Like everything in life I guess. No immediate reason to fear it, until there is. And by then it will be too late. Murphy's law, Moore's law. It's not a problem now, until it is.

The question to ask now is, is the trade-off worth it? Or more specifically, what do you do with it that is truly useful? Not just asking for weather or math answers. But does it do something truly unique and important in your life? Productivity? Business use? Or just basic hands-free conveniences?
I'm interested in asking for general facts, weather, math, cooking conversions, spellings, Spotify music playing, bank balance, intercom, messaging to phones, alarms, custom skills. I'm sure more interesting things would also reveal themselves.

@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:

@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.

How is this even similar in your mind? I can't even imagine what aspect of this you are picturing makes one anything like the other. I truly have no idea how you missing a CHrome installer as being related to HP hacking customers. What's the connection?

The connection is something being installed without express permission. How is it you aren't seeing the connection? Chrome is a legit program, very likely the HP DaaS management tool is also a legit tool. You said yourself malware can also be legit packaging. But you call the HP malware and not Chrome. How is that confusing? It's the same thing to me.
In one case, some random program also thew in Chrome without my permission. And in the other case Windows updates threw in some HP software without permission. Both legitimate software with legitimate purposes and uses, but neither expressly permitted.

@scottalanmiller said in Is the Echo trustworthy?:

@guyinpv said in Is the Echo trustworthy?:

@scottalanmiller said in Is the Echo trustworthy?:

@guyinpv said in Is the Echo trustworthy?:

@scottalanmiller said in Is the Echo trustworthy?:

@guyinpv said in Is the Echo trustworthy?:

Yes I trust that in the meantime the phone isn't just recording me and listening anyway.

Alexa / Echo is a phone now. Does that solve the problem by crossing the barrier into trusted?

No.

When I say "alexa", the Dot is going to answer.

When I say "hello Google", my phone does nothing.

That only means it doesn't respond. Doesn't tell you it isn't listening. The thing you are worried about cannot be tested that way. That only tells you about legit use, which was never your concern.

What you just wrote is basically "they can do completely sneaky things completely against terms of use and there is no way we can know about it".
Hence why this is such a good security debate to have. Who are the gatekeepers and the watchman?

My point was this applies to all devices like this equally and singling one or one type out doesn't make sense. Your phone is an equal or greater risk to an Alexa, as it is so much more powerful and ubiquitous.

Isn't this just what I was saying in the HP malware thread? Well everything else phones home too, probably without express permission. The only reason we single out HP is they were caught. But in reality, HP is no bigger threat than anything else on a computer that is phoning home. We're just mad cause we know about it.

In all honestly, I'm sure all these smart devices are just fine as of right now. But what is done with the data collecting is the long term concern.

I've been reading more about it. We can apparently go in and delete Alexa recordings and some history. And they claim no audio except maybe a second before the wake word is sent to Amazon. And only about 60 seconds of pre-recording is done at all times when listening for the wake word, but the 60 seconds is always overwritten by the following seconds, and it's not sent to Amazon.

I suppose the safest way to use it is to create a fresh Amazon account, don't allow shopping or ability to spend money or send money with banks etc.
You can apparently turn on a stop-listening sound or tone to beep when Alexa stops listening, so you know when you can carry on conversation.
You can delete recordings and listen to them.
And of course you can mute with the button if needed.
And for some reason, Amazon claims there is no way for hackers to activate a mic and get their own recordings.

But other people have made claims too. Like one person said they were discussing babies together and suddenly diaper ads appeared in their Kindle. It really makes you wonder. Why would Amazon, or Google, NOT use your private conversations to advertise to you?

@tim_g said in HP Possible pulling a Lenovo with Stealthy spyware?:

@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:

@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

This is either malicious or an accident pushing DaaS tools to computers that don't need it.

We can't know that. We cannot have any assumption that only legitimate data is being collected. Is that a possibility? Yes. Can we assume it? Absolutely not. Unless you can prove everything that is and can be collected with it, you have to treat it as stealing anything and everything. This is malware we are talking about.

It's not malware if it's just a system management tool as part of their DaaS program. In this case it would just be a tool accidentally getting installed on systems that haven't been enrolled in the program.

Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.

Trojans are just management tools, too.

Object your honor, relevance.

Ya, well, 10 years ago they also bought Office 2007 (single license) and installed it on as many computers as it would go. And kept installing it on new computers when purchased.

Since the O365 user can be installed on 5 computers and 5 mobiles or whatever, they are going to do just that.

@scottalanmiller said in Is the Echo trustworthy?:

@guyinpv said in Is the Echo trustworthy?:

@scottalanmiller said in Is the Echo trustworthy?:

@guyinpv said in Is the Echo trustworthy?:

Yes I trust that in the meantime the phone isn't just recording me and listening anyway.

Alexa / Echo is a phone now. Does that solve the problem by crossing the barrier into trusted?

No.

When I say "alexa", the Dot is going to answer.

When I say "hello Google", my phone does nothing.

That only means it doesn't respond. Doesn't tell you it isn't listening. The thing you are worried about cannot be tested that way. That only tells you about legit use, which was never your concern.

What you just wrote is basically "they can do completely sneaky things completely against terms of use and there is no way we can know about it".
Hence why this is such a good security debate to have. Who are the gatekeepers and the watchman?

@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:

@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

This is either malicious or an accident pushing DaaS tools to computers that don't need it.

We can't know that. We cannot have any assumption that only legitimate data is being collected. Is that a possibility? Yes. Can we assume it? Absolutely not. Unless you can prove everything that is and can be collected with it, you have to treat it as stealing anything and everything. This is malware we are talking about.

It's not malware if it's just a system management tool as part of their DaaS program. In this case it would just be a tool accidentally getting installed on systems that haven't been enrolled in the program.

Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.

Theme is only part of it really. Though I really wish they would modernize.

The MS ribbon didn't get good reviews when it first came out. Anything different is immediately attacked.
But over time it makes sense, organizing groups of similar buttons and collapsing the ribbon, etc. LO and OO are still just like, 'here are 142 buttons all in rows, you're welcome'.

It's less about the theme I think, and more about file compatibility. I can open Word files sent to me by others, but it's not always the case an ODF or something will be compatible with some other person's Office 2010, or that the formatting will remain the same when we send it to them even if they can open it.

@scottalanmiller said in Is the Echo trustworthy?:

@guyinpv said in Is the Echo trustworthy?:

Yes I trust that in the meantime the phone isn't just recording me and listening anyway.

Alexa / Echo is a phone now. Does that solve the problem by crossing the barrier into trusted?

No.

When I say "alexa", the Dot is going to answer.

When I say "hello Google", my phone does nothing.

But really, I don't trust Google any more than Amazon, so this is a general concern indeed. It applies to both.

I should say this. The security aspect isn't just about whether Amazon itself listens to more than I bargained for, because presumably we still have a data contract and whatever it's listening to and why, is still just part of normal Alexa services.

The second security question is what is done with the data. The profiling and data collection, which is perhaps a more scary subject. And who they can or will or be forced to share the data with in the future. There is even the concern of Amazon simply being hacked and such profiles stolen. That's not outside the realm of possibility.

I don't consider myself a tin foil person, but the general trend in western societies is getting more and more invasive. Especially when it comes to thought policing. Whether thinking the wrong thoughts or believing the wrong things is becoming legally punishable. What happens if Amazon has a record of a discussion in your home where Bruce Jenner was mentioned without using proper gender pronouns? Something that probably happens all the time and is nobodies business. Yet in Canada, not using requested genera pronouns is legally punishable.

If ever there is a time where thought policing becomes a thing in America, there will be zero microphones recording anything in my home. Not because I'm personally being naughty, but I also don't control what other people say who may be in the house; friends, parties, visitors, etc.

There are definitely countries in this world where criticizing the government leadership is a punishable offense. Wouldn't they just love to have microphones in the homes of their people?

It's all pretty alarming what the future holds for such devices.

Google and Amazon may be more or less trustworthy now. And our massive data profiles may not be useful now, but they could become useful or even incriminating in 10 years from now. Or useful if hacked and stolen.

That's why I really did wonder, if I don't want the Echo in a year or two, can I wipe my whole profile out? I don't know.

@scottalanmiller said in Is the Echo trustworthy?:

@guyinpv said in Is the Echo trustworthy?:

I really want the thing, I'm ready to buy three of them, but the security concerns are overwhelming.

What's the concern over other similar devices? Only real difference is the audio quality of the device.

I assume when I turn off voice activated abilities on my phone, that's the end of it.

As well the physical barrier. For example to use Google voice, I have to literally press the voice button or whatever, to open it up to speaking.

Yes I trust that in the meantime the phone isn't just recording me and listening anyway.

Libre and OpenOffice are ugly as snot, unless you like using programs from Visual Basic 6 era, I dunno.

I've always had trouble opening MS Office stuff within these apps, formatting goes wonky, images, tables, print layouts. Excel scripts, VBA, I use all the time.
We have hundreds of Office documents, and people send us Office documents. I have Excel files connected to data sources, used for reporting, formatting PDF output files.

I tried switching once, and over weeks they could never understand the use of save-as to put things in proper formats. If you have to do anything besides ctrl-s or file-save, brains explode. Literally, entrails on the walls, it's messy. Buttons moving around and aren't in the right toolbar locations, panic ensues.

You are definitely right in that 90% of documents are like a few headings and some bold and italic here and there. And most spreadsheets are just naming the headers and entering basic data. But even if that is 90% of documents, the most important documents are the other 10%, the most critical ones, the hard ones, the advanced ones.

I've given up the battle. I bought O365 thinking we'd finally have everything in one, the newest Office, a terabyte of OneDrive. But even that was a fight. Boss though it was useless to buy everyone a license, so I was only allowed to buy 5 licenses and other people in the building are using the same accounts, since they can be used on up to five devices.
I can't win, and I'm not going to try any more. I have to take even the smallest victories as a good thing.

@rojoloco said in Is the Echo trustworthy?:

@jaredbusch interesting. I wish there had been a link to the article saying they sent lots of data, I'd like to see their methodology and numbers.

To me, the difference in being trustworthy is based on which devices have built in microphones. I'd wager that those mics can't be disabled, and that's where I draw the line personally. I'm good with typing my searches and keeping private conversation private.

In a document somewhere or another, the open connection to Amazon isn't activated until the keyword is spoken.
So it's always listening but not always sending/recording. It only listens for "alexa" and that opens the phone call to Amazon where the command is sent and analyzed.

The biggest tin foil fear is obviously whether Amazon (or any other middleman) is able to latch on those microphones or send phone calls to Amazon whether you ask it to or not.

What if Amazon decides that other keywords become important and secretly records when those are talked about?

I assume they are not doing that now, but this is one of those cases where it's like, it's so easy to do, it's just there, it's possible. And Murphy's law, if it can happen, then it eventually will. Neither humans nor corporations nor governments can be fully trusted. Especially not with something as tempting as always-on microphones that can record anything going on in any home in the world that has one connected.

And who are the gatekeepers and the watchman? I assume there are plenty of nerds interesting in monitoring outgoing traffic from these things and looking for foul play, but if connections are encrypted and all that? I don't know, who is monitoring the monitor? And who can take down Amazon if there is foul play?

I really want the thing, I'm ready to buy three of them, but the security concerns are overwhelming.

@scottalanmiller said in Looking for some neat Server Build Projects:

@guyinpv said in Looking for some neat Server Build Projects:

Well I guess I'll just have to buy O365 to get Word and Excel. Then buy Google Apps to get Drive. Then buy some other suite just to get a decent intranet. Then another suite to get some notes. Then another suite just to get the wiki. ffs

Why do you need Word and Excel? I mean lots of people need them but why do you?

Because all the non-techy people are used to Office. I only recently finally got them to stop using old copies of Office 2007. At least now they can use 2016 on O365. They will not use anything else, and threw a hissy fit when MS started pushing Office as a subscription model. They were THIS close to forcing us to keep using 2007 just because we happened to have those licenses and the software still runs fine.

MS's licensing model is such a pain. All I want is updated software, and all the boss wants is to not spend thousands of dollars upgrading when the old stuff "still works". And nothing compares to Word/Excel right now. Don't even bother telling me to try doing spreadsheets in the cloud in a web browser on Google. No chance of ever getting anybody around here to do that.

Youtube Video

If this was just a part of their DaaS service, then it's just a central management tool that is reporting on hardware/software issues, i.e. like Spiceworks I suppose.

http://www8.hp.com/us/en/services/daas.html

Question is, DaaS is a paid thing, so why would their telemetry tool be automatically installed on hardware that isn't enrolled in a DaaS plan?

Either this is just a windows update goof, or HP decides all computers need the tool even when not enrolled in any DaaS program. And if so, who is collecting the data?

This is either malicious or an accident pushing DaaS tools to computers that don't need it.

So I'm considering Echo for a couple different purposes.

One would be at home, I'd want two, one for living room area and another in my home office. Since Echo has a kind of intercom/walkie-talkie feature, it would be good for voice activated chat or messages or however that works. We have a new born so if the wife is stuck on the couch she could use voice to send me a quick message easily, that sort of thing.

The other purpose would be at my job, at the office. We have 5 employees upstairs and I'm curious about creating some custom skills we can all use, like connect it to a special server for specific commands. For example "Alexa, what are the sales for today" and have it lookup from our store. I can do other kinds of reports and statistics and other fun stuff, if possible.

So the biggest question on my mind is of course security. Obviously all voice commands get sent to Amazon and who knows what kinds of profiles they are building on people.
Can these profiles be erased? If I trash the thing in a year can I make Amazon forget everything it knows about me? That's a big deal I think.

Do you have any fears about it "listening" all the time or sending more data back to Amazon even when not activated by "alexa" or whatever?

These things could either be the biggest AI awesomeness of the century, or the biggest security nightmare on the planet. I don't know. A microphone that's always listening and could potentially be hijacked and used by mother brain or any kind of authorities, governments, hackers, spies, all that tin foil stuff.

Do you feel safe using these things? Whose do you trust the most? Cortana, Alexa, Siri?

The internet never forgets, and that's a scary thing. It's like, in 30 years if you want to run for senate or something, a special committee comes in like "well I mean, it was odd that you looked up the best nude beaches in Spain that one time in 2017".
I hate the idea of spying or storing profile data and histories and such.

Any other thoughts?

Well I guess I'll just have to buy O365 to get Word and Excel. Then buy Google Apps to get Drive. Then buy some other suite just to get a decent intranet. Then another suite to get some notes. Then another suite just to get the wiki. ffs

@irj said in Looking for some neat Server Build Projects:

OneDrive is such a terrible product. It's really flaky for me. Every other cloud storage I've used is leaps and bounds better. It's almost unbelievable how bad it is.

I think it's fine but it does have quirks. Folder/file level issues, file names, symbols, etc.

We use Box at work and have had endless issues with it. Some issues as bad as literally seeing files on one computer that never sync to another, and yet the files are seen in the cloud, but they refused to sync down to a device. We are constantly having to delete files from the cloud just so we can try to reupload them to sync. Just lots of issues. Background app suddenly dies and does nothing, even though icon is still in system tray.

OneDrive at least is more keen on stayling alive and reporting sync issues. Box just sort of silently dies and we discover problems later.

For me, since we have Office365 (mainly just to get Office suite), it really sucks that Sharepoint is bad, OneDrive is bad, OneNote is bad, etc etc. I really wish O365 just worked great and I didn't have to also go buy alternate services, ignoring MS ones I'm already buying.

@tim_g said in HP Possible pulling a Lenovo with Stealthy spyware?:

@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:

@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

Every device phones home licenses and logins and maybe even usage data. But since they don't ask us, and we don't see, it must be ok.

What are you talking about? Can you provide concrete examples? I don't know of any that have been ignored like you are suggesting.

Windows 10 wants you to sign in with a Microsoft account. We know it stores your licensing and account data, but apparently stores all your entire configurations too, and can track usage and Cortana data and voice learning and a million other things.
I bet MS is collecting 10x the info (and more personal too) that HP is.

I like this, because I use MS Services, and I like the benefits of my stuff being processed by their AI. I get messages from Cortana on my Android phone when my football team wins (they don't lose, so I haven't been getting those), I get reminders when things are nearing on my calendar... I get notifications when my packages are shipped/arrived... etc etc etc. That stuff I'm aware of and I actually want it.

And what benefits would result from HP being able to collect data? Better diagnostics, hardware updates, driver support, bug fixing, I dunno.

@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:

Google is storing THEIR data, not mine.

And you know this?

You know HP is not just storing HP hardware related usage info?

@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:

@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:

Every device phones home licenses and logins and maybe even usage data. But since they don't ask us, and we don't see, it must be ok.

What are you talking about? Can you provide concrete examples? I don't know of any that have been ignored like you are suggesting.

Windows 10 wants you to sign in with a Microsoft account. We know it stores your licensing and account data, but apparently stores all your entire configurations too, and can track usage and Cortana data and voice learning and a million other things.
I bet MS is collecting 10x the info (and more personal too) that HP is.