The Nest Secure has a hidden microphone, and Google didn't tell owners for 18 months

Posted:
in General Discussion
Owners of Google's Nest Secure system are upset about a microphone on the product suddenly being enabled for Google Assistant -- one that they weren't aware existed.

Nest Secure


Google announced the update earlier this month, explaining that the mic had "not been used up to this point," and could be enabled or disabled at any time via the Nest mobile app. In a blog post it further explained that Assistant is an opt-in feature, and that customers will receive email explaining how to activate.

This wasn't enough to comfort people on social media though, who were angry to learn that a their home security system had the potential to record them, CSO noted. Criminals, businesses, or government agents could theoretically hack into Secure's Guard hub and eavesdrop.

"The on-device microphone was never intended to be a secret and should have been listed in the tech specs," the company said in a statement to AppleInsider and other publications. "That was an error on our part. The microphone has never been on and is only activated when users specifically enable the option."

Many people are already distrustful of smartspeakers, both because of the potential for spying and a handful of real-world incidents. Last summer, an Oregon family's Amazon Echo speaker even mysteriously recorded household audio and sent it to a man's employee, who called his family to alert them to what was happening.

Apple's first toe in the smartspeaker market was last year's HomePod. The company is generally believed to have tighter security than Amazon or Google, and there have been no known eavesdropping complaints so far.
«134

Comments

  • Reply 1 of 62
    rob53rob53 Posts: 2,086member
    Here comes another congressional investigation. This is blatant spying and Google needs to be held accountable. Everyone goes after Apple for a simple bug in Facebook they didn’t know existed while Google knows they put a microphone in this device and never told anyone. They can’t get away with this one. 
    GeorgeBMacfotoformatredgeminipagutengelchiaracerhomie3mwhiteapplesnorangesAppleExposedkrreagan2
  • Reply 2 of 62
    I am sure that was an "accident". 

    This is one reason why I want a headless Mac in my home- not an iMac with a camera and mike that cannot be turned off. I can disconnect a USB connected camera and mike.
    edited February 20 GeorgeBMaccat52
  • Reply 3 of 62
    SoliSoli Posts: 9,272member
    There's absolutely no evidence that this was a working microphone that was eavesdropping on anyone and let's be clear that Alphabet is the one that announced the update that enabled the microphone, not a blogger that discovered nefarious activity. For those looking for a conspiracy you'll have to look harder. This is no different from countless other tech companies that don't disclose inactive HW for a variety of reasons.

    PS: Let's also be clear that Nest Secure came out almost 4 years after Google acquired the company so anyone with trust issues with Google (which is most of us here) wouldn't have been a customer of this product anyway.
    edited February 20 gsteenolkruppdws-2Metriacanthosaurusn2itivguylollivermuthuk_vanalingam
  • Reply 4 of 62
    hmurchisonhmurchison Posts: 12,278member
    Looking forward to replacing my Google Home based stuff with something more secure.    I've got an Amazon Echo Show and Dot sitting disconnected.   You don't need cloud accounts for Home Automation the cloud is simply needed for voice assistants and frankly I try to build my home around everything being easy to control without voice so that voice is just a bonus. 

    Thought long and hard about picking up a HomePod over the holidays when they went on sale.    I imagine that eventually my system will pretty much just contain a few HomePods  and Sonos and with the resurgence of HomeKit I'll start moving back in that direction. 


    ttollertonwatto_cobra
  • Reply 5 of 62
    Google's "Ooops!  That was an accident.  We didn't mean to do spy like that."  argument is getting worn and weak.
    They used the same argument when they were caught collecting user's WiFi data with their camera cars ("It was a rogue programmer.  We didn't know!") -- but then refused to delete the many terabites of the private data still stored on their servers.

    We are making a mountain out of the possibility that Huawei might one day spy on Americans -- while Google seems to do it on a daily basis with impunity.

    Oh, I forgot!  "Google is our friend!"
    wonkothesaneprismaticsDanManTXmagman1979cat52lolliverwatto_cobra
  • Reply 6 of 62
    jdgazjdgaz Posts: 357member
    I do my very best to avoid everything Google. Just don't trust those folks.
    damn_its_hotredgeminipaStrangeDaysGeorgeBMacAppleExposeddysamoriamagman1979cat52lolliverwatto_cobra
  • Reply 7 of 62
    Soli said:
    There's absolutely no evidence that this was a working microphone that was eavesdropping on anyone and let's be clear that Alphabet is the one that announced the update that enabled the microphone, not a blogger that discovered nefarious activity. For those looking for a conspiracy you'll have to look harder. This is no different from countless other tech companies that don't disclose inactive HW for a variety of reasons.
    On the other hand, there is no evidence that they didn't.   And Google has a history of spying on people.   It's how they make their money.  They are essentially Professional spies. 
    damn_its_hotredgeminipalkruppdysamoriamagman1979cat52lolliverwatto_cobra
  • Reply 8 of 62
    Looking forward to replacing my Google Home based stuff with something more secure.    I've got an Amazon Echo Show and Dot sitting disconnected.   You don't need cloud accounts for Home Automation the cloud is simply needed for voice assistants and frankly I try to build my home around everything being easy to control without voice so that voice is just a bonus. 

    Thought long and hard about picking up a HomePod over the holidays when they went on sale.    I imagine that eventually my system will pretty much just contain a few HomePods  and Sonos and with the resurgence of HomeKit I'll start moving back in that direction. 


    I’m taking the same approach.  I have virtually disconnected myself from the Google platform, going as far to shed myself of my Gmail account and using DuckDuckGo exclusively.  
    elijahgredgeminipaGeorgeBMacdysamoriacat52lolliverwatto_cobra
  • Reply 9 of 62
    avon b7avon b7 Posts: 4,202member
    Soli said:
    There's absolutely no evidence that this was a working microphone that was eavesdropping on anyone and let's be clear that Alphabet is the one that announced the update that enabled the microphone, not a blogger that discovered nefarious activity. For those looking for a conspiracy you'll have to look harder. This is no different from countless other tech companies that don't disclose inactive HW for a variety of reasons.
    I think in this particular case more could have been done to correct the error beforehand.

    A team of people were involved in designing, testing and producing the hardware. It is reasonable to think that some of these people would have used the finished product or given it to friends and family. It is unreasonable to assume that none of these people saw that a key (and consumer facing element - even if inactive) got missed on the spec list or in the product documentation.

    Also, this feature will have been in internal testing for a while before getting the go ahead to go live which would have provided more opportunities to catch the slip up.

    I'm with you that I don't see anything nefarious but it should have got caught and clarified earlier IMO.
    StrangeDaysdysamoriasupadav03muthuk_vanalingam
  • Reply 10 of 62
    SoliSoli Posts: 9,272member
    avon b7 said:
    Soli said:
    There's absolutely no evidence that this was a working microphone that was eavesdropping on anyone and let's be clear that Alphabet is the one that announced the update that enabled the microphone, not a blogger that discovered nefarious activity. For those looking for a conspiracy you'll have to look harder. This is no different from countless other tech companies that don't disclose inactive HW for a variety of reasons.
    I think in this particular case more could have been done to correct the error beforehand.

    A team of people were involved in designing, testing and producing the hardware. It is reasonable to think that some of these people would have used the finished product or given it to friends and family. It is unreasonable to assume that none of these people saw that a key (and consumer facing element - even if inactive) got missed on the spec list or in the product documentation.

    Also, this feature will have been in internal testing for a while before getting the go ahead to go live which would have provided more opportunities to catch the slip up.

    I'm with you that I don't see anything nefarious but it should have got caught and clarified earlier IMO.
    Apple Infamously released a Mac with hidden 802.11n WiFi and then only announced it after the driver was ready for a launch…and then charged you a fee for it which pissed people off even though they had purchased the machine despite nary a mention of that being a promised feature.

    As I stated, this isn't uncommon and if you don't trust Google then Nest Secure was never an option for you anyway.

    How many products do we have on our person and in our homes with microphones? From security cameras to personal digital assistants to PCs to phones to my Apple Watch I can think of at least 8 off the top of my head. And while I trust Apple to not spy on me the bigger risk will always be exploiting a bug as we recently saw with FaceTime Group Chat.

    If I was running a company as valuable as Alphabet and I wanted to spy on people I wouldn't do it with an undisclosed, active microphone that could be found, I'd blatantly disclose the microphone (as all our CE already have) and then I'd have backdoor "bugs" built-in that people in-the-know could exploit so there's a level of deniability by the company. We accept bugs in SW and we accept that companies say "oopsie"and then close these holes once discovered.
    edited February 20 dws-2n2itivguymuthuk_vanalingam
  • Reply 11 of 62
    dws-2dws-2 Posts: 238member
    Google has never been caught spying, unlike Facebook. Google does spy of course, but they so far have always been very clear and open on what information they collect. This is very, very different than Facebook, which either lies or obfuscates about how they collect and use information.

    The microphone was probably there to detect glass breaks or when the user was at home. Maybe they didn’t list it on the specs because it wasn’t working yet, and they didn’t want to indicate a feature they might never enable. I think there’s something similar on the Nest Protect, with some feature they later enabled.

    Edit: I’m not saying you should trust Google; just they’ve never lied about this sort of thing in the past, and there’s no reason, based on past behavior, to believe they lied in this case.
    edited February 20 Solirandominternetpersongatorguymuthuk_vanalingam
  • Reply 12 of 62
    jungmarkjungmark Posts: 6,716member
    “Do no evil.” Right, more like “don’t get caught”. 

    A bug can be a mistake. Bugs happen. Not telling users there’s a mic in a product is a blatant lie. 
    StrangeDaysdysamorialolliverwatto_cobra
  • Reply 13 of 62
    avon b7avon b7 Posts: 4,202member
    Soli said:
    avon b7 said:
    Soli said:
    There's absolutely no evidence that this was a working microphone that was eavesdropping on anyone and let's be clear that Alphabet is the one that announced the update that enabled the microphone, not a blogger that discovered nefarious activity. For those looking for a conspiracy you'll have to look harder. This is no different from countless other tech companies that don't disclose inactive HW for a variety of reasons.
    I think in this particular case more could have been done to correct the error beforehand.

    A team of people were involved in designing, testing and producing the hardware. It is reasonable to think that some of these people would have used the finished product or given it to friends and family. It is unreasonable to assume that none of these people saw that a key (and consumer facing element - even if inactive) got missed on the spec list or in the product documentation.

    Also, this feature will have been in internal testing for a while before getting the go ahead to go live which would have provided more opportunities to catch the slip up.

    I'm with you that I don't see anything nefarious but it should have got caught and clarified earlier IMO.
    Apple Infamously released a Mac with hidden 802.11n WiFi and then only announced it after the driver was ready for a launch…and then charged you a fee for it which pissed people off even though they had purchased the machine despite nary a mention of that being a promised feature.

    As I stated, this isn't uncommon and if you don't trust Google then Nest Secure was never an option for you anyway.

    How many products do we have on our person and in our homes with microphones? From security cameras to personal digital assistants to PCs to phones to my Apple Watch I can think of at least 8 off the top of my head. And while I trust Apple to not spy on me the bigger risk will always be exploiting a bug as we recently saw with FaceTime Group Chat.

    If I was running a company as valuable as Alphabet and I wanted to spy on people I wouldn't do it with an undisclosed, active microphone that could be found, I'd blatantly disclose the microphone (as all our CE already have) and then I'd have backdoor "bugs" built-in that people in-the-know could exploit so there's a level of deniability by the company. We accept bugs in SW and we accept that companies say "oopsie"and then close these holes once discovered.
    Wi-fi isn't comparable to this. Those machines already had Wi-Fi on them. All the update did was unlock support for 802.11n.

    This is an - undisclosed - hardware element that went undisclosed for a long time. That in itself wouldn't necessarily be a big deal for most of us (especially as this kind of deactivated feature normally brings positives when it is finally activated - Google's custom imaging hardware comes to mind).

    The root problem for many will be that the activated feature was a microphone. That makes people view things differently.
    randominternetpersonStrangeDaysGeorgeBMacdysamoriadocno42lollivermuthuk_vanalingam
  • Reply 14 of 62
    MacProMacPro Posts: 18,368member
    Had this been an Apple product some web site would have cracked it open and disclosed the mic a day after launch on YouTube.  Yet with this product, it had a mic that and I quote "they [owners] weren't aware existed." How come Google products don't get the same scrutiny as Apple products?  IMHO they deserve 10x the scrutiny for exactly these sorts of reasons.
    edited February 20 racerhomie3randominternetpersonStrangeDaysdocno42lolliverwatto_cobra
  • Reply 15 of 62
    It’s time for a Billion dollar lawsuit.
    berndogwatto_cobra
  • Reply 16 of 62
    dws-2 said:
    Google has never been caught spying, unlike Facebook. Google does spy of course, but they so far have always been very clear and open on what information they collect. This is very, very different than Facebook, which either lies or obfuscates about how they collect and use information.
    A couple of samples:
    http://fortune.com/2017/11/22/google-oracle-location-data-privacy
    https://www.npr.org/sections/ed/2015/12/08/458460509/google-hit-with-a-student-privacy-complaint
    lolliverDAalsethwatto_cobra
  • Reply 17 of 62
    davgreg said:
    I am sure that was an "accident". 

    This is one reason why I want a headless Mac in my home- not an iMac with a camera and mike that cannot be turned off. I can disconnect a USB connected camera and mike.
    What's wrong with a bit of black tape (for the camera) and a bit of cotton wool taped over the microphone?

    watto_cobra
  • Reply 18 of 62
    I guess everyone who bought a Google Nest Secure forgot about Google getting caught sending unauthorized audio recordings from Google Home devices to their cloud only a few years ago.  Oh wait, that was just a bug--doesn't count I suppose.

    https://medium.com/snips-ai/google-home-minis-bug-shows-why-cloud-based-voice-assistants-are-a-bad-idea-6f1b4c569591
    MacProGeorgeBMacAppleExposeddysamorialolliverwatto_cobra
  • Reply 19 of 62
    SoliSoli Posts: 9,272member
    avon b7 said:
    Soli said:
    avon b7 said:
    Soli said:
    There's absolutely no evidence that this was a working microphone that was eavesdropping on anyone and let's be clear that Alphabet is the one that announced the update that enabled the microphone, not a blogger that discovered nefarious activity. For those looking for a conspiracy you'll have to look harder. This is no different from countless other tech companies that don't disclose inactive HW for a variety of reasons.
    I think in this particular case more could have been done to correct the error beforehand.

    A team of people were involved in designing, testing and producing the hardware. It is reasonable to think that some of these people would have used the finished product or given it to friends and family. It is unreasonable to assume that none of these people saw that a key (and consumer facing element - even if inactive) got missed on the spec list or in the product documentation.

    Also, this feature will have been in internal testing for a while before getting the go ahead to go live which would have provided more opportunities to catch the slip up.

    I'm with you that I don't see anything nefarious but it should have got caught and clarified earlier IMO.
    Apple Infamously released a Mac with hidden 802.11n WiFi and then only announced it after the driver was ready for a launch…and then charged you a fee for it which pissed people off even though they had purchased the machine despite nary a mention of that being a promised feature.

    As I stated, this isn't uncommon and if you don't trust Google then Nest Secure was never an option for you anyway.

    How many products do we have on our person and in our homes with microphones? From security cameras to personal digital assistants to PCs to phones to my Apple Watch I can think of at least 8 off the top of my head. And while I trust Apple to not spy on me the bigger risk will always be exploiting a bug as we recently saw with FaceTime Group Chat.

    If I was running a company as valuable as Alphabet and I wanted to spy on people I wouldn't do it with an undisclosed, active microphone that could be found, I'd blatantly disclose the microphone (as all our CE already have) and then I'd have backdoor "bugs" built-in that people in-the-know could exploit so there's a level of deniability by the company. We accept bugs in SW and we accept that companies say "oopsie"and then close these holes once discovered.
    Wi-fi isn't comparable to this. Those machines already had Wi-Fi on them. All the update did was unlock support for 802.11n.
    You’re now claiming that 802.11n over 802.11g is just better code? Is this so you can later claim that Apple was being petty for a mere “software update”? 🤦‍♂️
  • Reply 20 of 62
    Soli said:
    avon b7 said:
    Soli said:
    avon b7 said:
    Soli said:
    There's absolutely no evidence that this was a working microphone that was eavesdropping on anyone and let's be clear that Alphabet is the one that announced the update that enabled the microphone, not a blogger that discovered nefarious activity. For those looking for a conspiracy you'll have to look harder. This is no different from countless other tech companies that don't disclose inactive HW for a variety of reasons.
    I think in this particular case more could have been done to correct the error beforehand.

    A team of people were involved in designing, testing and producing the hardware. It is reasonable to think that some of these people would have used the finished product or given it to friends and family. It is unreasonable to assume that none of these people saw that a key (and consumer facing element - even if inactive) got missed on the spec list or in the product documentation.

    Also, this feature will have been in internal testing for a while before getting the go ahead to go live which would have provided more opportunities to catch the slip up.

    I'm with you that I don't see anything nefarious but it should have got caught and clarified earlier IMO.
    Apple Infamously released a Mac with hidden 802.11n WiFi and then only announced it after the driver was ready for a launch…and then charged you a fee for it which pissed people off even though they had purchased the machine despite nary a mention of that being a promised feature.

    As I stated, this isn't uncommon and if you don't trust Google then Nest Secure was never an option for you anyway.

    How many products do we have on our person and in our homes with microphones? From security cameras to personal digital assistants to PCs to phones to my Apple Watch I can think of at least 8 off the top of my head. And while I trust Apple to not spy on me the bigger risk will always be exploiting a bug as we recently saw with FaceTime Group Chat.

    If I was running a company as valuable as Alphabet and I wanted to spy on people I wouldn't do it with an undisclosed, active microphone that could be found, I'd blatantly disclose the microphone (as all our CE already have) and then I'd have backdoor "bugs" built-in that people in-the-know could exploit so there's a level of deniability by the company. We accept bugs in SW and we accept that companies say "oopsie"and then close these holes once discovered.
    Wi-fi isn't comparable to this. Those machines already had Wi-Fi on them. All the update did was unlock support for 802.11n.
    You’re now claiming that 802.11n over 802.11g is just better code? Is this so you can later claim that Apple was being petty for a mere “software update”? 🤦‍♂️
    Please note that the original introduction of 802.11n in the MacBook line at date of ratification was a software update since the WiFi cards present in the devices just before 802.11n was ratified already implemented the 802.11n standard in its 'draft' form.
    bonobobStrangeDaysMacProGeorgeBMac
Sign In or Register to comment.