Connect with us

Latest News

Spotify stays quiet about launch of its voice command ‘Hey Spotify’ on mobile

Published

on

In 2019, Spotify began testing a hardware device for automobile owners it lovingly dubbed “Car Thing,” which allowed Spotify Premium users to play music and podcasts using voice commands that began with “Hey, Spotify.” Last year, Spotify began developing a similar voice integration into its mobile app. Now, access to the “Hey Spotify” voice feature is rolling out more broadly.

Spotify chose not to officially announce the new addition, despite numerous reports indicating the voice option was showing up for many people in their Spotify app, leading to some user confusion about availability.

One early report by GSM Arena, for example, indicated Android users had been sent a push notification that alerted them to the feature. The notification advised users to “Just enable your mic and say ‘Hey Spotify, Play my Favorite Songs.” When tapped, the notification launched Spotify’s new voice interface where users are pushed to first give the app permission to use the microphone in order to be able to verbally request the music they want to hear.

Several outlets soon reported the feature had launched to Android users, which is only partially true.

As it turns out, the feature is making its way to iOS devices, as well. When we launched the Spotify app here on an iPhone running iOS 14.5, for instance, we found the same feature had indeed gone live. You just tap on the microphone button by the search box to get to the voice experience. We asked around and found that other iPhone users on various versions of the iOS operating system also had the feature, including free users, Premium subscribers and Premium Family Plan subscribers.

The screen that appears suggests in big, bold text that you could be saying “Hey Spotify, play…” followed by a random artist’s name. It also presents a big green button at the bottom to turn on “Hey Spotify.”

Once enabled, you can ask for artists, albums, songs and playlists by name, as well as control playback with commands like stop, pause, skip this song, go back and others. Spotify confirms the command with a robotic-sounding male voice by default. (You can swap to a female voice in Settings, if you prefer.)

Image Credits: Spotify screenshot iOS

This screen also alerts users that when the app hears the “Hey Spotify” voice command, it sends the user’s voice data and other information to Spotify. There’s a link to Spotify policy regarding its use of voice data, which further explains that Spotify will collect recordings and transcripts of what you say along with information about the content it returned to you. The company says it may continue to use this data to improve the feature, develop new voice features and target users with relevant advertising. It may also share your information with service providers, like cloud storage providers.

The policy looks to be the same as the one that was used along with Spotify’s voice-enabled ads, launched last year, so it doesn’t seem to have been updated to fully reflect the changes enabled with the launch of “Hey Spotify.” However, it does indicate that, like other voice assistants, Spotify doesn’t just continuously record — it waits until users say the wake words.

Given the “Hey Spotify” voice command’s origins with “Car Thing,” there’s been speculation that the mobile rollout is a signal that the company is poised to launch its own hardware to the wider public in the near future. There’s already some indication that may be true — MacRumors recently reported finding references and photos to Car Thing and its various mounts inside the Spotify app’s code. This follows Car Thing’s reveal in FCC filings back in January of this year, which had also stoked rumors that the device was soon to launch.

Spotify was reached for comment this morning, but has yet been unable to provide any answers about the feature’s launch despite a day’s wait. Instead, we were told that they “unfortunately do not have any additional news to share at this time.” That further suggests some larger projects could be tied to this otherwise more minor feature’s launch.

Though today’s consumers are wary of tech companies’ data collection methods — and particularly their use of voice data after all three tech giants confessed to poor practices on this front — there’s still a use case for voice commands, particularly from an accessibility standpoint and, for drivers, from a safety standpoint.

And although you can direct your voice assistant on your phone (or via CarPlay or Android Auto, if available) to play content from Spotify, some may find it useful to be able to speak to Spotify directly — especially since Apple doesn’t allow Spotify to be set as a default music service. You can only train Siri to launch Spotify as your preferred service.

If, however, you have second thoughts about using the “Hey Spotify” feature after enabling it, you can turn it off under “Voice Interactions” in the app’s settings.

Lyron Foster is a Hawaii based African American Musician, Author, Actor, Blogger, Filmmaker, Philanthropist and Multinational Serial Tech Entrepreneur.

Latest News

Echelon exposed riders’ account data, thanks to a leaky API

Published

on

Image Credits: Echelon (stock image)

Peloton wasn’t the only at-home workout giant exposing private account data. Rival exercise giant Echelon also had a leaky API that let virtually anyone access riders’ account information.

Fitness technology company Echelon, like Peloton, offers a range of workout hardware — bikes, rowers, and a treadmill — as a cheaper alternative for members to exercise at home. Its app also lets members join virtual classes without the need for workout equipment.

But Jan Masters, a security researcher at Pen Test Partners, found that Echelon’s API allowed him to access the account data — including name, city, age, sex, phone number, weight, birthday, and workout statistics and history — of any other member in a live or pre-recorded class. The API also disclosed some information about members’ workout equipment, such as its serial number.

Masters, if you recall, found a similar bug with Peloton’s API, which let him make unauthenticated requests and pull private user account data directly from Peloton’s servers without the server ever checking to make sure he (or anyone else) was allowed to request it.

Echelon’s API allows its members’ devices and apps to talk with Echelon’s servers over the internet. The API was supposed to check if the member’s device was authorized to pull user data by checking for an authorization token. But Masters said the token wasn’t needed to request data.

Masters also found another bug that allowed members to pull data on any other member because of weak access controls on the API. Masters said this bug made it easy to enumerate user account IDs and scrape account data from Echelon’s servers. Facebook, LinkedIn, Peloton and Clubhouse have all fallen victim to scraping attacks that abuse access to APIs to pull in data about users on their platforms.

Ken Munro, founder of Pen Test Partners, disclosed the vulnerabilities to Echelon on January 20 in a Twitter direct message, since the company doesn’t have a public-facing vulnerability disclosure process (which it says is now “under review”). But the researchers did not hear back during the 90 days after the report was submitted, the standard amount of time security researchers give companies to fix flaws before their details are made public.

TechCrunch asked Echelon for comment, and was told that the security flaws identified by Masters — which he wrote up in a blog post — were fixed in January.

“We hired an outside service to perform a penetration test of systems and identify vulnerabilities. We have taken appropriate actions to correct these, most of which were implemented by January 21, 2021. However, Echelon’s position is that the User ID is not PII [personally identifiable information,” said Chris Martin, Echelon’s chief information security officer, in an email.

Echelon did not name the outside security company but said while the company said it keeps detailed logs, it did not say if it had found any evidence of malicious exploitation.

But Munro disputed the company’s claim of when it fixed the vulnerabilities, and provided TechCrunch with evidence that one of the vulnerabilities was not fixed until at least mid-April, and another vulnerability could still be exploited as recently as this week.

When asked for clarity, Echelon did not address the discrepancies. “[The security flaws] have been remediated,” Martin reiterated.

Echelon also confirmed it fixed a bug that allowed users under the age of 13 to sign up. Many companies block access to children under the age of 13 to avoid complying with the Children’s Online Privacy Protection Act, or COPPA, a U.S. law that puts strict rules on what data companies can collect on children. TechCrunch was able to create an Echelon account this week with an age less than 13, despite the page saying: “Minimum age of use is 13 years old.”

Continue Reading

Latest News

Casualties Mount As Violence Intensifies Between Hamas, Israel

Published

on

Israel has called up more troops and launched its heaviest assault yet along the Gaza border. Seven people in Israel have been killed. Losses are much higher on the Palestinian side.

Continue Reading

Latest News

Palestinian Perspective: What The Conflict With Israel Looks Like From Gaza

Published

on

NPR’s Steve Inskeep talks to Omar Shaban, founder of a Gaza-based think tank, and Palestinian lawyer Diana Buttu, about how this cycle of Palestinian-Israeli violence plays out in their neighborhoods.

Continue Reading

Trending

Copyright © 2020 Latin America Business News

en_USEnglish