Archivio di tutti i clip: (Notebook di Evernote).

privacy fail

Surprise Echo Owners, You’re Now Part of Amazon’s Random Social Network

Image by Jim Cooke

Since the Echo’s release in 2014, millions of people have given in to Amazon’s nonstop advertising and welcomed Alexa into their homes. Amazon’s original sell for the always-on, voice-activated device was that users could “ask Echo for information, music, news, sports scores, and weather from across the room and get results or answers instantly.” But in the last couple of months, it has evolved into something else: the hub for Amazon’s new social network.

In May, Amazon pushed a software update that added features called “Drop in” and “Alexa calling and messaging,” which let you connect to other people’s Echos. The communal device, used by all members of a given household, suddenly became a telephone and answering machine, much like an old-school landline shared by a family, except this one emits a pulsing yellow light when you have a message.

This is a unique aspect to being a consumer of the Internet of Things: The things stay connected to the company you bought them from, which means the company can push down an update from afar and change them into, well, other things. Overnight, the Echo went from being a voice-activated Google search to a device that could be networked to a bunch of other devices.

In order to use the new feature, Echo owners have to open the Amazon Alexa app on their phones and import their contacts, after which they are stored in the Amazon cloud. Amazon then offers up a list of who among their contacts is an Echo owner, and automatically makes all of them part of their network, rather than letting them choose who they actually want to connect with (as most other companies do). Amazon assumed this was the best way to organize its network, apparently not realizing most of us have tons of strangers and randos in our phonebooks.

How Amazon lets you know you’ll be telling everyone with your number that you have an Echo

My own list included a couple of ex-boyfriends, a person I stayed with once on Airbnb, current co-workers, former colleagues, and a U.S. senator’s press secretary, who would probably be surprised to learn I knew she had an Echo because I’ve never actually called or talked to her. There was not a single person on the list whose Echo I would want to call. Instead, it was an uninvited look into the consumption habits of the sundry individuals whose numbers have made their way into my phone over the last 15 years.

When asked about the privacy context collapse involved in revealing your Echo ownership to anyone with your phone number, an Amazon spokesperson emphasized that “calling and messaging via Alexa is an optional feature.”

“To import contacts and send voice messages you’ll need to first set up calling/messaging – if you prefer not to use the feature, simply don’t set it up,” the spokesperson wrote via email.

Amazon is not the only company to decide that its users should be able to identify other users based solely on knowing their phone numbers. Signal, an encrypted messaging app, also discloses its users this way. (It’s why I had the press secretary’s number in my phone—I wanted to find out which senators’ offices were using the secure app.) It makes it easier to connect with other people using the same app, but there’s a privacy trade-off: You only need someone’s phone number to figure out that they’ve bought or downloaded that product.

And that could potentially be used against users. A repressive government, for instance, could find out if activists were using Signal to encrypt their communications. A hacker could find out if a target was using an Echo, in the hopes of using it to invade the person’s network.

But Echo users had more immediate concerns when the feature came out. Amazon, new to the social networking game, didn’t realize that some users in its network might not like other users. Those who first turned on Alexa calling, like Elise Oras, discovered that they couldn’t block people from calling their Echo. And once they discovered that, they discovered they couldn’t easily leave the social network. There is no delete button. To exit AmazonEchoverse, you have to call Amazon Customer Service and get a real live human being to turn off the feature.

It’s still the case two months after its release that you have to make an actual phone call to exit the Echo social ecosystem, but Amazon came to its senses with blocking. Last month, it gave users the ability to block contacts from calling their Echo; those contacts will still see the person listed but won’t be able to make a call to them or leave them a message.

Amazon’s missteps here may not prove to be a big deal to Echo owners. After all, if they’ve bought a device for their home with an always-on microphone, they’re likely the type of people who aren’t too worried about their privacy. But it’s good to remember, as you ponder whether to buy an internet-connected thermostat, or lamp, or refrigerator: The transformation from a lowly appliance to a node in a vast privacy-demolishing network is just a software update away.

This post was produced by the Special Projects Desk of Gizmodo Media Group.