Jump to content

Ok Google, eavesdrop on me. Google employees listening to Google Home recordings

1602810408_NotOKGoogle.jpg.8f4457157c8ee8b4a4d75d9efceff57c.jpg

 

 

In the aftermath of the Amazon Alexa news from a couple of months ago, VRT NWS (the news site of Belgium's largest television station) ended up talking to someone who works for one of Google's subcontractors. 

Turns out things are done pretty much the same way there.  Google employees are systematically listening to audio files recorded by Google Home devices and Google's smartphone app. 

VRT NWS was able to listen to more than a thousand recordings, several of which were private conversations, arguments etc, so not intended for the device and often containing personal information. 

 

Quote

VRT NWS listened to more than a thousand excerpts, 153 of which were conversations that should never have been recorded and during which the command ‘Okay Google’ was clearly not given.

 

The terms and conditions mention that the audio is being recorded and stored.   But they don't mention that Google employees listen to excerpts of these recordings.

Google has even claimed it doesn't do this ... or atleast implied it through the clever use of language.

Quote

Google has continually claimed that it doesn’t eavesdrop. Google Holland even made a smooth YouTube ‘explainer’ to remove any misconceptions about eavesdropping. In this video, Google employees answer the question ‘Does Google eavesdrop?’. They say that the commands are being stored and transferred to Google for analysis. And they very clearly state: ‘No, you are not being eavesdropped’.


Some of the recordings involved violence and/or people in distress.  Just like at Amazon, Google's guidelines seem to be nonexistant when it comes to these cases.  Employees simply need to write down every word and every cough. 

 

 

 

In a response to the article, Google claims that these audio files are marked for manual checking "by language experts worldwide" to improve their speech technology. 

Quote

"This happens by making transcripts of of a small number of audio files", Google's spokesman for Belgium says. He adds that "this work is of crucial importance to develop technologies sustaining products such as the Google Assistant."

Google states that their language experts only judge "about 0.2 percent of all audio fragments". These are not linked to any personal or identifiable information, the company adds.

 

Even though the recordings may not be linked to identifiable information (assuming Google is telling the truth), they still contain exactly that kind of information.  No prizes for guessing what happened next ...

Quote

In these recordings we could clearly hear addresses and other sensitive information. This made it easy for us to find the people involved and confront them with the audio recordings.

 

 

 

 

Source : VRT NWS' article (from the English section of their site)

 

So basically whenever you say something that your home assistant doesn't understand because it wasn't meant for said assistant, it'll be flagged for manual review.  No real surprises there.

If you get/have one of these devices, always keep in mind that anything you say in their vicinity may be heard by complete strangers.  But hey, at least there's no signs of evil intent.   

 

 

 

 

UPDATE :

 

Google US responded in a blogpost.  They defend the collecting of audio and are going after the person who leaked the audio excerpts.

Quote

We just learned that one of these language reviewers has violated our data security policies by leaking confidential Dutch audio data. Our Security and Privacy Response teams have been activated on this issue, are investigating, and we will take action. We are conducting a full review of our safeguards in this space to prevent misconduct like this from happening again.

https://www.blog.google/products/assistant/more-information-about-our-processes-safeguard-speech-data/

 

 

 

UPDATE 2 : (2019-08-02)

 

The Data Protection Authority in Hamburg (Germany) launched a deep investigation into Google's practices and started a procedure to forbid them from listening to recordings. 

 

Google decided not to wait for a verdict and has announced that they will stop manually reviewing recordings made in the EU for the next 3 months. 

 

https://datenschutz-hamburg.de/assets/pdf/2019-08-01_press-release-Google_Assistant.pdf

Link to comment
Share on other sites

Link to post
Share on other sites

Google: We won't eavesdrop and we respect your privacy

 

Also Google: Oh yeah, we forgot the giant asterisk on that first bit. Maybe two.

The Workhorse (AMD-powered custom desktop)

CPU: AMD Ryzen 7 3700X | GPU: MSI X Trio GeForce RTX 2070S | RAM: XPG Spectrix D60G 32GB DDR4-3200 | Storage: 512GB XPG SX8200P + 2TB 7200RPM Seagate Barracuda Compute | OS: Microsoft Windows 10 Pro

 

The Portable Workstation (Apple MacBook Pro 16" 2021)

SoC: Apple M1 Max (8+2 core CPU w/ 32-core GPU) | RAM: 32GB unified LPDDR5 | Storage: 1TB PCIe Gen4 SSD | OS: macOS Monterey

 

The Communicator (Apple iPhone 13 Pro)

SoC: Apple A15 Bionic | RAM: 6GB LPDDR4X | Storage: 128GB internal w/ NVMe controller | Display: 6.1" 2532x1170 "Super Retina XDR" OLED with VRR at up to 120Hz | OS: iOS 15.1

Link to comment
Share on other sites

Link to post
Share on other sites

I wonder if there is a smart speaker that does not listen to you, does not record your voice, and does not sell your data ?

Laptop: 2019 16" MacBook Pro i7, 512GB, 5300M 4GB, 16GB DDR4 | Phone: iPhone 13 Pro Max 128GB | Wearables: Apple Watch SE | Car: 2007 Ford Taurus SE | CPU: R7 5700X | Mobo: ASRock B450M Pro4 | RAM: 32GB 3200 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 11 | Storage: 1TB Crucial P3 NVME SSD, 1TB PNY CS900, & 4TB WD Blue HDD | PSU: Be Quiet! Pure Power 11 600W | Display: LG 27GL83A-B 1440p @ 144Hz, Dell S2719DGF 1440p @144Hz | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G305 | Audio: Audio Technica ATH-M50X & Blue Snowball | Server: 2018 Core i3 Mac mini, 128GB SSD, Intel UHD 630, 16GB DDR4 | Storage: OWC Mercury Elite Pro Quad (6TB WD Blue HDD, 12TB Seagate Barracuda, 1TB Crucial SSD, 2TB Seagate Barracuda HDD)
Link to comment
Share on other sites

Link to post
Share on other sites

Why people stick these stupid devices in their homes is just beyond baffling. Are people really this dumb or just don't give a fuck at all? Like, come on, would you let your neighbor listen to ALL your conversations? Of course not. But they are totally fine because it's Google and it's listened to by someone 1000 kilometers away. So all is fine. I think people don't even know what is happening and when someone tells them they look at them like they are some sort of paranoid fruitcakes. Wake up people!

Link to comment
Share on other sites

Link to post
Share on other sites

8 minutes ago, RejZoR said:

Why people stick these stupid devices in their homes is just beyond baffling. Are people really this dumb or just don't give a fuck at all? Like, come on, would you let your neighbor listen to ALL your conversations? Of course not. But they are totally fine because it's Google and it's listened to by someone 1000 kilometers away. So all is fine. I think people don't even know what is happening and when someone tells them they look at them like they are some sort of paranoid fruitcakes. Wake up people!

I've seen one fairly convincing use case: For an older person still in their own home. Voice Commands can be very useful to someone with a frail body.

 

Beyond that, all we've seen is a solution to the biggest structural issue for why 1984 couldn't come to pass: no government could ever afford the amount of cameras & mics necessary for a Big Brother system. Turns out people will willingly put them in their homes if you save them 2 seconds of effort. Is it Big Government or Big Business you should worry about? Answer is "Yes".

Link to comment
Share on other sites

Link to post
Share on other sites

I'm reminded of that one Spongebob episode where Spongebob shows Patrick all the dirty diapers, but instead of diapers, it's evidence that Google is, in fact, doing evil.

Current Build:

CPU: Ryzen 7 5800X3D

GPU: RTX 3080 Ti FE

RAM: 32GB G.Skill Trident Z CL16 3200 MHz

Mobo: Asus Tuf X570 Plus Wifi

CPU Cooler: NZXT Kraken X53

PSU: EVGA G6 Supernova 850

Case: NZXT S340 Elite

 

Current Laptop:

Model: Asus ROG Zephyrus G14

CPU: Ryzen 9 5900HS

GPU: RTX 3060

RAM: 16GB @3200 MHz

 

Old PC:

CPU: Intel i7 8700K @4.9 GHz/1.315v

RAM: 32GB G.Skill Trident Z CL16 3200 MHz

Mobo: Asus Prime Z370-A

Link to comment
Share on other sites

Link to post
Share on other sites

35 minutes ago, Taf the Ghost said:

I've seen one fairly convincing use case: For an older person still in their own home. Voice Commands can be very useful to someone with a frail body.

 

Beyond that, all we've seen is a solution to the biggest structural issue for why 1984 couldn't come to pass: no government could ever afford the amount of cameras & mics necessary for a Big Brother system. Turns out people will willingly put them in their homes if you save them 2 seconds of effort. Is it Big Government or Big Business you should worry about? Answer is "Yes".

Yeah, I get that. I remember one guy explaining how voice control and narration is helping him since he couldn't use keyboard or mouse. But beyond that, it's just straight up creepy and no one seems to give a damn which is just terrifying.

Link to comment
Share on other sites

Link to post
Share on other sites

17 minutes ago, RejZoR said:

Yeah, I get that. I remember one guy explaining how voice control and narration is helping him since he couldn't use keyboard or mouse. But beyond that, it's just straight up creepy and no one seems to give a damn which is just terrifying.

People will pay money to be more lazy. Also, people will follow trends if you pay for that trend to be "fashionable". 

Link to comment
Share on other sites

Link to post
Share on other sites

In the end, companies of a certain size will more or less always try things that are "at best" in the grey ara of the law and/or moral standards. Also, people are dumb enough to buy a new iPhone (i could have said any other overpricing company but apple deserves this little roast for their 1k monitor stand)  every so often or pay 100$ for clothing worth of 5$ just because a certain name is on it. 

I sometimes wonder if my shabby 100€ Nokia 2 listens and/or watches its surroundings all the time since apparently apps can more or less do what they want, even though they have not asked for permissions.

ESL Profile: https://play.eslgaming.com/player/2432327/

F@H Profile: https://folding.extremeoverclocking.com/user_summary.php?s=&u=847206

Old System:                                                                 Current System :

i7-3770k + Cooler Master Hyper 212                           i9 9900k + Noctua NH-D15

Gigabyte Z77M-D3H                                                    Gigabyte Aorus Z390 Master

Evga Geforce GTX 970 SC                                          GIGABYTE GeForce RTX 2070 SUPER GAMING OC (F@H OC +70core/+580 mem)

HyperX FURY Red 16GB  DDR3 1600                        Corsair Vengeance  LPX 2x16GB DDR4 3200

bequiet PURE POWER 600W 80+ bronze                  Corsair RM 650x 80+ gold

Samsung 850 Evo 120 GB + 1TB HDD                       Samsung 970 Evo Plus 500GB 

                                                                                     Thermaltake Level 20 MT ARGB 

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, DrMacintosh said:

I wonder if there is a smart speaker that does not listen to you, does not record your voice, and does not sell your data ?

I've been looking everywhere for that HomePod. They don't seem to sell it in SEA or AU/NZ. 

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, comander said:

Apple is kind of a healthy middle ground but I'm not aware of them having data controls that let people delete things. 

Apple does have those kinds of data controls (they are required by EU law to have them), but there really isn't anything to delete because all of the data Apple gets from you is mostly localized on device. Apple hardly collects any telemetry data to begin with and what they do collect is meta data stripped. There is a reason devices like HomePod have full blown smartphone SoCs in them. 

Laptop: 2019 16" MacBook Pro i7, 512GB, 5300M 4GB, 16GB DDR4 | Phone: iPhone 13 Pro Max 128GB | Wearables: Apple Watch SE | Car: 2007 Ford Taurus SE | CPU: R7 5700X | Mobo: ASRock B450M Pro4 | RAM: 32GB 3200 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 11 | Storage: 1TB Crucial P3 NVME SSD, 1TB PNY CS900, & 4TB WD Blue HDD | PSU: Be Quiet! Pure Power 11 600W | Display: LG 27GL83A-B 1440p @ 144Hz, Dell S2719DGF 1440p @144Hz | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G305 | Audio: Audio Technica ATH-M50X & Blue Snowball | Server: 2018 Core i3 Mac mini, 128GB SSD, Intel UHD 630, 16GB DDR4 | Storage: OWC Mercury Elite Pro Quad (6TB WD Blue HDD, 12TB Seagate Barracuda, 1TB Crucial SSD, 2TB Seagate Barracuda HDD)
Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, comander said:

Google doesn't sell user data

More accurately they weren't caught doing it.....But you cant know it for sure.

Link to comment
Share on other sites

Link to post
Share on other sites

 

Spoiler

image.thumb.png.b9ace733de6b8468f4a64c7c1dd285a1.png

 

1 hour ago, comander said:

As far as I'm aware, Google doesn't sell user data

Yes they do, what do you think targeted advertisements are? Just because the data itself doesn't change hands doesn't mean they aren't selling it.

3 hours ago, Taf the Ghost said:

I've seen one fairly convincing use case: For an older person still in their own home. Voice Commands can be very useful to someone with a frail body.

That is absolutely true, but voice commands don't require an internet connection, let alone sending recordings back "home". There are plenty of ways of offering that convenience without infringing on people's privacy.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites

Link to post
Share on other sites

Small update : Several privacy experts confirmed that this is a clear violation of GDPR. 

For this kind of data collection and handling of data to be legal, explicit consent is necessary.  That involves clearly being informed about what data Google collects and what exactly they do with that data, so burying a vague description somewhere in a 3000 word ToS doesn't count. 

 

Philippe De Backer, Belgian State Secretary of Privacy, has already asked the Belgian Data Authority to investigate this further.  Seeing as it doesn't affect only us, several other EU countries will most likely be doing the same.  This could very well end up becoming a multi-billion dollar fine. 

Link to comment
Share on other sites

Link to post
Share on other sites

Tbh I'm not even surprised. Amazon and Google are some of the biggest companies in the world, you'd have to be so naive to be shocked by something like this.

 

Obviously this doesn't mean it's okay, but realistically is there anything we can do about this? Governments and agencies that fine companies that do this don't fine them enough and they just keep doing it. 

 

"oh you breached our data law, we'll fine you 10 mill. Don't do it again!"

 

Google: "Lol okay"

 

Meanwhile they've just made back that money 20 times over in the span of a couple hours.

System Specs:

CPU: Ryzen 7 5800X

GPU: Radeon RX 7900 XT 

RAM: 32GB 3600MHz

HDD: 1TB Sabrent NVMe -  WD 1TB Black - WD 2TB Green -  WD 4TB Blue

MB: Gigabyte  B550 Gaming X- RGB Disabled

PSU: Corsair RM850x 80 Plus Gold

Case: BeQuiet! Silent Base 801 Black

Cooler: Noctua NH-DH15

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

21 hours ago, comander said:

As far as I'm aware, Google doesn't sell user data.

They don't need to, they are the ones making money off of it themselves. They are the ones USING the data for profit and target advertising. They don't have to sell it.

Link to comment
Share on other sites

Link to post
Share on other sites

On 7/10/2019 at 12:41 PM, DrMacintosh said:

I wonder if there is a smart speaker that does not listen to you, does not record your voice, and does not sell your data ?

Yeah, its called a Bluetooth speaker. I have one, it plays music, or anything I connect it with via bluetooth.


It doesnt listen to me, it doesnt record my voice, it doesnt sell my data.

 

FFS are people really surprised by this news?! Really, Google, the company that got rich by collecting user data? Is collecting my data???

Who would put these speakers in their house in the first place? Such limited usefulness, I really don't get it. Everything that "smart" speaker does I can look up on my phone faster and better.

 

Oh, and by the way, if you put your house full of Wifi lightbulbs to work with these crappy speakers, those are just more devices to get hacked and turned into a botnet eventually. Have fun while your lightbulbs are DDOS'ing your favorite website or service.

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, maartendc said:

Yeah, its called a Bluetooth speaker.

I was more talking about the HomePod. Bluetooth speakers are not smart speakers. 

Laptop: 2019 16" MacBook Pro i7, 512GB, 5300M 4GB, 16GB DDR4 | Phone: iPhone 13 Pro Max 128GB | Wearables: Apple Watch SE | Car: 2007 Ford Taurus SE | CPU: R7 5700X | Mobo: ASRock B450M Pro4 | RAM: 32GB 3200 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 11 | Storage: 1TB Crucial P3 NVME SSD, 1TB PNY CS900, & 4TB WD Blue HDD | PSU: Be Quiet! Pure Power 11 600W | Display: LG 27GL83A-B 1440p @ 144Hz, Dell S2719DGF 1440p @144Hz | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G305 | Audio: Audio Technica ATH-M50X & Blue Snowball | Server: 2018 Core i3 Mac mini, 128GB SSD, Intel UHD 630, 16GB DDR4 | Storage: OWC Mercury Elite Pro Quad (6TB WD Blue HDD, 12TB Seagate Barracuda, 1TB Crucial SSD, 2TB Seagate Barracuda HDD)
Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, maartendc said:

Oh, and by the way, if you put your house full of Wifi lightbulbs to work with these crappy speakers, those are just more devices to get hacked and turned into a botnet eventually. Have fun while your lightbulbs are DDOS'ing your favorite website or service.

 

Hey, at least everyone will learn how to use bitcoin. 

 

Spoiler

the-internet-of-ransomware-things-internet-of-more-things.jpg.22608fb6f3d8d37834ee6bf02344b9ef.jpg

 

Link to comment
Share on other sites

Link to post
Share on other sites

I feel bad for people who are surprised by this "news". It makes me genuinely upset that people are that ignorant about tech in 2019 and somebody isn't trying to fix that.

-KuJoe

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, comander said:

1. Buy from reputable manufacturers
2. Have them live on their own VLAN and have non-trash tier firewall rules in place

1. No such thing. No manufacturer provides eternal software updates.

2. The average Joe doesnt know how to do this. Hence, it won't happen.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, DrMacintosh said:

I was more talking about the HomePod. Bluetooth speakers are not smart speakers. 

I don't want my speaker any smarter than a bluetooth speaker honestly. ?

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, maartendc said:

I don't want my speaker any smarter than a bluetooth speaker honestly. ?

Ehh, some people like the voice activated controls and not being tied to a phone. The HomePod is the only smart speaker though that can do all the tasks of a smart speaker while not having to offload info to be sold because is has the old Apple A8 SoC that does all the processing and strips your meta-data. 

Laptop: 2019 16" MacBook Pro i7, 512GB, 5300M 4GB, 16GB DDR4 | Phone: iPhone 13 Pro Max 128GB | Wearables: Apple Watch SE | Car: 2007 Ford Taurus SE | CPU: R7 5700X | Mobo: ASRock B450M Pro4 | RAM: 32GB 3200 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 11 | Storage: 1TB Crucial P3 NVME SSD, 1TB PNY CS900, & 4TB WD Blue HDD | PSU: Be Quiet! Pure Power 11 600W | Display: LG 27GL83A-B 1440p @ 144Hz, Dell S2719DGF 1440p @144Hz | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G305 | Audio: Audio Technica ATH-M50X & Blue Snowball | Server: 2018 Core i3 Mac mini, 128GB SSD, Intel UHD 630, 16GB DDR4 | Storage: OWC Mercury Elite Pro Quad (6TB WD Blue HDD, 12TB Seagate Barracuda, 1TB Crucial SSD, 2TB Seagate Barracuda HDD)
Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×