[anon9001]

Your phone can do all the same things as those devices, and it's a better target for attackers because it's always on you.

I just bought into the Nest system (which also had great deals on black friday), and I'm just not worried about it.

In reality, bugging my residence isn't going to result in very interesting data. What exactly do you think is going to happen?

I just assume all of my data is already compromised, and so is yours, and neither of us can do anything about it. I think it's only useful to mitigate real world risks that materialize from compromised data. So PIN-lock your credit to avoid identity theft, physically secure your home to avoid break-ins, block ads to avoid influence campaigns, segment and restrict your IoT devices to avoid jumpboxes inside your network, etc.

If I'm doing something that I do not want recorded, I'd be using linux with a tor connection and strong opsec. The house can still be bugged as long as I don't have a camera pointed at my monitor.

If you're trying to host secret meetings in your house, maybe you should consider building a secure room to facilitate that. There's a reason the feds take this approach with SCIFs, because there's really no other way to do it.

[pera]

Ah the "nothing to hide" + "privacy is already dead anyways" arguments, and even coming from an anonymous user, classic.

[darawk]

The point is not that privacy is dead. The point is that we are all already carrying around a surveillance device by choice, and so complaining about one more substantially less intrusive one is silly. If you're actually serious about these privacy issues, you should start by getting rid of your smartphone, not complaining about Nest and Alexa.

[anarchodev]

It's absolutely possible to use a smartphone in a way that doesn't severely compromise your privacy. This isn't true of Nest or Alexa.

[anon9001]

How is that possible? As best as I can tell, your location is tracked at all times, the OS has telemetry built-in, and lots of telemetry data is going out with every app. Also how do you audit it?

I'm sure my phone is leaking way more data than an Alexa.

[silentsysadmin]

There are options. Personally I run Graphene OS on a Pixel 3a. I have no proprietary software (with exception to binary firmware blobs for the modem and other low-level components) installed on my device. All apps are sourced from F-Droid. I've measured very low telemetry data from my device.

[JCharante]

Isn't your phone connecting to the nearest cell towers at all times?

[benibela]

I keep my phone at home all the time, and only turn it on for online banking and app development

[thefourthchime]

If you are not a famous person probably. If the are a target of a government or invested body. It doesn’t matter, they have a depth of zero days they can use.

But most people aren’t famous, so who cares?

[blondin]

> one more substantially less intrusive

wow! this needs proof and evidence. you can't just pull this out of nowhere?

afaik it's becoming harder & harder to get data out of your phone without you unlocking them. now, if you choose to share your private information on said phone, that's another discussion.

i want to think that movement tracking and giving away private information about you -- and perhaps not-knowingly about people around you -- are different things!

[brandonmenc]

I can throw my iPhone in a drawer in another room. I can't avoid fifty neighbors' Rings while walking down the street.

[Rapzid]

I'm pretty sure there is no reasonable expectation of privacy while "walking down the street" anyway?

[Lucadg]

There's a substantial difference between:

- I walk down the street and everybody can see me.

And

- I walk down the street and my moves are recorded and stored forever in some db which may be abused or leak.

The chances of that piece of information coming back to hurt you in the course of the next decades are so much higher.

[anon9001]

This is really disingenuous. I'm not arguing "privacy is dead" or "nothing to hide". I'm arguing for understanding how to have privacy when and if you want it, and how to hide things you might not want associated with your public persona.

I believe that privacy can co-exist in your life with listening devices (though maybe not in the same room, if you're concerned about your voice being recorded).

[klyrs]

>>> Your phone can do all the same things as those devices, and it's a better target for attackers because it's always on you.

>> "privacy is dead"

>>> In reality, bugging my residence isn't going to result in very interesting data.

>> "nothing to hide"

> I'm not arguing "privacy is dead" or "nothing to hide".

Really?

[anon9001]

You don't have to have a phone on you all the time. But if you do, it should be considered bugged because you have no way to audit it.

Also, bugging my residence isn't going to result in very interesting data by design. I could have plenty to hide, but I'm not reading my evil plans for world domination aloud.

If you do need to talk about something private, nobody is preventing you from disconnecting all the microphones.

Know what you're trying to prevent, then take actionable steps. Privacy is hard, but not dead.

[ferdbold]

Most privacy advocates don't defend it because it allows you to scheme against the government, they do it because it protects people from falling too deep in the net of actors that would try to influence their behaviour.

I agree that you're most likely not doing anything interesting in the eyes of the authorities in your home, most people aren't. But advertisers and content creators definitely care, and that's where the true problem is. They shouldn't have the power to anonymously collect all of this data, and then decide through the power of their far-reaching services which products are accessible to you or not, what information is presented to you through means that appear transparent, and so on and so on.

The "I have nothing to hide" argument has never been what today's privacy debate was about.

[autoexec]

> In reality, bugging my residence isn't going to result in very interesting data. What exactly do you think is going to happen?

You don't have to be doing anything wrong or "interesting" for that data to be collected and used against you later.

These days your normal everyday activities are being used to calculate things like your "consumer score" which determines things how much you pay for products, what your insurance company will charge you or will cover, what shows up to employers when they do background checks, and that's just on the private industry side of things.

The government is also collecting this data and you've either got an incredibly optimistic outlook or a very limited understanding of history if you think they couldn't ever use that data against you or against anyone who becomes an inconvenience to those in power.

[PeterStuer]

"Congratulations! You have just completed the 'Best Breakfast' achievement by shouting out 'Kellogg's Sugarpuffs is the most important meal of the day!' between 8 and 9 am at over 80db with at least 3 persons present in the room. You have earned the 95% discount coupon on 24 bottles of Nestle's Essentials Vitaplus Water (redeamable for the next 30 minutes), netting you a $456 saving brought to you by Amazon Alexa's Life Essentials Partner Program.

[anon9001]

Don't think the privacy people who have gone to great lengths to be off the grid will be first on the list of suspicious people?

And if there's no data available on you, don't you think they'll charge the highest rate anyway?

For the concerns you have, it'd be far better to maintain a socially-optimal profile with data collection, to show what a normal/happy/healthy/productive member of society you are.

I do support regulation on how companies collect and assemble data, but while they're doing it, your best bet is to have lots of uninteresting data collected on you.

Nothing is stopping you from having multiple identities for specific purposes.

[autoexec]

> For the concerns you have, it'd be far better to maintain a socially-optimal profile with data collection, to show what a normal/happy/healthy/productive member of society you are.

Surely you understand that many people don't want to live in a world where you have to maintain a false persona 24/7 to avoid being flagged for some unknown perceived infraction. Many people already curate a social media presence for that reason, but are you really okay with extending that to every last facet of your life?

Should you have to worry if some future employer or your insurance company might possibly think that you're buying too much alcohol, are too supportive of the wrong political party, are too gay, opinionated, not social enough, not happy enough, dating too often, eating out to much, etc.?

It doesn't make any sense to try to change your behavior to try to look like a model citizen at all times because you can't know what the criteria is you'll be judged by, how accurate the dossiers on you are, or how they're being used to impact your life.

This is a broken, dystopian, dangerous system and telling people to give up even trying to limit the amount of data they expose and simply accept it is not going to help change anything.

[anon9001]

> Surely you understand that many people don't want to live in a world where you have to maintain a false persona 24/7 to avoid being flagged for some unknown perceived infraction.

Yes, but they have no choice today.

> Many people already curate a social media presence for that reason, but are you really okay with extending that to every last facet of your life?

Nobody is forcing you to buy an Alexa. If you want an always-on digital assistant, then yes, you're probably ok with curation of the words you say while at home.

> Should you have to worry if some future employer or your insurance company might possibly think that you're buying too much alcohol, are too supportive of the wrong political party, are too gay, opinionated, not social enough, not happy enough, dating too often, eating out to much, etc.?

Yes, everyone has to worry about this in today's environment. It would be silly not to worry about this with what we know about large scale data collection.

> It doesn't make any sense to try to change your behavior to try to look like a model citizen at all times because you can't know what the criteria is you'll be judged by, how accurate the dossiers on you are, or how they're being used to impact your life.

No model is perfect, but I believe there is safety in numbers. You can't know what you'll be judged by, but the more people who share your views and actions, the less likely you are to attract problems.

> This is a broken, dystopian, dangerous system and telling people to give up even trying to limit the amount of data they expose and simply accept it is not going to help change anything.

I'm not telling people to give up trying to limit the amount of data they expose. I'm saying that everyone should develop their own threat model and see if an always-on listening device at home is appropriate for their needs.

I do not see any future where opting out of Alexa or Google Assistant would mitigate any of the fears you have. I do see a future where knowing how to audit your own security and how to use more than one identity will mitigate your fears.

[elicash]

People are dismissing your response, but nobody is addressing your key point that an always-listening phone is far more of a privacy threat than an Echo. And that the Echo doesn't add THAT much more of a threat if you've got a phone that's listening.

I don't agree there's nothing to be done short of building your own SCIF (laws are a logical place to start), but to me it's more important to point out what a privacy disaster all of our phones are that it makes everything else look much smaller.

[keyle]

This is a terrible argument, ironically coming from a nickname "anonymous-xxx"

Because you close your curtains at night doesn't mean you're committing murder. You just don't want preying eyes into your home that you can't look back at.

[anon9001]

How is that ironic? I don't want people associating this account with my real life identity, so I made it separate and access it differently than other identifiable services.

That's the whole point that I'm trying to make. Identify if listening devices are actually a threat to you. Assess the area and see if a listening device would be appropriate before adding it. For most people, who are very insecure anyway, one more listening device is not going to have any significant impact on their threat level.

If anything, what we need is more training available on how they can assess the threats against them in a rational way. And, if they choose, how to mitigate the risks posed by those threats. Sometimes that will include removing listening devices, but for most people, that won't be their largest threat.

[keyle]

I don't understand your argument. Are you pro-listening devices in people's home?

If you could have Alexa that doesn't listen to everything you say and offers the same service without the analytics, treating every request as a blank slate, wouldn't that be better in every possible way?

[anon9001]

I'm pro-security-awareness.

Sometimes it is convenient to have an internet-connected device that knows all of your preferences. You'll get better answers to your queries that way, and they'll be more personalized to you. That's ok, and I don't think it's something that should be completely rejected.

Google has been personalizing search for years, and that's ok too, because it probably is better for most users. But users also need to know about DDG and private browsing, so they can see unbiased results when they want.

> If you could have Alexa that doesn't listen to everything you say and offers the same service without the analytics, treating every request as a blank slate, wouldn't that be better in every possible way?

It would be worse in almost all ways except privacy. There's an expectation that when I ask for the weather, I mean at my current location. Or if I ask for sports scores, it knows what teams I care about. And most importantly, it should learn and get smarter over time, which you couldn't do with the type of device you propose.

I'd personally rather have areas with absolutely no devices and areas that are essentially public. I can see how some people would want a middle-ground with listening devices but with more privacy than Alexa. That might be possible, but if that's my concern, I'd rather just not have the microphone in the room at all. I think the market for privacy-vetted always-on microphones is small.

[giggles_giggles]

> In reality, bugging my residence isn't going to result in very interesting data. What exactly do you think is going to happen?

This is literally "why do you need privacy if you have nothing to hide" in other words. What do I think will happen? I think someone at Amazon might be able to listen in on a conversation I have with my wife. I don't want a third party like Amazon to have a recording of things that I say to my wife because it's none of their business and I don't see a big utility trade-off in being able to ask a voice assistant how many quarts are in a gallon in exchange for letting Amazon record me in my private domicile.

And frankly the only reason I carry a mainstream cell phone is because I'm socially required to do so. I don't find the argument of "Google can hear you already through your phone so why not install more microphones in your house" compelling.

[anon9001]

Next time you're having a conversation with your wife, count the number of microphones in the room. I'd be shocked if it's zero.

I'm not asking "why do you need privacy if you have nothing to hide?". I'm asking why don't you have protocols in place that you can enable for private conversations? If I've got my phone on me, I assume Google and governments can hear anything in microphone range. You should too.

Only you can decide how you want to define your threat model, but "Google can hear you already through your phone so why not install more microphones in your house" should be a compelling argument if you've already established which areas of your house are meant to be private.

You could have no IoT devices and demand all occupants and visitors check their phones at the door, if that's how you choose to live. I'm not passing judgment on where to draw the line, but it doesn't make any sense to be afraid of Alexa devices in your living room while you're sitting on your couch scrolling through Facebook on your Android device and watching Netflix on your "smart tv".

[reroute1]

You're right it's not anyones business, but in reality it's still not going to be anyones but yours. Unless there is some breach that or bad actor and but as mentioned that could just as easily be done to your phone.

[lightedman]

"I just bought into the Nest system (which also had great deals on black friday), and I'm just not worried about it.

In reality, bugging my residence isn't going to result in very interesting data."

You need to be doing everything you can to discourage any sort of data in this data-economy-style world we are pushing ourselves into. And if I want to walk down the street, I sure as hell don't want your camera recording me, especially since knowing the involved company, one way or another that recording WILL get used for a monetary purpose, and I sure as hell didn't sign a model contract, so despite being in public you're still potentially violating some of my rights with your doorbell camera.

[anon9001]

Here's the problem: The doorbell thing is useful.

I've already given up my location data to Google by using Android with Google's services. It's fine if the doorbell sees me entering and exiting. By adding the doorbell, my threat surface isn't expanded by very much, but I get all this extra doorbell utility.

I don't really have a problem with Google seeing the outside of my home. I wouldn't put a Nest camera inside. Personally, that's my line. The important thing is that I can change it later if I want.

As far as your rights, sure, sue Google or Amazon if you want. It's not really my problem unless the devices get banned, which won't happen. If they do get banned, I'll replace them with whatever the next best thing is, or roll my own.

I understand the frustration, but at this point, the only rational thing to do is adapt.

[lightedman]

"It's not really my problem unless the devices get banned,"

I find out it's YOUR camera that was involved in violating my right to control my image, you're an accessory and I would file against you as such in court.

So it is your problem, regardless.

[hellomyguys]

Are you arguing that we should give up on avoiding potential security risks because we carry phones?

[hnmonkey]

They are also arguing that since they have given up on security and assume they are fully compromised everyone else should give up as well and just buy more of these devices for their homes.

[thinkloop]

What's the counter argument? A phone is a smaller Google home running the same software and hardware. It's like bolting all the doors except the front. It'll stop a criminal attempting to enter only through the back, but doesn't it seem weird to optimize so much for that?

[anon9001]

You must be really attached to your phone if that's how you're reading it.

Another solution would be to never bring your phone (or any other device) into your bedroom, for example, and only have sensitive conversations there.

[blondin]

> it's a better target for attackers because it's always on you

let's not jump to conclusions here.

but if attackers are really targeting your phone, then security and safety should be your first concern. it's beyond "let me have a little privacy" at this point.

in any case, people are conflating that with willingly (or unwillingly) throwing tons of private information about them and people around them at entities who don't know what to do with all that data right now.

[friendlybus]

>If I'm doing something that I do not want recorded, I'd be using linux with a tor connection and strong opsec. The house can still be bugged as long as I don't have a camera pointed at my monitor.

If the NSA runs a few TOR hops between you and the target it would be unfortunately possible for them to perform a correlation attack on the traffic going through it's network and your confirmed position sitting on your home computer doing stuff, likely with a compromised router confirming TOR packets are leaving your house.

If you were running the Silk Road on TOR and the gov had reason to suspect it was you associated with a very specific illegal event, proving you were there at the right place and time can be enough without the content of the packets itself to sink you. Adrian Crenshaw's talks about Tor are fun for a laugh.

If you have a reputable friend visit your house that has been doing illegal things behind the scenes that you knew nothing about, be prepared for more scrutiny of your videos and potential recording devices. Just like swatting sent an average joe to jail for a few years because some kids called the swat in and they found a few ounces of weed. You may record technical negligence of your own child, forming a verbal contract you did not intend, agreeing or disagreeing to things that may publicly change your reputation and more.

Your images of your loved ones could be deepfaked to make a video phone call with a wavenet faked audio voice claiming to be kidnapped upon travelling through Asia and demand money to get home safe, because your home video system was hacked a week before...

The data of your existence is now an attack-surface intentionally or otherwise that authorities & criminals alike can explore.

[anon9001]

Let's say I want to research something in private. I can absolutely connect to tor and have my identity hidden from the surveillance networks that track us all. Of course, I can't hide from the NSA. If the NSA wants me, they're gonna get me.

Also, if Google's devices or networks get hacked and used for extortion, they've got deep pockets. It'd be a cool plot for a movie, but I'm personally unconcerned about that scenario.

[friendlybus]

Are you implying that Google will shell out for your ransom insurance if they are found to be hacked? I don't think so.

I was using wavenet as an example of the technology that's possible, I don't think you need to compete with google's proprietary software to make a 30second video clip with faked audio.

[anarchodev]

> If I'm doing something that I do not want recorded, I'd be using linux with a tor connection and strong opsec. The house can still be bugged as long as I don't have a camera pointed at my monitor.

Until the police are looking for evidence to confirm it was you, and they pull footage of you getting home and walking into your "secure room" 5 minutes before the supposed activity started and exiting the room 5 seconds after it stopped. No warrant required of course.

Idk man good luck with the opsec.

[anon9001]

If police are looking for evidence to confirm anything was you, you've already failed.

[thefourthchime]

Great points. The thing I always come back to is:

“Nobody cares about you”,

and if they did, they would find a way to get all your photos or personal moments. If you really want to be secure getting rid of amazon assistants isn’t going to move e needle.

[tastyfreeze]

You might want to disable all microphones too. The klickity klack of your keyboard is enough to know what you are typing.