The Privacy Risks of Your Smart Speaker

Smart Speaker in kitchen with a warning sign and an ear-icon

Smart speakers are emerging as one of the most convenient gadgets in our homes. In 2017 smart speakers like Amazon’s Echo and Echo Dot and the Google Home surged. And with the addition of the Apple HomePod, the smart speaker market is expected to crest $25 billion by 2020. These devices not only play music but can listen for queries from users and provide information from the web. While there is no doubt these smart speakers are an enjoyable extra to have in your home, they can create a privacy vulnerability as well. By understanding the privacy risks of owning a smart speaker, you can help protect your home.

Alexa Are You Listening?

Smartphone with icon of an earOne of the most convenient aspects of owning a smart speaker is the ability to control it from across the room, even if your hands are busy. Simply say, “Okay Google, play me some jazz” or “Alexa, play Sorry by Justin Bieber” and music will begin to fill the air. To accomplish this, the device is always listening for the keyword that activates the device.

As with any such system, however, there can be problems. Your smart speaker may think it heard the keyword but simply misinterpreted a snippet of conversation. This can have the smart speaker listening for your instructions and possibly taking actions based on what it thinks it hears. Ordinarily this might not be a problem, but it can be an invasion of your privacy.

Not Just Rumors

A recent news story reported that a woman in Oregon had her conversations with her husband recorded by her Amazon Echo Dot and sent to one of her contacts. The smart speaker had misunderstood what it heard and captured her conversation. Consequently, it had forwarded her conversation to someone in her contact list. The woman reported feeling utterly violated by this invasion of privacy.

There are many more similar examples of smartspeaker misunderstandings, some more disrupting as others. Because there is little or no security on these smart speakers, even commercials and news reports have triggered smart speakers and caused grief for their owners.

More Than Just a Speaker

Smart speakers do a lot more than simply play music. Busy cooking in the kitchen? Simply ask, “Okay Google, how many teaspoons are in a tablespoon?” Getting ready for work in the morning? Ask, “Alexa, what is the weather forecast for the day?” to get an instant answer that doesn’t even require you to put down your toothbrush.

The Amazon Echo and Echo Dot have smart programs called “Skills.” These are basically apps that execute code on your smart speaker. There are games, smart home controls, shopping lists, and much more. While these skills can only execute limited functions on your smart speaker, there have been examples of skills that could invade your privacy. Some skills could continue listening after a command was executed.

Storing Your Information

Sharing User Data iconEvery query and response to and from a smart speaker is stored on a server. This information is valuable for creating a profile of your interests and activities. The questions you ask reveal the type of music you prefer, whether you are interested in a certain celebrity, even medical problems you might be having.

Everything you say after the wake-up keyword is stored at a company server. Even if you didn’t intend to trigger your smart speaker, the sounds in the background, the words spoken in your conversation, it is all saved and made part of your profile. These conversations are available to you to search, which means if you lost your phone someone might have access to those queries as well. And while you can delete those queries, few people are likely to take the time to go through each query deleting those that reveal more than you’d like.

The Risk of Hacking

Hacker sitting behind a laptopIf a smart speaker operating as intended could create an invasion of privacy, how much more could they collect if they were hacked? Most of the smart speakers on the market today are created by companies who work primarily in software. The mindset of many of these companies are to get a product out fast and fix whatever problems there are as they come up. There is plenty evidence already that smart speakers are created with the same mindset. The fact that it is so easy to accidentally trigger a smart speaker and they misunderstand commands quite often, shows there are serious problems in the devices yet to be resolved.

Smart speakers are vulnerable to hackers gaining control over the device. If your device is hacked, it could easily be used to listen to private conversations you have. Worse, your smart speaker could be used to listen for when you leave the house, given thieves a green light to enter your home while there is little chance of interruption.

Personalized Results Tailored to Your Profile

While it is obvious that advertising is important to Amazon and Apple, Google, more than any other smart speaker maker, makes most of its profits from advertising. One of the features of the Google Home is personalized search results. Connect your account to your Google smart speaker and when you ask it a question, it will personalize those results based on your profile.

That profile is the source of most of Google’s profit. Every question you ask, every entry into a search bar, helps Google narrow down your interests and preferences. This information is valuable for selling ads for products and services you are more likely to buy. As smart speakers become more popular, the profile of what you ask your smart speaker, and how you ask it, will become more important to advertisers.

Part of that profile includes where you ask the question. Did you search from your phone, laptop, or smart speaker? The types of answers you are looking for often vary based on where you are asking the question. Since your smart speaker is usually left in one room, Google can pinpoint your location with accuracy.

Advertisers may even pay to skew your search results. Ask your Amazon Echo about ordering shampoo and an advertiser may pay Amazon to suggest their brand as the top result. We often see this sort of marketing online, but on a screen, you can also easily see other options. Through your smart speaker, you may be more likely to simply accept whatever suggestion the device makes. By controlling the search results, your smart speaker may control your purchases to a greater degree.

Smart Speaker Devices

Should I Throw My Smart Speaker in the Trash?

The pace of change in technology is often surpassing our ability to assess the cost to our privacy. Smart speakers are convenient and offer options for entertainment and education no other device has previously offered. This convenience is somewhat offset by the invasion of our privacy these devices bring. Being aware of the potential drawbacks lets you make a more informed choice as to whether a smart speaker is right for you and how you will use it.

If you are concerned about your privacy, using a VPN service can greatly enhance your privacy online. By providing a more anonymous connection to the internet, you can guard your privacy without sacrificing the convenience offered by many online services. To learn more, check out our post on choosing the best VPN for your needs.

Tech journalist
Tove has been working for VPNoverview since 2017 as a journalist covering cybersecurity and privacy developments. She has broad experience developing rigorous VPN testing procedures and protocols for our VPN review section and has tested dozens of VPNs over the years.