Hacker News new | ask | show | jobs
by low_key 2108 days ago
I think they mean it isn't continuously transmitting the data to Amazon/Google/etc.

The device does continuously monitor (capture) audio, but the detection is done locally and data is only transmitted to the respective service after the keyword match.

This is reasonable as long as you trust that the device is performing as designed (and that the design doesn't include any undesired behaviors).
3 comments
alexbanks 2108 days ago
I guess, based on all that we know about BigTech, is there any reason to actually think they're behaving this way? And if they are now, they'll continue to?
link
LdSGSgvupDV 2107 days ago
Nope. The best solution is to host your own server in LAN. But, right now, most of the products need cloud/store to monitor the customer.
link
jtriangle 2108 days ago
> Data is only transferred

The privacy concern is that it'd be trivial for someone to use amazon's firmware keys to sign a new firmware and flash the device remotely that would indeed make it upload continuously. Normally that'd be far fetched, but, with Amazon's connections to intelligence agencies, it's more of a valid threat than it appears on its face.

Such a thing would be trivial to detect with proper network monitoring because an audio stream is pretty simple to trigger an alert on, but, almost nobody is doing that because typically if you're worried about something like that you're not going to buy a device like this.

link
floatingatoll 2108 days ago
Your usage of the word 'trivial' appears to be a substitute for the word 'conceivable', and I would absolutely agree that's it conceivable with this specific rewording in place:

> it'd be conceivable for someone to use amazon's firmware keys to sign a new firmware

However, I disagree with the word 'trivial' and the framing it implies. It would require a non-trivial amount of effort for Amazon to do this; both to keep it secret within Amazon; and to build, sign, and ship a custom firmware; and to avoid detection by changes in the device's bandwidth patterns.

link
takeda 2108 days ago
A lot of people are forgetting that those companies have full control over what the wake word is or how the wake word mechanism works and can change it remotely.
link