A better system would be for advertisers or shows to embed an ultrasonic signal in their shows which say the magic words, which google home/alexa watch out for. Of course, that would only prevent unintentional triggerings, so it wouldn't help in the circumstance where the tv show/advertiser actively wants to annoy you.
To be perfectly honest, pointing people's smart home devices at a page that anyone can edit with a few mouseclicks does not strike me as a very smart PR move. This will not end well.
It's not even original - people have been doing this independently since the services came out, and I'm pretty sure there were some adverts accidentally-not-accidentally tripping the behavior just a couple of months ago.
It was bone-headed. The best they could hope for was to vaguely amuse someone the first time the ad came up. But what about the second , third, or tenth time?
It's potentially a lot worse for Amazon/Google than it is for Burger King. I bet a lot of people will reconsider purchasing these devices based on just this one incident. Most people might not react as strongly but if this happened to me I'd immediately unplug the device and throw it away. Actually I might just go ahead and smash it to bits too. Just thinking about the possibility of it happening makes me quite angry.
Cringe. You are going to take a bunch of technical users and hijack their device to read a Wikipedia entry. Yeah that's really cool. Honestly, yeah it's a cool idea, but total garbage execution. No one wants you to read the Wikipedia entry on what a whopper is... absolutely no one.
Are you serious? Oh, to be a fly on the wall of the conference room where these things are pitched and discussed...
> “We think about our guests’ perception and their perspective on how we interact with them, but on balance we felt this was a really positive way to connect with them.”
Perhaps I'm too cynical or jaded by the trends in the evolving relationships between individuals, communities, businesses and our shared technology, but I see way too much negative in this type of connection.
The only positive aspect to this is that Google/Amazon/Whoever must now find a way for users to create their own audio triggers for their devices in order to protect them from this type of invasive BS or else we need to go through the lengthy and expensive process of defining and legislating the relationship between users and their AI such that activating and using another person's AI is illegal... or is it even your AI to begin with?
Thanks for the philosophical/legal quandary Burger King, but as I've always personally maintained, fuck you.
I am and I would. I don't care if a computer is passively listening for a prompt — the computer has no consciousness and it doesn't do anything I'd even notice. I do care if somebody is trying to make my device do something without my OK.
This does not particularly concern me, as Alexa only transmits when you trigger it and stops transmitting soon afterward. If that's too much for you, I'm not going to try to change your preferences. All I'm saying is, I'm OK with a device that is constantly listening for a trigger, and I'm OK with a device transmitting messages at my request, but that doesn't mean I'm OK with advertisers attempting to exploit the device.
You really only have Amazon's word that the only data transmitted is for that particular command. Unless you tap the transmission, you only have Amazon's word that it only transmits when triggered.
See, this is something that I would have assumed would have been brought up in that conference room where this idea was initially pitched... isn't it somebody's job at most companies to ask the "Are we sure this isn't illegal?" question when someone suggests some bullshit that nobody has ever tried before?
Companies regularly do illegal things. In this case the risk of prosecution is practically non existent so they may get the go ahead even if it's technically illegal.
PS: I wonder if people on HN could contact a prosecutor about this? And if doing so would change anything.
Also the legal team would have probably put a price on it. The C-graders can then know they'll make enough to still pay themselves big bonuses, through the publicity of the court case, etc., and conclude that the personal risk to them is non-existent [go U-S-A!] and so it's worth doing any way.
Peoples' attention is getting expensive. The important thing is that your name is recognizable and easily associated with your product. Positive connotations can come later.
What are you trying to accomplish by doing this? The audio of your voice is saved along with these requests, making it extremely easy to tell them apart from typical requests of the device owner.
Their door only gets kicked in if the intelligence analyst or counterterrorism agent reviewing the material isn't able to tell it's an obvious joke, which I find unlikely.
Kidding aside, I've been able to mistakenly activate other people's Cortana because they didn't take the time to set up voice recognition. It's a great way to exploit such tools.
I'm sure you think you're trying to prove some point, but really you're just being a jerk. If someone I'd invited into my home did this kind of thing, they'd be un-invited pretty fast.
I get some people have their pet causes/conspiracy theories - but is doing this at your friend's place really the place to be getting on your soapbox?
If you want to make a change - go run for office, or campaign for something. Don't just be a armchair jerk.
I know plenty of people like this that have their pet causes (usually government surveillance, or the industrial-corporate machine, or eating meat etc.) - proselytising and ranting to your friends is one thing (and look, we all rant at times, so give some, take some) - but being a jerk about it is childish and immature.
Making a joke at Alexa's expense is fun. Making it at your friend's (possibly huge) expense? Not fun.
I mean, what would 'nepthar do if for some reason the police actually showed up? Or if he/she found out later that their neighbour was denied boarding because TSA pulled some logs from somewhere? I mean, besides having a story to leak to papers, how would 'nepthar feel about getting their friend in life-threatening trouble?
As minuscule as the possibility is, the joke seems funny mostly because this possibility exists (or at least is perceived to exist). This all is akin to doing pranks to scare the shit out of random people. It all sounds funny until you realize that some of those people may have heart conditions and could get seriously harmed by such a pranks.
Maybe nepthar was making a joke because nepthar has a sense of humor. Maybe that joke was highlighting the absurdity of having an unsecured, always-on listening device in your home that may be used against you.
Instead, Hacker News tries to rip him apart for not observing the chilling effect said device creates, despite the complete legality of it. Ironic.
>... but is doing this at your friend's place really the place to be getting on your soapbox?
Who said it's a soapbox? Personally I'd find it hilarious watching a friend scramble to unplug their poorly-designed voice assistant—assuming they even cared, which they probably wouldn't.
>... proselytising and ranting to your friends is one thing ...
What about to people on the internet, telling them they're childish, immature jerks for not giving a shit about chilling effects when they're in private?
If your friend bought it, maybe they don't consider is a "poorly-designed voice assistant"? Maybe they think you're just trying to misuse their device, and being a bit silly?
It's the equivalent of going to somebody's unlocked laptop and typing in "XXX bum photos" or "how to kill the president. Or yelling "Fire! Fire!" to scare somebody.
Yes, it's probably quite funny when you're young (and you shouldn't leave unlocked laptops around) - but come on, really?
Look, we're obviously talking at different levels here - so I think I'm going to withdraw from this fight. There's little I have to gain here.
BTW - To nepthar, unethical_ban, and rl3 - if any of you actually are under the age of 16 - then I'm sorry, I apologise and withdraw my earlier comments - have fun, buddy - try to squeeze in all the pranks/stupidity you can before you have to be an adult =).
>If your friend bought it, maybe they don't consider is a "poorly-designed voice assistant"? Maybe they think you're just trying to misuse their device, and being a bit silly?
I'd like to think people are the best judges of how their own friends will react, but maybe that's naïve.
>It's the equivalent of going to somebody's unlocked laptop and typing in "XXX bum photos" or "how to kill the president. Or yelling "Fire! Fire!" to scare somebody.
Those examples aren't even comparable to each other, let alone to a bunch of orders made via voice assistant that probably end up instantly canceled.
>Yes, it's probably quite funny when you're young ...
>Look, we're obviously talking at different levels here ...
>... There's little I have to gain here.
>... if any of you actually are under the age of 16
>... before you have to be an adult ...
You may have overdone the condescension there just a little bit.
> Those examples aren't even comparable to each other, let alone to a bunch of orders made via voice assistant that probably end up instantly canceled.
We started with thermite ingredients and plane to Syria, something clearly made to potentially trigger USGOV anti-terrorism surveillance. It won't be fun for anyone if somehow it actually works. It's a joke at someone else's low-probability but life-threatening expense.
It's like doing pranks to scare random strangers. All fun and games until you meet the one with a heart condition that gets triggered by your joke.
The probability it actually triggers anything is virtually zero. You say as much in your other comment.
Driving a friend to a surprise party would be far more dangerous on multiple levels. Life is full of risk, and if you minimize it to the maximum extent possible it's quite boring.
Obviously there's some things you don't joke about, such as presidential security, inciting panic in public places, joking about terrorism in an airport, unsafe pranks on strangers, et cetera. That's all common sense.
Adding a bunch of suspicious crap to the cart and looking up a flight on your friend's unsecured voice assistant is more akin to two people making a campy NSA joke during a private chat session. The latter happens all the time, no one cares.
Granted, if your friend is a Syrian national living in the U.S. on a temporary visa then I might agree with you. :)
I can't believe that those ad execs really believe that people want intrusions like that. That they'd want the TV to hack their Home into advertising to them. That's just bullshit.
Google should change the autoresponse for burger king.
"Hey Google what is a whopper?"
"A whopper is a tall tale which clever executives want to sell you but really tastes of cardboard"
"I can't believe that those ad execs really believe that people want intrusions like that."
They know that they don't. I am starting to believe that these companies do shitty things on purpose (Looking at that Pepsi ad with the Kardashian girl) knowing full well the amount of outrage and free publicity it will get.
This particular one leaves you completely vulnerable to trivial deception. Want to get away with something evil? Just pretend to be dumb, make it look like you don't know what you're doing, then people on the Internet will defend you as "merely incompetent, not evil."
Besides, did you even read the article? Burger King is doing this on purpose! Says so in the first paragraphs!
I mean, I hear you, but TBH I've seen slide decks from the planning of some fairly public failures like this one and ... marketing people at huge companies do not come from the general population.
>Asked whether he was concerned that consumers might find the spot invasive, he said, “We think about our guests’ perception and their perspective on how we interact with them, but on balance we felt this was a really positive way to connect with them.”
This paints their president as clueless about positive ways to connect with customer. FWIW, I don't think the president should be evil or incompetent.
I prefer the answer, "The Whopper is a popular sandwich sold by Burger King. Its primary component is ground muscle fiber obtained from the species homo sapiens."
But not authorized access to interact with the Google Home networked computer device.
If it were that easy, that same lawyer could argue that because you operate a public HTTP server, any "attacks" on it are simply using the implicit permission you provided by exposing port 80/443 to the internet and operating a public service on it.
Not really. A criminal offense would only apply if the smart device can be construed as a 'protected computer' involved in interstate commerce; a civil complaint is only possible if the plaintiff suffers one or more of an enumerated list of 'loss' [1], neither of which appears to be a good fit for the interaction without a serious stretch.
I don't necessarily agree with this argument but... it seems that by intentionally purchasing and installing in your home a device explicitly designed to respond upon hearing the phrase "OK, Google, ..." one could argue that you have authorized it to do exactly that.
Perhaps you didn't intend or expect it to be co-opted by a Burger King commercial, but "unauthorized use" (in the legal sense) might be a bit of a stretch.
I buy lots of gadgets that take input. That doesn't mean any time someone else is in the same room they have the legal right to activate them and tell them what to do. Audio, mouse, keyboard, touchscreen, digitizer, light pen, or SSH session makes no difference.
Aaron Swartz certainly didn't break into anything. He just used a system he had authentication to in an unauthorized manner.
IMO, that sounds very similar to arguing the following, which, if I understand it correctly, is not an argument that has been successful in the past (see e.g. https://en.wikipedia.org/wiki/Weev which incidentally I found by guessing the URL...).
> it seems that by intentionally [making available a server on the Internet] a device explicitly designed to respond upon [receiving the request] "[GET <URL>]" one could argue that you have authorized it to do exactly that.
FWIW, I'm not convinced that should constitute unauthorised access. I do think the Burger King case is slightly different though - no "OK, Google" commands would be likely expected from a remote third-party, whereas third-parties are authorised to make _some_ GET requests. If anything, I'd say that makes it more likely to be considered an unauthorised use.
I don't have data on this, but my hunch is that most buyers of a Google Home device weren't driven to the purchase by a deep-rooted desire to speak the words "OK Google" to a device - they probably wanted a device that they can give voice commands? to fulfill their tasks. That the command mechanism includes the phrase "OK Google" and incidentally takes commands from everyone are implementation details but probably not the intention of the customer. As such, I thing this does qualify as unauthorized.
I assume that's a rhetorical question. But in case not, then the GDevice will talk over those things. If they really wanted to be safe, those other things could start by saying "OK google, stop talking" or something.
Do these people have no idea how much they are annoying their own customers?
I just bought a google home (it's only just been released here), and if it either plays me adverts, or other adverts (ab)use it - I will return it to the store without hesitation.
This was not sold as an ad-supported service.
To take an extreme position - Google should take Burger King to court via the computer fraud and abuse act - they've just performed a distributed denial of service attack on google's servers by using thousands of peoples google devices simultaneously without their permission.
Also - this is a key reason why google need to spend some time on supporting custom hot words for google home. 'OK google' and 'Alexa' are the audio equivalent of IoT devices with a default 'username:admin, password:password' on your network.
Correct. Example: this user logged into my service. Let's try to log into gmail with the same password. It worked. I'm authenticated, but not authorized.
AT&T won the unauthenticated iPad emails thing, putting weev in prison. As far as i can tell, i have to divine the intentions of the owner of any computer i connect to before i connect to it, or i'm breaking the law.
A verbal request from your TV is pretty much equivalent to typing in an URL "by hand", and AFAIK people got sacked under CFAA for the latter, because of "unauthorized" access to data.
In my layman's opinion, there's a potential for a case here.
really? People voluntarily installed a listening device in their homes. That should no way encroach on complete freedom of speech, no matter how tricky.
A corporation has no freedom of speech rights. It's important to remember that a corporation is not considered to the same rights as a person in these cases, nor should they ever be allowed to be.
Now the next step is for rogue editors to edit Wikipedia and write critical informations about Burger King in the Wikipedia entry..
Joking apart, I would be infuriated if I had such a device and saw that spot but then again, I don't have those devices because they feel like a violation of my private space.
Why don't Alexa or Google Home respond to only your voice and the voices of your family members? It seems like a fairly straightforward fix to prevent TVs or other audio sources triggering a response.
to whomever dislikes my post, you may not like the video (it's irony, baby) but so called "vertical videos" are a plague that infects TV news as well when they air videos contributed by various people. If you have a better way to remember people how wrong and stupid is that way of handling the cellphone when filming, then I'm open to suggestion.
FFS... this is one of the rare occasions I'm almost ashamed to be a technologist. Creating cool new technology, only for it to lead to this kind of bullshit, is kind of disgusting. :-(
Seriously, who the hell thought this was a good idea?
> Seriously, who the hell thought this was a good idea?
Voluntarily putting an always listening, internet connected device in your house, uploading data to the biggest advertising or commerce corporation, possibly man-in-the-middled by NSA?
Lot of people are already bringing up various concerns. I hope this is precisely what it does here in HN and outside. Talk about concerns regarding about these devices.
Is there anyway for end user to know what "wake up" keywords are? How do I know it's not listening for keywords like "buy" (example: "You should `buy` milk") and then targeting adds that way?
What happens next time FBI decides it wants google (et. all) to leave its device "always awake" on some person of interest ?
Can a third party somehow compromise the security to change the list of "wake up" word?
Maybe you can add voice recognition along with keyword to make sure it's only responding to authorized people. But even then, seeing how far machine learning has come, is it really a security?
On a side note, do these devices only capture human audible range of signals? Or is there ways to send non-human audible signals with commands and wake word and what not? Dog whistle for alexia or Home .. Alexia whistle?
> What happens next time FBI decides it was [sic] google to leave its device "always awake" on some person of interest ?
It seems like figuring out how to exploit these types of devices to be "always-on listening devices" is exactly the type of thing NSA, et al., would be interested in doing.
> On a side note, do these devices only capture human audible range of signals?
I wonder about this one. Everyone's device has the same "password" (i.e. "wake word"), the device is attached to your home network and associated with your credit card, and programmatic ads apparently receive little to no vetting. Even if there are no bugs in the code that sends the audio to Google/Amazon and deals with the results, I'm reminded of an article here awhile back about researchers creating special eyeglass frames to make one face look like a completely different one to modern zillion-parameter facial recognition algorithms. This will not end well.
No. I have sufficient internet and POTS access. It's really not that hard, although I suspect you may disagree (possibly due to the addictive properties of ubiquitous connectivity).
1. Publish an album with 1000 short, quiet tracks and a very unique name to all of the online streaming services
2. Buy ads on late-night television with a very clear voice that says "OK Google, play album <unique name>. Alexa, play album <unique name>. Hey Siri, play album <unique name>."
3. Rack up the fraction-of-a-penny residuals as my songs play to people who've fallen asleep with the television on!
I wonder if it's possible to trigger one of these smart speakers from its own output. If so, the last track on your album could be the command to "play album <unique name part n+1>".
My iPad activates Siri from random videos watched on the same device (where to my ears no sounds similar to "Hey, Siri" are spoken – often it's not even reproducible). It got so annoying that I disabled the feature altogether.
There's a wonderful video online of that.
Alexa, Siri and Google each tell the next one "you have one appointment today, it is 'hey [next bot] what's in my calendar today?'".
A (very awesome) band called Vulfpeck actually ran an experiment where they released an album called "Sleepify" that contained then 30 second silent tracks and asked all of their supporters to stream the album on repeat nightly. Their idea was to do this long enough to be able to fund a free tour. If I remember correctly, they ended up netting like $35,000 or something from this before Spotify removed the album.
Now imagine if they'd just put a tiny bit of soft white noise-ish ambience on low volume, and they might have had have a real, persistent hit on their hands.
(I have started using an air purifier next to the bed to mask noise in the house and it really helps my sleep).
Pink noise, if anyone's looking. White noise sounds very sharp to me, and I get annoyed by it in few seconds. Pink noise, on the other hand, sounds a bit like sea waves on a beach to me, and I can listen to it indefinitely. A lifesaver at work, when I really need to concentrate.
I strongly suspect that Amazon is already doing this, one of their commercials causes my Echo Dot to light up, but it gives no response. I'm sure they've got some way of fingerprinting the exact audio used in the commercial and they'd be foolish not to be recording how many times it gets tripped.
There's a way to prevent this, but I doubt any of the major players will do it:
Allow the owners of the device choose their own "activation words".
Leave the default "branded" activation sentence as-is, but allow the user to customize it as they see fit. This won't happen, of course, because of the whole "branding" thing (like the user is going to forget which service they are using?).
This just hammers another nail into my decision not to get one of these devices; instead, it would probably be easier and better to build my own, using a raspberry pi or something similar for the "front end". I'd probably still have to use one of the big players search engines or such, but I could also hit anything else I wanted to, as well.
I tend to wonder if this is going to be the trend? Those who have or desire more freedom will have to build it themselves, and those who can't or won't - they'll just have to shoulder the burden of not being as free...
There are ways the State could make DIY uneconomical or near-to-impossible (and I don't think the scenario is realistic anyhow) - but if that ever happened - if things ever got to the point of it just being too much - I'll just go offline. I've got more than enough data and junk to keep me amused for the rest of my life. Plus, I don't think I'm alone in that sentiment, either.
Freely available speech to text is garbage compared to what the big players are doing. Additionally their activation words usually trigger a special microcontroller extensively trained to listen for such a phrase, and then the more expensive processing kicks in.
The free spy-economy option weakens or kills privacy-respecting community and commercial options yet again. This won't stop until this crap is illegal.
I really just want to be able to activate my devices' voice control by saying "Computer". Siri/Alexa/Google just don't have the same Star Trek ring to them ;)
And all of these are poor choices. My partner's name is Alex, I use Amazon and Computer all the time in daily conversations around the house, the only one that is semi-rare is Echo. Ideally it should let you choose any word.
Ideally, sure. That's far from the only thing that's non-ideal about an Amazon Echo, though. The person I was responding to was interested in using "computer" as their activation word.
FYI a Burger King marketing exec modified the entry on Wikipedia to be more "Ad-like", initially using the name, "Burger King Corporation" before that was banned for having a promotional name.
Then the ad guy came back using his online screenname, and re-added the promotional introduction before it was reverted several times (along with an author from The Verge editing it, probably the edit that changed the wording to something like "[it] tastes like cyanide", but can't be too sure)
It was then astroturfed by some pro-Burger King sockpuppets (unsure of this but their changes all switch to the wording that the Burger King ad guy used), before finally being locked for disruptive editing.
Furthermore, the Wikipedia article itself now has a section about the attempted astroturfing by Burger King, and another Wikipedia user came back in and cited NPOV problems with the _original_ pre-ad wording (e.g. usage of the word "signature") so now the wording in the article is even more generic and less favorable to the Whopper than when it first started.
What would be great is if this put a serious dent in people's excitement about creepy always-listening internet-connected devices. Instead, I predict it will result in some new FCC rules about broadcast advertising.
I can't imagine this working well. What about the consumers that don't have a Google Now device? I imagine that it's most of them. "Ok Google, what's in a Whopper?" Silence, and commercial ends. Sounds kind of awkward and maybe downright confusing to some.
Easy fix for google/alexa-- MAKE people name their 'assistants', when everyone answers to a different name we can simply say hey joe what's the weather -- sure sometimes TV might influence it, but most likely not, that and add voice recognition (surprised it doesn't already have that actually)
Edit: I'd personally rather give my assistant a name I pick, than keep saying 'OK google'.
This will probably only work once. Good for Burger King for thinking of it first, and getting all of the extra free publicity for it. Now any future stunts by other companies will just piss people off without the novelty upside.
It's not like I've eaten at BK in last 40 years. But this is the kind of thing that pushes a company into my "never do business with them ever" category. Currently only Comcast and AT&T have that distinction.
I think it's clever and kind of cute. Well, maybe not so clever. There's a speech recognition "format c colon return" anecdote that apparently dates to 1994, at a meeting of the Sacramento PC User's Group, and repeated in various forms many times since then.
This is not just annoying, it is outright dangerous. If any of the viewers are doing anything important on their phones, the task switch interruption might have real effects on them, or cause them to lose data.
I feel sorry for people who buy always-listening devices that follow instructions without any form of authentication, too. They have absolutely zero blame or responsibility for anything that happens to them as a result of their choices, as combined with the amusing, non-malicious choices of another entity.
> Asked whether he was concerned that consumers might find the spot invasive, he said, “We think about our guests’ perception and their perspective on how we interact with them, but on balance we felt this was a really positive way to connect with them.”
I'm always amazed at the universe some marketing people seem to live in. It must be a beautiful place.
I was remarking at lunch today that for so long the goal of speech recognition was 'speaker independent' recognition and now that is a handicap.
Early speech input systems required an individual to read several pre-defined words, usually several times, in order to train the algorithm to understand their speech. And then the next person to use the system would have to do the same. This was considered a 'negative' because everyone wanted systems that anyone could use.
Now however, there is a tremendous need for your phone, or tablet, or commercial listening device, to be able to distinguish between who is talking so that different policies can be established based on the speaker. That will be the next killer feature in the voice wars I'm guessing.
Genuine question as I don't own any of these devices. Is there no setting for locking the device activation to one or more specific voices? This is surely a technical possibility and from a security point of view it is surely the sensible default behaviour for a device that can literally buy stuff using your money with nothing but a voice command.
The voice recognition is poor enough that it only works 80% of the time anyway and having certain accents defeats it completely. I think it's very very far away from being able to reliably tell voices of different people apart.
reply