'It's time for us to watch them': App lets you spy on Alexa and the rest of your smart devices

It's no secret that our increasingly "smart" houses have become a rich source of data for companies. We know in a general sense, anyway that we are sacrificing some privacy for the sake of convenience.

Beyond just tablets and mobile devices, many of us have televisions we can talk to, and security cameras and even coffee makers that connect to our phone, not to mention home assistants like the Amazon Echo or Google Home, whichare standing byto answer every random question that pops in ourhead.

According to Cisco Research, within the next few years there will be more than a dozen networked devices and connections per person in North America.

By design, these devices are always on, and always transmitting data.

However, what most of us don't know, is exactly what kind of information all these networked appliances are gathering and who has access to it.

Now, researchers at Princeton University have designed a tool to help you figure out what all the smart devices in your home are really up to.

As theysay on their website:"Our smart devices are watching us. It's time for us to watch them."

The rationale behind the application, called the Princeton IoTInspector, is that consumersshould know where all the information being collected within their smart housesis being transmitted.

While users mayunderstand that the trade-off in using these convenient devices is companies have access to the data they generate, they may notbe fully aware of just how many different companies are linked to a single device.

"Do you have any idea what these ... devices are doing?" the researchers wrote."Who are they talking to? What are they sending?"

For instance, if you're live-streaming a show on a Roku TV app, the channel you're watching could be communicating with a dozen different servers in the background, the researchers say. The app isconnecting to advertisers and tracking services, all of whom have a financial incentive to monitor who is watching what, when and for how long.

The Princeton IoT Inspectoruses a technique known as ARP spoofing which, it is worth noting, is usually used by bad actors trying to redirect traffic from a particular IP address so that they can gain access to it.

Once the app is downloaded onto your computer (it's currently only available for macOS), the software monitors network activities of all of the smart appliances connected to your network. It shows what data each device collects,who the device contacts online, how much data is exchanged and how often.

Surprising results

The IoT Inspector reveals just how active these devicesare even when we're not using them.

An Amazon Echo, for example, home to thedigital assistant known asAlexa, maintains its network connection even if it hasnot detected the wake word and the microphone is turned off.

According to Amazon, there are severalpractical reasons for this, including routine maintenance activities, such as confirming the internet connection, downloading software updates and keeping accurate time.

In practice, this means the home assistant is checking in with Amazon servers as well as web-hosting services,and appsthe user is subscribed to such as Spotify or Apple Music every few minutes.

"The smart home assistants are increasingly integrating with additional services and it's going to be critical that they help ensure any partners are operating with confidentiality," saidJules Polonetsky, chief executive officer of the Future of Privacy Forum, a Washington, D.C.-basedadvocacy group focused on data privacy issues.

The amount of data that is transmitted from an Echo, for example, and the number of destinations it is shared with, isn't information Amazon makes readily available.While theterms of service do refer to third parties, and how information may be shared with those parties in order to perform certain tasks, Amazon provides no mechanism by which users can track what information is transmitted and where.

Although, to its credit, Alexa does respond to privacy questions, "although at a fairly general level," Polonetsky said. "Alexa, are you spying on me?" gets a serious response.

When I asked the question, Alexa answered, "No I am not spyingon you.I value your privacy."

If that answer isn't entirely reassuring, some recent news stories about what smart devices do with our personal dataprobably won't help either.

Forinstance, Amazon employs thousands of people around the world to help improve the human speech comprehension of Alexa. As part of their job, those individuals receive transcripts of real conversations people have with their device.

It was also recentlyreportedthat the video feeds fromRing security cameras are accessible to certain Amazon employees who don't necessarily need access to thosefeeds to do their jobs.

Such stories, combined with the Princeton IoTInspector's findings,might make some users wary. After all, our homes are theoretically the final frontier of private space.

Or, at least they used to be.