The OPSEC Podcast

The Smart Home Is a Listening Post: Amazon, Google, and the Surveillance You Paid For

24 min · 13. juli 2026
episode The Smart Home Is a Listening Post: Amazon, Google, and the Surveillance You Paid For cover

Description

Most people think of their smart home devices as tools they control. They're not. Echo speakers, Ring cameras, smart TVs, and Google Nest devices are surveillance nodes operated by companies whose business model depends on the data they generate — stored on infrastructure you don't own, accessible to law enforcement through legal channels you didn't agree to, and governed by policies that can change without your consent. In March 2025, Amazon removed the local voice processing option from Echo devices. In February 2026, the FBI recovered footage from a Google Nest camera that had been thought to be offline. This episode documents what each major smart home ecosystem actually does with your data — and what you can do to reduce the exposure. Key Settings to Change Right Now Amazon Echo / Alexa: * Alexa App → More → Settings → Alexa Privacy → Manage Your Alexa Data → enable "Don't Save Recordings" * -Set voice history auto-deletion to 3 months * -Delete voice history manually at: alexa.amazon.com * Alexa App → More → Settings → Account Settings → Amazon Sidewalk → **toggle off** * Do not place Echo devices in bedrooms, home offices, or rooms where sensitive conversations occur Ring: * Ring App → Control Center → Law Enforcement → review and configure sharing settings * For warrant-required camera alternatives: Arlo, Apple Home Camera, Wyze, Eufy (Anker) Smart TVs: * Samsung: Settings → Support → Terms & Policies → disable "Viewing Information Services" * LG:Settings → All Settings → General → Additional Settings → disable "Live Plus" * Vizio: Menu → System → Reset & Admin → disable "Smart Interactivity" * Sony → Settings → Device Preferences → Usage & Diagnostics → disable; also Settings → Apps → See All Apps → SambaTV → disable or uninstall Google Nest * Google Home App → Account → Privacy settings → review recording and storage settings * Enable two-step verification on your Google account * Review and delete camera history in Google Home Home Network Hardening * Segment IoT devices onto a separate network: put all smart home devices (Echo, Ring, smart TVs, thermostats, cameras) on a dedicated network isolated from your computers, phones, and storage. Guest network is the easy entry point; a dedicated IoT VLAN with firewall rules (allow internet, block LAN) is the proper approach. Note: full VLAN segmentation breaks mDNS-dependent integrations (Chromecast, Sonos, HomeKit, Matter) unless you configure mDNS bridging. * Add DNS-level blocking at the router — configure NextDNS or Pi-hole as your router's DNS server to block adtech, tracking, and data broker domains across every device on the network — including smart TVs, Alexa, and Ring — without per-device configuration. * Hardware option: Firewalla — a dedicated network security appliance that plugs between your modem and router. Provides per-device traffic monitoring, DNS-level blocking, intrusion detection, and IoT segmentation through a mobile app. No router replacement required. Two things to do this week. First: find your smart TV's ACR setting and turn it off — five minutes, done. Second: check whether your router supports a separate guest or IoT network. Put your smart home devices on it. That one step limits what a compromised Echo or smart TV can reach on the rest of your network. If you want to go further, add NextDNS or Pi-hole as your router's DNS — fifteen minutes, whole-network coverage without touching a single device setting. None of these are the default. That's not an accident. All the settings and tools are in these notes. Head to OPSECPodcast.com for everything else. Your privacy and your security is your responsibility. ---------------------------------------- Hosted on Acast. See acast.com/privacy [https://acast.com/privacy] for more information.

Comments

0

Be the first to comment

Sign up now and become a member of the The OPSEC Podcast community!

Get Started

1 month for 9 kr.

Then 99 kr. / month · Cancel anytime.

  • Podcasts kun på Podimo
  • 20 lydbogstimer pr. måned
  • Gratis podcasts

All episodes

23 episodes

episode The Smart Home Is a Listening Post: Amazon, Google, and the Surveillance You Paid For artwork

The Smart Home Is a Listening Post: Amazon, Google, and the Surveillance You Paid For

Most people think of their smart home devices as tools they control. They're not. Echo speakers, Ring cameras, smart TVs, and Google Nest devices are surveillance nodes operated by companies whose business model depends on the data they generate — stored on infrastructure you don't own, accessible to law enforcement through legal channels you didn't agree to, and governed by policies that can change without your consent. In March 2025, Amazon removed the local voice processing option from Echo devices. In February 2026, the FBI recovered footage from a Google Nest camera that had been thought to be offline. This episode documents what each major smart home ecosystem actually does with your data — and what you can do to reduce the exposure. Key Settings to Change Right Now Amazon Echo / Alexa: * Alexa App → More → Settings → Alexa Privacy → Manage Your Alexa Data → enable "Don't Save Recordings" * -Set voice history auto-deletion to 3 months * -Delete voice history manually at: alexa.amazon.com * Alexa App → More → Settings → Account Settings → Amazon Sidewalk → **toggle off** * Do not place Echo devices in bedrooms, home offices, or rooms where sensitive conversations occur Ring: * Ring App → Control Center → Law Enforcement → review and configure sharing settings * For warrant-required camera alternatives: Arlo, Apple Home Camera, Wyze, Eufy (Anker) Smart TVs: * Samsung: Settings → Support → Terms & Policies → disable "Viewing Information Services" * LG:Settings → All Settings → General → Additional Settings → disable "Live Plus" * Vizio: Menu → System → Reset & Admin → disable "Smart Interactivity" * Sony → Settings → Device Preferences → Usage & Diagnostics → disable; also Settings → Apps → See All Apps → SambaTV → disable or uninstall Google Nest * Google Home App → Account → Privacy settings → review recording and storage settings * Enable two-step verification on your Google account * Review and delete camera history in Google Home Home Network Hardening * Segment IoT devices onto a separate network: put all smart home devices (Echo, Ring, smart TVs, thermostats, cameras) on a dedicated network isolated from your computers, phones, and storage. Guest network is the easy entry point; a dedicated IoT VLAN with firewall rules (allow internet, block LAN) is the proper approach. Note: full VLAN segmentation breaks mDNS-dependent integrations (Chromecast, Sonos, HomeKit, Matter) unless you configure mDNS bridging. * Add DNS-level blocking at the router — configure NextDNS or Pi-hole as your router's DNS server to block adtech, tracking, and data broker domains across every device on the network — including smart TVs, Alexa, and Ring — without per-device configuration. * Hardware option: Firewalla — a dedicated network security appliance that plugs between your modem and router. Provides per-device traffic monitoring, DNS-level blocking, intrusion detection, and IoT segmentation through a mobile app. No router replacement required. Two things to do this week. First: find your smart TV's ACR setting and turn it off — five minutes, done. Second: check whether your router supports a separate guest or IoT network. Put your smart home devices on it. That one step limits what a compromised Echo or smart TV can reach on the rest of your network. If you want to go further, add NextDNS or Pi-hole as your router's DNS — fifteen minutes, whole-network coverage without touching a single device setting. None of these are the default. That's not an accident. All the settings and tools are in these notes. Head to OPSECPodcast.com for everything else. Your privacy and your security is your responsibility. ---------------------------------------- Hosted on Acast. See acast.com/privacy [https://acast.com/privacy] for more information.

13. juli 202624 min
episode The Confession Booth: How AI Tools Became the Most Effective Data Collection Infrastructure Ever Built artwork

The Confession Booth: How AI Tools Became the Most Effective Data Collection Infrastructure Ever Built

AI assistants have been positioned as productivity tools. Structurally, they are the most sophisticated data collection interfaces ever built — ones that convince users to voluntarily disclose their most sensitive information in the form of natural language conversation. This episode covers what ChatGPT, Gemini, and Copilot actually do with your data, the corporate exposure epidemic (77% of employees are transmitting sensitive data to AI tools), how AI has supercharged the data broker industry through psychographic inference, and the government access problem that no privacy setting can fully solve. Key Stats - 4% of AI prompts and 20% of file uploads contain sensitive information (Harmonic Security, 2025) - 3 million sensitive records exposed per organization by GenAI tools in H1 2025 - 77% of enterprise employees leak sensitive data via AI tools - 67% of AI tool interactions happen on personal accounts IT cannot monitor - 802,000 files at risk per organization in Microsoft 365 environments (Copilot access surface) - 16% of business-critical Microsoft 365 data is overshared - Psychographic AI inference: 70%+ accuracy predicting political, religious, psychological traits from behavioral data - OpenAI privacy audit score: 48/100 (Grade D), 2026 Settings to Change Right Now: - ChatGPT: Settings → Data Controls → disable "Improve the model for everyone" - ChatGPT: Settings → Personalization → Manage Memory → audit and delete stored facts - ChatGPT: Use Temporary Chat for sensitive queries - Gemini: myaccount.google.com → Data & Privacy → Gemini Apps Activity → turn off - Copilot: Microsoft account privacy dashboard → review AI data settings Key Takeaways - AI interfaces are designed with conversational warmth specifically because it increases disclosure — that design is a data collection strategy - Deletion does not guarantee destruction: the May 2025 federal court order proved ChatGPT "deleted" conversations can be preserved under legal hold - Default on every major AI platform is collection; opt-out requires navigating settings most users don't know exist - The corporate exposure problem is structural — 67% of AI usage happens on personal accounts IT cannot see - AI psychographic inference manufactures sensitive personal data from behavioral signals — no explicit disclosure required - Privacy-respecting alternatives exist: Confer and Lumo for cloud AI, Ollama for local maximum-security work - Three-tier framework: Confer or Lumo → Ollama for sensitive work → commercial platforms only when the trade-off is consciously accepted Every prompt you type into ChatGPT, Gemini, or Copilot is a data transmission you didn't think of as one. The lawyer who pasted in the brief. The HR director who described the investigation. The founder who uploaded the cap table. None of them made a mistake by their own understanding — but they all made one. Stop treating AI interfaces as private spaces. They are not. Use the tools that were actually built to be — and make that decision before the conversation you can't afford to have retained. Your privacy and your security is your responsibility. ---------------------------------------- Hosted on Acast. See acast.com/privacy [https://acast.com/privacy] for more information.

29. juni 202627 min
episode Know Your Threat Level: GrapheneOS vs. SovereignOS — Which One Should You Actually Be Running? artwork

Know Your Threat Level: GrapheneOS vs. SovereignOS — Which One Should You Actually Be Running?

SovereignOS is a fork of GrapheneOS — Spicy Corp took the gold standard of open-source mobile security and gave it what they call "the Shelby treatment." Like Carroll Shelby re-engineering the Mustang into the GT350, they stripped attack surfaces at the kernel level, replaced stock Google branding, and added operational capabilities GrapheneOS was never designed to include. This episode covers what each system actually does, where each has the edge, and the three-tier decision framework for choosing the one that matches your real threat level. Key Resources * GrapheneOS — Official Site & Web Installer (https://grapheneos.org [https://grapheneos.org]) * GrapheneOS Features Overview (https://grapheneos.org/features [https://grapheneos.org/features]) * GrapheneOS Installation Guide (Web Installer) (https://grapheneos.org/install/web [https://grapheneos.org/install/web]) * SovereignOS — Spicy Corp (https://spicycorp.com [https://spicycorp.com/]) * GrapheneOS in 2026: An Honest Review — Noctis Privacy (https://noctisprivacy.com/blog/grapheneos-review-2026 [https://noctisprivacy.com/blog/grapheneos-review-2026]) * GrapheneOS Advanced Privacy Features Guide 2026 (https://www.live-laugh-love.world/blog/grapheneos-advanced-privacy-features-guide-2026/ [https://www.live-laugh-love.world/blog/grapheneos-advanced-privacy-features-guide-2026/]) * GrapheneOS vs. SovereignOS: The Shelby Treatment for Secure Phones — Spicy Corp (https://spicycorp.com/2025/07/10/grapheneos-vs-sovereign-os-the-shelby-treatment-for-secure-phones/ [https://spicycorp.com/2025/07/10/grapheneos-vs-sovereign-os-the-shelby-treatment-for-secure-phones/]) * SovereignOS Phone — Product Page (Spicy Corp) (https://spicycorp.com/product/sovereignos-phone/ [https://grapheneos.org/install/web]) The Three-Tier Decision Framework * Tier 1 — Surveillance Capitalism: GrapheneOS. Free, open source, eliminates Google tracking, hardened exploit mitigations. * Tier 2 — Elevated Targeting: GrapheneOS with hardened configuration; consider SovereignOS if facing realistic device seizure risk. * Tier 3 — Active Adversarial Engagement: SovereignOS. Anti-forensics, covert identity management, silent SMS detection, security temperature modes. GrapheneOS Key Capabilities * Hardened memory allocator (defeats heap corruption exploit classes) * MTE hardware memory safety (Pixel 8+) * Per-app network and sensor permissions * Storage Scopes (granular file access control) * Vanadium hardened browser * Sandboxed Google Play (optional) * Full open-source codebase — fully auditable * Free SovereignOS Key Capabilities * Fork of GrapheneOS — inherits the full GrapheneOS security foundation, then adds operational layer * USB data and developer options removed at the kernel level (not disabled — removed) * All telemetry endpoints stripped, including "anonymous" ones * PIN-to-profile routing (covert identity management, hidden profile switcher) * Private Space — hidden app container, separate from profile routing * Sentry — dedicated tool protecting against unauthorized access attempts * Comms Installer — provisions secure comms stack (Signal, SimpleX, Element) at install from developer sources * Multiple wipe triggers: USB connect, Faraday detection, inactivity, failed unlock, duress password (silent wipe — no "ERASING" text) * Silent SMS detection (Type 0 / flash SMS — not available in stock GrapheneOS) * GPS location spoofing / network fingerprint masking * Security temperature modes (Mild / Medium / Hot — one slider, 30+ settings) * Stealth branding — stock Google boot animation, no custom OS identifiers visible * ATAK plugin support / Meshtastic compatibility * Explicit threat defenses: Pegasus, NoviSpy, stalkerware, RATs, banking trojans, rootkits, zero-days * Hardware: Pixel 8 through Pixel 10 series (10 models supported) * $249.99–$299.99 BYOD, one-time no subscription — spicycorp.com If you are still running stock Android as a daily driver, it's time to level up! Everyone benefits from GrapheneOS. Some require the high performance of SovereignOS. It is time to get serious and make a decision, because your privacy and your security is your responsibility. ---------------------------------------- Hosted on Acast. See acast.com/privacy [https://acast.com/privacy] for more information.

15. juni 202642 min
episode COVERT Protocol Action #10: Segment your Online Personas artwork

COVERT Protocol Action #10: Segment your Online Personas

Deliberately create separate digital identities or “personas” for different parts of your online life so that your personal information, behavior, and interactions don’t all link back to a single profile. This reduces linkage between activities (shopping, social, work, banking, etc.), limits how much data ad networks and trackers can build about you, and helps contain exposure if one profile is compromised. Creating segmented personas also supports pseudonymization (using alternative identities instead of your real personal details) to minimize privacy risk. Steps to Segment your Online Personas: 1. Define your primary digital roles, ie personal, work, banking. 2. Create unique contact identifiers for each persona, Name, location, email, login credentials. 3. Use alias tools to manage identities, ie MySudo, Cloaked, etc. 4. Maintain compartmentalization, ie Separate browsing contexts, computer profiles, or devices. 5. Review regularly and update as needed. Recommended tools: MySudo - lets you create multiple distinct Sudos (digital profiles) with separate email, phone, and payment details so you can use a different identity for each online purpose without exposing your real contact information. Cloaked - generates unique alias identities (email, phone number, and contact info) for each online service so your real personal details aren’t shared or tracked, helping compartmentalize your online presence. IronVest - privacy-centric browser extension and masking tool that helps block trackers and pseudonymize interactions (including generating proxy info), making it easier to separate and protect different online personas. ---------------------------------------- Hosted on Acast. See acast.com/privacy [https://acast.com/privacy] for more information.

1. juni 20266 min
episode COVERT Protocol Action #9: Harden your Home Network artwork

COVERT Protocol Action #9: Harden your Home Network

Strengthen your home network so that your router and connected devices are resilient against attacks, unauthorised access, and privacy invasions. This includes upgrading to more secure firmware, encrypting local and internet traffic, and creating network-level protections that block unwanted connections while allowing only legitimate ones. A hardened home network reduces the risk of compromise for all devices connected to it. Steps to Harden Your Home Network: 1. Upgrade your router firmware or hardware: Replace or upgrade your existing router with one that supports secure, up-to-date, customizable firmware such as OpenWRT, which provides advanced security features, more frequent updates, and strong configuration options compared to many stock router firmwares. 2. Enforce strong Wi-Fi encryption: On your router (especially one running OpenWRT), enable current security standards such as WPA3 or at least WPA2 for wireless networks. Older unsecured modes greatly increase vulnerability to eavesdropping. 3. Set strong administrative credentials: Change the default router admin password to a unique, strong passphrase and disable remote administration over the internet. Default credentials are easily discovered and exploited. 4. Configure network-level VPN: Install and configure a VPN connection at the router level so that all traffic leaving your home network is encrypted and protected from eavesdroppers on public networks and your ISP. Router-level VPN ensures devices that don’t natively support VPN software still benefit from encrypted internet traffic. 5. Segment your network: Create separate network segments or VLANs for trusted devices, guests, and IoT devices so that a compromise in one segment (e.g., insecure IoT) does not easily spread to other critical devices. Recommended tools: OpenWRT routers - GL.iNet Flint 3 (GL-BE9300) - Tri-band Wi-Fi 7 Home Router GL.iNet Slate 7 (GL-BE3600) - Dual-band Wi-Fi 7 Travel Router ---------------------------------------- Hosted on Acast. See acast.com/privacy [https://acast.com/privacy] for more information.

18. maj 20268 min