[pavel_lishin]

> If the whole process happens entirely on-device

Sure, if. Which I can verify, but I don't want to have to. I don't want to have to verify that a corporation isn't fucking me at every turn.

And it's possible that vulnerability will be discovered that lets people stream the audio somewhere, or listen to key words and send just those portions. I don't know enough about Android to know whether it's more plausible for that to happen, or if that sort of vulnerability would likely grant an attacker access to my mic even without this feature.

I don't think it's unreasonable for me to expect my device to not always be listening to me.

[Ajedi32]

> Sure, if. Which I can verify, but I don't want to have to.

Wouldn't that be a risk even if this feature didn't exist? How do you know your phone isn't currently listening for music/speech and sending that data to the cloud without your knowledge?

> And it's possible that vulnerability will be discovered

Again though, that's already true regardless of whether this feature exists or not. Is there any reason to believe this feature is more likely to have a vulnerability than any other feature on your device? Why would you trust this code less than, for example, the code for your WiFi driver?

[stronglikedan]

> Sure, if. Which I can verify, but I don't want to have to.

The great thing is that you don't have to! There's plenty of other people that are happy to do so and report their findings. The app would be outed as fast as other software that has attempted to send personal data without disclosure (Windows telemetry, Samsung TVs, etc.). I doubt Echo could ever get away with sending everything to Amazon's servers. And if you don't trust that others would do that, then you just don't have to use it, or use alternatives like Shazam.

[cromwellian]

Then don’t turn it on, it prompts you and asks permission to be enabled during setup.

[chadlavi]

In 2018, that is unreasonable. Not philosophically, but pragmatically speaking.