Part of me really wishes someone would hack their sound-recognition servers and start streaming all incoming voice data to a website. Voice of People, a broadcast everyone could tune in to, and listen to everyone else.
When I was 6 I was certain that this was already happening, and that if I just yelled loud enough my friends could hear me over the rest of the laugh track on my favorite shows.
I doubt that was ever actually true. It was probably a kind of shorthand to explain to users that some processors had the right kind of power management to enable efficient always-on speech recognition.
And, another thing, local speech processing doesn't mean you are safe from recording or from large-vocabulary transcription. Compared to what 1980s speech processing runs on, even when throttled-down to conserve batteries, you've got ample processing power in modern smartphones.
I don't know for sure that the tigger word is processed locally on SmartTVs too, but it's likely because Samsung said: 'voice data is provided to a third party during a requested voice command search', so you have to request it's happening probably with the trigger word. And technically it would not make too much sense to constantly stream audio from every SmartTV because the trigger word recognition is a simple enough task to do it locally and also the continuous stream would consume lot of bandwidth for the users and probably for the servers too.
But it's still very concerning that we have more and more devices with microphones and internet connections and in the case of SmartTVs proprietary OS with questionable security.
Something to remember about that - the last few seconds of audio before you say "OK Google" are also uploaded. The extra data helps filter out background noise etc. and it's something you might want to keep in mind.
I always wondered this about Xbox one, how much of the processing is done locally? Given that it relies on a beefy dedicated device (Kinect) for audio/visual processing, has it got to a point where it doesn't need a central server?
The funny thing is that ever since Xbox one I have gotten so used to voice commands for playing/pausing/muting videos that I ended up building one on raspberry pi to control the tv, lights and other devices.
This seems like a good opportunity for locally processed speech to text (and therefore commands, etc) to push itself. I used Dragon Naturally speaking for quite some time for writing papers, and loved it, but I am constantly on the lookout to replace anything proprietary I use with a GPL/MIT licensed alternative.
Nuance (the company that now owns Dragon) has a huge patent portfolio for speech recognition. No commercial products will be able to ship with F/LOSS speech recognition because of this. It also makes using the GPL not possible
It is possible that someone will make an MIT licensed version (and could do so legally in some countries that aren't the US), but it would be technically illegal to distribute in the US.
Late stage capitalism at its finest. Cut-throat competition becomes oligopoly becomes monopoly. John D. Rockefeller figured this out about 150 years ago.
You can always buy NUAN stock. I'm serious, this isn't hyperbole or sarcasm. I won't buy a "merchant of death" like Philip Morris, but I'm going to check out Nuance. If they really have become a monopoly, perhaps there's some money to be made by investing in them.
Yes I know it sucks, and in an ideal world you have every right to be "pissed off". But in the real world, you'll do better to remember the slogan: "if you can't beat 'em, join 'em".
I personally am much "more pissed off" at how companies like Comcast, who are "natural monopolies", have been extracting ever larger "monopoly rent" from everyone. They should be much more tightly regulated than they are.
Well, I'm not sure what the problem is. They're open about it, and no one is forcing anyone to enable voice recognition if one doesn't need/want it, or doesn't like what happens with the recording.
I'm not saying there's nothing wrong with the trend of personal and home devices becoming surveillance machines, there's a lot wrong, but Samsung in this case is an example of how you do it properly if you have to do it (it's a feature that apparently has to work the way it works).
So what do you do with your phone, ipad, laptop, etc? Clip all the microphones? That's a serious question I think these are all concerns.
For the Smart TV, How do you hardware disable the smart TV microphone? I'm searching online but don't see directions yet. Can you do it without opening the TV outer case?
Occasionally, I sniff my network. Usually when I wonder why my network light is blinking like mad on my modem despite there being no computers on. Or, so I thought, as it has always turned out to be something innocent. But I've got my blog all warmed up and ready for when it turns out not to be!
If something in my house was continuously transmitting a stream of audio, I'd notice. Very, very eventually, but I would notice. There's enough of us out there that this sort of thing is harder to sneak by than you might first guess. Home networks are easy to sniff because they're so empty, whereas my work network is a constant stream of mDNS, DHCP, and all sorts of other broadcast traffic to step through before I can see anything interesting.
(Also, yes, I'm eliding details like wired vs. wireless sniffing, etc. And I'm not talking about the router, though evidence online suggests there's a set of people periodically sniffing the router<->internet, too. And yes, clever clogs could try to time things to when people may not be looking, etc. The point is that the traffic is not as unwatched as you may think, not that the watchers are perfect.)
Isn't one of OpenDNS main features watching your network to find suspicious activity. If your network is asking openDNS to resolve DNS of black listed servers or something it could throw up a red flag.
Apart from OpenDNS I'm guessing companies like ESET (Antivirus) will monitor network activity and look for streaming audio and trigger something? Or maybe that's a more tailored alert.
OpenDNS does not have a great record (do they still modify NXDOMAIN responses?) - are you sure you want to send them information about everything you're connecting to?
This is just untrue. Even when we modified NXD responses, we were always open about it and let people control their experience.
We are probably the fastest growing (revenue) security company in the market today, and our good reputation is a big part of it. I say fastest growing for at least companies north of $10m ARR. It's easy to be doing 1000% growth < $10m ARR. :-)
What if your TV provider is also your Internet provider (and also provides your modem)? Wondering if they could disguise or obscure this traffic if they control the network.
That's part of what I was trying to sweep under the rug, because there's a ton of details and caveats. In particular, while I'm sure it's possible, I personally do not have the hardware to intercept between the cable modem and its network.
However, for the smart TV, broadly speaking, they can disguise what the traffic is, but they are not capable of disguising that there is traffic, and without engaging in outright deception can't disguise where the traffic is going. (I mean that caveat about outright deception... it is theoretically feasible, of course.) (If the TV is wired-only, I'd have to insert my computer between the TV and the router. This is a few minutes with Linux routing commands. If it's wireless I just sniff the wireless.)
And many of the cases we are talking about are cases where the mere presence of traffic, or traffic in a certain shape ("a continuous 4kilobit stream" -> audio stream), is intrinsically suspicious. Netflix pouring megabytes into my console when I ask for a movie is not surprising; constant leaks coming out of my cell phone when I'm not actively using it would be, whereas occasional bursts to Google Play servers or my corporate email server wouldn't be. The topic of "metadata" is one that comes up a lot in these discussions, and here's an example of where that can play in our advantage for once... you can tell a lot just by looking at a stream's basic characteristics, no matter how encrypted the internals may be.
> So what do you do with your phone, ipad, laptop, etc? Clip all the microphones?
You use software that you trust.
Yes, that restricts options severely... I mostly use software whose source is public and anything closed is handled as suspicious (for example, Cyanogenmod's Privacy Guard comes handy to fence applications in - but something as basic as looking at networks traffic is a good basic check).
You'd think the fact that a smartphone stays in your pocket would be more alarming. The things have multiple cameras, microphones, GPS tracking devices, and a whole myriad of personal information stored on them.
They're even rectangular screens!
Someone needs to write an article that refers to smartphones in the context of "telescreens" and describe what they do matter-of-factly so we can snap out of it...
Those steps might make you feel better but buy you very little in terms of privacy. Your telecoms provider will still know roughly where you are at all times, they have to, it's how their switches know which towers to route your traffic to and from.
Unless you tunnel all your data traffic they'll also get copies of that and may sell pseudo-anonymous website usage statistics to one of the web metrics businesses. In some countries they also intercept and modify web content that you might view.
And what can you do about the baseband radio processor and its code? Nothing. Assuming you have a tunnel in operation, the phone could still be collecting and quietly sharing metadata and you'd never know.
Well you're right that it's not a silver bullet, but it does have some benefit. At least I know no software running within or on top of the OS is reading/stealing my info.
"Well sure, my OS might have a rootkit, but I've replaced Internet Explorer with Chrome, so my online banking should be secure!"
The baseband has its own processor and, to my understanding, pretty much complete hardware control of the phone.
I don't deny that that the benefit is non-zero, but I think saying "it's not a silver bullet" is still overselling it. I think it would be more accurate to describe it as "It's all I can do, and it's better than nothing."
> [Samsung added] that it took consumer privacy "very seriously".
No taking it very seriously would mean refusing to implement this feature unless you can do it without sending audio recorded in the room over the Net.
I don't think it would be hard at all for NSA/GHCQ to tap into a feed like this, Samsung/3rd party willing or not.
I saw this blow up on twitter over the weekend, but I don't understand how this is different then what Siri does (my understanding is that it gets sent to Apple's servers for processing your speech)... at least Samsung is being up-front about it.
