Most people already have a phone, laptop, maybe a watch, maybe the TV remote.. And lots of apps on each one. Any one of which could be listening in. It's a crazy situation.
Android has a button in the quick settings bar to enable/disable the microphone, which helps with this (as long as you trust the OS itself). I keep it disabled most of the time.
By the way, "that person" is Dave Plummer, an ex Microsoft employee. He made things like the Windows Task Manager and the infamous file copy window. His YouTube channel has interesting behind the scenes information on historical Windows decisions.
So what if it’s Dave Plummer? The name doesn’t make the post any stronger. The problem with his screenshot is the lack of context — network usage by itself doesn’t prove anything malicious or even unusual. Devices like Echo Shows pull constant updates, stream visuals, cache media, and maintain active connections. That can easily add up to gigabytes, even if the owner never directly ‘uses’ them. Acting shocked about it without explaining the why just turns into clickbait.
It makes me sad that video doesn't have 100k views at least. He tried so hard to bury it and it kinda worked, but it's a well put together documentary on the stuff he pulled in the 00s.
It'd be one thing if he owned up to it and admitted what he did was wrong but he's grown past it. His attempts to obscure it away just tell me he hasn't changed. Which is funny, because his videos gave me a grifter vibe I couldn't quite place until I learned about his history.
I feel like boasting about something you did 20 years ago is kind of cringe. I think you've had enough time throughout those years to receive the fruits of your labour for it. Now it just feels like he's milking it?
I don't want to life in a world where i have to setup DMZs, filters and special magic incantations to use my devices without them turning into literal spying device listening to every word i say. What the fuck.
We are already here. As the volume of code/technology increases, it should be clear that systems need strong permission boundaries. It is impossible to meaningfully audit all dependencies and services.
If my desktop music player has an exploit, it should not be possible that it can read my SSH keys. Node supply chain hacks keep occurring where your development environment can leak your private data. Mobile OS have this isolation already, but desktop is sure to slowly follow. I think we might eventually get to a point where even code libraries get assigned capabilities (eg libxml does not have network access).
Meh, your smartphone is already the ultimate spying device that comes with microphones and triangulates your location from 3 cell towers. The government doesn’t need more spyware than that.
My GrapheneOS Phone is pretty safe and I only use my cellphone connection when I have to, thank you for your concern. Event than, it's still a difference between a battery powered device on a metered connection with tiny microphones vs a literal microphone array connected to a hardline.
Can you please not break the site guidelines like this, regardless of how bad another comment is or you feel it is? I don't want to ban you - if you would please make it easier for us not to, that would be helpful.
We have an impossibly pervasive network of sensor blisters littered throughout our lives, to the point where I don't feel comfortable discussing certain sensitive topics in most other people's homes, but every step of the way most normal people have given the same refrain: "oh, the tech companies probably already have all my data anyway"
Now that those tech companies are working closely with an American regime that seems increasingly willing to disregard the rule of law and public perception to round up people they deem undesirable in large numbers and put them in concentration camps, and we have natural language processing tech that can pretty effectively filter through large amounts of text for some semantic analysis, I hear some of the more attentive people coming to the barest hint of a realization that this situation is unacceptably dire
I had a similar issue 2 years ago[0], tracked it down to a device metrics hostname and then blacklisted the DNS for it. That stopped the huge data use and seemed to have zero affect on the device functioning. It's still working just fine today with that host blocked.
I also monitor the bandwidth of each device on my network, and my numbers are much lower than his. The totals that I observed over the last 90 days:
Device Download Upload
=========== ========== =========
Echo Show A 5.487 GiB 1.451 GiB
Echo Show B 4.343 GiB 1.293 GiB
Echo A 0.778 GiB 0.739 GiB
Echo Dot 0.626 GiB 0.580 GiB
Echo B 0.132 GiB 0.291 GiB
----------- ---------- ---------
Total 11.366 GiB 4.354 GiB
Also note that both devices in the OP are called "echoshow", which means that they have a full LCD display that you could theoretically stream videos on (if you like watching videos on a 5" display with a terrible interface).
Fwiw i've had long running devices that just constantly ARP broadcast. Affects the local network only but if that's how you measure bandwidth you'll notice it.
Ie. Non stop "Who has IP/MAC address XYZ? tell ABC" ARP requests, then a second device see's the request for XYZ (which may not even exist on the network anymore!) and realizes it too doesn't know who XYZ is, so it too sends it's own broadcast. And on the cycle goes as devices constantly see others requesting knowledge of XYZ and triggering the request in a cycle.
Embedded devices are especially susceptible to doing this. You might not even notice, apart from a mild "my network feels slow" unless you inspect at network traffic closely. The worst part is these ARP storms basically require you to power down everything and power back up again. In the most classic engineer move the most effective way is to reboot the house. Ie. flip the switch at the fuse breaker and turn the house back on again. That turns all devices off and on again and causes what ever IP/MAC address confusion that triggered the storm to resolve.
Worth investigating for OP. Especially for home networks with a lot of devices. Home routers won't stop a broadcast storm and once it's going they don't stop. Happens more often than is discussed in my experience (i think people just don't notice that poorly programmed devices can do these cyclic and endless ARP requests)
Are you also "never using them" like OP and they send/receive that much data? Curious what it is since the Sidewalk thing seems to be limited to 500MB across your account.
I use them multiple times daily, but essentially only for things like "turn off the lights", "set a timer for 30 minutes", or "add cheese to my shopping list". But “Echo A” is probably my most-used device, so usage doesn't seem to be very correlated with the bandwidth consumed.
No, I essentially only use it for announcements and turning on/off the lights (with some very occasional music streaming). The bandwidth usage appears to be mostly constant 24/7, so I'm not really sure why it's using so much data (but still much less than the OP).
Seems that'd be easy to confirm, and also seems unlikely to be the reason because of the supposed limits in place.
> Customers can turn Sidewalk on or off at any time from Control Center in the Ring app or Account Settings in the Alexa app
> The maximum bandwidth of a Sidewalk Bridge to the Sidewalk server is 80Kbps, which is about 1/40th of the bandwidth used to stream a typical high definition video. Today, when you share your Bridge’s connection with Sidewalk, total monthly data used by Sidewalk, per account, is capped at 500MB, which is equivalent to streaming about 10 minutes of high definition video.
Sidewalk is LoRA so I think we can be pretty sure it wasn't the source of GBs of data . Anyone freaked out about sidewalk's use of their internet connection hasn't looked at the numbers.
> Today, when you share your Bridge’s connection with Sidewalk, total monthly data used by Sidewalk, per account, is capped at 500MB, which is equivalent to streaming about 10 minutes of high definition video.
I used to have the Rumble app installed [1], and I uninstalled it when I saw it was using gigs and gigs of data on my phone, even when I wasn't using the app. I'm sure I opted into some permission at some point, but I really didn't like the idea of them constantly sending data to their site at the expense of my data plan and battery, so I removed it.
Now I think this stuff is the norm though; I guess bandwidth is so abundant and cheap for the average American that they don't realize how much is actually being used?
[1] I'm not conservative but there was a creator I liked that was banned from YouTube and was uploading to Rumble.
Could possibly be solved by blocking connections to device-metrics-us.amazon.com (via the router or a pihole), the devices tend to be quite chatty towards that domain but don't seem to be affected in function if they can't reach it...
They're hardware projections into your living space of a massive system run by Amazon. It's the massive system that open-source will have trouble replicating.
Most people use Echos as voice controlled music players with occasional smart assistant functionality, this shouldn't be too hard to replicate in OSS. You could argue that the extend to which they're not making you buy into the Amazon ecosystem is a major failure of the product line.
I know a few people with Echos and I don't think I've ever observed them being used to order stuff. Music, answering trivia questions, timers/appointments, sure. This is anecdata of course but still.
(I didn't count music as buying stuff since it's a flat rate streaming service.)
Because they continually download and serve commercial ads, upload telemetry, and upload everything they hear regardless of wake word with no way of deleting (per a past privacy-invasive EULA change).
At a minimum, disable the microphone via the switch... which makes them basically worthless and so they've outlived their usefulness.
And all defaults set? Yeah you’re gonna have a bad time.
Disable voice recording storage Disable "Help Improve Alexa" Manage skill permissions Turn off Amazon Sidewalk
But in the end you have a 3rd party passive listening device. Depends if you trust that 3rd party I guess.
And after that post on x, I’m sure that person disconnected all the Alexa’s in their home right?
Most people already have a phone, laptop, maybe a watch, maybe the TV remote.. And lots of apps on each one. Any one of which could be listening in. It's a crazy situation.
Android has a button in the quick settings bar to enable/disable the microphone, which helps with this (as long as you trust the OS itself). I keep it disabled most of the time.
I remember years ago, when viruses were common, watching kids use computers...
OK
Install
Accept
[X]
Upgrade
and they never want to clear their cookies and lose their logins.
By the way, "that person" is Dave Plummer, an ex Microsoft employee. He made things like the Windows Task Manager and the infamous file copy window. His YouTube channel has interesting behind the scenes information on historical Windows decisions.
So what if it’s Dave Plummer? The name doesn’t make the post any stronger. The problem with his screenshot is the lack of context — network usage by itself doesn’t prove anything malicious or even unusual. Devices like Echo Shows pull constant updates, stream visuals, cache media, and maintain active connections. That can easily add up to gigabytes, even if the owner never directly ‘uses’ them. Acting shocked about it without explaining the why just turns into clickbait.
Oh it's that guy? yeah, there's another thing he did: Write scammy Scareware [0] which he got sued [1] for and settled [2]
[0] https://www.youtube.com/watch?v=1GeF9AjlqP8 [1] https://www.atg.wa.gov/news/ne [2] https://www.computerworld.com/article/1593468/internetshield...
[1] appears truncated, I think you meant: https://www.atg.wa.gov/news/news-releases/attorney-general-s...
Still arguably a minor sin compared to his botched file copy time estimation algorithm. :)
Getting to the REAL hard hitting issues here on hn ;)
It makes me sad that video doesn't have 100k views at least. He tried so hard to bury it and it kinda worked, but it's a well put together documentary on the stuff he pulled in the 00s.
It'd be one thing if he owned up to it and admitted what he did was wrong but he's grown past it. His attempts to obscure it away just tell me he hasn't changed. Which is funny, because his videos gave me a grifter vibe I couldn't quite place until I learned about his history.
> Which is funny, because his videos gave me a grifter vibe I couldn't quite place until I learned about his history.
for me it was him boasting about his amazing game changing contributions to Windows
when he mostly did thing like lay out the widgets on the format dialog
he's no Dave Cutler
I feel like boasting about something you did 20 years ago is kind of cringe. I think you've had enough time throughout those years to receive the fruits of your labour for it. Now it just feels like he's milking it?
I don't want to life in a world where i have to setup DMZs, filters and special magic incantations to use my devices without them turning into literal spying device listening to every word i say. What the fuck.
We are already here. As the volume of code/technology increases, it should be clear that systems need strong permission boundaries. It is impossible to meaningfully audit all dependencies and services.
If my desktop music player has an exploit, it should not be possible that it can read my SSH keys. Node supply chain hacks keep occurring where your development environment can leak your private data. Mobile OS have this isolation already, but desktop is sure to slowly follow. I think we might eventually get to a point where even code libraries get assigned capabilities (eg libxml does not have network access).
That would start with not buying a literal spy device from Amazon.
Meh, your smartphone is already the ultimate spying device that comes with microphones and triangulates your location from 3 cell towers. The government doesn’t need more spyware than that.
My GrapheneOS Phone is pretty safe and I only use my cellphone connection when I have to, thank you for your concern. Event than, it's still a difference between a battery powered device on a metered connection with tiny microphones vs a literal microphone array connected to a hardline.
It's all make believe, they allow you to pretend that they have no power over you and that makes you happy. All good.
[flagged]
Can you please not break the site guidelines like this, regardless of how bad another comment is or you feel it is? I don't want to ban you - if you would please make it easier for us not to, that would be helpful.
https://news.ycombinator.com/newsguidelines.html
We have an impossibly pervasive network of sensor blisters littered throughout our lives, to the point where I don't feel comfortable discussing certain sensitive topics in most other people's homes, but every step of the way most normal people have given the same refrain: "oh, the tech companies probably already have all my data anyway"
Now that those tech companies are working closely with an American regime that seems increasingly willing to disregard the rule of law and public perception to round up people they deem undesirable in large numbers and put them in concentration camps, and we have natural language processing tech that can pretty effectively filter through large amounts of text for some semantic analysis, I hear some of the more attentive people coming to the barest hint of a realization that this situation is unacceptably dire
It really seems to me like we are cooked
I had a similar issue 2 years ago[0], tracked it down to a device metrics hostname and then blacklisted the DNS for it. That stopped the huge data use and seemed to have zero affect on the device functioning. It's still working just fine today with that host blocked.
[0] https://www.marcroberts.info/2023/echo-show-uploading-data-c...
I also monitor the bandwidth of each device on my network, and my numbers are much lower than his. The totals that I observed over the last 90 days:
Also note that both devices in the OP are called "echoshow", which means that they have a full LCD display that you could theoretically stream videos on (if you like watching videos on a 5" display with a terrible interface).Fwiw i've had long running devices that just constantly ARP broadcast. Affects the local network only but if that's how you measure bandwidth you'll notice it.
Ie. Non stop "Who has IP/MAC address XYZ? tell ABC" ARP requests, then a second device see's the request for XYZ (which may not even exist on the network anymore!) and realizes it too doesn't know who XYZ is, so it too sends it's own broadcast. And on the cycle goes as devices constantly see others requesting knowledge of XYZ and triggering the request in a cycle.
Embedded devices are especially susceptible to doing this. You might not even notice, apart from a mild "my network feels slow" unless you inspect at network traffic closely. The worst part is these ARP storms basically require you to power down everything and power back up again. In the most classic engineer move the most effective way is to reboot the house. Ie. flip the switch at the fuse breaker and turn the house back on again. That turns all devices off and on again and causes what ever IP/MAC address confusion that triggered the storm to resolve.
Worth investigating for OP. Especially for home networks with a lot of devices. Home routers won't stop a broadcast storm and once it's going they don't stop. Happens more often than is discussed in my experience (i think people just don't notice that poorly programmed devices can do these cyclic and endless ARP requests)
Are you also "never using them" like OP and they send/receive that much data? Curious what it is since the Sidewalk thing seems to be limited to 500MB across your account.
I use them multiple times daily, but essentially only for things like "turn off the lights", "set a timer for 30 minutes", or "add cheese to my shopping list". But “Echo A” is probably my most-used device, so usage doesn't seem to be very correlated with the bandwidth consumed.
Is that usage from doing video calls or streaming?
No, I essentially only use it for announcements and turning on/off the lights (with some very occasional music streaming). The bandwidth usage appears to be mostly constant 24/7, so I'm not really sure why it's using so much data (but still much less than the OP).
Came here to say the same. We use our echos a fair bit but our data use is a fraction of that.
It might be used as a hub for other devices via Amazon sidewalk [0]...
[0] https://www.amazon.com/Amazon-Sidewalk
Seems that'd be easy to confirm, and also seems unlikely to be the reason because of the supposed limits in place.
> Customers can turn Sidewalk on or off at any time from Control Center in the Ring app or Account Settings in the Alexa app
> The maximum bandwidth of a Sidewalk Bridge to the Sidewalk server is 80Kbps, which is about 1/40th of the bandwidth used to stream a typical high definition video. Today, when you share your Bridge’s connection with Sidewalk, total monthly data used by Sidewalk, per account, is capped at 500MB, which is equivalent to streaming about 10 minutes of high definition video.
Sidewalk is LoRA so I think we can be pretty sure it wasn't the source of GBs of data . Anyone freaked out about sidewalk's use of their internet connection hasn't looked at the numbers.
LoRa is Sidewalk's long-haul backup layer, but it uses a mix of BLE, FSK, and LoRa depending on the distance and data requirements.
https://docs.sidewalk.amazon/introduction/
> Today, when you share your Bridge’s connection with Sidewalk, total monthly data used by Sidewalk, per account, is capped at 500MB, which is equivalent to streaming about 10 minutes of high definition video.
Provocative: Then why haven't you turned them off?
i dont understand how people can setup this level of monitoring but not also a pihole.
I used to have the Rumble app installed [1], and I uninstalled it when I saw it was using gigs and gigs of data on my phone, even when I wasn't using the app. I'm sure I opted into some permission at some point, but I really didn't like the idea of them constantly sending data to their site at the expense of my data plan and battery, so I removed it.
Now I think this stuff is the norm though; I guess bandwidth is so abundant and cheap for the average American that they don't realize how much is actually being used?
[1] I'm not conservative but there was a creator I liked that was banned from YouTube and was uploading to Rumble.
You never use them.
Unlike Amazon.
"Smart speakers" should be called by their real name: Smart microphones.
Echo --> Amazons microphone.
All smartphones are also smartmicrophones.
doubleplusgood
Listening devices
Bugs
Taps as a service
> doing nothing at all
Doing nothing at all for you.
Could possibly be solved by blocking connections to device-metrics-us.amazon.com (via the router or a pihole), the devices tend to be quite chatty towards that domain but don't seem to be affected in function if they can't reach it...
I can only imagine that much data usage if it was trying to compress a 24 hour recording of white noise.
Seems like something is seriously wrong. This is not normal. It's not caused by "improving Alexa" or Sidewalk.
In 2025, can't believe there's still no open-source alternative to these devices.
I’ve been meaning to try the Home Assistant new voice control[1] for a while. Do you consider it open-source enough? :)
1. https://www.home-assistant.io/voice_control/
They're hardware projections into your living space of a massive system run by Amazon. It's the massive system that open-source will have trouble replicating.
Most people use Echos as voice controlled music players with occasional smart assistant functionality, this shouldn't be too hard to replicate in OSS. You could argue that the extend to which they're not making you buy into the Amazon ecosystem is a major failure of the product line.
Spotify multi-speaker playing + a LLM answering questions would cover what 80% of people need.
https://www.home-assistant.io/voice-pe/
If echoes had an LLM behind them, they might actually be useful as more than voice controlled egg timers..
The most serious project I knew in this space was Mycroft, but I just looked it up and they ceased development due to a patent troll.
Not exactly the same but there is Home assistant voice.
What would be the use case?
The same as Amazon's devices. Odd question.
To buy stuff from Amazon? You don't need open source firmware for that.
I know a few people with Echos and I don't think I've ever observed them being used to order stuff. Music, answering trivia questions, timers/appointments, sure. This is anecdata of course but still.
(I didn't count music as buying stuff since it's a flat rate streaming service.)
Because they continually download and serve commercial ads, upload telemetry, and upload everything they hear regardless of wake word with no way of deleting (per a past privacy-invasive EULA change).
At a minimum, disable the microphone via the switch... which makes them basically worthless and so they've outlived their usefulness.
Yeah? I mean that's their purpose, why is this surprising to anyone?
Usually when this sort of scenario is brought up as a concern, the corporate sycophants crawl out of their holes to gaslight everybody.
person buys the literal telescreen from 1984, and is surprised it's the telescreen he paid for.
color me shocked.
He also has a 25 Gbps Internet connection - not really a huge problem here
That's really besides the point, unused devices shouldn't upload/download GB of data per month, it's really simple :)