Merry Christmas readers! I hope your holidays are full of joy, and I hope your privacy remains protected. With this season being a common one for gifting, I want to provide a rundown of the privacy concerns surrounding smart speakers such as Amazon Alexa, Google Nest, Siri, etc. These have become popular devices/features due to the ease of use for connecting and managing devices, and playing music. These speakers provide users with the option to vocally activate and control them, typically following a specific prompt to the device like “Hey Alexa”, or “Hey Google”. Once the device hears its specified wake word, it will listen to what you say after and provide a response. If you ask the device to turn on music, it will turn on music. You can ask these devices to adjust the volume, turn on or turn off, search something on google, or even add items to a shopping list. While this hands-free option introduces heightened accessibility and convenience, there are also privacy concerns swirling around them.
Data Storage
As mentioned above, there are specific wake words that will activate these devices. For this feature to work, your microphone must be on and listening to be able to respond when prompted. These devices are set up to listen for their wake word, and if they hear it, they respond. If they do not hear it, they will not respond. Ideally these devices are not storing anything that does not occur before the wake word.
Apple Siri
Siri, an Apple smart speaker that is integrated with your Apple devices, will store your audio data on Apple servers if you opt in to help improve Siri and Dictation. While your Siri requests and audio recordings are sent to and processed on Apple servers, they are only stored when you provide consent. When this feature is turned on, Apple will collect and store multitudes of data. For example, Apple will store the category of the request made, the location of where the request was made, and whether or not the request was completed successfully. According to Apple in the “Siri, Dictation, and Privacy” explanation, data is stored with a random identifier for up to 6 months and is not tied to your apple account or email address. After that 6 months, the random identifier is removed and data may be retained for up to two years. All recordings that are sent to Apple servers are encrypted prior to transmission, protecting users from unauthorized third party transmissions gaining access to the actual recordings. Other things that may be stored include contextual data from Siri or from third-party apps that you integrate with Siri, how you use your device, and location data. Apple provides very strict opt-out abilities from Siri and any potential data storage from Siri use.
Amazon Alexa
Amazon Alexa stores vocal recording data in Amazon cloud servers indefinitely, unless the user changes this setting. These recordings are easily accessible from your Amazon account, not requiring any further authentication. While Amazon does encrypt recordings for transmission, the practice of storing all recordings indefinitely and not requiring additional authorization to access this data, there is a reasonable concern for how safe this data is. If your amazon or email account is compromised, all of the data recordings associated with your account are as well. Amazon does not incorporate any identity masking features for voice recordings, they are all directly identifiable to their users.
Google Nest
Google Nest works the same way as Siri or Alexa, waiting for its wake word and not storing any recordings that do not involve it. By default Google does not store any voice recordings. Voice recordings and data will be stored on Google servers indefinitely if the user opts into saving data to help improve the quality of the device, unless the user changes this setting. Due to the sheer amount of services Google provides, a lot of data can be collected and stored on its users. Google will collect information from anything that you permit it access to such as your phone contact list or photos, any third parties that you use via Google services, your search history, location data, and more. Audio recordings are encrypted during transmission.
How to Manage your Privacy
All three of the above examples provide users with control over their data, and provide detailed information about where it goes and what is done with it. This allows users to be able to enhance their data privacy while still being able to use these devices. Here are a couple tips to help maintain your privacy, and still enjoy smart technology:
- Familiarize yourself with the device and the features you have opted-in to. Check device privacy or security settings and see if you have agreed to help “enhance the tools accuracy”, your data is going to be stored by the organization. Check your settings for data retention options, and adjust them to your liking.
- Delete your data if you no longer wish to have it stored.
- Unplug the device when you do not want it listening, or turn the microphone off in its settings. Without power, the device won’t listen to you.
Smart speakers don’t have to be scary, and they don’t have to know everything about you if you do not want them to. As with all technology, be aware of what it does, and how it may affect you and your privacy, and use what makes you feel comfortable and secure.