Wichtige Info

Die Inhalte, die du hier siehst stelle ich dir ohne Werbeanzeigen und ohne Tracking deiner Daten zur Verfügung. Trotzdem muss ich die Server bezahlen sowie Zeit in Recherche, Umsetzung sowie Mail Support stecken.
Um dies leisten zu können, verlinke ich in einigen Artikeln auf die Plattform Amazon. Alle diese Links nennen sich Afiliate Links. Wenn du dir mit diesem Link etwas kaufst, dann erhalte ich eine kleine Provision. Dies ändert jedoch NICHT den Preis, den du bezahlst!
Falls du mich also unterstützen möchtest, kannst du auf den Link zum Produkt klicken und hilfst mir dabei, dieses Hobby weiter zu betreiben.
Da ich Keine Werbung schalte und keine Spenden sammle, ist dies die einzige Möglichkeit, meine Systeme und mich zu finanzieren. Ich hoffe du kannst das verstehen :)



Smarthome - Language Assistants in Smarthome


Introduction

I'm currently working on an audio component within my Smarthome system. When dealing with the topic, you do not get around the subject of Alexa, Google Home & Co. At present there are Black Friday 2 Amazon Alexa and a Smart Plug for 34,98€. This is very good for Amazon, and last but not least, I am uncertain whether for €34.98 really can only be made to pay. For me, it seems conclusive that Amazon uses such days not only to boost sales, but also to make the in-house language assistant more popular. I can understand the approach and I can also understand why the language assistant has over 300,000 reviews (mainly good...). This makes Alexa the best way to equip a complete home with language assistants. And no matter if you are now for or against Alexa, Amazon did a really good job with the language assistant. Alexa can control many devices, has games and many others integrated. You can't complain about the normal price, but I still want to deal with Alexa in this post and decide whether Alexa is a way to give my smart home a voice.

Data protection

First of all, of course, the most important topic for me: data protection. My entire Smarthome is operated locally. My public connection is created by private servers and no data can get out of my network without getting it. There are just 1 Wi-Fi-operated device within my 120 devices, which would basically be able to contact the manufacturer. This is because there are no vacuum cleaners with a good local connection (at least I am not known in the form). But this is also included in a separate network area behind a firewall and, apart from my home assistant and the associated gateway, can communicate with absolutely no one. I use locally Tuya for the control, and this has done the connection to the manufacturer. But that's easy with a vacuum cleaner. Alexa can't be locked behind a firewall, because then the range of functions will shrink very quickly towards zero. Accordingly: Data protection – a sorry topic that can only be considered in general, because what Amazon writes and what it ultimately does are of course different things.

In principle, Alexa does not spy, that should be said and is enough to read on the Internet, and has also been proven by network analyses (see, for example, here) and accordingly, I do not want to call Alexa a "wance". However, it should be noted that such tests are snapshots and are "standard"-alexa installations (more so). Accordingly, the possession of an Alexa is not at risk of data protection for the first time. Alexa includes a skill interface that can be used by all manufacturers who want to use it to teach Alexa's own "things". This can be exploited very well and should be taken care of in these spheres. Quickly an update can also contain malware or other, then the device can also quickly become a bug (see here) and that can potentially always happen.

Now I would like to talk to my assistant, and at the latest here the first problems begin. Alexa devices themselves first process language commands locally. Alexa checks whether an activation word (for example "Alexa") has been said. As long as this is not the case, the speech data will normally be deleted directly, and nothing has happened.

However, as soon as the activation word has been pronounced, Alexa's computing power and memory are no longer sufficient and the data is forwarded to the Amazon cloud services. Here, accents etc. can be clearly better recognized and processed. Users can be recognized by their respective voices, and guests can no longer talk to Alexa, except the owner allows this. This is where my first problems begin. I can understand that Amazon needs to process my language on the AWS servers. The functional scope of this wizard never fits as little space as an Echo Dot. However, for a speech recognition that can identify me as a person, my voice or their phonetics must be stored, and this happens very likely in my profile, so that even really all my Alexa devices can do this... Even if the following really goes in the direction of black painting, I don't want my analyzed language through people without good intentions. can hold for a voice generator or to be able to detect me across other devices... For a friend at home who also owns Alexa... (According to Amazon's privacy policy, this is NOT done, I would like to make it clear here!). But it may be that my friend, with whom I am, is talking to Alexa, I also say something and that this recording of Amazon will be analyzed within the "Alexa" program. The consent was given by my friend... What happens during this time can only know Amazon, but that would be a way to get my data to Amazon. I can make little in this case, as it is not my device, and Amazon can badly get from any guest, with every user also the agreement that it might be that language excerpts are analyzed. I can fully understand that, but I don't want to risk such a match.

Finally, the so-called "Skills". These enable Alexa to organize great things with other manufacturers. Here I see the biggest problem. In general, I trust Amazon that they do their anonymization well, and if you are quite honest when someone is looking for IT security, then it is more the big providers like Amazon, but certainly not any manufacturers who want to be a smart home device on the market to unlock another customer group.

Here comes my main problem, because in addition to the "Post Install" procedures mentioned at the beginning, the general vulnerabilities come. Is the skil well programmed? – What is everything sent to the manufacturer and stores all data securely and encrypted? – I can't answer any of the questions here, because there's something wrong here. Because if such a skill is not just open source, it becomes hard. No question, the Alexa platform itself is also a black box, but this is then the platform of choice, here you agreed at the beginning that you don't know anything. Here you just have to trust, otherwise you can forget something like that anyway, and if I have to trust someone, then most likely the one who has my data anyway, as I order it almost daily... Here I have little choice and must necessarily provide a confidence advance. However, I do not give this to every China manufacturer that has just thrown an IoT product on the market... And it doesn’t have to be the manufacturer, so there can also be another platform, like Tuya or other, and at the latest there my joy ceases. Amazon is a US company and no question through Cloud Act and Patriot Act, it is not so good to store the data there. But China is the ground zero for me. I'm not trying to give anything there if I don't have to... Even my Ali Express account is constantly a different mail address and the delivery places and payment options I always let rotate, just like the recipient name. Accordingly, the skills for me are a data protection No-Go.

Moreover, it should be said that in theory, Amazon's data can even be automatically deleted in the data protection settings. However, such any personalization will be lost and that undermines for me a little the meaning of a language assistant.

Summary Data protection

In summary, I can say that Alexa is quite acceptable in the basic version for normal people. In any case, the US provider has a lot of data about us, as we volunteer each day and Amazon does a lot to anonymize users and protect their privacy (at least after eating out...). Accordingly, for the big of customers, Alexa is an acceptable choice. However, the third-party apps should be looked up three times and check if you really need them. In my case, I would try to make apps independent of any third-party provider by integrating Homeassistant.

Functions and integrability

I'm just flying this subject fast as there's not much to say here. Alexa, I don't think I'm a market leader. Alexa can do a lot, is Communicative in any case acceptable and in everyday life an enrichment when using the language assistant. In Smarthome administrations such as Home Assistant, Alexa can easily be integrated and otherwise Alexa has the ability to function as a “smart home center”. Accordingly, I can keep this short here and easily address this point with “Yes”... Because there is hardly a system that can keep with Alexa.

Summary

In summary, I can easily say that Alexa is an option for the normal consumer, technology and also for any enthusiast. Each of the Amazon’s mandatory avoids, deletes the browser daily and only surfes with VPN and Incognito should avoid this and any other language assistance. However, this does not apply to me in any case. I will accordingly check how far I could use Alexa in my Smart Home without any third-party app and whether control signals are forwarded by Alexa to Amazon. Devices ID’s or other. All communication takes place with Alexa through TLS1.2 and is currently safe, but I do not want to know any ID’s of my local devices, with a manufacturer... Finding this, however, is a little heavier than thought if you don't use your own echo. It is important to mention here that I do not want to use the ZigBee Hub Alexa but a purely local installation. Once I find out, I'll finally be able to decide...


Back…