The idea of inviting an always-on recording device into our bedrooms would have once seemed beyond creepy, but now most consumers hardly give it a second thought.
As Android Police reports, a small number of Google Home Mini review units given to tech reviewers malfunctioned, persistently recording audio in the background without being activated by a hotword. The Home Mini units gave no indication they were recording beyond silently flashing their four display lights — a notification that you'd only notice if you were looking directly at the device.
As observed on the dysfunctional Home Mini unit that raised the red flag:
"Several days passed without me noticing anything wrong. In the meantime, as it turns out, the Mini was behaving very differently from all the other Homes and Echos in my home - it was waking up thousands of times a day, recording, then sending those recordings to Google. "
The seriousness with which Google handled the Home Mini incident (they sent someone to physically pick it up from the guy's house!) shows that it was definitely a case of a device gone rogue and not something more nefarious, but it's still a good privacy reminder. So far, Google specified that this issue only affected pre-release units and not the consumer version of the Google Home Mini. It issued a software patch to fix the behavior, issuing this response: "We have learned of an issue impacting a small number of Google Home Minis that could cause the touch mechanism to behave incorrectly. We are rolling out a software update today that should address the issue."
Home assistants that connect to the internet to answer inquiries and parse voice commands are at risk, just like anything else online, of being compromised or being misused by their creators. Happily, Google's new Clips camera eschews its biggest potential privacy concerns by keeping storage local, staying offline and only allowing file transmission to a designated paired smartphone.
Any kind of at-home assistant is always listening, even if it's only listening for when it should be listening. It's worth remembering that these devices, just like any kind of connected device, are one unforeseen security vulnerability away from a pretty gnarly privacy scenario. We don't say that to be scaremongers — it's genuinely worth weighing hypothetical privacy risks associated with these products in case the worst case scenario ever plays out. Is the convenience of firing up your favorite podcast with voice commands worth the potential privacy trade-off of letting a purpose-built always-on recording device into your life? The answer won't be the same for everyone.
So far, TechCrunch has found no evidence of this behavior on our own review units. We've reached out to Google for more information on which devices are affected and how this whole thing went down and we'll be following this story as it develops.