Are Alexa, Google & Siri Eavesdropping on You?

Amazon and Google have both come out with wildly popular digital assistants that are loosely known as smart speakers. Amazons is called Alexa and Googles is called, well, Google.

“Hey Alexa, would you say you are smarter than Google?”

Apple’s digital assistant is Siri which can be found on all new Apple devices, including the HomePod, a less popular version of Alexa. For the time being, Siri isn’t quite as smart or popular as the other kids, so I’m leaving her out of this conversation for now. Sorry Siri.

Just the fact that Alexa, Google and any digital assistant answer you the minute you mention their name shows that they are ALWAYS LISTENING! Once you have triggered them, they are recording the requests you make just as if you had typed them into a search engine. So they know when you order pizza, what songs you like and what’s on your calendar for the week. They can also have access to your contacts, your location and even combine that information with your buying and surfing habits on their website.  

To be fair, Amazon and Google both say that their digital assistants only process audio after we trigger them with a phrase like “Hey, Alexa” or “OK, Google”. So they aren’t listening to EVERY conversation… YET. Why do I say, YET? Because the New York Times dug a little deeper and took a look at the patents that Amazon and Google are filing for future makeovers of their digital assistants. In one set of patent applications, Amazon describes, and I’m quoting here, a “voice sniffer algorithm” that can analyze audio in realtime when it hears words like “love”, “bought” or “dislike”. It went on to illustrate how a phone call between two friends could result in one receiving an offer for the San Diego Zoo and the other seeing an ad for a Wine club based on the passive conversation that the two of them were having.

In other words, no one had invited Alexa to the conversation, but she, or he, or they were there listening, analyzing and selling your thoughts anyway. That’s just creepy! It gets worse. The Times found another patent application showing how a digital assistant could “determine a speaker’s MOOD using the volume of the user’s voice, detected breathing rate, crying and so forth as well as determine their medical condition based on detected coughing, sneezing and so forth”. And so forth, and so forth. To that, I have only two words: Big Brother!

Let’s call these future digital assistants exactly what they are: audio-based spyware used for profit-making surveillance that treat us users like tasty soundbites at the advertising watering hole. Our private conversations will one-day drive their advertisements, profits and product development. They are data mining what we say, turning it into a quantitative model and selling it to anyone who will buy it. Well, I don’t buy it. And I won’t buy one, until I am sure, in writing, that it’s not eavesdropping on everything said in my home.

Granted, these are all proposed changes to be made in the future, but they are a clear sign of where smart speakers and digital assistants are going. Their intention is to eavesdrop on you. Your One Minute Mission is to ask yourself how comfortable you are having a corporation like Amazon or Google eventually hearing, analyzing and sharing your private conversations.

I have to be forthright with you, many people will say they don’t care, and this really is their choice. We are all allowed to make our own choices when it comes to privacy. But the vitally important distinction here is that you make a choice, an educated, informed choice, and intentionally invite Alexa or Google into your private conversations.

I hope this episode of Sileo On Security has helped you do just that.

Delete Your Facebook After Cambridge Analytica?

I’ve written A LOT about Facebook in the past.

  • What not to post
  • What not to like
  • What not to click on
  • How to keep your kids safe
  • How to keep your data protected
  • How to delete your account

ETC! Search specific topics here.

And personally, I’m ashamed of myself for knowing exactly how social networks like Facebook take advantage of users and our data, and yet still have a Facebook profile. I’m not just sharing my information, Facebook is also sharing everyone of my “friends’” Information through me. I’m currently thinking that the only way to protest this gross misuse is data is to delete my profile (which still won’t purge my historical data, but will stop future leakage).

And yes, I’ve written several times about how Facebook is allowed to sell your privacy.  Now, it turns out the practices I have warned about for years are taking over our headlines with a “little” news bit about how Cambridge Analytica has used data obtained from Facebook to affect the 2016 U.S. Presidential election.

Here’s a brief timeline:

  • In 2014, a Soviet-born researcher and professor, Aleksandr Kogan, developed a “personality quiz” for Facebook.
  • When a user took the quiz, it also granted the app access to scrape his or her profile AND the profiles of any Facebook friends. (Incidentally I was writing about why you shouldn’t take those quizzes right about the time all of this data was being gathered!  And, it was totally legal at that time!)
  • About 270,000 people took the quiz. Between these users and all of their friend connections, the app harvested the data of about 50 million people.
  • This data was then used by Cambridge Analytica to help them target key demographics while working with the Trump campaign during the 2016 presidential election.
  • Facebook learned of this in late 2015 and asked everyone in possession of the data to destroy it. (They did not, however, tell those affected that their data had been harvested.)
  • The company said it did, and Facebook apparently left it at that.

That takes us up to recent days, when The Guardian and The New York Times wrote articles claiming that the firm still has copies of the data and used it to influence the election.

What’s happening now?

  • Facebook has suspended Cambridge Analytica from its platform, banning the company from buying ads or running its Facebook pages.
  • The Justice Department’s special counsel, Robert S. Mueller III, has demanded the emails of Cambridge Analytica employees who worked for the Trump team as part of his investigation into Russian interference in the election.
  • The European Union wants data protection authorities to investigate both Facebook and Cambridge Analytica. The UK’s information commissioner is seeking a warrant to access Cambridge Analytica’s servers.

And what should you be doing?

Consider deleting your profile. I am. I’ve written about how to do that before and how to weigh deactivating your account versus deleting it. Consider carefully before making that choice.

Remember that the real illusion about Facebook is that there is anything significant we can actually do to protect our privacy. Facebook provides an effective privacy checkup tool, but it does nothing to limit the data that Facebook sees, or that Facebook decides to share with organizations willing to buy it, or even that hackers decide to target.

The data you’ve already shared on Facebook, from your profile to your posts and pictures is already lost. There is nothing you can do to protect it now. The only data you can protect is your future data that you choose to not share on Facebook.  Here are my suggestions for a few pro-active steps you can take right now:

  • Delete or deactivate your Facebook profile
  • Reread my post about Facebook Privacy from 2013—unfortunately, all of it still applies today!
  • Memorize this phrase: “Anything I put on Facebook is public, permanent and exploitable.”
  • Tell some little white lies on your profile.
  • And stop taking those quizzes!

John Sileo is an an award-winning author and keynote speaker on cybersecurity, identity theft and online privacy. He specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Internet Providers Lose Right to Sell Your Privacy (But Facebook & Google Still Can)

“There is a basic truth: It is the consumer’s information. It is not the information of the network the consumer hires to deliver that information.” 

These were the words of Tom Wheeler, the chairman of the F.C.C., when it was announced that Federal regulators have approved new broadband privacy rules that require internet service providers like Comcast and Verizon to ask for customers’ permission before using or sharing much of their data. He went on to say that the information used “should be the consumers’ choice, not the choice of some corporate algorithm.”

Privacy groups were, of course, thrilled with the new rules, which move the United States closer to the stricter policies in European nations.  The industries that depend on online user data were not quite as happy, with the Association of National Advertisers labeling the regulations “unprecedented, misguided, counterproductive, and potentially extremely harmful.”

What does all of this really mean for consumers?

• A broadband provider has to ask a customer’s permission before it can tell an advertiser exactly where that customer is by tracking her phone and what interests she has gleaned from the websites she’s visited on it and the apps she’s used.

• Major broadband providers will have about one year to make the changes required by the new rules. After that, users will be notified of new privacy options through email or dialogue boxes on websites.

• The F.C.C. rules apply only to their broadband businesses.

• After the rules are in effect, broadband providers will immediately stop collecting sensitive data, including Social Security numbers and health data, unless a customer gives permission.

• For some less-private data, like names and addresses, there’s a more lenient approach. As with any online service, you should assume that broadband providers can use that information and you should “opt-out” of letting them do so.

• One “down side” to consider is that there is a chance that the removal of ads that allow for free and cheaper web services will result in those prices being passed on to consumers.

• Online ad giants, including Google, Facebook and other web companies, are not subject to the new regulations as the F.C.C. does not have jurisdiction over web companies. So Google does not have to explicitly ask people permission first to gather web-browsing habits, for example.

• AT&T, Verizon and Comcast will also still be able to gather consumers’ digital data, though not as easily as before. They will also still be able to purchase data from brokers.

Jay Stanley, senior policy analyst with the American Civil Liberties Union (ACLU) summed it up pretty clearly:  “Just as telephone companies are not allowed to listen in to our calls or sell information about who we talk to, our internet providers shouldn’t be allowed to monitor our internet usage for profit.”

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Some Simple Steps to Social Media Privacy

When was the last time you checked your privacy settings on your social media profiles? Being aware of the information you share is a critical step in securing your online identity. Below we’ve outlined some of the top social media sites and what you can do today to help keep your personal information safe.

FACEBOOK Social Media Privacy

Click the padlock icon in the upper right corner of Facebook, and run a Privacy
Checkup. This will walk you through three simple steps:

  • Who you share status updates with
  • A list of the apps that are connected to your Facebook page
  • How personal information from your profile is shared.

As a rule of thumb, we recommend your Facebook Privacy setting be set to “Friends Only” to avoid sharing your information with strangers. You can confirm that all of your future posts will be visible to “Friends Only” by reselecting the padlock and clicking “Who can see my stuff?” then select “What do other people see on my timeline” and review the differences between your public and friends only profile. Oh, and don’t post anything stupid!

TWITTER Social Media Privacy

Click on your profile picture. Select settings. From here you will see about 15 areas on the left-hand side. It’s worth it to take the time to go through each of them and select what works for you. We especially recommend spending time in the “Security and Privacy” section where you should:

  • Enable login verification. Yes, it’s an extra step to access your account, but it provides increased protection against unauthorized access of your account.
  • Require personal information whenever a password reset request is made. It’s not foolproof, but this setting will at least force a hacker to find out your associated email address or phone number if they attempt to reset your password.
  • Determine how private you want your tweets to be. You can limit who (if anybody) is allowed to tag you in photos and limit your posts to just those you follow.
  • Turn off the option called “Add a location to my Tweets”.
  • Uncheck the options that allow others to find you via email address or phone number.
  • Finally, go to the Apps section and check out which third-party apps you’ve allowed access to your Twitter account (and in some cases, post on your behalf) and revoke access to anything that seems unfamiliar or anything that you know you don’t use anymore.

Oh, and don’t post anything stupid!

INSTAGRAM Social Media Privacy

The default setting on Instagram is public, which means that anyone can see the pictures you post. If you don’t want to share your private photos with everyone, you can easily make your Instagram account private by following the steps below. NOTE: you must use your smartphone to change your profile settings; it does not work from the website.

  • Tap on your profile icon (picture of person), then the gear icon* to the right of your name.
  • Select Private Account. Now only people you approve can see your photos and videos.
  • Spend some time considering which linked accounts you want to keep and who can push notifications to you.

*Icons differ slightly depending on your smartphone. Visit the Instagram site for specifics and for more in depth controls.

Oh, and don’t post anything stupid!

SNAPCHAT Social Media Privacy

Snapchat’s settings are really basic, but there’s one setting that can help a lot: If you don’t want just anybody sending you photos or videos, make sure you’re using the default setting to only accept incoming pictures from “My Friends.”  By default, only users you add to your friends list can send you Snaps. If a Snapchatter you haven’t added as a friend tries to send you a Snap, you’ll receive a notification that they added you, but you will not receive the Snap they sent unless you add them to your friends list.  Here are some other easy tips for this site:

  • If you want to change who can send you snaps or view your story, click the snapchat icon and then the gear (settings) icon in the top right hand corner. Scroll down to the “Who can…” section and make your selections.
  • Like all services, make sure you have a strong and unique password.
  • Remember, there are ways to do a screen capture to save and recover images, so no one should develop a false sense of “security” about that.

In other words, (all together now) don’t post anything stupid!

A Final Tip: The privacy settings for social media sites change frequently. Check in at least once a month to ensure your privacy settings are still as secure as possible and no changes have been made.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.