Hacker News new | ask | show | jobs
by jtriangle 2109 days ago
> Data is only transferred

The privacy concern is that it'd be trivial for someone to use amazon's firmware keys to sign a new firmware and flash the device remotely that would indeed make it upload continuously. Normally that'd be far fetched, but, with Amazon's connections to intelligence agencies, it's more of a valid threat than it appears on its face.

Such a thing would be trivial to detect with proper network monitoring because an audio stream is pretty simple to trigger an alert on, but, almost nobody is doing that because typically if you're worried about something like that you're not going to buy a device like this.
1 comments
floatingatoll 2109 days ago
Your usage of the word 'trivial' appears to be a substitute for the word 'conceivable', and I would absolutely agree that's it conceivable with this specific rewording in place:

> it'd be conceivable for someone to use amazon's firmware keys to sign a new firmware

However, I disagree with the word 'trivial' and the framing it implies. It would require a non-trivial amount of effort for Amazon to do this; both to keep it secret within Amazon; and to build, sign, and ship a custom firmware; and to avoid detection by changes in the device's bandwidth patterns.

link