reminder

Or maybe you don't install a data mining spy device in the office?

So keep cell phone in lockers, no smart TVs, and no Alexa or similar devices.
- Someone should invent the pocket microwave
Is it any different than speaking in front of your smartphone?
I don't own an echo or Google whatever but I've definitely mentioned things and then got ads for that thing within the hour/day. Like cat litter when I don't even own a cat, just mentioned it once for cleaning up spills.
- More likely there's a bunch of data points it can use. Coming within BT range of someone who does have a cat for example. Otherwise all the major smart phone companies would need to be in collision to keep the secret because the battery drain would be so blatant of it was recording, processing, transfering etc.
- I don't have a smoking gun for Google advertising based on conversation, but I mentioned in an email (Gmail) that someone I know was going to the Calgary Stampede, and Google Ads flogged Stetson cowboy hats and the Stampede for weeks after that. It was so conspicuous because normally it's just, "hot singles in your area", "hot Christian singles in your area?" maybe, "hot Christian moms in your area?" Nowadays it's like, "grannies near you want to fuck." FML.
- I don't know about you, but I generally turn my phone off completely when I'm at a doctor or hospital, as per the rules they have posted in the lobby asking me to do so.
True, but I shit myself. Trusted a fart and full on shit my pants.

If the patient's name is Alexa, you're gonna have a bad time

If this is a medical facility, I'd never trust them ever again if I saw an echo there.

Dentist office I went to has a private room with an Echo, they use it to switch playlists without having to touch anything, I guess. Figure they didn't really think it through....
But yeah I was a bit uncomfortable with that. Not that anything private was discussed, I simply had a cavity filled. They're excellent dentists tho, best I've ever seen, so I won't be going elsewhere.
- Maybe mention the potential privacy issue if they're still using echo on your next visit. They might've not aware of it.
Yeah, don’t go looking too hard whenever you’re in a hospital or anything. The number of vulnerabilities I can spot with as little infosec knowledge I have is deeply concerning

You're all missing the real kicker here - this sign is only here for the HIPAA auditor. Everyone knows that no one is actually going to mute the thing.

- We're not all like that. Some of us do really care (a whole lot) about the person, and not just "the patient". We get eye-rolled and sighed at sometimes because we speak up; but it doesn't matter because advocating for our patients is one of our top priorities.
  Some hospitals have better work-cultures than others, but all of them have at least a few who truly give a damn
- No, there is a button to make the Echo stop listening.
  If you want to prove me wrong, it should be incredibly easy to press the button and record the Echos network activity. If you're right you'd still see network traffic. But nobody has been able to show this so far. I wonder why?

It's fascinating how people know that these devices break their privacy, yet they keep using them.

Convenience is one of the most addictive drugs.
Some people just don't care about their privacy and I'm not judging them, you do you!
- Professionals should care about their client's privacy though. That shouldn't be a debate.
- I do judge them. But I would more say that I came to terms with this ugly fact.
They pay to be watched.
- Aw yeah
Take as old as time

Why do they even have an Amazon echo if they know it's a fucking security risk? If you need a speaker, just get a speaker, not one a spyker (sorry, that was shite)

Maybe the family brought it in...

Maybe just don’t have any big tech surveillance devices in the hospital/clinic/whatever.

Friendly reminder to pause your bleeple before you buttlebode your over-driver. You do not want (CCF) cloud confederation forces to scuttle your bodes.

rAmen, brother!
- May his noodly appendage touch you.

But Jeff Benzos is the biggest pharamcist in the world now, so it's fine

Shit like this is why I got a dumb speaker. It just plays audio, it doesn't have a battery (meaning that unplugged = zero power), it doesn't have wifi, it doesn't have an assistant, it just plays the music I ask it to play via Bluetooth.

Why not go further and hardwire?
- Why not take up the kazoo?
- It does have an aux-in, but I don't have anything to plug into it.
- What's wrong with Bluetooth?

And by muted they mean pull the plug

And by pull the plug I mean smash it with a fucking hammer
I was going to say. Can you even mute them?
- Yes, there's a dedicated mute button that literally cuts power to the mic.

I hate it when acronyms aren't clearly defined... PHI stands for Protected Health Information.

This is almost certainly in a provider setting, in which all covered employees will have received extensive training detailing what "PHI" stands for.

FYI: Mutung the echo/Alexa/Google home/etc doesn't stop it from listening, just from making noise itself.

This is not true. I hate these companies, but don't spread misinformation. This one is easy to verify.
- Curious to learn how would you verify it. Wouldn't one has to go as low level as power spikes? Not to sound paranoid but one can't just believe the PR these companies said. Consequently we have to check how the device behaves. It's not because it doesn't send information that it does not process it. One could imagine it logs on specific behavior or keywords and only send information back when "normal" behavior is expected, e.g update check. I'm not trying to imply this is the case, only that verifying doesn't seem "easy" to me.
- Even if it's verified not to spy on you today, they're all one forced update away from always listening and reporting back, either to corporate or a hacker. Don't trust code you can't see.
False. The mute button literally removes power to the microphone. The indicator LED is actually hardwired to indicate the inverse of its power line.

We're living in a dystopian future...

IoT and smart device security only means your data is protected from unauthorized access. It's up to the manufacturer, not the user to decide who can get in.

Remember that S in IoT stands for Security!

reminder that the google home tells you that the mic is muted if you call it. it's basically a telescreen. in the case of the echo show, it is literally a telescreen.

It has a separate local thingy that doesn't talk to the internet for voice activation. This is actually proven.
Not saying google isn't shady as fuck but this particular time its legit.
- so "Muting" your google home effectively puts it in airplane mode?
- Have you made sure of that by monitoring the data sent out? If not, well...
Mine doesn't? I scream at it until I get pissed, look at it, and realize the light is orange.
- It absolutely does. It screams "THE MIC IS CURRENTLY MUTED" whenever I talk while it's muted. Google mini Gen 2

Big brother is listening...

Amazon isn't big brother
- amazon absolutely is big brother lol

The HIPAA strikes again! 🤣