A new study by Washington University in St. Louis has found that Amazon Echo smart speakers collect a vast amount of data about users’ interactions with the device. This includes what they ask Alexa, what music they listen to, and what products they purchase. The data is then used to infer users’ interests and target them with personalized ads.
The study’s authors, led by Umar Iqbal, an assistant professor of computer science and engineering at the McKelvey School of Engineering at Washington University in St. Louis found that Amazon does not clearly disclose this practice in its privacy policy.
It wasn’t until after the study’s preprint was released that Amazon updated its privacy policy to include a mention of using smart speaker interaction data for ad targeting. The study also found that Amazon shares this data with a large number of third-party advertisers, who can then use it to target users with even more ads, both on and offline.
The researchers devised an audit framework. They created multiple personas, each expressing specific interests, which interacted with various Echo devices. By monitoring network traffic and tracking the advertisements targeting each persona, the researchers uncovered that up to 41 advertisers share user data with Amazon. Amazon then cascades this information to 247 other third parties, including advertising services.
Additionally, Amazon failed to openly communicate that smart speaker interactions are used for profiling and ad targeting in its privacy policies and disclosures. However, following the release of the research findings, Amazon updated its privacy guidelines to include this information.
The sources for this piece include an article in Techxplore.
