skip to main content


Title: Privacy Attitudes of Smart Speaker Users
Abstract As devices with always-on microphones located in people’s homes, smart speakers have significant privacy implications. We surveyed smart speaker owners about their beliefs, attitudes, and concerns about the recordings that are made and shared by their devices. To ground participants’ responses in concrete interactions, rather than collecting their opinions abstractly, we framed our survey around randomly selected recordings of saved interactions with their devices. We surveyed 116 owners of Amazon and Google smart speakers and found that almost half did not know that their recordings were being permanently stored and that they could review them; only a quarter reported reviewing interactions, and very few had ever deleted any. While participants did not consider their own recordings especially sensitive, they were more protective of others’ recordings (such as children and guests) and were strongly opposed to use of their data by third parties or for advertising. They also considered permanent retention, the status quo, unsatisfactory. Based on our findings, we make recommendations for more agreeable data retention policies and future privacy controls.  more » « less
Award ID(s):
1801501
NSF-PAR ID:
10109137
Author(s) / Creator(s):
; ; ; ; ;
Date Published:
Journal Name:
Proceedings on Privacy Enhancing Technologies
Volume:
2019
Issue:
4
ISSN:
2299-0984
Page Range / eLocation ID:
250 to 271
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Smart speakers come with always-on microphones to facilitate voice-based interaction. To address user privacy concerns, existing devices come with a number of privacy features: e.g., mute buttons and local trigger-word detection modules. But it is difficult for users to trust that these manufacturer-provided privacy features actually work given that there is a misalignment of incentives: Google, Meta, and Amazon benefit from collecting personal data and users know it. What’s needed is perceptible assurance — privacy features that users can, through physical perception, verify actually work. To that end, we introduce, implement, and evaluate the idea of “intentionally-powered” microphones to provide users with perceptible assurance of privacy with smart speakers. We employed an iterative-design process to develop Candid Mic, a battery-free, wireless microphone that can only be powered by harvesting energy from intentional user interactions. Moreover, users can visually inspect the (dis)connection between the energy harvesting module and the microphone. Through a within-subjects experiment, we found that Candid Mic provides users with perceptible assurance about whether the microphone is capturing audio or not, and improves user trust in using smart speakers relative to mute button interfaces. 
    more » « less
  2. IoT devices like smart cameras and speakers provide convenience but can collect sensitive information within private spaces. While research has investigated user perception of comfort with information flows originating from these types of devices, little focus has been given to the role of the sensing hardware in influencing these sentiments. Given the proliferation of trusted execution environments (TEEs) across commodity- and server-class devices, we surveyed 1049 American adults using the Contextual Integrity framework to understand how the inclusion of cloud-based TEEs in IoT ecosystems may influence comfort with data collection and use. We find that cloud-based TEEs significantly increase user comfort across information flows. These increases are more pronounced for devices manufactured by smaller companies and show that cloud-based TEEs can bridge the previously-documented gulfs in user trust between small and large companies. Sentiments around consent, bystander data, and indefinite retention are unaffected by the presence of TEEs, indicating the centrality of these norms. 
    more » « less
  3. How are people using current smart home technologies, and how do they conceptualize future ones that are more interconnected and more capable than those available today? We deployed an online survey study to 150 participants to investigate use of and opinions about smart speakers, home robots, virtual assistants, and other smart home devices.We also gauged how impressions of connected smart home devices are shaped by the way the devices interact with one another. Through a mixed-methods qualitative and quantitative approach, we found that people mostly use single devices for single functions, and have simple and brief interactions with virtual assistants. However, they imagine their future devices to have more control over the physical environment (i.e., interact with each other) and envision them interacting with people in more socially complex ways. These findings motivate design considerations and research directions for connected smart home technologies. 
    more » « less
  4. Exploration of Internet of Things (IoT) security often focuses on threats posed by external and technically-skilled attackers. While it is important to understand these most extreme cases, it is equally important to understand the most likely risks of harm posed by smart device ownership. In this paper, we explore how smart devices are misused – used without permission in a manner that causes harm – by device owners’ everyday associates such as friends, family, and romantic partners. In a preliminary characterization survey (n = 100), we broadly capture the kinds of unauthorized use and misuse incidents participants have experienced or engaged in. Then, in a prevalence survey (n = 483), we assess the prevalence of these incidents in a demographically-representative population. Our findings show that unauthorized use of smart devices is widespread (experienced by 43% of participants), and that misuse is also common (experienced by at least 19% of participants). However, highly individual factors determine whether these unauthorized use events constitute misuse. Through a focus on everyday abuses rather than severe-but-unlikely attacks, this work sheds light on the most prevalent security and privacy threats faced by smart homeowners today. 
    more » « less
  5. The Internet of Medical Things (IoMT) is a rapidly growing community of intelligent medical technologies dedicated to sensing, monitoring, and reporting patient vitals, often with the intent of communicating findings with healthcare professionals (HCPs). For the past two summers, 2020 and 2021, four undergraduate electrical/computer engineering and computer science students, and two high school STEM teachers, worked with two graduate student mentors to explore various IoMT use cases via their participation in a Research Experiences for Undergraduates (REU) and Teachers (RET) program. During both summers, the REU/RET program was conducted remotely over nine weeks, not including pre-summer engagement activities. These pre-summer activities were designed to promote and encourage healthy mentor-mentee interactions while also providing an additional opportunity for participants to acclimate to their research projects before the program start. Throughout this work, participants were able to gain or further develop skills in some of the following areas: Ethical Hacking, Data Science, Intrusion Detection Systems, Linux, Machine Learning, Networking, and Python, as well as interact with a designated smart device and testing environment. In the first summer, participants were assigned a smart glucose meter and tasked with 1) exploiting the potential threats associated with installing smart devices onto unsecured network configurations via address resolution protocol (ARP) poisoning, and 2) exploring social engineering tactics through cloning the device user application. Additionally, in the following summer, participants became acquainted with an existing IoMT dataset, developing an intrusion detection system (IDS) to accurately distinguish between normal and abnormal network packets due to a deployed Man-in-the-Middle (MitM) attack. The outputs of this work include: both sets of participants preparing verbal presentations, including demonstrations, and written papers outlining their results and experiences. After the project, participants should understand and implement a set of guidelines for utilizing IoMT devices more securely and with added privacy. 
    more » « less