Google is nerfing all Home Minis because mine spied on everything I said

What this all boils down to is 1) trust and 2) the value proposition with regards to the trade-off between possible privacy violation and the value the device has to them personally. For me, these devices are worthless and even if their value was &gt;0 the number would have to be enormous because of the value I assign to my privacy.<p>The real issue here is the same issue we have with government agencies like the NSA and CIA. There is substantially little most people can do to verify the claim. For example, Clapper swore before congress that the NSA wasn&#x27;t collecting data on millions of Americans. Snowden showed that was a complete lie. The NSA program would have continued without anyone being the wiser without the leaks because the only people that knew that didn&#x27;t work for the NSA were delivered gag orders. So without some sort of civilian oversight committee that has real teeth, how would anyone actually ever find this information out?<p>The same is true here with things like Echo, Home Minis, etc. The data being transmitted is encrypted so even if you are technically inclined and know how to capture it on it&#x27;s way out of your home network, you&#x27;ll never be able to decrypt it. So how do you really know for sure that it isn&#x27;t actually transmitting anything and everything you say? The only logical answer is trust. You believe them. That&#x27;s enough for most people. But to say, as the article does, that ideas like this are from the tinfoil hat crew is kind of absurd. In addition to the PRISM program, we also know that Amazon&#x27;s Echo is&#x2F;was being used in at least one murder case and I highly doubt a few seconds before being murdered the victim used a hotword to activate the Echo device. We also know that the NSA has a program called Tailored Access Operations which they can use to intercept online tech purchases and install spyware on them if you are a target of interest.

<i>Before I describe exactly what happened and how I discovered this pretty incredible violation of privacy, I&#x27;d like to point out that it ended up being a hardware defect in my Home Mini as well as an unspecified small number of others. Google never intended for it to happen and has reacted incredibly swiftly to rectify the situation.</i>

I&#x27;m in two minds about Google home, alexa etc. On one hand, the novelty &#x2F; utility of these devices makes me half inclined to get one but the fundamental idea of having a device in my house, connected to the internet that is sat there listening to me 24&#x2F;7 leaves me feeling slightly uneasy at best. The idea makes me feel like I&#x27;d be treating all the things I&#x27;ve read in the past few years about tech companies, privacy etc with complete contempt.

Black hats will love this.<p>Google took it seriously because of the potential for bad press -- the company clearly is sloppy on testing and protecting users&#x27; privacy, an issue they don&#x27;t want to bring attention to, considering Google aims to have hundreds of millions of these listening devices in people&#x27;s living rooms, bedrooms, and even bathrooms in five years&#x27; time.<p>This person also had the contact info for Google PR, which changed the nature of the interaction with Google.

I notice that in the log of the recordings that it made, it specifically says &quot;started by hotword.&quot;<p>If that had instead said &quot;started by long press,&quot; I think this may have been easier to figure out as a button issue versus a voice recognition issue by the user.<p>Is that a fake static field in the log, or what?

+1 to google for sending a guy to pick up a defective unit at 9pm on a Friday, gotta say that is dedication

Title should be changed to be less clickbait-y.<p>Perhaps: <i>Some guy’s defective Google Home recorded everything and they had extraordinary customer support and fixed it.</i>

The notion that voice recognition is still hard enough to require doing it on a server somewhere still bothers me a lot. IMHO there should be no excuse for this today. I understand that the device needs to be connected to the internet anyway, but this whole thing is such a gimmick it&#x27;s not worth the privacy risk.<p>[edit] to clarify I think speech to text can be done on a device today, that&#x27;s why this bothers me.

They aren’t nerfing all Home Minis, just disabling a feature in an early batch of them that caused it activate far too often.<p>So many words to explain a very obvious (since it indicated it was listening) bug.

<i>When the first home assistants were announced, I was excited. [..] I didn&#x27;t give too much thought to these privacy concerns because they all sounded theoretical and unlikely</i><p>That&#x27;s interesting and more than somewhat disconcerting, coming from a tech journalist.

At least they took it seriously. Obviously they&#x27;re going to be a lot more responsive to a well-known tech blogger, but either way google still doesn&#x27;t usually make house calls.

That was well dealt with. Especially the part about deleting all long-press recordings from the servers. Very thorough Google!

Oh, hell no. I&#x27;ve held off on getting an Alexa or a Google home partially for this reason. My main reason for not getting one is because I think they are actually pretty useless and I find it kind of annoying to have to pretend to be a robot to get them to understand me.<p>But -- I also realize that they literally can (and clearly do) collect your audio data 24&#x2F;7. In this case it was a &quot;mistake&quot; on the part of Google, which they quickly worked around by commenting out some code in the firmware. But all it would take is probably a few lines of code and an automatic update to turn on 24&#x2F;7 audio collect for all Google Home users.<p>My theory with Amazon&#x27;s Alexa (and probably Google Home) is that they lose money on these things, because they don&#x27;t actually care about making a profit on them. The whole idea is to collect as much audio data as possible to improve their machine learning models.<p>It&#x27;s a race to see who can collect the most data on their customers, and ultimately develop the best and most comprehensive speech recognition model on the market.

Sorry that this is quite tangential to the topic of the article, but it opened my eyes to the existence of Apple-level worshiping of Google -- eesh. Just the sheer scope of how this person is involved with Google customer products is astonishing.

Are there any serious FLOSS alternatives to these devices?

These assistants seem like a privacy nightmare.

Try running tcpdump to see what servers your computer connects to. Lets open chrome, and type something into the address bar ... erm, sorry, the search bar ...

What would have happened outside of California?<p>These kinds of things always make me wonder (&#x27;Member that whole Apple-Deleting-iTunes-Library-Thing).<p>I&#x27;d love that kind of support.

You have to be very naive to use these products in your home or office.

Odd that google&#x27;s device could comply with all of the industry standard best practices, home automation regulation, code audits, licensing requirements, and privacy guarantees and yet still have such a bug.

Is this touch button similiar isolated that the keyword detection part?<p>Sounds like a software button.

How is something that can hear everything you say not record everything you say?

Of the two options, &quot;hotword&quot; and &quot;physical touch&quot;, I&#x27;m surprised at which was disabled to prevent false positives!

That&#x27;s cute, you think it was an error or mistake that it happebed. Instead, the only mistake that occurred was that you could see what it had been doing this whole time. But don&#x27;t worry, the next box they send you for free, one in which this &quot;mistake&quot; can never happen will be arriving shortly!