How to Stop Alexa From Ruining Christmas Surprises

This is a true story of how my 9 year old outsmarted Alexa in an attempt to get a sneak peak into what we are buying ...

Group of children with presents next to the tree celebrating ChristmasThis is a true story of how my 9 year old outsmarted Alexa in an attempt to get a sneak peak into what we are buying from Amazon this Christmas. This is how my son defeated Amazon's OpSec. 



Try this at home out of earshot from anyone you’ve been shopping for.

“Alexa, where can I buy a …..”

You’ll likely get a reply of “based on your recent orders….”’

Your present is no longer a surprise.

If you look online you can find hundreds of links telling you how to stop Alexa from announcing recent deliveries and showing order history but somewhere a decision was made regarding the importance of your privacy versus the next sale.  Alexa errs on the side of helping you with your next purchase and will still spill the beans about what you’ve already bought.  While this isn’t a serious oversight, it does illustrate the choices that are made with regards to security.  In the abstract, this is a good illustration of how a lot of security depends on the threats you can’t imagine in advance.  Who thought a nine year old would phrase the question in this way?  I certainly think there’s a ten year old who will trick Alexa into revealing the status of every item on their Christmas list at some point before Christmas.

If people with access to your Alexa haven’t figured out the above trick yet, Amazon suggests adjusting your delivery notifications.

  1. Log in with your Amazon account.
  2. Tap More in the bottom right corner >Settings > Notifications > Amazon Shopping
  3. Under the section titled “Say or show item titles,” turn off “For items in delivery updates”

Depending on where you look, misconfigurations are responsible for anywhere between 33% and 90% of data breaches.  We took this oversite on Amazon’s part to discuss the importance of being safe on-line and how easy it is to unintentionally share personal information. Trading security and privacy for convenience should be an explicit choice.  And, even if you don’t have complete control, you should control what you can. 

Similar posts