Amazon’s Alexa Never Stops Listening to You. Should You Worry?

When you invite a digital voice assistant like Amazon Alexa into your home, you’re inviting a device that records and stores things you say, which will be analyzed by a computer, and maybe by a human. You won’t always know what happens with those recordings.

After all, an Alexa speaker, like the Echo or Dot, is an always-on listening device. Although it’s designed to listen only when called upon, sometimes it doesn’t play by its own rules. And sometimes it (as well as Amazon) behaves in ways that would justifiably make anyone worry about their privacy and security, as illustrated in a recent story in The Sun that claims Alexa may be privy to your intimate moments.

Alexa is studying you

The fact is that your Echo, Dot, or Show is always eavesdropping. This is and isn’t as creepy as it sounds. Although it’s true that the device can hear everything you say within range of its far-field microphones, it is listening for its wake word before it actually starts recording anything (“Alexa” is the default, but you can change it to “Echo,” “Amazon,” or “computer”). Once it hears that, everything in the following few seconds is perceived to be a command or a request, and it’s sent up to Amazon’s cloud computers, where the correct response is triggered. You know your Echo is paying attention because the circular blue light turns on when it hears its name. Think of Echo like a dog: It’s always listening, but it understands only “cookie,” “walk,” or “Buddy.” Everything else goes right over its head.

Anyone who owns a smart speaker, uses a smartphone, posts on social media, or in some other way interacts with the Internet has likely experienced a few weird “coincidences.” Maybe you recently talked about something with a friend and then weirdly started seeing ads on the Internet for whatever it was. It’s creepy. And it probably makes you wonder to what extent your gadgets are spying on you.

Like any website or mobile app, Alexa collects information on how users interact with it from what they say, what they ask it to do, and which third-party skills they interact with. Amazon likens this to how websites use cookies to collect information on your browsing, but Alexa goes a bit beyond that. It knows what music you listen to, what you put on your shopping list, and what smart-home products you have connected to your system, all based on what you told it to do. Because it can recognize individual voices, it also knows when you’re home—and maybe even what room you’re in (because users often name a device by the room it’s in, such as “Kitchen Echo” or “Bedroom Echo”). Presumably, the information it collects about you is used to market more products and services to you. In my experience, using Alexa on a daily basis hasn’t resulted in more direct marketing from Amazon—or at least the connection between my Alexa commands and what I’ve seen while browsing hasn’t been as obvious as, say, the stalking capabilities built into Chrome or Facebook.

Alexa does make mistakes when listening. Anyone who’s lived with an Echo has experienced Alexa mishearing and responding to queries no one asked. Sometimes this can be funny—like when Alexa hears its own wake word in a TV show. Other times it’s more serious, including an instance in 2018 when Alexa apparently thought it heard a command to send a message and instead sent an entire private conversation to a stranger’s Echo device.

Though Alexa selectively listens for its wake word, it can’t selectively filter out voices. This means that anyone in the room is potentially subject to its listening and recording powers. So any child or house guest may be engaging (knowingly or not) with Alexa. Recording a child without parental permission is illegal in some states, similar to video recording laws. In June 2019 Amazon was hit with two lawsuits over Alexa recording children’s voices without the consent of the parents, and the result of this is still pending.

Alexa isn’t alone in its listening abilities. Apple’s Siri and Google’s Google Assistant work (and sometimes don’t work) in very similar ways.

Who is actually listening?

For the most part, the ear on the other side of Alexa is an algorithm: a computer program that processes the words, figures out what they mean, and responds appropriately. That fact that it does this so quickly (usually in just a few seconds) and correctly is what makes smart speakers so easy to live with. However, that doesn’t happen by magic.

There are always humans somewhere behind the curtain pulling the levers, and occasionally there are even humans listening to your requests for weather reports in Punxsutawney, and trying to figure out what you meant when you added mangosteens to your shopping list. An article in Bloomberg revealed that Amazon employs thousands of people, including some outside the US, to transcribe and annotate Alexa requests in an effort to improve the voice assistant’s performance. The company says the information is anonymous and encrypted, but the Bloomberg article states that the recordings analyzed by Amazon’s transcribers can include first names, device serial numbers, and account numbers. It’s also unclear whether all that information is linked in a way that would let employees identify the user or household. After a lot of bad press on the topic, Amazon gave Alexa users the option to prevent human screeners from listening to their recordings. You can do this by going to the Privacy section of the settings menu and opting out of allowing your recordings to be used by Alexa developers.

Amazon is not the only one doing this. A Belgian news report revealed that subcontractors for Google are also listening to and transcribing some Google Assistant voice recordings, many of which were recorded accidentally and could contain sensitive personal information. Google followed up, saying that it uses “language experts” to analyze around 0.2 percent of voice messages, but that those recordings are not associated with users’ accounts and are essentially anonymous. Like Amazon and Google, Apple also employs humans to make Siri work better, and recordings may be saved for up to two years. But the company says that all transferred data is stripped of its identifiers so it can’t be traced back to you or your Apple ID. The company recently said it is “suspending” the practice of using human “graders” while it does a review of the process.

Amazon and the others argue that this is a necessary process meant to make their digital assistants better at understanding you. Both Amazon and Google allow you to listen to and delete the recordings that Alexa or Google Assistant have made of you. Amazon recently went a step further by adding the ability to delete your queries daily by simply saying, “Alexa, delete everything I said today.” Apple allows you to clear your Siri history in your devices settings menu, but you can’t actually listen to the voice recordings. Knowing that a human could be listening to your voice snippets may sound intrusive to you, but you may have already agreed to this in the app’s terms of use (which no one reads) when you first installed the device.

Alexa is a data hoarder

When Alexa hears a command and sends those words up to the cloud, Amazon has just learned something about you. Maybe the company learned only that you like to listen to the Police, or that you like fart jokes, or that you turn your Hue lights off at 11 p.m. every night. If you were to say, “Alexa, where should I bury the body?” you’re not going to have the police showing up at your door (I know because I’ve tried it).

Is it important that Amazon is collecting this information? That’s up to you to decide. Your computer is tracking everything you do online through cookies. Google knows everything you’ve ever searched for, and also everything you’ve ever bought when you used a Gmail address. Your broadband provider may be selling your browsing and location history to third parties, and Netflix knows you like torture, horror, and cooking shows (yes, you’re weird). Primarily, Amazon wants to sell you stuff. Lots of stuff. So when you use a workout skill with your Echo, don’t be surprised if Amazon sends you an email promoting yoga pants (this hasn’t happened to me yet).

What should you do to protect your privacy?

To answer that question, you need to ask yourself whether these potential risks make you feel vulnerable. It’s a balance of trust between how worried you are, what you have to lose, and what you’re willing to sacrifice for the convenience provided by a smart speaker like the Echo. If you trust that Amazon’s intentions are no more nefarious than getting a better idea of what you want to buy on Prime Day, and that doesn’t really bother you, then you have your answer. If you worry about your private information getting into the hands of the wrong people, then you have another answer.

To keep outside hackers from gaining access to your smart speakers, we offer the same advice we would for using any smart-home devices. Use strong and unique passwords (and that goes for your Wi-Fi network, as well), use quality routers and guest networks, and engage two-factor authentication whenever it’s available. If you use an Alexa device, review your Alexa privacy settings, and manage your third-party skills and your smart-home device history.

Restricting access from the manufacturer itself (and its subcontractors) is another thing completely, and as we’ve pointed out already, it may be beyond your control.

All Alexa users should familiarize themselves with Amazon’s privacy policy, which can be found here. If you plan to discuss any national security secrets and don’t want to open yourself to Alexa’s snooping capabilities, press the mute button on the top to disable the microphone. Everything you say to Alexa is listed in the app, but as noted earlier, you can delete that recording history. Amazon says that once you delete it, it’s gone forever, even from its servers, but it warns that doing this may degrade the product’s performance. Even with that assurance, savvy users know that the Internet of Things is built in the cloud, not on solid ground, and so they should step cautiously.