{"id":14825,"date":"2019-03-13T09:10:10","date_gmt":"2019-03-13T17:10:10","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/03\/13\/news-8574\/"},"modified":"2019-03-13T09:10:10","modified_gmt":"2019-03-13T17:10:10","slug":"news-8574","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/03\/13\/news-8574\/","title":{"rendered":"Google\u2019s Nest fiasco harms user trust and invades their privacy"},"content":{"rendered":"

Credit to Author: davidruiz| Date: Wed, 13 Mar 2019 16:30:29 +0000<\/strong><\/p>\n

Technology companies, lawmakers, privacy advocates, and everyday consumers likely disagree about exactly how a company should go about collecting user data. But, following a trust-shattering move by Google last month<\/a> regarding its Nest Secure product, consensus on one issue has emerged: Companies shouldn\u2019t ship products that can surreptitiously spy on users.<\/p>\n

Failing to disclose that a product can collect information from users in ways they couldn\u2019t have reasonably expected is bad form. It invades privacy, breaks trust, and robs consumers of the ability to make informed choices.<\/p>\n

While collecting data on users is nearly inevitable in today\u2019s corporate world, secret, undisclosed, or unpredictable data collection\u2014or data collection abilities\u2014is another problem.<\/p>\n

A smart-home speaker shouldn\u2019t be secretly hiding a video camera. A secure messaging platform shouldn\u2019t have a government-operated backdoor. And a home security hub that controls an alarm, keypad, and motion detector shouldn\u2019t include a clandestine microphone feature\u2014especially one that was never announced to customers.<\/p>\n

And yet, that is precisely what Google\u2019s home security product includes.<\/p>\n

Google fumbles once again<\/h3>\n

Last month, Google announced that its Nest Secure would be updated to work with Google Assistant software. Following the update, users could simply utter \u201cHey Google\u201d to access voice controls on the product line-up\u2019s \u201cNest Guard\u201d device.<\/p>\n

The main problem, though, is that Google never told users that its product had an internal microphone to begin with. Nowhere inside the Nest Guard\u2019s hardware specs, or in its marketing materials, could users find evidence of an installed microphone.<\/p>\n

When Business Insider broke the news, Google fumbled ownership of the problem: “The on-device microphone was never intended to be a secret and should have been listed in the tech specs,” a Google spokesperson said. “That was an error on our part.”<\/p>\n

Customers, academics, and privacy advocates balked at this explanation.<\/p>\n

\u201cThis is deliberately misleading and lying to your customers about your product,\u201d wrote Eva Galperin, director of cybersecurity at Electronic Frontier Foundation.<\/p>\n

\u201cOops! We neglected to mention we’re recording everything you do while fronting as a security device,\u201d wrote Scott Galloway, professor of marketing at the New York University Stern School of Business.<\/p>\n

The Electronic Privacy Information Center (EPIC) spoke in harsher terms: Google\u2019s disclosure failure wasn\u2019t just bad corporate behavior, it was downright criminal.<\/p>\n

\u201cIt is a federal crime to intercept private communications or to plant a listening device in a private residence,\u201d EPIC said in a statement<\/a>. In a letter<\/a>, the organization urged the Federal Trade Commission to take \u201cenforcement action\u201d against Google, with the hope of eventually separating Nest from its parent. (Google purchased Nest in 2014 for $3.2 billion.)<\/p>\n

Days later, the US government stepped in. The Senate Select Committee on Commerce sent a letter to Google CEO Sundar Pichai<\/a>, demanding answers about the company\u2019s disclosure failure. Whether Google was actually recording voice data didn\u2019t matter, the senators said, because hackers could still have taken advantage of the microphone\u2019s capability.<\/p>\n

\u201cAs consumer technology becomes ever more advanced, it is essential that consumers know the capabilities of the devices they are bringing into their homes so they can make informed choices,\u201d the letter said<\/a>.<\/p>\n

This isn\u2019t just about user data<\/strong><\/h3>\n

Collecting user data is essential to today\u2019s technology companies. It powers Yelp recommendations based on a user\u2019s location, product recommendations based on an Amazon user\u2019s prior purchases, and search results based on a Google user\u2019s history. Collecting user data also helps companies find bugs, patch software, and retool their products to their users\u2019 needs.<\/p>\n

But some of that data collection is visible to the user. And when it isn\u2019t, it can at least be learned by savvy consumers who research privacy policies, read tech specs, and compare similar products. Other home security devices, for example, advertise the ability to trigger alarms at the sound of broken windows\u2014a functionality that demands a working microphone.<\/p>\n

Google\u2019s failure to disclose its microphone prevented even the most privacy-conscious consumers from knowing what they were getting in the box. It is nearly the exact opposite approach that rival home speaker maker Sonos took when it installed a microphone in its own device.<\/p>\n

Sonos does it better<\/h3>\n

In 2017, Sonos revealed that its newest line of products would eventually integrate with voice-controlled smart assistants. The company opted for transparency.<\/p>\n

Sonos updated its privacy policy and published a blog about the update<\/a>, telling users: \u201cThe most important thing for you to know is that Sonos does not keep recordings of your voice data.\u201d Further, Sonos eventually designed its speaker so that, if an internal microphone is turned on, so is a small LED light on the device\u2019s control panel. These two functions cannot be separated\u2014the LED light and the internal microphone are hardwired together. If one receives power, so does the other.<\/p>\n

While this function has upset some Sonos users who want to turn off the microphone light, the company hasn\u2019t budged.<\/p>\n

A Sonos spokesperson said the company values its customers\u2019 privacy because it understands that people are bringing Sonos products into their homes. Adding a voice assistant to those products, the spokesperson said, resulted in Sonos taking a transparent and plain-spoken approach.<\/p>\n

Now compare this approach to Google\u2019s.<\/p>\n

Consumers purchased a product that they trusted\u2014quite ironically\u2014with the security of their homes, only to realize that, by purchasing the product itself, their personal lives could have become less secure. This isn\u2019t just a company failing to disclose the truth about its products. It\u2019s a company failing to respect the privacy of its users.<\/p>\n

A microphone in a home security product may well be a useful feature that many consumers will not only endure but embrace. In fact, internal microphones are available in many competitor products today, proving their popularity. But a secret microphone installed without user knowledge instantly erodes trust.<\/p>\n

As we showed in our recent data privacy report<\/a>, users care a great deal about protecting their personal information online and take many steps to secure it. To win over their trust, businesses need to responsibly disclose features included in their services and products\u2014especially those that impact the security and privacy of their customers\u2019 lives. Transparency is key to establishing and maintaining trust online.<\/p>\n

The post Google\u2019s Nest fiasco harms user trust and invades their privacy<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: davidruiz| Date: Wed, 13 Mar 2019 16:30:29 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
Last month, Google announced that its Nest Secure would be updated to work with Google Assistant software. The problem? Google never told users its product had a microphone to begin with. Simple oversight or invasion of privacy? We break it down.<\/p>\n

Categories: <\/p>\n