This is a true story of how my 9 year old outsmarted Alexa in an attempt to get a sneak peak into what we are buying ...
This is a true story of how my 9 year old outsmarted Alexa in an attempt to get a sneak peak into what we are buying from Amazon this Christmas. This is how my son defeated Amazon's OpSec.
Try this at home out of earshot from anyone you’ve been shopping for.
“Alexa, where can I buy a …..”
You’ll likely get a reply of “based on your recent orders….”’
Your present is no longer a surprise.
If you look online you can find hundreds of links telling you how to stop Alexa from announcing recent deliveries and showing order history but somewhere a decision was made regarding the importance of your privacy versus the next sale. Alexa errs on the side of helping you with your next purchase and will still spill the beans about what you’ve already bought. While this isn’t a serious oversight, it does illustrate the choices that are made with regards to security. In the abstract, this is a good illustration of how a lot of security depends on the threats you can’t imagine in advance. Who thought a nine year old would phrase the question in this way? I certainly think there’s a ten year old who will trick Alexa into revealing the status of every item on their Christmas list at some point before Christmas.
If people with access to your Alexa haven’t figured out the above trick yet, Amazon suggests adjusting your delivery notifications.
- Log in with your Amazon account.
- Tap More in the bottom right corner >Settings > Notifications > Amazon Shopping
- Under the section titled “Say or show item titles,” turn off “For items in delivery updates”
Depending on where you look, misconfigurations are responsible for anywhere between 33% and 90% of data breaches. We took this oversite on Amazon’s part to discuss the importance of being safe on-line and how easy it is to unintentionally share personal information. Trading security and privacy for convenience should be an explicit choice. And, even if you don’t have complete control, you should control what you can.
Frequently Asked Questions: Smart Speakers and Privacy
What issue does the article raise about smart speakers and surprises?
The article discusses how devices like Alexa (Amazon smart-speakers) can inadvertently spoil surprises—for example, by announcing deliveries or showing items on linked services—particularly around holidays like Christmas.
What settings or steps does the article suggest to avoid spoiling surprises?
It recommends things like:
- Turning off or customizing shopping/delivery notifications for the smart speaker.
- Using gift-delivery options such that items are hidden from linked accounts.
- Managing voice assistant privacy settings so that item titles or purchase confirmations aren’t loudly announced in shared spaces.
- Reviewing device permissions and how linked shopping accounts interact with voice assistants.
Why is this relevant for businesses or home offices?
Though the article is holiday-focused, the broader point is about managing voice-assistant devices, notifications and privacy in any environment. For businesses or home-offices, uncontrolled announcements or device behavior can lead to information leaks, unwanted disclosures or distraction.
What’s the key takeaway from this article?
Be proactive about how voice-assistant devices are configured—especially around shopping, notifications and linkages—to avoid unintended disclosures and preserve privacy and surprise.