of devices which amount to illegal searches conducted on a massive scale. This would be orders of magnitude greater/worse than what the NSA's telephone meta-data program amounted to. And I am thinking there is no way you could pull this off without people knowing and talking.

I hear you, it does sound improbable. But they have corrupted firmware at the source and people have talked about it. Printers have phoned home, hardwired backdoors have screwed enrichment programs and that's just the tip of the iceberg. How many ASICs are in your house right now? Have you audited their code?

Just because you're not paranoid doesn't mean the world's not out to get you!

 

[RangerXML]

I'm surprised no one is connecting it to this which happened around the time the FBI fight with Apple became nice and public, basically this screamed DO NOT BUY THE ECHO!

(then again, the government has the power to request/intercept all data that leaves your device for a third party)

Amazon removed device encryption from Fire OS 5 because no one was using it

Not to mention now the public smear campaign (I know I'm gonna get flamed by Apple hate) against Apple, including but not limited to rumors being started to iTunes shutting down its music download service (hurting confidence in the platform). Public criticism that the next iOS device isn't going to be innovative by tech journalists, telling people to preemptively to skip the iPhone 7 months before the revel (when traditionally hype should be building). Articles that the Apple Watch is a complete and utter failure (including reviews posting reviews of their year of horror with the Apple Watch) and that Apple should skip the next generation Apple Watch because no one will buy it despite the Apple Watch being THE most successful smart watch (still using mine). I mean even Apple who people have this believe in being defiant to the governments spying, has to turn over your information once it leaves your device, every Siri request, every search and all your data from your iCloud backups, but there still seems to be an active public attack on Apple since it refuses to decrypt its iOS.

 

[athenian200]

I don't know why they'd even bother tapping into an Echo. Seems like a cell phone would be a much better target because it moves with the person. Besides, if someone is a criminal and they're plotting something, they're most likely not going to have microphones they know about in the room due to paranoia.

I mean, think about the number of people that say they want to kill Obama every time the news comes on. Either they're not monitoring everyone, or they don't take every threat seriously. I'm guessing the former is more likely. Otherwise, how would they be able to tell if someone was serious or not? Would they even take the chance?

I'm really not sure how they would draw a balance between overplaying their hand and revealing the extent of the monitoring... and not using the information at all. If they overplay it, people will become paranoid/savvy and find ways to evade it, but the information becomes useless if they can't use it at all.

 

[dgz]

I get ya. But now this means someone is in the business of writing code it "corrupt" your device software.

Are you going to be like the FBI and call it a NIT and push it out to targeted individuals who have been downloading kiddie porn from an FBI seized and operated website, with a warrant? Is that how we are going to reach "probably"? Or are we just going to push it out to everyone everywhere and hope no one catches on?

See, I am not letting go of this concept people have that we all should assume that we are being listened to at all times. I want people to have a realistic concept of what they are talking about and the logistics and issues involved.

So far, in order to achieve "probably", we either need to be able to send massive amounts of data across the country's networks, amounts that could not be disguised or go unnoticed. Or we have to subvert the device firmware/operating system update processes for most of the major players in the electronics/computing market in order to push malware onto millions of devices which amount to illegal searches conducted on a massive scale. This would be orders of magnitude greater/worse than what the NSA's telephone meta-data program amounted to. And I am thinking there is no way you could pull this off without people knowing and talking.

It's not like the head of google didn't just join, this time officially, some US army advisory board. My confidence of mobile devices not being corrupted is below zero.

 

[athenian200]

It's not like the head of google didn't just join, this time officially, some US army advisory board. My confidence of mobile devices not being corrupted is below zero.

There are other valid reasons for this, though. At this point, the Internet is so vital to the nation's infrastructure that securing major networks against government-sponsored foreign hackers would be a priority, and Google has experience with this. When I ran a short-lived forum, I got flooded with random attacks and spam from Russia and China. You can't last two minutes on the web without some kind of defense strategy these days, because it takes them no time at all to start picking on you as a weak point in the infrastructure if you have an actual address. I actually had to IP ban both of those countries to get the spam down to a manageable level because automatic solutions weren't helping enough, and I didn't want to employ human moderators to handle it all. I did take some flack for it being a politically incorrect decision, but I just know it worked.

I really think there's more to these attacks than spam. As much as people like to bash the domestic TLAs... I'd really be way more worried about their counterparts in foreign countries like Russia and China that almost definitely want compromised security. If anything, once you realize what a constant threat those people are and that they're constantly trying to weaken or harm US infrastructure, you realize that they probably have other priorities than hacking US Citizens. In fact, the NSA was directly behind SELinux. And why do you think there are regulations on the export of encryption technology? Sure, they want their way when they're on a specific case, but it would be extremely dangerous to have deliberately degraded encryption and the number of backdoors and security holes open to them at all times that they would need to have to make everything work the way people suspect... because that would actually put US infrastructure in danger from foreign hackers that are constantly poking at every little piece they can get, even if it's just something seemingly inconsequential that causes a small amount of disruption.

Somehow, I doubt these agencies want access to every piece of gossip out there at the expense of weakening US Commercial infrastructure and potentially exposing the same interfaces to foreign hackers who might potentially gain access to this same information. It would actually go against some of the main goals of these agencies to do so. The risk would be greater than the benefit in the vast majority of cases.

Everything can be hacked eventually... it's really just an arms race. We have to be able to stay one step ahead of foreign countries on that. Which is why I think we'd all be a lot better off if we stopped worrying about our own government and fighting one another for a few minutes, and started worrying about the fact that someone in Moscow or Beijing might be able to take down entire power grids or something if they get lucky and find a backdoor. Now do you see why the government might not want to build backdoors into every single consumer device sold? It would basically be providing free intelligence reports on commercial and industrial activity to foreign governments that would inevitably figure out how to intercept and decrypt at least parts of such a massive amount of data.

 

[Todd Walter]

There are other valid reasons for this, though. At this point, the Internet is so vital to the nation's infrastructure that securing major networks against government-sponsored foreign hackers would be a priority, and Google has experience with this. When I ran a short-lived forum, I got flooded with random attacks and spam from Russia and China. You can't last two minutes on the web without some kind of defense strategy these days, because it takes them no time at all to start picking on you as a weak point in the infrastructure if you have an actual address. I actually had to IP ban both of those countries to get the spam down to a manageable level because automatic solutions weren't helping enough, and I didn't want to employ human moderators to handle it all. I did take some flack for it being a politically incorrect decision, but I just know it worked.

I really think there's more to these attacks than spam. As much as people like to bash the domestic TLAs... I'd really be way more worried about their counterparts in foreign countries like Russia and China that almost definitely want compromised security. If anything, once you realize what a constant threat those people are and that they're constantly trying to weaken or harm US infrastructure, you realize that they probably have other priorities than hacking US Citizens. In fact, the NSA was directly behind SELinux. And why do you think there are regulations on the export of encryption technology? Sure, they want their way when they're on a specific case, but it would be extremely dangerous to have deliberately degraded encryption and the number of backdoors and security holes open to them at all times that they would need to have to make everything work the way people suspect... because that would actually put US infrastructure in danger from foreign hackers that are constantly poking at every little piece they can get, even if it's just something seemingly inconsequential that causes a small amount of disruption.

Somehow, I doubt these agencies want access to every piece of gossip out there at the expense of weakening US Commercial infrastructure and potentially exposing the same interfaces to foreign hackers who might potentially gain access to this same information. It would actually go against some of the main goals of these agencies to do so. The risk would be greater than the benefit in the vast majority of cases.

Everything can be hacked eventually... it's really just an arms race. We have to be able to stay one step ahead of foreign countries on that. Which is why I think we'd all be a lot better off if we stopped worrying about our own government and fighting one another for a few minutes, and started worrying about the fact that someone in Moscow or Beijing might be able to take down entire power grids or something if they get lucky and find a backdoor. Now do you see why the government might not want to build backdoors into every single consumer device sold? It would basically be providing free intelligence reports on commercial and industrial activity to foreign governments that would inevitably figure out how to intercept and decrypt at least parts of such a massive amount of data.

Meh, I'm not worried about the NSA, I'm just enjoying the debate with Icepiper. It's far more likely the Echo will be used by LEO the same way OnStar is; remote activation of the microphone after identifying the target by other means.