People Still Think Their Smart Speakers Are Eavesdropping on Conversations

A vast majority of people in the US and Canada suspect their smart speakers can eavesdrop on their conversations, and just over two-thirds think they’ve gotten ads based on that snooping. 

Those dystopian data points come from a survey published Monday(Opens in a new window) by the Chubb insurance company that finds rising concern about data breaches, a mixed pattern of improvements, and continued neglect in people’s security practices. 

“Consumers admit to annoyance and frustration in taking actions to protect themselves online,” the insurer’s Fifth Annual Study on Personal Cyber Risk leads off. “But, finally, the gap between awareness and action that we’ve observed for years has started to narrow.”

One key reason is that people are overwhelmingly anxious about their data leaking. Chubb’s survey, conducted for it by the research firm Dynata(Opens in a new window), found 92% of consumers “concerned about a cyber breach exposing their personal information or identity,” of which 56% were “very concerned”; three years ago, those numbers were 80% and 39%, respectively.

Considering that 2021 set a new record for the number of data breaches, that near freakout seems understandable. 

But then there’s the 79% of survey respondents who “believe their virtual assistants and streaming devices can listen to their conversations,” and the 67% who “believe they have received an advertisement based on a conversation they’ve had that was captured by a virtual assistant or streaming device.”

Smart speakers such as Amazon’s Echo and Google’s Nest Audio can activate unintentionally when they think they heard “wake words” like “Alexa” or “Hey Google,” and sometimes that’s led to snippets of conversations being uploaded or even sent to a contact. 

But for companies to use this data gathered without people’s consent to target them with ads would a) invite a beatdown from government regulators that would make the Federal Trade Commission’s $5 billion fine of Facebook for privacy violations look like a parking ticket and b) be unnecessary, because web tracking is already so good at discerning people’s interests.

A snippet further down in the survey–48% of respondents said they cleared their browser history, a meaningless move against ad networks–suggests that many people remain confused about web tracking. 

Chubb’s survey surfaces comparable confusion about passwords, with 61% of respondents saying they struggle to keep track of them but only 35% reporting they use password managers like Google Password Manager. Another 35% reported reusing passwords across multiple sites, a cardinal security sin that invites the rapid takeover of multiple accounts.

Respondents also retain a fondness for “keepsake passwords”(Opens in a new window) including personally significant details as a family or pet name, a birthday or other important date, or a current or previous address, with 48% reporting that practice the last time they created or updated a password. 

People with more money at stake were more likely to do that: 84% of high net-worth respondents (28% of whom “reported falling victim to a cyberattack that involved their money,” versus just 27% of middle-class respondents. The survey defines “HNW” as $1 million or more in household income, with middle class from $50,000 to $100,000. 

On a more encouraging note, 51% of respondents said they used some kind of multi-factor authentication to log into online accounts, far above the 28% last year’s survey found. 

The report wraps up with a list of “cyber best practices” that is itself a mixed bag. The advice to install security patches promptly, enable multifactor authentication, and use a password manager is right on. But using a VPN at home doesn’t enhance your privacy that much, and “Change your passwords regularly” is completely wrong. As for “Purchase a Chubb cyber insurance policy”? Well, they were going to say that, weren’t they? 

Dallas-based Dynata fielded this online survey for Chubb from Aug. 29 through Sept. 19 among 18-and-older people with at least $50,000 in household income and “at least one internet connected device,” collecting 1,605 completed surveys.