• PSA for Amazon Alexa users.

    https://news.ycombinator.com/item?id=29561997

    We use Alexa a lot, but this week I had to unplug every Alexa in the house because a distant family member had gained access to the family Amazon account and was trying to use the “drop in” feature to listen to our conversations. In the course of our investigation I found out that Alexa does not log privacy related events at all (there is no record of a drop in stored anywhere), and the UI for locking down which profiles and contacts have access to which feature is unbelievably bad. At this point I can’t prove that this person doesn’t still have access somehow (every single contact taken from your phone has unique permissions to drop in) and I can’t delete the profile this person created without contacting customer support. So the devices are going to stay unplugged until I have time to nuke the Amazon account and create a new one.

    Your devices allow spying on you by remote family members and anyone connected to your Amazon or Prime accounts and turning it off is perhaps impossible.

About

Avatar for aggi @aggi started