Madame Alexa knows how many Bitcoin you have
i will never own an alexa/google/amazon voice activated device, unless there is an actual physical switch to cut the mics out of circuit.
i didnt really understand fully the ramification till the other day when i was going over with my wife how to recover my btc stack in case of my death. i was going to tell her the passphrase to my trezor (it would be written down also, this was just for discussion). but when i was going to tell the the passphrase i stopped. because while i dont own an alexa/google/amazon device, i do have a smartphone and smart watch, which have mics of course.
so here i am
in my own house, wondering if anything i say might go out to servers that humans can access (humans review random snips of voice data).
wtf, my own home, which i have spent considerable time and money hardening both physical and electronic networks, is useless if the closed source algo that trigger sending data for no fully understood reason by the end user.
btw many modern tvs have mics and web cams built in now. and IoT stuff like security cameras, some of which have mics so you can use then for intercoms, are notoriously bad at security and most will never get updates.
so much the attach surfaces are pretty big.
now i dont assume my phone and watch and compromised, but with the amount of money i have in btc it would be foolish to at least consider these scenarios,
like any smartphone or laptop with a built in mic is powered off and put in another room when setting up wallet seed words. paranoia? sure but it is based on failings of the current tech used.
- You don't need to stop using your potentially exploitable devices if you use them right. Ie: I have cameras all over my places, the perimeter ones I don't really care and assume someone could be watching (even if I have taken all the measures to stop that), the inside home ones are only turned when there's noone inside... again I don't care if someone would be watching/listening (when we are not there).
- Don't think only potentially "spy" devices could be an attack vector. You said you were discussing key recovery with your wife... good thing you didn't say the passphrase but not because of your smartphone an/or smart watch.... more traditional eavesdropping methods like a laser beam mic could be employed against you. Always try to consider all potential attack vectors, and pay special attention to traditional ones as thats where the easiest exploit usually comes.
