Amazon Employees Can Accurately Geo-Locate Alexa Devices

• Many Amazon employees have access to the geo-coordinates of their customers.
• Amazon asks for location permissions to help create a better experience, but employees have access to this information.
• The implications for the privacy of the Alexa users are enormous, as the location tracking can occur in real-time.

When met with the claim that Amazon knows their location, many users of the Echo speaker or the Alexa app would respond “of course they do”. The trouble is, we’re not talking about a cold, silicon-made machine that gathers your location data to deliver “a better experience”, but about hundreds, possibly even thousands of Amazon employees spread all over the world, being able to listen to what you say to Alexa, grab your coordinates, paste them on Maps, and figure out where you are in real time. The possible exploitation potential and the privacy violation goes beyond anything that Alexa users would happily accept if they knew.

According to a Bloomberg report, Amazon’s employees who have signed nondisclosure agreements that prevents them from speaking publicly about this matter have access to Alexa users’ geographic coordinates, and they are talking about exact data, not just the rough approximation that you get from IP addresses for example. Of course, they clarify that Amazon maintains a strict policy for any abuse of the systems that its employees use, but in reality, nothing could stop someone from using these coordinates against an Alexa user, and Amazon wouldn’t even know about it if they did.

The tech-giant gathers information about the location of the Echo speakers so as to answer requests more accurately, and in some cases, correctly. As for the location data from the Alexa app, this is done in relation to “location arrival” events, “ETA calculation”, or “find nearby points” functionality. But with many Amazon employees having access to the users’ geolocation ID, the whole thing becomes a privacy mess, based on the ethical conduct of these workers. When combined with the very recent revelations about Amazon employees curating Alexa’s responses, the whole picture looks even worse.

When that story saw the light, Amazon stated that some employees were indeed listening to thousands of people, helping Alexa understand what they’re saying, however, they didn’t have a way to identify who the person behind the customer ID is. As it seems though, figuring out the location of the device can oftentimes make the process of finding who its owner and user is pretty straightforward. In many cases, users agree to give out all of this data anyway when they set up the Echo device or the Alexa app, so those working in the Alexa Data Services group can see the name, email address, and phone number associated with a customer ID number.

These Bloomberg reports have had some effect on Amazon’s practices as expected, and the company started to obfuscate the customer data that its employees can see in the systems they use. However, there’s still a long way to be walked through, and a company like Amazon shouldn’t wait for such juicy details to go public before they decide to do something about the privacy of their customers.

Are you concerned with the revelations made by the Amazon employees? Will you still be using Alexa-powered devices? Share your thoughts with us in the comments down below, and also on our socials, on Facebook and Twitter.