Everyone talks about Bloomberg's report that Amazon employees are listening to the voice recordings you made while talking to Alexa. But Amazon is far from being alone. So, tech companies can and can view and have the private data you upload.
Reading your notes to stalking minor
Let's talk to some examples of Evernote employees who are reading about their private notes from Google and Facebook employees talking to people.
- Google once fired a Site Reliability Engineer for using its access to Google servers for stealing and spying Several minors tap their Google Voice call logs, access their chat logs, and unlock a friend's friends list. Site Reliability Engineers have access to everything because they need it for their work – and it's possible that employees abuse and abuse that access, as did this engineer in 2010.
- Facebook fired a security engineer who used his access to Facebook In 2018, several women are reported to be stolen online. Motherboard reported that other employees had been terminated for stalking their exes and other similarly scary things.
- We recommend that apps do not allow access to your emails. However, if you do, these apps may read people reading your email. This is true for Gmail, Outlook.com, or another email account. The Wall Street Journal reported that human engineers working for a number of companies responsible for these apps have worked hundreds of thousands of e-mails to train their algorithms.
This is not an exhaustive list. Facebook once had a bug that made private developers accessible to app developers, and your employer can read your private messages in Slack, which means they're not that private. Even the NSA has reportedly had to lay off people for using state surveillance systems to spy on their ex-members. And any company that has your data will hand it over to the government as soon as an arrest warrant exists, as Amazon did when Alexa heard a double murder.
The cloud is just someone else's computer
If you use a service that uploads your data to a "cloud" service, only that data is stored on a company's servers. And the company can see the data if it wants.
That's easy enough, but reports of people listening to our voice recordings are still somehow shocking. We may all assume that there is just too much data and people could not investigate it, or we believe that there must be some kind of law that prevents technology companies from looking at that stuff. But at least in the US, we do not have any laws that would prevent companies from seeing this data – as long as they are honest, perhaps by exposing that fact in a service document that nobody reads
Even language assistants are not just Amazon. As Bloomberg himself puts it, even Apple, which focuses on privacy, has people who listen to Siri recordings to train the algorithms that make these language assistants work. According to Bloomberg, some Google reviewers also hear recordings made with Google Home devices.
Legitimate reasons why people could look at your data
Hiring creepy stalkers and When other people abuse their access, there are some valid reasons that make one employee
- Government Requests : An arrest warrant may force a company to search your information for relevant information and to contact the government
- training algorithms : Due to the nature of machine learning algorithms used in software require human intervention during the training process. That's why people listen to Alexa and Siri shots, so Evernote wanted people to look through your notes.
- Quality Assurance : Companies may be reviewing records or other data to determine how their service works. Even if you talk to a robot, someone else can listen to the recording later to see how it went.
- Customer Support : A business may request permission to view your data, if you'd like assistance. At least, the company will hopefully only do this with your permission – which is just as easy as sending with a tweet like Google Photos.
- Reported Violations : A business can view your data to view reports of violations. For example, suppose you are talking privately on Facebook. If the other person reported you for harassment or any other violation, Facebook would investigate the conversion.
The only way to stop this: end-to-end encryption
This all happens due to the way the internet works. Despite all the discussions about encrypting your data, data is usually encrypted only when it is sent between your devices and the company's servers. Sure, the data can be stored encrypted on the company's servers – but in a way that the company can access. After all, the company has to decrypt the data to send it to you.
This can only be prevented by using end-to-end or client-side encryption. This means that the software you use encrypts the data on the devices you use and stores only the encrypted data on the company's servers so that the company can not access it. Your data would be yours.
However, this is less convenient in many ways. Services like Google Photos would not be possible because they would not be able to automatically perform tasks on your photos on the company's servers. Companies could not "deduplicate" data and would need to deposit more money. For language assistants, all processing would have to be local, and companies would not be able to use the voice data to train their assistants better.
If you lose your encryption key, you will lose access to your data. If the company may be able to give you access to your files again, it means the company can access your files from the start.
RELATED: Why most web services do not use end-to-end encryption