The best way to prevent abuse is not separating children from their families. In Canada, when the government separated indigenous children from their families through sixties scoop and residential schools, the children suffered tremendous abuse by the teachers and staff members.
'Samsung itself is aware of these risks. In its privacy policy, the company warned customers to be aware that "if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition." The language reminded some of the George Orwell classic dystopian novel 1984.'
That quote doesn't show Samsung's thoughts on the risk of hacking at all, and it shouldn't remind anyone of 1984. It's just a statement of how all voice recognition currently works.
>It's just a statement of how all voice recognition currently works.
Amazon has said on numerous occasions that no data transfer occurs without a trigger word hitting the mic -- a feature that was a main point when discussing the safety of having an always-on internet-connected mic in the house.
As for whether or not they're telling the truth, I don't know; but trigger-words have always been a feature that Amazon loved mentioning from a security/privacy standpoint.
> As for whether or not they're telling the truth, I don't know;
Luckily it's possible to check [0]! Although it gets a bit more complicated and can change, my understanding is that currently most people observe it increase it's network usage after it's trigger phrase, but not at other times (it uses the network for other stuff too, but audio data is typically rather large in comparison).
The pessimist in me think that a determined actor could simply capture non-trigger voice data offline, and bundle it with the rest of the traffic whenever the next trigger word occurs. But I am talking out my ass and have in no way verified any of this
If data is being buffered and only sent after the trigger words wouldn't the data transmitted vary depending on how much was said before the trigger word?
Maybe. All uploads could be padded with the maximum buffer size so you can't tell the difference. The buffer could flush only small amounts at a time. Some compression algorithm could be used that becomes more efficient with larger recordings.
What you should be asking with any "smart" device is "can I prove this device will do no harm to me".
Honestly I have never understood the value proposition of any smart device. Why would I want any of that functionality? Never once in my life have I ever wanted to talk to my TV. I'm beginning to (again) question the wisdom of carrying a smartphone.
Yes of course. I don't get why that affects the privacy policy though. There are occasional false positives and you still might say something sensitive after the trigger word.
I’ve heard that the Echo’s mute button is a hardware off switch for the mic, though for obvious reasons you probably wouldn’t leave it on most of the time.
Google has made strides in local-only translation. I can't seem to find the Hacker News article but believe it was wired into the Google keyboard iirc.
"The U.S. State Department is now requiring nearly all applicants for U.S. visas to submit their social media usernames, previous email addresses and phone numbers. It's a vast expansion of the Trump administration's enhanced screening of potential immigrants and visitors."
Does freedom of speech only apply to Americans? Can foreigners get penalized and denied entry for what they say on social media?
Well Cisco wrote the code so it has to be in some way intentional but it doesn't necessarily mean it was done maliciously though. It could a private developer key used for testing accidentally got pushed out in production code or some poorly thought out management "feature". Regardless it is an epically dumb mistake for a company like Cisco to make on an enterprise product.
> Well Cisco wrote the code so it has to be in some way intentional but it doesn't necessarily mean it was done maliciously though. It could a private developer key used for testing accidentally got pushed out in production code or some poorly thought out management "feature". Regardless it is an epically dumb mistake for a company like Cisco to make on an enterprise product.
That someone might not be the company, it might be a developer.
It's entirely true that the company says it's not a backdoor, the developer says it's a mistake, but he/she was approached from an external organization.
Unless you can provide either way it's impossible to classify it as a backdoor or not.
And what do you think this was? Virtually all router/networking devices have some kind of "hardcoded account" (read:backdoor) and this is only slowly changing. I believe the EU is going to ban the practice soon.
Without wanting to start a political flame war it would be great if there was consistency to how we in the tech community and the media treat these types of vulnerabilities. When Huawei have these sorts of bugs they are reported as backdoors. Bugs happen in software be nice if put the nationalism aside and reported it consistently as bugs or vulnerabilities
Also you should have ACLs in place and VLAN segmentation (assuming their use as pure layer 2 devices) so that only certain authorized sections of the network are even able to reach things like the management ssh and SNMP daemons.
Even if you're the CTO of a US company that's being infiltrated by a foreign intelligence agency, there are only three possibilities:
* You are a foreign intelligence asset and and any denials on your part are lies.
* You are not a foreign intelligence asset, but you know that strange things are afoot and have informed the FBI. In order to not jeopardize the counterintelligence investigation, you have been instructed to play dumb, and hence, any denials on your part are lies.
* You are not a foreign intelligence asset and you have not noticed the infiltration. In this situation, you're not lying when you deny that anything's going on, you're just ignorant.
Of course, if your company isn't being infiltrated by foreign intelligence, you will also, correctly, deny that the company is being infiltrated. I'm not saying that his company is being infiltrated or compromised; I'm saying that there's virtually zero informational value in someone in his position denying such a thing because no one would ever admit it.
