Can Alexa Spy On You? 7 Steps To Protect Your Privacy With Alexa

Can Alexa and other always-on, Internet-connected assistants trample all over your privacy and embarrass you or worse?

Maybe — if you make it easy for them! You’ve probably heard stories about misadventures with Amazon Alexa devices. Some are funny, some not so much. By understanding how voice recordings are set up, stored, and shared, you can avoid your own Alexa misadventures. Here’s how:

Misadventures in Alexa privacy — have you heard about these?

You may have heard the story about the time Alexa sent a recording of a private conversation between a married couple in Portland to one of the husband’s employees. Or the story about the same thing happening to a family in Germany with the recording being sent to one of the husband’s business contacts. Or when it happened to a man in North Carolina whose conversation was sent to his insurance agent. Fortunately, there wasn’t anything negative or embarrassing in those conversations but the Alexa owners were certainly shocked.

Another time a 6-year-old ordered a dollhouse and some fancy cookies from Amazon — her parents had no idea until the packages were delivered. And still another time, coders wanted to test the security of the Alexa Skills (apps) system by turning a Skill into an eavesdropping tool and it worked (Amazon has since fixed the glitch).

Other times Alexa does exactly what it’s supposed to — respond to a command that follows the wake word — but it turns out to be a misadventure anyway. For example, NPR did a news story on Alexa. When people had the story playing within earshot of an Alexa device, Alexa dutifully woke up and followed the commands featured in the NPR report. Thermostats far and wide were adjusted to 70 degrees.

While these examples didn’t have serious consequences, the potential is there. And so are other privacy concerns.

For example, Amazon can send someone the wrong Alexa voice recording history. The same kind of human errors that are made in everyday life are made by Amazon employees who manage your data.

And, at least a couple of times, Alexa voice recordings have been requested as evidence in murder cases. Those cases were made public. The total number of legal system requests, however, is unknown. Amazon releases a bi-annual transparency report that lists the number of legal requests it receives and how it responds to them but it doesn’t break out the Alexa data. In the first half of 2018 — the most recent report available as of this writing — Amazon received a total of 1,736 subpoenas, 344 search warrants, and 162 other court orders. It responded either fully or partially to 70% -77% of the requests. Some of them were surely Alexa voice-recording requests.

All the more reason to understand what Alexa is recording and how you can manage it.

What Alexa records and where it stores your recordings

Alexa and other “always-on” devices listen constantly for someone to say the wake word. For Alexa devices, the default wake word is “Alexa”, for Google devices the wake word is “O.K. Google”, and for Apple devices it’s “Hey Siri”.

Alexa devices have seven microphones with noise-canceling technology that constantly record and replace one-second snippets of ambient sound while waiting for the wake word. Once the device hears the wake word and wakes up, it also lights up to visually confirm that it’s recording and, on some devices, it makes a chime sound, too. Alexa then sends your recorded voice data command over the internet to Amazon’s computers which, in turn, allow Alexa to respond to your commands.

Amazon stores each voice command recording in the cloud. None of the recordings are stored on Alexa devices.

Amazon doesn’t delete stored recordings either — only users can do that. By law, the European Union’s General Data Protection Regulation, or GDPR, which went into effect last year, requires (among other things) that consumers be able to access their stored data at any time.

How to review and delete your recordings

You can review all of your Alexa activity in the app Activity Feed or in Settings > Alexa Account > History. Click on the More arrow in the bottom right corner to hear the voice recording and decide if you want to delete it. You can review each recording as you scroll.

You can also review using Alexa online. To delete in batches or your entire history quickly, instead of one at a time, choose Review Voice History on the Alexa privacy page. The privacy page is the dashboard for accessing your smart alert history, smart home device history, skills permissions, and voice data management. It’s a good page to bookmark.

7 steps to managing Alexa privacy (they’re easy)

1. Don’t automatically add your Contacts even though the app wants you to.
One of the most important decisions you make about your Alexa privacy comes up right off the bat. Alexa immediately wants you to link all of the contacts in your phone to Alexa during setup. Don’t do this unless it’s very important to you to make calls and send messages through Alexa. Linking contacts to Alexa is where many problems start — there is no danger of Alexa sending voice recordings to your contacts if it doesn’t know who your contacts are. You can add contacts individually if you want.

If you have already linked your contacts, you can remove them but it’s not simple. As of this writing, you have to call Amazon customer service at 877-375-9365 to request to have the service removed.

2. Add a PIN for voice purchasing or turn off voice purchasing entirely.
To avoid ordering stuff from Amazon by mistake (or to keep your kids from doing it), go to the app Settings. Voice ordering is enabled by default.

3. Don’t enable Drop In access or severely limit Drop In permissions. Enabling the Drop In feature on your Alexa device allows people with Drop In permissions to access the device’s mic and speaker for use as intercom system — whether they’re in another room, another house, or another city. Anyone with permissions can also use it to listen to what’s going on in the room. While this can be a handy feature to check if the kids are asleep, the eavesdropping potential is obvious. Hackers might be able to drop in, too, but that’s not very likely.

4. Use strong passwords for your WiFi and Amazon accounts. Keep the bad guys out by using strong passwords and two-factor identification. In fact, do everything on Norton’s list of smart home security tips and also check out the smart home section of The Internet Society’s Online Trust Alliance (OTA). Alexa is part of your Amazon account, which includes your Prime account, Audible account, Amazon Photos account, Amazon Kindle account and so on. Your Amazon world is valuable. Don’t skimp on security.

5. Mute your device using the handy button on top. Do you really need to keep Alexa on during dinner or when company is over? Turning off Alexa devices when you want privacy is a good habit — the devices can’t mistakenly record and share if they’re muted. Muting devices with cameras also turns off the cameras (there’s no separate camera control).

6. Turn up the volume so you can hear Alexa ask you questions. Some Alexa mishaps have occurred because people didn’t hear what Alexa was asking because the volume was set too low. You want to hear Alexa’s confirmations. If there’s a lot of background noise or if you’re blasting music, see #5.

7. Delete any recordings you don’t want in your history. Finally, clean up your history if you want to keep some or all of it private. Amazon has said that deleting Alexa recordings may negatively impact your user experience because it learns your voice and habits from the recordings — which may be true but Alexa also works well right out of the box. You decide how much stored information is too much.

A word about Follow-Up Mode

In Follow-Up Mode, Alexa lets you ask more than one question or give more than one command in a row so you don’t have to keep saying the wake word. It can be convenient. Alexa will listen for five to seven seconds after answering your first command to see if you have another command. Alexa does not typically record ambient sound during those few gap seconds, just the commands themselves.

However, to avoid the potential of Alexa recording background conversations while in Follow-Up Mode, simply say Thank you, Stop, Cancel, or Go to sleep when you’re done with each session.

How much privacy can you expect from an internet-connected listening device?

There’s a price to pay for the convenience of having Alexa and a smart home with always-on, internet-enabled devices. The amount of privacy you can expect is directly proportional to the amount of data you give the internet.

The Nielsen Company reports that at least 24% of U.S. households own a smart speaker, 40% own more than one, and 75% want to be able to use them in even more ways. Of smart speaker users, 62% only started using the device within the past six months and 45% of them planned to add more devices. That’s some serious market penetration and trending.

The sheer volume of stored data makes yours less valuable but it also means we should be hearing some interesting Alexa misadventure stories as time goes on! But don’t have misadventures of your own, especially ones that make the news. Be proactive with your privacy.

If you liked this post, don’t forget to subscribe to FrogTalk, our monthly newsletter.