How Has Amazon Managed To Make Hackers Love Alexa?

Our hackspace has acquired an Amazon Dot, courtesy of a member. It mostly seems to be used as a source of background music, but it has also spawned a seemingly never-ending new entertainment in which the hackspace denizens ceaselessly bait their new electronic companion with ever more complex and esoteric requests. From endless rephrasing and careful enunciation of obscure early reggae artists to try to settle a musical argument to hilarious mis-hearing on the part of our silicon friend, the fun never stops. “Alexa, **** off!” it seems results in “I’m sorry, I can’t find a device of that name on this network”.

amazon-dot-always-listeningThat is just the experience of one hackspace, but it evidently does not end there. Every other day it seems that new projects using Alexa pass through the Hackaday timeline, so it looks as though Amazon’s online personal assistant has been something of a hit within our community.

Fair enough, you might say, we’re always early adopters of any new technology. But it’s a development over which I wonder; am I alone in finding it surprising? It’s worth taking a moment to look at the subject.

Big Brother Sister

An Alexa-supporting device is constantly listening to conversations within its range, and when it detects its activation word, in most cases “Alexa”, it lights up and records the question that follows before sending it to a cloud-hosted voice recognition engine which makes the decision on its response. The company claims that a lot of effort has been made to ensure the privacy of users, however there remains the possibility for a significant invasion for anyone within range of an Alexa device.

Given that our community contains a lot of people who are concerned by issues involving privacy and surveillance, I am surprised that so many have embraced Alexa. For a community with qualms about a security camera for a hackspace, to wholeheartedly embrace a listening device under the control of a global company raises some interesting questions about our real relationship with the technology.

Who Do You Trust?

Consider for a moment, would you willingly have a device listening to your conversations that was powered by Hackaday? Let’s call it The Wrencher. After all, we’re a reasonable bunch, and our Supplyframe overlords don’t inhabit an evil lair featuring sharks with laser beams. Our device would respond to useful commands, like “Wrencher, sudo make me a sandwich”.

Google Home listens to everything, until it hears the magic words.
Google Home listens to everything, until it hears the magic words.

So given that you would have a hypothetical Hackaday Wrencher with no problem, who else would you have listening into your home? Which companies do you trust? Let’s say software companies, so how about starting with a Linux company? Canonical? A lot of you use Ubuntu Linux, so you already entrust a lot of your information to their work, why not?

As we descend the slippery slope through companies we trust, eventually we arrive at the ones that have made connected devices that listen to your every word. Apple, for instance. You’re all comfortable with Siri if you own Apple devices, aren’t you? Google perhaps? Android phones and the Google Home appliance all respond to “OK Google” these days. Amazon’s Alexa we’ve talked about, but how about Microsoft’s Cortana? My personal view is that she’s the most useful of the bunch, but everyone has their own take on it.

Poorly Defined Lines in Sand

At this point, many in our community are shifting uncomfortably from one foot to the other, and mumbling something like “But Microsoft, they’re evil, aren’t they?”

Are they? It’s true that in the past the Redmond-based software giant has adopted policies towards the open-source community that haven’t exactly been nice, but are they any more evil than the other companies whose names I have just rattled off? Google famously had “Don’t be evil” as their motto until they rebranded as Alphabet and dropped the sentiment. The truth is that however touchy-feely they come across, there is the possibility for any organisation to do things that are a bit dodgy, and that’s before we start talking about government intervention.

I’m writing this in the United Kingdom, where the legislature has just passed an extremely far-reaching internet surveillance bill. It’s not entirely unthinkable that a company operating an internet-connected voice assistant could be subpoenaed behind the scenes to provide unfettered access to what would then become simply a listening device. There is no need to be the kind of person who wears a tinfoil hat and inhabits grassy knolls to reach this conclusion, we all know it’s possible and would we trust them not to do it?

Help Grow the Surveillance Infrastructure

So it shouldn’t be news to any of us that these devices raise privacy concerns, but the interesting thing here is that some companies seem to have slipped their products under our natural defenses while others haven’t. So back to our hackspace members who get twitchy about CCTV cameras monitoring building entry points, why are they seemingly happy to have a voice assistant device from one company in their space when they’d start to get cold feet about one from another extremely similar company?

Whatever secret sauce Amazon have invented to gain that level of trust, I want a bottle of it. Dogbert would have nothing on my evil genius armed with that stuff!

114 thoughts on “How Has Amazon Managed To Make Hackers Love Alexa?

    1. It does baffle me some that so many people don’t seem to have any qualms, whatsoever, about giving total strangers on the Internet listening-access to everything that goes on within the device’s listening-range. I wouldn’t be able to use these kinds of things anyways due to lack of support for Finnish, but even if I could, I just wouldn’t feel comfortable about such access into my home and private life 24/7.

      1. But it only listens on the command word. Thus it’s not different to the mic you have on your cell phone near you 24/7 and or your laptop web cam/mic.

        If you are that paranoid, setup a traffic monitor on it’s IP and if traffic goes over some amount (It’s somehow listening all the time) then get an alert…

        1. Having it send a continuous audio stream directly to amazon doesn’t make a whole lot of sense. At the very least it would be doing some amount of processing locally and sending the output over the network. But consider the most likely application for this, advertising. I’m not saying this is what is happening (I don’t own one of these) but it’s a hypothetical possibility. What it might do is listen for names of brands or products and end the end of each day send a report on the most mentioned brands back to amazon. This would obviously be very valuable information to advertisers, and as a user you would have no way of detecting such a small transmission among all the data it sends (which is presumable encrypted, at least I would hope).
          Anyway, you can see the potential possibilities this opens up.

          1. You know all those ads that you see online, AFTER you shopped online for something ??? Well, the other day, I did a major wood floor space cleaning in my home. I was complimented by the Mrs. for having cleaned the floors. Wouldn’t you know it, more than a couple of those sidebar ads for wood floor cleaning products and companies appeared in my browser. Having not even searched for such products to prompt such ads, I can only assume it was pure coincidence… Or was Alexa listening? Weird.

        2. But how does it hear the ‘command word’?

          …because it’s listening. All. The. Time.

          When you say the command word, it enacts some function showing activity at that time, but just because it’s not showing activity doesn’t mean that it’s not functioning on some level.

          1. There’s also likely to be a tick box reading something like “would you let us monitor all audio to improve perormance” checked off by default.

            Even if we assume every company goes through great lengths to stop eaves dropping, its not a realistic expectation that this will never be breached by hackers or agencies that think stock piling 0-days is a good practice.

          2. For a tech blog a lot of people here are comments and not understanding the underlying tech.

            It is listening all the time, YES, for the wake word. While this is happening NO data is sent to amazon, 0, zilch, do a packet sniff, nothing is happening.

            As soon as the local listening hardware detects the wakeword, it records what you ask, sends it off to amazon to be processed, then acts on it.

            I own several of the Echo’s in various forms, I’m in IT, and I’ve personally monitored it’s network activity and it is never transmitting audio data unless it’s heard the wake word….

          3. whether or not the device is transmitting data to amazon ‘all the time’ or not is not the issue. since its listening all the time it’s an open access point into your life just waiting to be hacked by anyone with the desire to spy on you.

            if a CAN bus in a jeep can be hacked through the bluetooth radio giving control of your car to someone else, think of what a malicious hacker or overbearing government security service could do to or with this.

            If you tape up your webcam cameras built into your monitors, but think this technology is ok… perhaps its time to think again

          4. It doesn’t stream voice data over the internet continuously, the local hardware listens for a predefined que which is limited to one of three choices. If they were streaming everything all the time then they’d be able to offer more than just 3 que options but the hardware in Alexa isn’t capable of full voice recognition at that level.

      2. Exactly. Samsung got some flack a while back for having an always-listening smart TV, and they were upfront and honest about exactly what it was listening to and recording (hint: everything said near it). I don’t trust Samsung and they were honest with their customers; I damn sure don’t trust Amazon who has been less than forthright about their privacy policies. I won’t touch AWS for the same reason.

      3. Every laptop, tablet, smart phone and IP security camera on your network has the same capabilities as an Echo. The difference is that we assume they’re not listening where as the Echo is explicitly listening. The director of the FBI advocates covering the camera on your laptop because of how easily they can be compromised, do you think the microphones on devices are any more secure?

        If anything Amazon has much much more to lose if the Echo is exposed as insecure than any laptop, phone, or tablet maker so they’re going to take greater measures to ensure it’s not.

    2. I already feel uneasy just using windows10, and that’s after I applied every known method to reduce the spying.
      But unfortunately it’s true that there is a segment of the population who are insane in a manner that makes them want to be monitored all the time. But it’s not a ‘community’ I’d identify with.

      1. I’d say its because the average person is not aware of exactly what’s going on. I was speaking to a colleague recently, he was saying that he was thinking about getting the amazon echo, when was explaining it to his wife she said “ooh, I’m not sure about that if its listening all the time”, he said, “Well you have Siri set up on your phone, its the same thing”. I think it needs to be made clearer exactly how these devices are using our data as the general public seem to be poorly informed on the matter.

  1. I am an Amazon employee and we recently has a hack day with Alexa (right as it was announced in the EU) and we all came to the conclusion that it was really easy to get going with it. Just go to, set up your NLP utterances and syntax, then create a lambda function (in python, node.js, Java, take your pick) to process the input and call any web service under the sun. We were all given a quick start tutorial and we’re all up and running within an hour.

    I can’t talk much about what we actually did – due to the general hush hush nature of Amazon – but some of the stuff people came up with was phenomenal. Miles better than current offerings from Alexa.

    I’ll stop now before a start banner waving for Amazon.

    1. Does anyone in the company have concerns about the fact that this device listens to you 24/7 and sends the audio over the network to amazon? I think it’s creepy as hell and I would imagine most hackers would agree.

  2. > You’re all comfortable with Siri if you own Apple devices, aren’t you?

    Given that Siri doesn’t listen to anything unless I push a button, I can live with it. If you’re going to worry about “push to recognize” tech, you should probably transfer that concern to the fact that your device has a microphone. Which is a reasonable concern in some cases, I’m not totally dismissing it.

    I think Siri has some always-on operating mode but it doesn’t work that way on my devices and I’m pretty sure it’s non-default.

    1. I really don’t use Siri often at all. But my perception is these devices don’t do anything until until they hear their name. In the case of my iPhone settings unless I hold the home button down for a period of time. No doubt the service could remotely activate the device to listen i, but it would be a huge waste of their resources to do so on a large scale.

      1. You ‘perception’ isn’t completely spot-on in the case of google from what I hear.
        Plus there is a persistent stream of people who feel they have evidence that facebook is also rather aware of what you are doing outside web use.

        1. Persistant cookies for ‘market research” aren’t a new developement. Frequent clearing & scrpt blockers help but don’t completely stop it. Google uses 50-60 markers ranging from OS to browser ID users to deliver targeted ads. And that’s just what they admit to.

      2. For it to listen to the activation word it has to be continuously listening to and processing every word it hears. Presumably it discards 99% of the data it collects since it isn’t the right word, but there would be no extra work needed if they did want to collect it – the data has already been collected and processed.

    2. “Given that Siri doesn’t listen to anything unless I push a button, I can live with it.”

      It’s the same trust you are not extending to Amazon. Echo doesn’t transmit anything to the mothership unless it hears the wake word. Honestly, your phone is a much more convenient device if used nefariously.

      1. Sorry but I don’t buy the comparison. Anyone who ever got a pocket call knows how “much” you can hear through a phone if it’s not Close to the conversation. Echo instead is *optimized* to listen to a whole room. It is surveillance technology at its core. I wouldn’t mind having an Echo in a public place, but in my home? No way!

      1. What’s the false positive rate on hearing “Alexa” vs. the false positive rate on having a physical button depressed?

        Does Alexa have a clear graphic component that changes as its streaming audio?

        1. Yes, it makes a sound and the top lights up with a ring of blue – it’s quite obvious when it’s listening. One of them will light up cyan to show which direction it’s listening in. The ring will flash, then go out when it finishes talking.

          False positive rate? In about a year, it’s falsely activated only a few times (barring someone talking about it, saying Alexa, and having it activate)

          1. I am surprised by your low false positive rate. We picked up an Echo Dot in the Black Friday deals and Alexa responds to other conversations about once a day without the A word being said.

            But connecting it to IFTTT has added lots of functionality and I am looking forward to playing with the API to add more.

          2. In a month of ownership, it’s false-triggered a lot for me, but I have it sitting near a TV and it’s picking up stuff from the TV. Not anything that would bother me if Amazon overheard. During normal conversation or other activities, it’s extremely rare for it to false-trigger.

            I’m not worried about false positives. The worrying part is if someone hacks it or if the government forces access. It’s basically the little metal thing from 1984.

        1. The voice recognition *could* be local, but considering it’s connected to the cloud anyway, they need only load a minimal system on the device. The cloud connection is required more for Alexa’s responses, as is that case with pretty much any (compiled) AI or digital assistant available. At least from what I’ve found, after much searching(still searching!)

        2. The reason it’s not local is so that it can improve over time. If there is a central server processing things it can better learn the different dialects people use throughout the world.

          As a programmer – it’s amazing the difference in accuracy in Googles Local/offline decoding API vs their paid cloud offering.

          It’s no different than you trying to encode an entire pixar movie on your laptop vs a purpose built cluster. Sure the laptop can do it, it will just take a lot longer, while the cluster can do it xxxxx times faster and if you are doing it on a set deadline can do it not only faster but higher quality. Same applies to speech recognition.

    3. That ‘button push’ isnt closing some mysterious toggle switch that allows power to flow to the unit. Its a software defined event…pushing it does nothing but tell the software of the operating system that it was pushed, and that goes on to run the siri functionality. Rewrite that bit of software and you change the behavior.

  3. I’m interested in these tools when they can be used on-demand, such as the Alexa button I’m building with Pi Zero. You have to push the button to activate it. I can’t stand the idea of an always-on listener the same as those CCTV cameras everywhere in the UK and sprouting all over the US as well. Digital assistants have a hard time with sarcasm and my whole family jokes about anything and everything. Imagine some government official got a transcript of Saturday Night Live from a single source and it said something against the government. That official, fearing for their job and pension, would as a matter of course forward that up the chain, thinking the next level up would just discount the information and say “thanks”. The problem is that with no ownership of a government job, that keeps happening until it hits a level where someone can actually DO something about it. They, in turn, assume that all those layers below have done their best to filter out the junk, so the fact that they’re seeing means that this is real. It’s that horrible chain of assumptions that causes problems. Let’s solve THAT problem.

    1. The Amazon Tap is on-demand. It’s basically a portable Bluetooth speaker with Alexa functionality. Being portable, it can’t sit and listen all the time for a keyword, so you have to “tap” the button to get it to listen, like Siri on iPhone or Google Voice/OK Google or whatever it is on Android.

      I find your scenario amusing. Have you read a right leaning message board over the last 8 years? Every other thread has a threat against the president. There’s nobody listening or acting on any potentially treasonous talk. Maybe they are just recording and making lists.

  4. I’ve recently added an Alexa Dot + SmartThings combo to my home workshop and its been great. I now have Alexa plugged into my stereo and she is the source for all music instead of the tuner that would only give me one good station. I can also talk to her from across the room and ask her to turn on my dust collector while I’m at the saw. Amazingly, I can even shout over the dust collector noise and ask her to turn it back off. This is only the beginning to what will eventually become a fully voice controlled workshop.

  5. While I wasn’t party to the text conversation, either my baby sister or myself will be getting an Alexa device for Christmas. Apparently my other sister was watching a two for one price offer on one of the shopping networks. While product it not something would purchase or use much if I received on as a gift, I did wonder if it has been hack for other uses. I have never really looked into the product. Does on have to register it so the system can link the unit to a name, and if so would a fictitious name pass? That some are fickle when it come to possible privacy concerns I understand. I don’t know one who has created exceptions to a standard that they declared to be, 100% solid and not changeable when ever an exception lets the do what they need or want at some particular time.

      1. Cortana the digital assistant *is* officially Cortana from Halo, just with an intentionally lightened attitude due to, you know.. old people.. and the fact that Cortana is used in the workplace.

  6. My point of view is different. Just because I trust a company does not mean that I accept without critical thinking anything it does. Personally I don’t trust anything that records your voice and sends it over the Internet for decoding, regardless of the company it comes from.

    1. Wipe it and put in your own OS or see if you can replicate amazon’s cloud services on your own PC and redirect the Ip request to there.
      Seriously it’s almost 2017 and we have devices that require remote computing resources to do most of their work like a 1970s dumb terminal.
      It seems like all these smart devices are actually quite dumb as they have little internal intelligence.

      1. >It seems like all these smart devices are actually quite dumb
        The only “smart” thing about smart devices are the people from the NSA and the other criminal agencies that did find an easy way to monitor everyone…

        Personally there is only my computer connected to the internet and i would never use such a thing or other IoT (internet of crap) stuff, be it from Amazon or HaD or $random. I don’t have store cards and pay everything i can cash. The only way to be sure that nobody will mess with your data is to don’t produce this data (or produce as little as possible)!

  7. On a phone it’s not so bad having voice recognition because, at least to my understanding, the chip that does voice recognition runs in a super low power mode essentially waking up only after one phrase. Plus, you need to have a microphone anyway for voice calls, so you’re theoretically not losing much privacy by having a voice assistant. I assume the echo and similar devices use the same tech and work in the same way – so they’re not constantly transmitting, but being constantly plugged in doesn’t give them the same power savings requirements and… well, it does make you wonder.

    I guess the way to mitigate it would be some kind of firewall. Has anyone looked closely to see if the echo is actually transmitting more audio data than it should be?

    1. It would be an interesting experiment to try and that alone would be a good reason.
      esp if you can crack the encryption and look at what exactly it is sending back vs just the destination of the Ip packets though audio would need a certain bitrate.
      It would be hard though not impossible to hide it inside the normal telemetry data.
      One give away could be there would be a larger number of out going packets vs incoming when a request has not been made or the data size is larger than needed.

    2. That’s what I was thinking. Honestly, I’m kind of surprised nobody chimed in already to describe their “Alexa monitor” that sniffs for packets being sent out when they shouldn’t be. It seems like it would be easier to just not use the tech sure. But I think there are real benefits to be had from this tech, if and only if it can be made safe and secure.

    3. Yes people have done studies, I’ve watched it myself. Nothing happens network wise (except service checks, update pings etc) until the wake word is spoken. If I was really worried I’d setup a firewall rule that alerted me if traffic for Echo’s IP was greater than some # within a small time frame, indicating it was actively listening all the time. But at this point, it’s no different than having a mic available on my cell phone or laptop 24/7. If someone REALLLLLY wants to listen to me they probably could, but probably wouldn’t be interested in what I had to say!

        1. But no one is forcing it into your home. Just like no one forced you to reply, no one forced you to use a cell phone or land line.

          Last I checked it’s WAY easier for someone to hack your wifi and see what you are doing than someone trying to get in via your echo ,or phones. Yet the government has all the major phone providers recording calls, metadata etc and putting it into a searchable database.

          The people here crying about the echo are cracking me up, because at least half have a smart phone (android or ios) that has the EXACT same technology. A wake word “Siri, or Ok Google” will begin transmitting data to the respective cloud for processing. Even if you have a dumb phone or a land line your calls and meta data are being recorded. These same people probably also have wifi, and are only using WPA or WPA2, so a neighbor who has the time can easily intercept and decode enough traffic to get the key and once on your network do a lot more than any voice tech can.

          Of all the smart devices in my house it was my “encrypted/channel hopping” baby monitor that I later found out from my neighbor they were picking up on a different brand baby monitor in their own home.

          If anyone wants to get upset about privacy, lets talk about the databases the gov has on us, the reports credit card companies/banks auto send if they think we are buying suspiciously, or the fact that the major telcos are installing systems to monitor any and all comms and share it.

          You control if you have an echo in your house, don’t want it don’t buy it. You don’t control who is being listened to on telephones, so even if your house is “clean” you may call another party that is being watched and guess what they are hearing every word you say…

    1. There’s no shortage of processing power really. Especially for things like cheap ARMs, and low-end PC CPUs. More MIPS than you could possibly want. It’s just a matter of the software being developed. Hopefully universities and open-source nerds can help with that. Most homes should have enough MIPS to cope with voice-rec. If not, buy them a Pi Zero or the latest quad-core one. You can get 8-core Android boxes for pocket change.

  8. To answer the questions posed in the article: No I would not trust HaD to listen to me, nor any other company, and of course ESPECIALLY not any US company since even if they were reliable (haha) they would not be able to withstand secret orders from secret courts.
    And as for you question about MS, no they are not nice, it’s not about their support or lack of support for open source that makes them not nice, it’s their MASSIVE spying, and they even advertise throwing themselves up as the world internet police ‘using the cloud’… And seem to have a ‘special’ relationship with the US law and government and spook community.

  9. I don’t like Alexa that much as it sends raw audio back to Amazon’s servers in theory it can be used as a bug .
    Really it should be possible for an off the shelf PC to handle most of the voice recognition work in Alexa with no need for a remote server since most of Amazon’s servers are just rack mounted PCs.

    1. Aside from salting the population with surveillance equipment, and thereby holding a “spook”y bargaining chip, this massive data collection by the companies themselves are for the training of their respective AIs. Which one will go SkyNet first?

  10. I rarely have silence around me. I listen to music and alot of talk radio, BBC-NPR-etc. Even in a car hands free would have to compete against the radio which will remain at the same volume and uninterrupted while anyone else may use a voice device. Let your fingers do the talking.

  11. One approach is of course to police its activities through your firewall system. Block it from phoning home during sleeping hours or when you’re out of the house. Nothing is perfect, and until somebody roots it so we can modify its OS, we’re stuck. Apparently some success has occured in rooting an echo ( but I don’t see anything for the dot yet.

  12. It is interesting that this topic actual comes up.

    For as long as I can remember in my lifetime of 40 something years people have been concerned about privacy and worried about phone tapping and what ever other means of accessing personal information, yet, many people would happily put a wireless baby monitor in their homes. Off the shelf they couple a very sensitive microphone to a quiet capable transmitter but knoble the system by including a pathetic reciever so all you can hear is the baby screaming if your lucky.
    Use a good coms reciever and the sounds these monitors transmit is amazing. One transmitter in a babies room will happily cater for the whole house.

    Security and privacy is only a talking point for most people because generaly the population is ignorant. People willingly hand over personal information every minute of the very day and think nothing of it – credit cards, store cards, the list goes on unless you live under a rock – you willingly hand over more personal information than Alexa will be able to collect.

    1. This. I can’t believe the comments here given that it’s a blog about technology/hacking. I swear that 80% of the commenters have no clue how the device works yet are spouting incorrect “Facts” they are making up as they go along.

      This is IDENTICAL to all of the FUD when the first flip phones got cameras. Everyone and their brother had stories of people taking pictures of someone in the bathroom, and people were demanding federal laws to make a loud sound when pictures were taken. Yet somehow, we’ve all survived that….

      I’m going through the same thing with my drone. My neighbor is one that was spouting all the “people spying through windows” with drones. So first time I flew it I invited him out. He was amazed how loud it was, and that it had no zoom lens. He had me inspect a spot on his roof, and noticed how hard it was with almost no wind to get that close without crashing, his wife then came out because she could here something in the house. So for kicks and giggles we flew to his office window upstairs. Not only did it sound like a damn hornets nest x100 outside the window, I couldn’t even see through the glass between glare and getting the right angle! Thats with a $1500 DJI Phantom 3 Pro with a 4k camera. I get that there will be the wierdos that try, but in general, people aren’t going to risk their $1000+ drone to try and fly within feet of a window, hope that they can actually see in and get video. And if they do, you are going to hear it and they are going to be within site, because guess what, you can’t fly with the accuracy needed to get right next to a window from a mile away using FPV, and you’ll likely have enough between you and the target that you’ve got no signal anyways….. After that experience the neighbor doubted those “facts” he had been spouting and I’ve even heard him explaining to other people now how there are much easier ways to spy on someone than a drone!

  13. “How Has Amazon Managed To Make Hackers Love Alexa?”

    The same ways in which Google has convinced lazy, non-thinkers that the Chromebook is a real computer.
    The same ways in which Canonical and Mark Shuttleworth have convinced lazy, non-thinkers that Ubuntu is not spyware.
    The same ways in which Microsoft has convinced most all lazy, non-thinking members of “technical press” that Windows10 is not spyware and malware; and that Microsoft just LOOOVES Linux.

    See any common thread(s) here? Try “lazy” and “non-thinking”.

    “We are all born ignorant, but to remain stupid requires hard work.”–Benjamin Franklin

        1. Nah, an aversion to knowledge, tendency to prejudice, and generally being a fucking dumbarse are built into human DNA. It’s our natural state. I saw a documentary a while ago on some African country. It had cities and a national justice system. A man was in court accused of witchcraft, and was found guilty. He was pretty obviously mentally ill, and not really responsible for himself.

          He was accused of witchcraft by the local “healer”, whose GOOD magic spells didn’t work, for some reason. Because of course the witch was blocking her, the bad evil man! So off he went to jail.

          But then Westerners are really no better, our prejudices and superstitions are entirely as stupid, we just have safety mechanisms built into society by some wise men who once had power. If society was actually democratic, there’d be blood running like rivers in 15 minutes.

  14. While I haven’t used Alexa before, I had a worrying experience with an Android Wear device in the past that turned me off to this kind of technology. The short version is it would think it heard the trigger phrase (“Okay Google”) when I didn’t say it and start transmitting to Google’s servers. I only found out later when I went into my account settings where you can access and listen to all the audio Google has saved. In the worse cases it was uploading over a minute of dialog where you could clearly hear all involved parties.

    On the other hand, I’ve played around with speech recognition on my laptop and comparing offline (pocket sphinx) against Google’s API, the offline is pretty bad. For the record, I’m a native US English speaker so it only gets worse in that regard. I can understand why companies use servers for recognition past a single simple trigger phrase.

    1. Honestly, for offline, I used Microsoft’s built in (or maybe it was a free SDK download) SAPI engine years ago. It was perfectly fine, if you trained it to your voice. Although, I was using it for speaking predetermined phrases, not dictation. Required Windows XP (predated Vista), so your mileage may vary.

      1. My Mum had Dragon Dictate back on a 486-33 with 8MB. Was meant for dictating whole documents. I can only assume it worked well enough. Made by IBM, or later bought by them, can’t remember.

        1. And subsequently included as part of OS/2 Warp 4. In 1996. It required at least a 75MHz pentium, as I recall, and even came with a headset in the box – though OS/2 supported like 3 sound cards, so it wasn’t quite as plug and play as it might’ve been. But once I got it working, it was like living in the future! Make it so, Scotty! Those were th days…

          So, anyway, there’s precedent for those who don’t want to depend on the cloud and invite big brother into your living room. The processing power required is hardly onerous, though the training regimen for the recognition system is. Untrained speaker-independent large-vocabulary speech recognition is still the stuff of big iron, of course.

  15. “How Has Amazon Managed To Make Hackers Love Alexa?”

    Actually it didn’t. And probably it never will. These legalized bugs have no place in any privacy concerned citizen house.

  16. There was that clock the guy invented the other week, an Arduino connected to a special voice-recognition shield. Internally the shield is just an Allwinner A10 running Linux and some speech software, but they sell it as a no-bother module, so nice.

    How about connecting one of those to Alexa’s mic? Or Google’s, etc? Or some point on the PCB that disables the mic. Then you’d have it listen out, “Arduino Alexa blah blah make me a cup of coffee”. Simple (ish) hack. A Raspi might do it cheaper. Just needs the right software setup to run on the thing, and a bit of tweaking.

    In fact you could possibly make your own Alexa. I wonder what the API is that it uses? I’d guess it offloads the actual voice-rec, beyond it’s own name, to servers somewhere. I wonder if anyone could access that, or if they use a key? Google are probably data-greedy enough to let anyone use theirs.

    1. Sorry I don’t think I made it clear. I meant have Alexa’s mic silenced, disconnected from Alexa’s PCB, and only connect it when your Arduino lets it, after you activate it. Just adds one extra word to the activation, and gives you privacy.

      In theory, if Amazon, Google etc are being honest, they won’t mind. In reality it’ll probably drive ’em mad! Maybe get it into papers and start a controversy over these devices being utterly unaccountable with nothing to keep them from spying on people. People need to know about it, but is it too early to be effective?

        1. Couple of 4-pole relays? Or a couple of 4066 analogue switches, if they’d be ok for direct mic switching. I’d probably prefer the relays, cos they’re actual switches, no need to worry about putting amplifiers in or anything. Or maybe they share a common GND line you can interrupt and switch.

          I haven’t got one of these spy-boxes but it’s something I’d do if I had, one way or the other. People have mentioned setting various firewall rules, but what if it has a special spying mode? It gets sent a wake-up signal on a certain port, and from then on sends out all it’s audio to somewhere. But until it’s activated you’ve no idea about that mode, so you’d only find out if you obsessively checked it’s logs, and then it’d be too late.

          Maybe we should buy one for some terrorists and see what happens, Has Al Quaeda got an Amazon account?

  17. I would be 100% ???????????????????????????????????? happy to have Amazon, Google, and/or Apple listening in on my banal life as a tradeoff for the glorious pleasure of having voice interaction. It’s slightly comforting to know that they’re only listening for a wake word, but they could record my whole damn life for all I care.

        1. We should get one of those trigger-word lists people used to stick on their sig on Usenet, to waste spybots’ time. Read them out in front of Alexa and see if it’s little LEDs freak out.

  18. erh…. obvious solution? Add a layer that *you* can control, like a raspberry pi with a mic and some speech recognition software tailored to both only pass an audio stream to the target device once the keyword is detected (otherwise just silence) and light up an indicator + produce a log entry.

  19. I finally gave up on building my own voice-control terminals when I took into account the total cost of SOC board, beamforming mic. array, PSU, case etc. compared with the price of a Dot. Not to mention the labour involved in cranking the handle for half a dozen.

    I trust that Amazon are not going to jeopardise their considerable investment in voice services and their entire reputation on a crude attempt at pointless eavesdropping – especially when many of the net-savvy makers that they’re reaching out to with their free developer facilities would find it quite easy to catch them “exceeding their own terms and conditions”. On the contrary, unlike as is the case with most other popular search engines, I don’t expect my Alexa queries and commands to have anything like the same advertising and tracking repercussions. In addition, home-brewed IoT applications built around Alexa voice control and the Lambda computing service are probably going to benefit from better security than anything easily maintained on a home network.

      1. It would be useful to reverse-engineer (whoops! there goes the spook alarm!) it, to see what’s done where, and how. Ultimately there’s an ARM in there somewhere doing most of the work. Indeed, recognising it’s name, waking up, and sending the next bit of speech it hears down the line is most of what it does. That and sending control signals to whatever smart devices you’ve got in your home.

        So it might be possible, either to re-program it’s main CPU, or to cut it out, and replace it with any old ARM board. It’d be nice if the beamforming mic stuff is on a separate module. That’s one of the tricky bits.

        Actually that’d be a nice project, an open-source version of this. There’s already free software for home automation and voice rec. It could either do all it’s voice command processing on-board, or offload it to your own server, a PC or Beagleboard or the like. There’s been a few articles on here about people who’ve done it, the guy with JARVIS for one.

        I dunno if you could just forward this thing’s data to a local server, depends on what protocol the server speaks, and whether it’s encrypted (“for our customers’ privacy” as well as vendor lock-in). An open protocol means it might be possible for the Chinese to clone the device, and Amazon’s back-end service, both of which I’m sure they’ll want to make money on eventually. And the lovely delicious DATA that’s their real desire. Linking up with your cable company or Netflix to send particular adverts to your TV when it hears you talking about ice cream. Actually I should patent that idea and make millions, except it’s probably been on the whiteboards for this project since the start.

  20. I’ve never before even heard of the whole ‘alexa’ thing and I consider myself as a hardcore hacker. After quickly skimming through the article I now know to unplug it if I ever see one before I say a word and I encourage everyone else do the same.

  21. It is the assumption, that people who refuse to have such devices in their home for suspicions regarding surveillance, are mentally ill tinfoilhatted putin lovers. This is a whole set of judgements that go along a precisely planned agenda. And here we have it again. Who of you reading this, thought to him or herself that i must be totally bonkers assuming big companies and governments are having an agenda!? Then ask yourself, why is there a site called

  22. I just got an Echo Dot 2. Love it. Watched the traffic on my router. Only sends out traffic after the wake up word is used. Yes, potential for a hacker to send it a command to always send everything out. Oh well. It’s the price of a fun piece of tech. Just created my first skill. Fun.

  23. Clearly, the potential lies in changing the wakeword. Be it Amazon, CIA spies, or hackers, if the wakeword is changed to a set of new wakewords, an entirely new scenario emerges.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.