Delete the data: Fredericton cybersecurity expert warns against smart speakers

A Fredericton-based cyber security expert is warning people to take a good look at the fine print before installing a particular type of present that may have been under the Christmas tree.

David Shipley, CEO and co-founder of Beauceron Security, said anyone who received a smart speaker made by Amazon or Google should be sure to look at and understand the privacy settings. 

"That is why those devices are there, to sell you products, to gather information about you, and you need to be careful with that," said Shipley. 

The devices record your interactions and requests and save them away. Users are able to go online and delete the recordings, which he recommends. 

• We hired ethical hackers to hack a family's smart home — here's how it turned out 
• Oft-forgotten, why the humble router remains one of the most insecure devices in your home 
• For new smart-home gadgets, the spectre of insecurity looms

Otherwise the recordings stick around, which could cause a problem if there is ever a hack or breach with the company. 

"Someone could download your audio recordings or get hold of them inadvertently or hack the companies and get them, and that could reveal a lot of personal information about you," Shipley said.

He referred to a case in Europe, where someone put in a request to receive the recordings from their device.

That person was accidently sent someone else's recordings as well, and from that information was able to find out who the person was, where they lived and other details.

Spokespersons for both Google and Amazon confirmed that the devices store the interactions, but those recordings can be deleted and can only be accessed by the user.

Both companies also said they don't sell people's data to any third-party groups or corporations. Amazon said the only data it collects is from purchases made through the device.

But it's still something that worries people such as Caitlin Strong of Fredericton.

"It's a little scary I guess, because I don't know who's going to get a hold of that information," Strong said. "But at the same time, I don't know how much I can do about it."

Drops Facebook

Shipley is also recommending people stay away from Facebook and its affiliate Lapp in 2019. He said that after multiple data breaches, and the company's lack of transparency, he deleted his own account. 

He said he understands that may be a bit much for other people but recommends you at least delete the app from your phone, where it can collect a lot of data, such as your texts and phone calls.

"Facebook is not just negligent when it comes to personal data," Shipley said. They actively abuse their platform to gather data without your informed consent.

"You're not paying them, so you're not the customer, you're the product."

In an mailed statement, Facebook spokesperson Alex Eucharistic said Facebook has been working to give people more control over their privacy settings. 

Calls for legislation

Despite the data breaches and leaks in 2018, Shipley said he expects 2019 to be worse.

He said legislative changes are needed, including large fines for negligent data breaches and rights for Canadians to truly be forgotten on online platforms.

He would also like to see ad-based sites such as Facebook forced to provide a paid service for customers who want to opt out of data collection and advertising.

Shipley is recommending people put it on the political agenda ahead of the next federal election.

"Cyber security is like climate change," he said. "It's big, it's complex, it can seem overwhelming, and it's probably going to require a global response, which means we're probably not going to do great at it this year."