Smart speakers collect voice input that can be used to infer sensitive information about users. Given a number of egregious privacy breaches (e.g., speakers constantly recording audio, outsourcing transcription to contractors, and employees listening to private and intimate interactions), there is a clear unmet need for greater transparency and control over data collection, sharing, and use by smart speaker platforms as well as third-party skills supported on them. To bridge the gap, we build an auditing framework that leverages online advertising to measure data collection, its usage, and its sharing by the smart speaker platforms. We evaluate our framework on the Amazon smart speaker ecosystem. Our results show that Amazon and third parties (including advertising and tracking services) collect smart speaker interaction data. We find that Amazon processes voice data to infer user interests and uses it to serve targeted ads on-platform (Echo devices) as well as off-platform (web). Smart speaker interaction leads to as much as 30X higher ad bids from advertisers. Finally, we find that Amazon's and skills' operational practices are often not clearly disclosed in their privacy policies.
We provide a brief FAQ below to highlight some of our findings. We suggest reading the full paper for more details. Please reach out to us if you have additional questions.
What was the motivation behind this research?
The convenience of voice input has contributed to the rising popularity of smart speakers, such as Amazon Echo (powered by Amazon Alexa), but it has also introduced several unique privacy threats. Many of these privacy issues stem from the fact that smart speakers record audio from their environment and potentially share this data with other parties over the Internet — even when they should not. For example, smart speaker vendors or third-parties may infer users' sensitive physical (e.g., age, health) and psychological (e.g., mood, confidence) traits from their voice. In addition, the set of questions and commands issued to a smart speaker can reveal sensitive information about users' states of mind, interests, and concerns. Despite the significant potential for privacy harms, users have little-to-no visibility into what information is captured by smart speakers, how it is shared with other parties, or how it is used by such parties. Our goal is to provide this visibility, allowing consumers to better understand the privacy risks of these devices and the impact of data sharing on people's online experiences.
How did you do this research?
We built an auditing framework that measures the collection, usage, and sharing of Amazon Echo interaction data. First, we created several interest personas and one control persona to use the Echos (one persona per Echo device). Interest personas installed and interacted with skills from specific categories, while the control persona did not install or interact with skills. We then measured data collection by intercepting network traffic from Amazon and skills on the Echo device to endpoints (such as Amazon's server or third-party servers). We measured profiling by directly downloading personas' advertising interests from Amazon. We inferred data usage by observing ads targeted to our Echo personas on the web (ads on websites) and on the Echo devices (audio ads). We checked the consistency of data collection and its usage by analyzing public statements and privacy policies from Amazon and third-party skills.
What are the key findings of your research?
- Which organizations collect and propagate user data?
Amazon Echo interaction data is collected by both Amazon and third-parties (such as advertising and tracking services). We found that as many as 41 advertisers sync (share) their cookies with Amazon. These cookies are typically linked to personal information. We find that these advertisers further sync their cookies with 247 other third parties, including advertising services.
- Is voice-derived data used by either Amazon or third-party apps beyond purely functional purposes, such as for targeted advertising?
Amazon processes voice data to infer user interests. Our measurements indicate that Amazon infers advertising interests from voice data and uses those interests for on-platform audio ads and off-platform web ads from Amazon or its advertising partners. For example, in our measurements we find that advertisers bid as much as 30X higher for Echo personas that install and interact with Alexa skills. It is unclear if third-party skills infer user interests and target personalized ads.
- Are data collection, usage, and sharing practices consistent with the policies of Amazon and third-party skills?
Our measurements indicate that Amazon's and third-party skills' operational practices are often not clearly disclosed in their policies or other claims. For example, Amazon's inference of advertising interests from users' voice interactions seems to be inconsistent with their public statements. Specifically, in statements to the New York Times (NYT) and National Broadcasting Company (NBC), Amazon mentioned that they "do not use voice recordings to target ads." Only 10 third-party skills (2.2% of the sample) are clear about data collection practices in their privacy policies. More than 70% of the third-party skills do not mention Alexa or Amazon in privacy policies.
Is Amazon transparent about using Echo interaction data?
Amazon's inference of advertising interests from users' voice is potentially inconsistent with their public statements. Specifically, in statements to the New York Times (NYT) and National Broadcasting Company (NBC), Amazon mentioned that they "do not use voice recordings to target ads." While Amazon may not literally be using the "recordings" (as opposed to transcripts and corresponding activities), our results suggest that they are processing voice recordings, inferring interests, and using those interests to target ads. This distinction between voice recordings and processed recordings may not be meaningful to many users. Amazon's privacy policy does not explicitly acknowledge or deny the usage of Echo interactions for ad targeting. Similarly, Alexa Privacy Hub and Alexa Device FAQs, which explain how Alexa data is used, also do not explicitly mention Echo interactions for ad targeting. This is concerning given that prior public statements may lead consumers to falsely believe that such voice-based interactions are not used for targeted ads.
Does Amazon share voice recordings with third parties, including advertising networks?
We did not study whether Amazon directly shares voice recordings or transcripts with advertising networks (as opposed to inferences from voice interactions). Amazon's developer docs state that only processed transcriptions of voice input (not the audio data) are shared with third-party skills.
Everyone knows they are tracked for ad targeting, why are smart speakers / voice assistants special?
"Voice assistants" conjure notions of devices that serve consumers personally. But the reality is that they are far from human personal assistants in that they are controlled by, and share data with, the voice assistant providers and other parties they interact with. The goal of this work is to help consumers understand the impact of using these devices that might otherwise be considered different from other online technologies. We generally know we're being tracked and that our data is used for ads when we browse the web. Some people may be surprised to learn this about voice assistants, however, in part because voice interactions were traditionally between humans, not machines. Studies like ours help to bring transparency into the space of voice assistants and the implications of using them.
Does Amazon secretly record users' conversations?
We did not study whether Amazon surreptitiously records users' voices when they have not engaged with Echos. We specifically looked at how data derived from intentional voice commands, which are expected to be recorded, is used for advertising purposes. Prior work found no evidence of continuous recording or secret keywords that led to unexpected recording. We do find evidence that Amazon processes voice recordings from skill interactions to infer user interests and that it uses those interests to target ads.
What can users do to protect their privacy?
Users can opt-out of interest-based ads from Amazon on its Advertising Preferences Page. Users can also access additional privacy controls managed through Settings > Alexa Privacy in the Alexa app or visit Review Voice History Page to view and delete voice recordings. To manage third-party skills advertising preferences, users will need to go to each skill's app or website. Amazon also allows users to download their data (including their advertising interests) from Request My Data Page.
Note that we did not test the effectiveness of these controls.
What is your response to Amazon's statement on your study?
We welcome critiques of our research methodology and our findings, but Amazon's statement does not directly address our findings. Specifically, we find that Echo devices running Alexa skills communicate with advertising services (Section 4.2). We find that Amazon infers users' advertising interests from their Echo interactions (Section 6). We find that Amazon's advertising partners sync (share) cookies with Amazon, and that Amazon's partner advertisers bid more than non-partner advertisers to place ads for Echo personas (users) that install and interact with Alexa skills (Section 5.5). We also find that Amazon's and Echo skills' operational practices are often not clearly disclosed in their privacy policies (Section 7).
We do not claim that Amazon directly shares voice input/transcripts with advertising networks.
Amazon's statement tells users that it serves ads based on Echo interactions and that users can opt out of interest-based ads. This confirms our conclusion that it indeed uses interests inferred from users' interactions with Echos for behavioral advertising. Amazon does not refute our claims that it also shares users' interests with its advertising partners.