As you can see from the graph above, we have sharp spikes of data being sent around the times the hot word and commands were sent. The Google Home performed as expected. As the device booted up, there was some data transfer, otherwise the network was relatively quiet between commands. We also proved that when the device microphone is muted, none of the hot word triggers or talking caused an increase in network traffic.
This is an old article based on an older device but you can test a new one for yourself with some pretty basic networking knowledge and equipment.
As the article suggests: “Should you trust them not to be spying on you?” Hell no!
But we can also use freely available tools to verify this.
This is even more potent on your phone.
A lot of people seem to believe your phone is listening to you all the time and feeding you ads based on your IRL conversations.
That’s not happening, and this can be easily verified even without any networking knowledge/tools by taking a look at your cell phone data bill.
Recording and uploading your mundane conversations all day long would be a huge drain on your battery and an expensive addition to your cell data bill. You would likely notice if it was happening.
Again: by all means DO NOT TRUST THESE COMPANIES, but also maybe do a little testing before assuming all private conversations are being recorded.
I mean google literally keeps all your voice to text transcriptions(if you use the feature) and location history by default. It wouldn’t be such a far fetch to think the device does basic analysis locally and sends ad recommendations along with everything else
That’s quite a terrible test though. I’m not a security expert but even I can think of quite a few ways they could’ve hidden traffic from such tests, even unintentionally. If Google is that evil, they know they have to be smart about it. And, unfortunately, they are both. So I wouldn’t trust anything but a complete software and hardware analysis, painstakingly checking every circuit and processor instruction. But then, why even bother, the whole thing is like hiring a child molester as a kindergarten teacher.
Oh, yes I agree. If you want to be malicious, you can think of many ways to go around it. You could use a physical switch that kills the circuit to the microphone and say “see? it’s physically impossible to listen if the microphone wires are not even connected!” and then hide a second microphone inside the speaker chassis. But unless you’re a valuable target, I prefer my Occam’s razor to be the appropriate kind of sharpness.
Oh, they definitely want to be malicious. Afterall, their livelyhood depends on it, and there’s are literal tons of money on the table for knowing exactly the things that people don’t want to be known about them. That’s why I referred to them as pedos in kindergarten: they look like a data hoarding company, swim like a data hoarding company and quack like a data hoarding company. They might play it nice for now and test waters, but ultimately, what they are after all along is your personal data and especially private data. No way you can bet on them not acting upon this temptation.
deleted by creator
https://labs.sogeti.com/google-home-spying/
This is an old article based on an older device but you can test a new one for yourself with some pretty basic networking knowledge and equipment.
This.
As the article suggests: “Should you trust them not to be spying on you?” Hell no!
But we can also use freely available tools to verify this.
This is even more potent on your phone.
A lot of people seem to believe your phone is listening to you all the time and feeding you ads based on your IRL conversations.
That’s not happening, and this can be easily verified even without any networking knowledge/tools by taking a look at your cell phone data bill.
Recording and uploading your mundane conversations all day long would be a huge drain on your battery and an expensive addition to your cell data bill. You would likely notice if it was happening.
Again: by all means DO NOT TRUST THESE COMPANIES, but also maybe do a little testing before assuming all private conversations are being recorded.
deleted by creator
But my battery is shit and I’m always connected to Wi-Fi
WiFi makes it easier IMO.
It’s very simple to snoop all the WiFi traffic and verify what is being sent while it’s more challenging to get those details on cell data
Please do tell what is in the encrypted packets it phoned home with?
Sadly, it’s not my Wi-Fi
I mean google literally keeps all your voice to text transcriptions(if you use the feature) and location history by default. It wouldn’t be such a far fetch to think the device does basic analysis locally and sends ad recommendations along with everything else
That’s quite a terrible test though. I’m not a security expert but even I can think of quite a few ways they could’ve hidden traffic from such tests, even unintentionally. If Google is that evil, they know they have to be smart about it. And, unfortunately, they are both. So I wouldn’t trust anything but a complete software and hardware analysis, painstakingly checking every circuit and processor instruction. But then, why even bother, the whole thing is like hiring a child molester as a kindergarten teacher.
Oh, yes I agree. If you want to be malicious, you can think of many ways to go around it. You could use a physical switch that kills the circuit to the microphone and say “see? it’s physically impossible to listen if the microphone wires are not even connected!” and then hide a second microphone inside the speaker chassis. But unless you’re a valuable target, I prefer my Occam’s razor to be the appropriate kind of sharpness.
Oh, they definitely want to be malicious. Afterall, their livelyhood depends on it, and there’s are literal tons of money on the table for knowing exactly the things that people don’t want to be known about them. That’s why I referred to them as pedos in kindergarten: they look like a data hoarding company, swim like a data hoarding company and quack like a data hoarding company. They might play it nice for now and test waters, but ultimately, what they are after all along is your personal data and especially private data. No way you can bet on them not acting upon this temptation.