FAQ Part 4: Alexa Privacy and Security

Publication Date: 12/28/17 – The Alexa FAQ series continues with information about Alexa privacy and security concerns.

Follow the links at the bottom of this post to view all other posts in the series.

Note that the information provided here is accurate as of this writing, on 12/28/17, but is subject to change in the future as the Alexa service and devices evolve.

Q: Is Alexa listening to, and recording everything I say?
No. Alexa devices are always listening, but only for the wake word. They do not respond to, or record, anything that’s said before they hear the wake word. After they hear the wake word, they record what they hear for two purposes:

– to send your request to the Alexa voice service in the cloud for processing: for Alexa to figure out what you said, and how to respond

– to send a copy of your request to the History file for your specific device, which you can access in the Alexa app. This is useful for you, because when Alexa doesn’t respond as you expected her to you can see what she thought you said in the app. It also helps Alexa get better at understanding you over time as you interact with, and correct her. However, if you’re uncomfortable with having the History stored you can clear the file in the app anytime you’d like. Just go to Settings > History.

It’s true that Amazon is keeping overall statistics on what types of requests Alexa device owners are making and what types of errors Alexa is experiencing, but these statistics are not tied to individual users or device owners, and they help Amazon to keep making the Alexa service and devices better by keeping track of what consumers want from Alexa but aren’t getting currently, or aren’t getting reliably.

Q: Okay, but how do you really KNOW that?
In addition to running this blog, I’m also an independent developer, aka “programmer”, so I understand quite a bit about hardware, firmware and software. Because Amazon makes its Echo device firmware files publicly available for download and review, and numerous outside sites have done “teardown” pieces where they take apart Echo devices to show what’s inside, it’s not hard for anyone with a little tech knowledge to verify what I’m saying here.

The microphone of every Echo device Amazon makes has a firmware chip with a tiny bit of memory, like less than 1MB. It’s only programmed to listen for the wake word, or any combination of syllables that sounds like the wake word.

If the wake word is detected, the firmware ‘wakes up’ the main processor in the device. It lights the blue ring (or whatever light indicator exists on the specific device) to alert you Alexa is awake and has begun to listen (and record). The main processor has very little memory too, which is why Echo devices do not download all the content you’ve requested to play, or do any significant on-board file processing. Both pieces are only there to collect input (your speech) and pass it on to the Alexa voice service in the cloud. As soon as the interaction is over, both pieces dump their cache (a techie way of saying “forget everything that just happened”) and they don’t store any local record of it. Even when you ask Alexa to “repeat that”, the command goes to the online Alexa voice service, fetches your most recent request from there, and sends the same response it gave previously back to your device.

It’s not possible for your Alexa device to be secretly listening to, and recording, every sound around it at all times. The hardware and firmware simply aren’t designed for it, and don’t have enough processing power or memory. If you’re really concerned, don’t take my word for it: you can prove it for yourself by turning off your WiFi and attempting some of the usual Alexa commands. You’ll see that Alexa will wake as usual and listen to your request, and the light on your device will indicate she’s trying to process it, because all of that happens on the device itself. But then, at that last step, you’ll get an error message because Alexa won’t be able to send your request to the Alexa voice service in the cloud. If you check History in the Alexa app, you’ll see your request never got there, because there was no internet connection.

Despite all this evidence, there are still those who will swear Alexa must be spying on them. If you’re among them, please read Two Situations That May Look Like Alexa Spying, But Are Not.

Q: Can people outside my home access my Alexa devices? For example, could a thief give a command from outside my home for Alexa to open the garage using my connected Garageio device?
This is theoretically possible, but it’s easy to prevent and to date, there haven’t been any reports of this type of activity. You’ll want to keep your Alexa devices away from open windows, where a stranger might see the device and attempt to interact with it. Amazon also makes these suggestions on its Safety Information for Using Smart Home Devices with Alexa (UK readers click here) help page:

When you connect devices and services to Alexa, anyone speaking to Alexa can operate those products. This includes products such as garage doors, locks, and appliances. Please follow these recommendations when using connected devices with Alexa:

– Follow all instructions and recommended uses for smart home devices.

– After making a request, confirm the action was completed on the smart home device.

– Take steps to ensure the security of your Alexa supported device and safe operation of your connected products. For example, if you do not want Alexa to respond to voice commands (like when you are away from home), turn off microphones on your Alexa supported device.

Q: Does Alexa have parental controls?
Um, sort of.

First, all native Alexa functionality is designed to be family friendly. Alexa does not curse, and does not respond well to being cursed at. Alexa is not connected to any adults-only content or information sources. There are some skills that are inappropriate for children, but Amazon requires them to be clearly rated as “mature” to help parents make informed decisions about which skills to enable.

Second, you can set a PIN to prevent unwanted purchases being made through the Alexa service. In the Alexa app, go to Settings > Voice Purchasing > Voice Code to set a PIN. Once set, anyone who makes a purchase request of Alexa will be prompted to speak the PIN.

Third, Amazon has recently introduced a special “Kids” skill category. The first time the user attempts to enable a skill in this category, the adult to whom the Amazon account is registered will have to go into their account and grant permission for Kids skills to be used.

If you want to get it straight from the horse’s mouth, try asking Alexa: Are you spying on me?

Enjoy your Alexa device, and be sure to come back here to follow the rest of this Alexa FAQ series.
I’ll be continuing the series with posts to cover the basics of Alexa calling and messaging, using Alexa devices as an intercom system, Alexa music playback commands, using Alexa to control video on your TV, a look at the various Alexa devices and gadgets now available as well as the differences among them, the Alexa Flash Briefing, Alexa utilities like reminders, alarms and calendar integration, and a sort of catch-all mailbag FAQ at the end.

Click here to subscribe, so you’ll be notified when each new post is published. You’ll also want to bookmark any posts in the series you might need to refer to frequently in the future, and use the handy social media links at the bottom of this post to share with others who’ve received (or you know will be receiving!) Alexa devices.

Click here to read part 1, Alexa Basics For Those Giving or Getting An Alexa Device.

Click here to read part 2, Six Things To Try With Alexa.

Click here to read part 3, Alexa With WiFi & Bluetooth.

Click here to read part 5, Alexa Music Commands and Services.

Click here to read part 6, Alexa Calling and Messaging.

Click here to read part 7, An Alexa Intercom System with Alexa Drop-In.

Click here to read part 8, Alexa Alarms, Reminders and Timers.

Click here to read part 9, Using Alexa To Control Your TV.

Click here to read part 10, Alexa Flash Briefing

Click here to read part 11, Alexa Calendar Integration

Click here to read part 12, Comparing Alexa Devices.

Click here to read part 13, Alexa FAQ Conclusion: Mailbag, Alexa Communities.