Amazon Smart Thermostat

Amazon Smart Thermostat

Amazon
Wi-Fi

Review date: Nov. 8, 2021

|
|

Mozilla says

|
People voted: Super creepy

Amazon teamed up with Honeywell to create their smart thermostat. And you guessed it, Alexa controls almost everything once you pair it with another Alexa-controlled device in your home. There is no microphone or speaker built into the thermostat, so you'll need an Echo Dot or similar to use voice control. Once set up, Alexa takes over. It will adjust the temperature to suit your preferences. And it has Hunches! Yes, Hunches. Once you enable Thermostat Hunches, Alexa will have a hunch you're not home or a hunch you're asleep and adjust the thermostat accordingly. If Alexa has a hunch you're asleep and turns the thermostat down when you're really binge watching Netfilx for 8 hours, it's a good thing you can just say, "Hey Alexa, turn the heat back up!"

What could happen if something goes wrong?

Amazon proudly states they are not in the business of selling your personal information to others, which is good. However, a good question to ask is, why would Amazon need to sell your data when they have their own advertising and retail juggernaut to use your data to sell you more stuff? Because Amazon is in the business of selling you more stuff. This means Amazon collects a whole lot of data on you — what temperature you like to keep your home, records of your shopping habits, Alexa search requests, the music you stream, the podcasts you listen to, when you turn your lights on and off, and on and on and on.

What's good with Alexa? They make it possible to automatically delete voice recordings immediately after they are processed. That's a nice feature after the controversy around human reviewers listening in to Alexa voice recordings. However, Amazon says when you delete your voice recordings, they still can keep data of the interactions those recordings triggered. So, if you buy a pregnancy test through Amazon Alexa, they won't forget you bought that pregnancy test just because you ask them to delete the voice recording of that purchase. That record of the purchase is data they have on you going forward and may use to target you with ads for more stuff. Same with your temperature requests or whether Alexa has a Hunch you're home or away.

And then there are Alexa Skills, those little apps you use to interact with Alexa. These Skills can be developed by just about anyone with the, uhm, skill. And with too many of the Skills, third-party privacy policies are misleading, incomplete or simply nonexistent, according to one recent study.When your data is processed by an Alexa Skill, deleting your voice recordings doesn’t delete the data the developer of that Skill collects on you. With over 100,000 Alexa Skills out there, many of them developed by third parties, now your data is floating around in places you might never have imagined.

While Amazon doesn't sell your personal information, they sure do use the heck out of it to target you with more stuff to buy. Is this creepy? Well, with so much data floating around in so many places (and we're talking a lot of places, both within Amazon and with third parties too), yeah, Amazon’s Smart Thermostat controlled by Alexa and her Hunches can feel pretty creepy.

Tips to protect yourself

  • If you use Alexa, delete your historical voice recordings from time to time, by saying “delete what I just said"
mobile Privacy warning Security A.I.

Can it snoop on me? information

Camera

Device: No

App: Yes

Microphone

Device: Yes

App: Yes

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

Amazon says they do not sell your personal information. They combine your voice data with third-party data to answer your requests as well as to train Alexa's speech recognition. You can choose to not save any voice recordings, but it will cost you some features.

While voice recordings won't be used for ad personalization, the transcripts of recordings, and the list of actions that Alexa did in response to your voice commands, may be.

Amazon uses personal information for purposes such as advertisement, recommendation and personalisation. Some personal data may be shared with the third parties. Amazon provides third-party advertisers with information that allows them to serve you more targeted ads, though it claims to not use information that personally identifies you. Instead, Amazon uses an advertising identifier like a cookie or other device identifier. The company also promises it does not "knowingly collect personal information from children" under 13 without parental consent.

How can you control your data?

You can review and delete your voice recordings, one by one, by date range, or all at once. You can also set up an auto-deletion to automatically delete recordings older than 3 or 18 months. You can choose to not save any voice recordings, at the cost of some features. If you choose not to have any voice recordings saved, the text transcripts of your requests will be still retained for 30 days, after which they will be automatically deleted.

Note that even when audio or text records are deleted, Amazon may still retain other data concerning your interactions, such as all records of actions Alexa took in response to your request. They say this allows them to do things like continue to provide your reminders, timers, and alarms, process your orders, remember the things you've taught Alexa, and show your shopping and to-do lists and messages sent through Alexa Communications.

If your request was processed by an Alexa skill, deleting your voice recordings does not delete any information that was authorized to be given to and retained by the developer of that skill. Skill developers do not receive voice recordings, but they may be receiving recordings' transcripts or records of actions Alexa took in response to your requests. This is problematic, because a big share of more than 100,000 skills are developed by third parties that are not necessarily bound by Amazon’s privacy policies. The research by North Carolina State University found that "23.3% of 1,146 skills that requested access to privacy-sensitive data either didn't have privacy policies or their privacy policies were misleading or incomplete. For example, some requested private information even though their privacy policies stated they were not requesting private information." In addition to misleading privacy policies, issues included things like developers being able to claim fake identity ('Samsung', 'Apple'), multiple skills sharing the same Alexa trigger words, etc.

Amazon collects data from third parties about you, to target ads better: "Some third-parties may provide Amazon pseudonymized information about you (such as demographic information or sites where you have been shown ads) from offline and online sources that we may use to provide you more relevant and useful advertising."

Amazon's privacy statement is not entirely clear regarding deletion rights: "To the extent required by applicable law, you may have the right to request access to or delete your personal information. If you wish to do any of these things, please contact Customer Service. Depending on your data choices, certain services may be limited or unavailable.

What is the company’s known track record of protecting users’ data?

Needs Improvement

In August 2020, security researchers from Check Point pointed out a flaw in Amazon's Alexa smart home devices that could have allowed hackers access to personal information and conversation history. Amazon promptly fixed the bug.

In October 2020, Amazon fired an employee for leaking customer email addresses to an unnamed third party.

In October 2019, Forbes reported that Amazon employees were listening to Amazon Cloud Cam recording, to train its AI algorithm.

In April 2019, it was revealed that thousands of employees, many of whom are contract workers and some not even directly employed by Amazon, had access to both voice and text transcripts of Alexa interactions.

In 2018, Amazon's Echo Dot device recorded private conversation and sent it to random contact. The recording consisted of 1,700 audio files.

Can this product be used offline?

No

User-friendly privacy information?

Yes

In addition to general privacy notice, Amazon provides a privacy FAQ with answers to key questions about Alexa.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Yes

Does the product use AI? information

Yes

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

The Alexa AI runs the Amazon Smart Thermostat, and customers can enable "Hunches" so that the thermostat will go up, down, off, or on, based on when Alexa thinks what you need.

Is the company transparent about how the AI works?

Yes

Does the user have control over the AI features?

Can’t Determine


News

Security Researchers Probed 90,194 Amazon Alexa Skills—The Results Were Shocking
Forbes
A research team comprising experts from North Carolina State University (NCSU) and the Ruhr-University Bochum in Germany recently undertook a study of Amazon Alexa skills.
'Alexa, are you invading my privacy?' – the dark side of our voice assistants
The Guardian
One day in 2017, Alexa went rogue. When Martin Josephson, who lives in London, came home from work, he heard his Amazon Echo Dot voice assistant spitting out fragmentary commands, seemingly based on his previous interactions with the device. It appeared to be regurgitating requests to book train tickets for journeys he had already taken and to record TV shows that he had already watched. Josephson had not said the wake word – “Alexa” – to activate it and nothing he said would stop it. It was, he says, “Kafkaesque”.
Study Reveals Extent of Privacy Vulnerabilities With Amazon’s Alexa
NC State University
Issues range from misleading privacy policies to the ability of third-parties to change the code of their programs after receiving Amazon approval.
‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security
Politico
YOUR ORDER HISTORY. Your credit card information. Even your intimate health data. Amazon is amassing an empire of data as the online retailer ventures into ever more areas of our lives. But the company's efforts to protect the information it collects are inadequate, according to insiders who warn the company's security shortfalls expose users' information to potential breaches, theft and exploitation.
Alexa Skills are easy to exploit in a number of worrying ways
Input Magazine
If you’ve ever been worried about the security or privacy credentials of your Alexa-connected devices, there’s some new data that may have you unplugging them immediately.

Comments

Got a comment? Let us hear it.