Alexa! Why Are You Stalking Me? (Did Amazon Lie?)

Amazon whistleblowers say thousands of Alexa team members supposedly can see your precise location. But just two weeks ago, didn’t the company pinky-swear they couldn’t?

Oh, and these teams include many employees and contractors in low-wage, overseas economies. Which might raise further questions of trust and safety.

Well, duh. In today’s SB Blogwatch, we pull the plug on the Echo and its ilk.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: plunderphonics.


Amazon’s Alleged Artifice

What’s the craic? Matt Day, Giles Turner and Natalia Drozdiak tag-team to tittle-tattle thuswise—“Amazon’s Alexa Team Can Access Users’ Home Addresses”:

 [Amazon audit] team members with access to Alexa users’ geographic coordinates can easily type them into third-party mapping software and find home residences. [The team] numbers in the thousands of employees and contractors. … Location data is more sensitive than many other categories of user information.

In a demonstration … an Amazon team member pasted a user’s coordinates … into Google Maps. … Two Amazon employees said they believed the vast majority of workers in the Alexa Data Services group were, until recently, able to use the software.

In an April 10 statement … Amazon said “employees do not have direct access to information that can identify the person or account as part of this workflow.” [However] In a new statement … Amazon said “access … is only granted to a limited number of employees. [We] limit access whenever and wherever possible.”

Oops. That’s not a good look for Amazon. Chris Merriman quips, “It knows where you lived last summer”:

 Amazon staff monitoring the firm’s Alexa service can pinpoint your home address. … The Amazon Data Services team is charged with making manual improvements to Alexa to provide the best performance, but what nobody saw coming … is the level of authorisation these people have.

The news only came to light when two employees voiced their concerns. … There are three teams—in the US, Romania and India.

I’m sorry? Where? Sean Hollister reminds us that “any ol’ bum a company hires could … breach your privacy”:

 Companies store a ton of data. You know this. Everyone knows this. [But] a team of … employees “spread across three continents” may be able to find your home address.

Companies usually collect this data to serve you (although sometimes they serve advertisers, or shadily sell it to third parties), and they’ve been writing down some of it (addresses, credit card numbers) long before the internet existed. You can’t have something shipped to your door without a company knowing where that door is.

[But] because we really don’t know how carefully any given company protects that data — and because they can change their policies at any time — anyone a company hires to interact with this data could … breach your privacy.

But Zero__Kelvin mutters, “Nothing to see here; move along”:

 In other news, there are employees at almost every company that can access their customer’s home address. How do you suppose they handle billing and on site service?

Who gives a ****? This is the equivalent of adding “with a computer” to something and pretending it changes everything.

To which, dx87 retorts:

 That doesn’t matter. Restricting information that employees can access is Security 101.

I can’t view restricted company information that I don’t need for my job. Likewise people transcribing Alexa voice commands don’t need the home address of the voices they are transcribing.

Just because you give Amazon your address for shipping and billing information doesn’t mean you want to give John and Jane on the Alexa QA team your home address.

Wait. Pause. Let’s step back a moment and pretend to be an alien visitor. This Anonymous Coward sounds amusingly bemused:

 How much do they pay you?

I don’t have any of these surveillance devices in my home, but I am curious about how much companies like Google, Apple, or Facebook are paying you people for that privilege? If it is enough money, I might get one.

And kermitismyhero shares their favorite schtick:

 Every time I visit a friend or relative who’s all excited about their new voice assistant gadget, I make sure to do my best to demonstrate the potential problems.

“Hey Siri, who around here can sell me a few kilos of cocaine?”

“Alexa, add a thousand feet of rope, a half-dozen ballgags, a box of latex gloves, and a few shovels to my shopping basket.”

“Hey Google, give me the addresses of every ammonium nitrate seller, gun store, cargo van rental company, and elected official in a hundred-mile radius.”

Deliberately ****ing with their voice assistants is a great way to quickly get them thinking hard about the issue with a minimum of conversation. It’s past time to appeal to logic. It’s now time to go straight for the emotional jugular by inducing some panic.

Hilarious. But can we get back to the bigger issue? rchaud plainly explains it:

 The bigger issue is disclosure and informed consent.

Amazon buyers know when they purchase a product that the vendor has their address and CC info, which they believe is protected. They may not know that the Alexa they bought as a holiday gift for their nephew is giving up location data to a team of “thousands of employees and contractors, spread across work sites from Boston to Romania and India.”

Oh yeah. Yikes. Not only that, but spaceheretostay concludes Amazon made a false statement to the reporters:

 Most people wouldn’t assume that Amazon actual employees are listening to their conversations who also know where you live. … Amazon makes a privacy promise that is violated here, as described in the article:

Amazon said “employees do not have direct access to information that can identify the person or account as part of this workflow.” [Except] the location information from the Alexa devices can, in some cases, identify the individual or account, “as part of this workflow.”

It is a direct violation of their own statements about privacy. … Amazon does make a privacy promise to not do what they are doing.

Meanwhile, Matt Novak wins this week’s Best Headline award, with “If You Care About Privacy, Throw Your Amazon Alexa Devices Into the Sea”:

 Alexa … really is one of the perfect products for our era. It’s easy, it’s convenient, and it’s a privacy nightmare that serves as a constant reminder of the fact that we live in a techno-dystopia of our own making.

If you haven’t tossed your Echo into the sea by now, that’s on you. Because [Amazon] clearly has no interest in honoring your privacy.

And Finally:

Plunderphonics: Two very different approaches (plus a bonus mix)


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hatemail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: James Duncan Davidson (cc:by)

Richi Jennings

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 596 posts and counting.See all posts by richi