The microphone is only active when you hold down the button - if it's always on (for whatever reason, accidentally or maliciously), the unit would run out of power in a few hours, it's powered by a single AAA cell.
There's a 32kHz RTC oscillator in the MCU, which can be programmed to periodically wake it up as well.
Without analysing the firmware you wouldn't be able to confirm for sure what it's doing.
I suppose one exercise for those inclined would be to reprogram it to listen (perhaps only during the daytime) and see how long it lasts. You wouldn't need high fidelity so a low sample rate would be enough.
> Without analysing the firmware you wouldn't be able to confirm for sure what it's doing.
It's on your own network, so it's trivial to know when it's communicating and with whom. In principle, it could periodically wake and poll a C&C server to see whether it should start streaming audio or not.
Nothing forces it to be on your network. If there's a neighbor with open wifi, or easily cracked wifi, or wifi Amazon already has the key for, (from an Amazon tablet/phone that's been connected to it before) then it could talk on that instead.