Ostrzeżenie: *Prywatność dla tego produktu do nabycia osobno
Amazon sells three remotes that work with their Fire TV line of streaming media players. There's the low end Alexa Voice Remote, the mid-range Fire TV Alexa Voice Remote, and their newly launched high-end Alexa Voice Remote Pro. What do they do? Well, they basically control your TV, of course. And with that built-in microphone ready to listen to your commands, you can also do things like say, "Hey Alexa, dim the lights" if you have Amazon's smart light bulbs, or "Hey Alexa, show me the neighbor's front yard" if you have your Ring video doorbell pointed at your neighbor's house. Which, let's be honest, is super creepy. You can also ask the remote to play a show or with the Pro version, have Alexa help you find that darn remote when it gets lost in the couch cushions. All this sounds great, but yeah, you still have to trust Amazon with all that data it collects on you.
Co się może stać, jeśli coś pójdzie nie tak?
Amazon proudly states they are "not in the business of selling your personal information to others." True. But, Amazon doesn’t need to sell your personal information to others when they have their own retail and advertising juggernaut to use your data to sell you more stuff. Because Amazon is in the business of selling you more stuff. And it’s not just Amazon hoping to sell you stuff. Amazon has a whole program for others to sell you stuff on on their sites too. And those sellers get to use that data Amazon collects on you to target you with the stuff they want to sell. So, while Amazon might not be in the business of selling your personal information, they are in the business of collecting as much of your personal information as they can, then selling access to that personal information to others to target you with ads to sell you more stuff.
And to do this, Amazon likes to collect an enormous amount of data on you. Things like: records of your shopping habits, Alexa search requests, the TV shows you watch and when you watch them, the music you stream, the podcasts you listen to, when you turn your lights on and off, when you lock your doors, identifiers such as your name, address, phone numbers, or IP address, your age, gender, your location, audio and visual information like those Alexa-requests or photos you take, the names and numbers of people listed in your contacts. The list goes on and on and on. And Amazon's Fire TV can collect a whole lot of data on your device usage, app usage, and over-the-air viewing data.
And what do they do with all that personal information they collect on you? Well, they use it to target you with advertising, of course. Lots and lots of advertising. They do say they don’t use information that personally identifies you to display interest-based ads (of course, we have to trust them on this, which, given their track record, might not be a wise thing to do). They also use your personal information to identify your preferences and personalize products and services to keep you using those products and services as much as possible. And they say they can share that personal information with a number of third parties.
And when we say a number, we don’t exactly know how many third parties because Amazon doesn’t share that information. We must assume it’s a lot of third parties because they say they can share your data with everyone from all the companies they use to provide third party services. That means the companies that do things like help them with marketing, manage credit risk, analyze data, send mail and email, and more. Then there’s the third parties that offer services, products, apps, and Alexa skills through Amazon Services. And then there’s the business affiliates and other companies Amazon buys that could get access to your data too. Given that Amazon is a vast empire -- think Ring, Blink, Eero, Whole Foods, and beyond -- that’s potentially a lot of places your data could end up.
Let’s talk for a minute about Alexa itself. Amazon’s AI that’s built into everything from your Echo smart speaker to your headphones to your remote control comes with its own set of questions and concerns. Amazon does make it possible to automatically delete voice recordings immediately after they are processed. That's a nice feature after the controversy around human reviewers listening in to Alexa voice recordings. However, Amazon says when you delete your voice recordings, they still can keep data of the interactions those recordings triggered. So, if you buy a pregnancy test through Amazon Alexa, Amazon won't forget you bought that pregnancy test just because you ask them to delete the voice recording of that purchase. That record of the purchase is data they have on you going forward and may use to target you with ads for more stuff.
And then there are Alexa Skills, those little apps you use to interact with Alexa. These Skills can be developed by just about anyone with the, uhm, skill. And with too many of the Skills, third-party privacy policies are misleading, incomplete, or simply nonexistent, according to one recent study. When your data is processed by an Alexa Skill, deleting your voice recordings doesn’t delete the data the developer of that Skill collects on you. With over 100,000 Alexa Skills out there, many of them developed by third parties, now your data is floating around in places you might never have imagined.
Oh, let’s not forget Amazon’s terrible, awful, no-good track record at protecting and respecting their customers' data. So far in 2023 alone, Amazon has been been charged by the FTC in the US for violating children's privacy laws by keeping kids voice recordings and location data for years and undermining parent's deletion requests of their kids data. This resulted in Amazon agreeing to pay a $25 million penalty. Then Amazon got sued by the FTC for enrolling people in Amazon Prime without their consent and then making it way too hard to cancel the subscription. Amazon also had to settle with the FTC again for $5,8 million for poor privacy and security in their Ring cameras that let employees spy on customers through the cameras. Shoot, last year we here at *Privacy Not Included found a security vulnerability in Ring cameras and reported to Amazon to fix. They, so far as we can tell, have done nothing to fix this security issue. All this and then in September, 2023 the FTC and 17 US state Attorneys General sued Amazon for "illegally maintaining monopoly power."
That's all just in 2023 alone. If you look back further, you'll find more Amazon issues. There’s the Amazon employee who was caught stealing the personal information of over 100 million CapitolOne customers. And that’s not the only time Amazon employees with access to lots of customer data were caught leaking customers personal information. It’s happened quite a few times, actually. And then there’s the Alexa security bug that opened the door for hackers to potentially access users personal information and even their conversation history. These are some of the known privacy and security issues Amazon has had (there could be more unknown ones as well). And we get it, Amazon is a huge company with many products and employees and it’s impossible to secure everything 100% of the time. But that’s the point. When you collect such a vast amount of personal information on people, you’ve got to be super, duper, extra careful to secure it everywhere, all the time. Amazon has shown they can’t always do that.
So, what’s the worst that could happen? Well, Amazon could learn all the shows you like to watch and start targeting you with ads for all the other streaming services out there. You can't resist and join them all, sending you into bankruptcy because there are so many dang streaming services these days! If you want Amazon to stop trying to sell you more stuff, you can (and should!) opt-out of some data collection and processing. So yeah, while Amazon doesn't sell your personal information, they sure do use the heck out of it to target you with more stuff to buy.
One more note on Amazon from a privacy researcher’s point of view. Trying to read through Amazon’s crazy network of privacy policies, privacy FAQs, privacy statements, privacy notices, and privacy documentation for their vast empire is a nightmare. There’s so many documents that link to other documents that link back even more documents that understanding and making sense of Amazon’s actual privacy practices feels almost impossible. We wonder if this is by design, to confuse us all so we just give up? Or, if maybe even Amazon’s own employees possibly don’t know and understand the vast network of privacy policies and documentation they have living all over the place? Regardless, this privacy researcher would love to see Amazon do better when it comes to making their privacy policies accessible to the consumers they impact.
Wskazówki, jak się chronić
- Manage your preferences for third parties and reset your Alexa Advertising IDs, by visiting Settings > Alexa Privacy > Manage Skill Permissions and Ad Preferences in the Alexa app and Echo Show devices.
- Switch off interest-based ads delivered by Amazon on Alexa. You can manage this setting at Settings > Alexa Privacy > Manage Your Alexa Data in the Alexa app and Echo Show devices.
- Manage your Alexa privacy settings
- Turn on "Do Not Send Voice Recordings"
- Turn the microphone off when you do not need it
- Regularly delete your voice history or set an auto-deletion of the old voice data
- Minimize usage of Alexa Skills to only the most trusted ones
- When using Amazon Skills, be mindful that they are not operating under Amazon's privacy policy. Better not share sensitive data with Skills' developers.
- Set up Anonymous Mode when using the app to protect your data
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
Czy może mnie podsłuchiwać?
Aparat
Urządzenie: Nie
Aplikacja: Nie
Mikrofon
Urządzenie: Tak
Aplikacja: Tak
Śledzi położenie
Urządzenie: Tak
Aplikacja: Tak
Czego można użyć do rejestracji?
Tak
Telefon
Nie
Konto firmy trzeciej
Nie
Jakie dane zbiera ta firma?
Osobiste
Identifiers such as your name, alias, address, phone numbers, IP address, your Amazon account log-in information, or a government-issued identifier (e.g. a social security number, which may be required for tax purposes if you are a Seller); personal information, such as a credit card number or other payment information; information that may reveal age, gender, race, sexual orientation, or other protected classifications, for example if you create a child profile, baby registry, or wedding registry, or if an author voluntarily self-identifies their racial identity for cataloging purposes; commercial information, such as purchase and content streaming activity; internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details, and the content of email and text messages, such as those you can send with Alexa or that are processed through Alexa's VIP Filter; inference data, such as information about your purchase preferences.
Związane z ciałem
"Biometric information, such as your voice profile; Audio or visual information, such as voice recordings when you speak to Alexa."
Społecznościowe
Contacts (optional, for making calls)
Jak ta firma wykorzystuje te dane?
Jak możesz kontrolować swoje dane?
Jaka jest znana historia tej firmy w zakresie ochrony danych użytkowników?
In September 2023, FTC filed a lawsuit against Amazon for illegally maintaining monopoly power.
In July 2023, Apple and Amazon were fined by Spain antitrust watchdog.
In June 2023. the FTC took action against Amazon for "for its years-long effort to enroll consumers into its Prime program without their consent while knowingly making it difficult for consumers to cancel their subscriptions to Prime."
In June 2023, Mozilla published a major security vulnerability in the Amazon Ring Video Doorbell. Amazon has still not fixed this security vulnerability.
In March 2023, FTC and DOJ charged Amazon with violating Children’s Privacy Law by keeping kids’ Alexa voice recordings forever and undermining parents’ deletion requests.
In 2023, the company also agreed to pay $5.8 million in customer refunds for alleged privacy violations involving its doorbell camera Amazon Ring.
In 2022, Paige Thompson, a former Amazon employee accused of stealing the personal information of 100 million customers by breaching banking giant CapitalOne in 2019, was found guilty by a Seattle jury on charges of wire fraud and computer hacking.
In July 2021, the Luxembourg National Commission for Data Protection issued a 746 million euro fine to Amazon for allegedly violating the European Union’s General Data Protection Regulation (GDPR).
In August 2020, security researchers from Check Point pointed out a flaw in Amazon's Alexa smart home devices that could have allowed hackers access to personal information and conversation history. Amazon promptly fixed the bug.
In October 2020, Amazon fired an employee for leaking customer email addresses to an unnamed third party.
In October 2019, Forbes reported that Amazon employees were listening to Amazon Cloud Cam recording, to train its AI algorithm.
In April 2019, it was revealed that thousands of employees, many of whom are contract workers and some not even directly employed by Amazon, had access to both voice and text transcripts of Alexa interactions.
Informacje o prywatności dziecka
Czy ten produkt może być używany bez połączenia z siecią?
Przyjazne dla użytkownika informacje o prywatności?
Amazon has a complicated mess of various privacy policies, privacy hubs, FAQs, and Advertising Preference pages, and more that is difficult to find, navigate, read, and understand.
Odnośniki do informacji o prywatności
Czy ten produkt spełnia nasze minimalne standardy bezpieczeństwa?
Szyfrowanie
Silne hasło
Password-protected Amazon account is needed to set up Alexa.
Aktualizacje zabezpieczeń
Zajmuje się problemami z bezpieczeństwem
Amazon has a bug bounty program.
Zasady ochrony prywatności
Alexa provides some information about its AI at the Alexa FAQ and the Amazon Science webpages: https://www.amazon.com/gp/help/customer/display.html?nodeId=201602230 https://www.amazon.science/tag/alexa
Czy tej sztucznej inteligencji nie można ufać?
Jakie decyzje sztuczna inteligencja podejmuje o Tobie lub za Ciebie?
Czy firma jest przejrzysta w kwestii działania sztucznej inteligencji?
Czy użytkownik ma kontrolę nad funkcjami sztucznej inteligencji?
Dowiedz się więcej
-
Amazon faces $30 million fine over Ring, Alexa privacy violationsBleepingComputer
-
Amazon to Pay $25 Million to Settle Children’s Privacy ChargesNY Ties
-
Amazon settlements highlight concerns about digital privacy protectionsYahoo! News
-
Amazon to Pay $30M for Ring and Alexa Privacy Violations: Tips for Protecting Your Smart Home DataCNet
-
FTC and DOJ Charge Amazon with Violating Children’s Privacy Law by Keeping Kids’ Alexa Voice Recordings Forever and Undermining Parents’ Deletion RequestsFederal Trade Commission
-
Mozilla Publishes Ring Doorbell Vulnerability Following Amazon’s ApathyMozilla Foundation
-
Tour Amazon’s dream home, where every appliance is also a spyThe Washington Post
-
I Want You Back: Getting My Personal Data From Amazon Was Weeks of Confusion and TediumThe Intercept
-
Here’s How Amazon Tracks You in 2022 (and how to stop them)All Things Secured
-
Amazon Alexa Voice Data Tracking Might Lead To Privacy Issues; How To Prevent It?Tech Times
-
Amazon demonstrates Alexa mimicking the voice of a deceased relativeCNBC
-
Does Amazon Sell Your Personal Information?DeleteMe
-
Column: Do you really want Amazon’s new drugstore knowing your medical condition?Los Angeles Times
-
Amazon Data Breaches: Full Timeline Through 2022Firewall Times
-
'Alexa, are you invading my privacy?' – the dark side of our voice assistantsThe Guardian
-
Amazon Echo’s privacy issues go way beyond voice recordingsThe Conversation
-
Security Researchers Probed 90,194 Amazon Alexa Skills—The Results Were ShockingForbes
-
Alexa vulnerability is a reminder to delete your voice historyCNET
-
Amazon wants us to stop talking to Alexa so muchCNBC
-
Alexa Skills are easy to exploit in a number of worrying waysInput Magazine
Komentarze
Masz uwagi? Podziel się nimi z nami.