How to check where your smart-home data fly to?

As the smart-homes consumer trend increased, a lot of many companies jumped into this domain, including some big names like Google and Amazon. Amazon has quite a large share of the market. According to 2021 stats, 200,000 home automation devices support Alexa.

However, the existence and adaption combined with the benefits of smart homes is a comforting and chilling experience for people. But, once we realize the privacy and security risks associated with this invention, we would be frightened.

Where do my smart-home data fly to? This question must arise in the heads of every privacy-concerned occupant of smart-home. You will find the answer to this question in this thorough research article.

As a cyber-security researcher with a background in internet privacy, I will share some insights gathered through different researches conducted on the privacy risks associated with smart-homes devices.

Image source—eef.org 

At first, the concept of smart homes was just an idea without any significant findings or logic. Since the early '90s, scientists have explored different avenues for molding this idea of smart homes into reality.

The evolution process of smart homes dates back to the 1900s, and the idea of home automation was around since then. But, the current smart homes came into being in the early 2000s. In the last decade, we experienced rapid growth in popularity and adaptability of automated homes.

The moment we connect to the internet, our privacy is breached in many ways.

In an investigation conducted by Electronic Frontier Foundation (EEF), The Ring video door Bell android app was embedded with 3^rd-party trackers responsible for sending out personally identifiable information (PII). The receivers were the top four analytics and marketing companies.

Based on the surveys conducted from different strata of society, it is estimated that around 80% of the occupants of smart homes are not aware of the privacy and personal data compromise.

What type of Data smart devices collect?

The data collected by smart devices are very personal in nature.

You might be aware that these devices are equipped with smart sensors that collect data 24/7. This sensor contained data reveals a lot about a smart-home resident, which includes his habits, interests, device usage patterns, sleep patterns, daily routine, work schedules, etc. In short, they reveal everything about the way we live our lives.

Just imagine for a minute all the things a microphone can hear: voices, noises, whispers, conversations, arguments, and confessions. Remember all the weird stuff you said privately when you were alone, depressed, or angry.

And, here comes the scariest part—all those sounds have been saved and fetched by its controllers. Now, collected data is stored over the cloud or locally, then processed, exploited, and shared with the highest bidders or governments.

This scary phenomenon is not only limited to the microphone but includes all other smart devices. If you want to attain complete privacy, you can choose not to use smart devices and related applications or technology. Alas, this is the only way if you do not want to accept the privacy trade-off.

The research paper titled: “I don’t own the data”: End-User Perceptions of Smart Home Device Data Practices and Risks. Researchers surveyed the smart-home occupant’s perspective and interviewed many of the residents. One participant who was well aware of the privacy risks associated but ready to accept the privacy trade-off shared his view:

Once I bought all these devices, that was it. These functions come with these risks no matter what, and I can't do anything about that. There is no third option. If you want the device, you have to accept those risks, otherwise don't use it at all.

Below, I will support the facts presented above by discussing two of the most widely used smart devices: Alexa and Google Home.

How to check where my Alexa Data fly to?

Sadly, both the Amazon and Google-owned smart devices, including the other related devices, are spying on us.

Alexa and Echo are collecting and sending data—our voice commands, back to Amazon cloud servers. Amazon stores a copy of all your data, processes and manipulates it for “good purposes”.

You might be aware that for Amazon Echo to work, the microphone inside it has to hear the "wake word" – Amazon, Echo, Alexa, etc.  Echo records every single command that you give to Alexa and sends it to the Amazon servers.

Hence, the Alexa x Echo collected data flies to Amazon cloud servers all around the world.

Amazon’s view on this data collection is that it helps the engineers to improve the performance of the product by updating algorithms with the help of real data. Moreover, they say that this real audio data of users helps them enhance the voice recognition and response-ability of Echo and Alexa.

Bloomberg, in its latest report—"Amazon workers are listening to what you tell to Alexa" mentions that Amazon has employed a team to listen to and transcribe collected audio files of the users.

The current 2021 stats reveal that around 40 million people use Alexa in the United States alone. This is a huge number so just imagine the amount of data being collected by these 40 million users alone then multiply it with the Alexa users all over the globe. The count increases to billions, and so are the Bytes of data. 

One of my privacy concerns, yet non-techy friend, was extremely conscious that his Alexa is spying on him and his data is flying to cloud servers. He shared his concerns with me, and I recommended him follow the below-mentioned procedure.

“Alexa, delete everything I said today”; this command deletes the recent recordings only. But, you should not get worried because all the previous recordings can be deleted manually.

To do so and stop Alexa x Echo from recording and using it for “improving the product” —which they claim. 

1. Open the Alexa mobile application and enter into the Settings section.
2. Move into History, and there you will see all the entries.
3. Select any entry and Tap the Delete button.
4. If you wish to delete all the old recordings with just a single tap, then visit amazon.com/mycd.  
5. Now, to stop them from listening to you, first follow point 1.
6. Move into the Alexa Account section and then Alexa Privacy.
7. Turn of the option “Help Develop New Features”.
8. Turn of the option “Use Messages to Improve Transcriptions”.

My friend felt very relieved after following my recommendation. You can also prevent your data from flying to Amazon servers to some extent by implementing the procedure mentioned above. However, no expert on earth can guaranty 100% privacy of data.

Image source – smartdevicessupport.com

How to check where my Google Home data fly to?

As explained above, Amazon's competitor in IoT – Google, is also operating on the same principles.

In my case study, I have observed that all the Google-owned products: Home, Nest, and Hub, Chrome cast follow the same patterns as Alexa and Echo.

In its latest investigative report, Bloomberg has revealed that Amazon and Google, the unrivaled leaders of home automation, are asking smart devices manufacturers like Logitech to fetch and send insights 24/7 from their user’s connected appliances. 

One of my fellow security experts also had a similar experience to mine that I quoted in the above chapter. His privacy-conscious brother was very tense after he read an article about Google Nest listening to him all the time even while he is not interacting with him.

He recommended he change the privacy settings of the device and delete all the recordings by using the My Account Tool and save yourself from being spied. Moreover, the procedure is almost similar to Alexa's.

The IoT Inspector—a tool to check where my smart home data fly to?

The IoT Inspector is an open-source web-based tool developed by IoT researchers at Princeton University.

The purpose of IoT Inspector is to offer a simple and easy-to-use tool that will enable a normal user to analyze the network traffic. Users can check if their smart device is sharing data with third-party applications. Moreover, it allows a user to check to what extent his smart gadgets are sniffing personal data.

While conducting the initial lab tests, the investigators found a Chromecast device to be constantly pinging Google servers even when inactive.

Alongside, a smart bulb manufactured by a china based company was also found to be constantly transmitting and receiving traffic from a Cloud.

Besides that, other network analyzer tools are also available, like WireShark. But, those tools require technical expertise to operate and analyze the results. Therefore, an IoT inspector is recommended for non-techy individuals.

Image source—nyu.edu

Conclusion

Although, the pros of smart homes are greater than the cons. But, privacy trade-off is a major con that cannot be neglected. 100% Privacy on the internet is a dream that cannot be fulfilled ever.

Privacy becomes harder and harder as technology becomes smarter and smarter," especially with the emergence of internet-of-things devices like smart speakers, always-on virtual assistants, and always-connected smart appliances.

—a statement by Kim at The Kim Komanda Show

Unfortunately, governments are unable to implement privacy laws and make these companies abide by the law.

It is high time that we users get aware of how our privacy is being breached?—fight for our right to privacy and impel governments to implement strict privacy laws. Moreover, all such companies must abide by the law, and in case of non-compliance, we must sue them.

Remember, privacy is your right, and you have to fight for it.