dslreports logo
    All Forums Hot Topics Gallery


Search Topic:
share rss forum feed


united state

[Security] Siri privacy concern

Most of us likely wouldn’t want Apple to store a copy of our DNA or our fingerprints, but that’s pretty much what it’s doing with another one of our biometric identifiers: namely, our voices.

On Thursday, David Talbot, writing for MIT’s Technology Review, reported that researchers are concerned that Apple’s digital assistant Siri is taking far too intimate an imprint of our biometrics and storing far too much of that data on Apple servers.

Voice recordings of users asking questions – which can be personal and/or revealing – travel over the airwaves and are stored on Apple’s servers.

As Talbot wrote, the data contained in those voice recordings differs from other data pumped out by smartphones and computers in that it’s distinct for each individual.
»nakedsecurity.sophos.com/2012/06 ··· security

Bronx, NY
Just nitpicking because I have nothing better to do...

Not a whole lot of details in the article - they spent a great deal of it talking about IBM's security policies for some reason...

Muller added that the company takes privacy "very seriously," noting that questions and responses that Siri sends over the Internet are encrypted, and that recordings of your voice are not linked to other information Apple has generated about you.
Oddly omitted from the Sophos article. And it's unclear what is meant by "stored", as that was a word used by the writer, not the Apple spokeswoman. Does it mean it's stored until Apple's server can decrypt, interpret, and respond? Or is it stored permanently for later analysis?
University of Southern California - Fight On!

Aptos, CA
said by Thinkdiff:

Or is it stored permanently for later analysis?


Google does this as well. So do Microsoft. That's how they all improve their voice recognition.

Of course "permanent" is a misnomer, since this is a firehose of data and there isn't infinite storage even in these places. Eventually this stuff falls off the end, and by law I believe in the US 18 months is the cutoff where retained data has to be made anonymous.

But I'd say it's probably a good idea to not recite your SSN or other secure data into any voice reco. Or the details of the body drop, or drug deal.
My place : »www.schettino.us