I was intrigued about how Alexa listened, the potential for false positives and what was recorded. This was done over Xmas and the results leave me with more questions.

FireTV was used on its own segregated LAN. Due to the sheer volume of data this device consumes and pushes, doing deep packet analysis is tricky. The wake words are said to be "Alexa, Echo, Amazon, and Computer"

So here is where it gets ugly. Unlike the Echo and other devices, you can't turn off Alexa for the FireTV. Ok no worry right? they don't listen all the time, they say you have to press the button.

But actually that doesn't seem to be entirely true. Here is a sample of voice data sent from the device to the cloud. Opening the tab allows you to hear what was recorded but actually it's less than a second. This happened a LOT, with no button presses.

This device listens all the time, yet many are unaware of this. I was surprised at the volume of recordings captured from the device, at all times of the day even when we were asleep (no wake word, no press)

So the inquisitive side of me thinks, well I'd love to know what the wake commands were? Surely these are captured right? They won't give this as they don't know, which I'm calling bullshit on.

I'm not surprised at the invasiveness of the device or Amazon but, I needed to prove

that it was happening and at what scale. Because you can't turn Alexa off, and we do actually use the FireTV, the next logical option is to desolder the microphone (ill document this process).

Amazon needs to be a lot more transparent here. amazon.co.uk/gp/help/custom…

They make it sound like they've the brightest minds looking into this, and I'm sure they do, but I want to know WHAT wake words were triggered and how long was it recorded for. Why isn't this possible @AmazonHelp

@AmazonHelp Furthermore, they've also been rather clever with how they tell you this for the FireTV. On the dedicated Fire device privacy page, Alexa is mentioned twice and then you need to go to this page with no Fire reference

amazon.co.uk/gp/help/custom…

Ze rabbit hole, she is deep.
The remote is the listening device. It uses a MSP430F5435A ti.com/product/MSP430… that offloads voice via BT to the earSmartTM es305 for processing

The power consumption needed to run the chip all the time to listen would render your batteries dead pretty quickly, but that doesn’t explain how it listens for the wake words.

Oh how I do so love guilt messages. if you turn this off, IT WILL BURN!! think of the kids. It's time to request my full data dump

This is not a datasheet

Kids done at swimming so it's home schooling time boys. Today's lesson is how to make electronics that listen to you. Ooh what's that? Nice tag

Well hello.. nicely designed with the ozmo 2000 WiFi PAN soc

A lot of unpopulated bits too

Ok so it might be possible to intercept what the mic is recording before it it sent to Amazon for processing.. I'll need to consult my Yoda but..

One wonders what they had planned for these unpopulated bits in red? Then BON100-109 pads jump out at me (in yellow)

BON being bed of nails used to test all is well at the factory.

And here is where I could do it. The WM8904 is a high performance, ultra low power stereo codec but more importantly up to three stereo microphone or line inputs may be connected. .

Bollocks, she just caught on that it's our remote I've taken apart and my track record of putting stuff back right is sketchy it seems..

The mother of my children shouldnt use words like that imho

I've been told if the remote doesn't work come bedtime, I'm walking with a bad limp. Honestly I'm trying to help and I get no support

Ok sketch done. The ozmo2000 is an impressive SoC. Also PZ418 keypad scan offers 18 general input outputs. This I assume for the switches.

The more I read the WM8904 datasheet, the more I realise the potential. Could I add a headphone jack? Could it be that simple?

Now this intrigues me. Pairing option between stick and device?

Pah what does she know???? All went back together and only a slight change to design, nothing super glue won't solve.

She of little faith. /Me struts

From someone who knows a lot more than me

"I would put a logic analyser on the pins labelled along the bottom... from SCLK/SDA through to 'DACDAT"

ADCDAT being the juicy one

I bet she feels silly now.. look it works dear.

/Me does the Carlton dance

Cool thing is neighbour just donated their one as they don't use it

So thats a gen 1 and actually if you are after a privacy option, this would be the one as there is no microphone.

Powered by Arm Cortex-M4 32-bit and Broadcom BCM20730, the latter giving you on-chip support for common keyboard and mouse interfaces (your buttons on the remote) and most important Bluetooth

@gavelder just said, you can use the gen 1 (or basic as Amazon market it) with the more powerful gen 3 stick.

amazon.co.uk/Fire-TV-Stick-…

This gives you the video processing power but without Jeff sitting next to you when you are being sworn at.

PSA: the basic fire remote doesn't come apart easily at all. She was right, sometimes I don't put stuff back together. Oh well I guess this can be breadboard material

Thanks to @cybergibbons and @jamesoff, we now understand more about Frustration-Free Setup and how your Wi-Fi passwords are sent and stored for future use. developer.amazon.com/docs/frustrati…

This is enabled by default, so many might want to check this and disable

@cybergibbons @jamesoff Rabbit hole HAI. So this RFID tag was underneath the casing and could be used for supply-chain tracking but that just makes me want to see what and how and so on...

X-ray time didn't show much, mostly because of the size. Still, one never needs an excuse to X-ray stuff.

Ok Microscope time, old eyes and all that. Trying to get it read using our trusty Chameleon failed