A wise senator once noted that democracy dies with thunderous applause. Similarly, it’s also how privacy dies, as we invite more and more smart devices willingly into our homes that are built by companies that don’t tend to have our best interests in mind. If you’re not willing to toss all of these admittedly useful devices out of the house but still want to keep an eye on what they’re doing, though, [Nick Bild] has a handy project that lets you keep an eye on them when they try to access the network.
The device is built on a Raspberry Pi that acts as a middle man for these devices on his home network. Any traffic they attempt to send gets sent through the Pi which sniffs the traffic via a Python script and is able to detect when they are accessing their cloud services. From there, the Pi sends an alert to an IoT Arduino connected to an LED which illuminates during the time in which the smart devices are active.
The build is an interesting one because many smart devices are known to listen in to day-to-day conversation even without speaking the code phrase (i.e. “Hey Google” etc.) and this is a great way to have some peace-of-mind that a device is inactive at any particular moment. However, it’s not a foolproof way of guaranteeing privacy, as plenty of devices might be accessing other services, and still other devices have even been known to ship with hidden hardware.
33 thoughts on “Speaker Snitch Tattles On Privacy Leaks”
The only winning move is not to play.
I just don’t understand why people have these things in their home at all, much less. spend any money on them. But Ill admit, it’s getting more and more difficult to keep them out.
My TiVO remote has a microphone built-in to do voice search. And it always bothers me to see that remote suddenly “light up” and show some activity as it’s laying unattended on the couch. What is that thing doing???
Hands free usage. If you have a baby they’re a lifesaver to control the smart home.
That’s what our elbows are for :) . We have got along just fine raising families without the ‘convenience’ of voice activation for thousands of years now… Not a lifesaver ;) . Far from it.
Please, we got along fine without electricity before it was invented. What are you even doing on this site?
I do like the ‘idea’ of voice activation. No problem with that. But I want it to be completely processed ‘locally’ and confirmed (I ask, it responds, I confirm, it does) before transmission of any external internet type of request. Turning lights on/off etc. should never have to go to Google for analysis. If that can’t be done, then I don’t want the technology in my home. Of course it is a given, that it should never ‘phone home’ unless I initiate it.
Because they’re *incredibly* convenient, sometimes to a life changing degree.
I have Tile trackers, a Google smart alarm clock, and YoLink door sensors. I would greatly prefer if they were open source, because that’s more money than I’d like to spend on something that could stop working.
But it’s not like I can’t just turn it off if I have some reason to need privacy. The only thing that could pick up anything meaningful is the smart speaker, and even then, the bedroom is probably the least likely place to pick up anything confidential.
My location and presence data is of very little interest to anyone who doesn’t have some kind of stalking problem or vendetta. I don’t think I know any of those, and if I did, I doubt they’d coincidentally be one of the few employees with access.
The only privacy issues that bother me are the legal ones.
People should always have the right to be anonymous when they so choose, but IoT doesn’t impede that.
There’s a bit of an issue with the fact *other* people’s devices can record you, but I think of that as more of a feature rather than a bug, because that can be an important self defense tool, and security cameras and the like are already widely accepted by most.
>Pi sends an alert to an IoT Arduino connected to an LED which illuminates during the time in which the smart devices are active.
RPi is quite capable to lightup a LED on its GPIO. One can use a cheap wireless transmitter/receiver modules if it is not near the RPi.
It can light an LED, but not (reliably) a NeoPixel. NeoPixels need real-time execution.
“but not (reliably) ” then you have no clue how to program.
Ahh, got to love Hackaday comments.
So, yes, there are libraries now that use some tricks to drive a NeoPixel from a non-real-time system.
The WS2812 (NeoPixel) has a minimum VIH of 0.7VDD, where 3.5V < VDD < 5.3V.
The Pi's power rails are 5V and a 3.3V, and the Pi's GPIO/SPI interface is 3.3V, which means that the Pi's signaling voltage will be out of spec without additional hardware.
Again the NeoPixels?
I realy don’t get why are we using thoose?
There are LEDs that have also a clock line, where a normal SPI will work just fine.
Someting like the APA102.
Open source voice recognition is a thing. I’m surprised we don’t see more projects that solve the privacy problem by keeping it at home.
If I were making a speech enabled iot device and I wanted to spy on people I would have it cache the recordings and send them at quiet times or when the activation word is spoken, whichever comes first. That way it would throw off anyone trying to see what it’s up to by monitoring network activity.
Yep. And if the manufacturer got caught, they could say “we batch and compress it for network efficiency”, etc.
LOL. That might be a tough sell though. “We batch up your requests for immediate actions and respond to them within a few hours.”
Probably the ONLY reason they don’t is cost.
This is a great start! But what would be even better is a RPI to act as an AP to these devices. or a man in the middle from the device to your router. This way ALL traffic could be monitored. Such that any traffic in or out without the wake word would flash the led or better yet put all traffic data on a lcd.
“But what would be even better is a RPI to act as an AP to these devices.”
That’s actually exactly what I did. :)
If the Pi is acting as the AP, then why do you need to scan for particular IPs? Wouldn’t any outgoing traffic be destined for a mothership server?
> because many smart devices are known to listen in to day-to-day conversation even without speaking the code phrase (i.e. “Hey Google” etc.)
Giant, blinking [CITATION NEEDED] here, thanks
Here you go: https://content.sciendo.com/configurable/contentpage/journals$002fpopets$002f2020$002f4$002farticle-p255.xml
Sure, if your goal here is to phrase it such that misbehavior sounds like intentional behavior. It isn’t “listening to day-to-day conversations”, it’s listening for a wakeword and that activation step is sometimes not great. It’s poor wording at best, and while I can appreciate the goal here, it reeks of more “oh my god my PRIVACY” pearl-clutching while you still have and consume Google services regularly.
Just ask the question…
Hey google, are you snooping?
Of course it is! All the time – it’s waiting for that all important Hey google. But as I understand, all conversations have to be sent to the cloud for analysis, including the hey google.
And for proof, discuss something obscure like some item you’re never going to buy a few times, and then watch for the targeted ads showing up on your devices. Not snooping eh?
is anyone more interested in the lego biplane than the other 2 gadgets on the shelf?
My new Approximate library for the ESP8266 or ESP32 has some similar functions to watch devices on your home network > https://github.com/davidchatting/Approximate – as well as interactions with nearby IoT devices
Seems like a Pi with a mic could be used to listen for a specific keyword then grand the snooper access to the network for its requested task.
What would be great is some way to add this short of on demand access to a firewall like pfSense.
Think about the profit they’d miss out on…
And another reply not appearing under the comment it showed it would go under… wtf is wrong with this site.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)