Bill Bennett


Tag: security

Technology has never been riskier. There are holes everywhere and ratbags only too keen to exploit them. Keeping informed about threats and issues is the key to staying safe online.

Alexa, Amazon’s smart speaker, not winning friends

If you got an Amazon Echo smart speaker this Christmas, there’s a good chance you lost interest in the device and the Alexa voice technology before the holidays ended.

At Bloomberg, Priya Anand writes:

Each holiday season since 2015, has counted on selling a lot of its Alexa voice-controlled smart speakers. For almost as long, it has known that the devices have had trouble holding customers’ attention even into January. 
According to internal data, there have been years when 15 to 25 percent of new Alexa users were no longer active in their second week with the device.
Only two-thirds of Echo owners use their device every week. That figure drops to around a half for the number of Echo Dot owners who use their device every week.

Smart speaker growth phase is over

While Amazon smart speaker sales have been strong in recent years, the same internal data suggest the growth phase is over. Amazon estimates speaker sales will grow at 1.2 percent over the next few years.

There are two reasons smart speakers have not been the smash hit product that companies like Amazon expected.

First, people worry about their privacy with always-on speakers listening to every conversation.

This is not a vague, unfounded suspicion. Stories have emerged of Amazon employees listening to private conversations between people close to smart speakers.

Amazon’s high profile missteps in this area that confirm people’s fears.

Meanwhile it feels creepy to have a computer eavesdrop on a conversation only to suggest a range of Amazon products based on what was said.

Surveillance capitalism is less welcome than Amazon assumes.

Less useful than buyers expect

The second reason people turn away from smart speakers is they aren’t as useful as the companies pushing the technology would have you think.

Everyone who has dabbled with smart speakers1 will have noticed devices wrongly interpreting speech as commands. The technology is clever, but it is far from foolproof.

Moreover, people don’t do much with their smart speakers. Many play music and do nothing else. Amazon’s Echo speakers are not always the best devices for doing that. They can be unreliable, your experience may be different.

Others might set a timer while they boil eggs or tell the speaker to turn on the lights.

Early days

Yes, it is early days. And yes, other smart speaker brands follow different paths.

Take, say, Apple’s HomePod Mini. It is not likely to suggest grocery purchases because it overheard you rowing with your significant other.

Part of the problem is the smart speaker hardware format. Computers, phones and tablets come with screens and input methods, including keyboards and touch, that let you explore possibilities.

Exploration is a tiresome process with a smart speaker.

Did you know?

Amazon tried getting Alexa to suggest functions to owners: “Did you know you can do this with Alexa?”

For many users the initial reaction was “how do I turn the suggestions off?”

There are cases where these constant, nagging suggestions have caused users to unplug the device.

Big plans for Alexa

Amazon had big plans for Alexa. It still does. Or would do if customers would only do what they are told.

Smart speakers are at the stealth end of surveillance capitalism. They record what people say, collect information, build more complex profiles, then channel lucrative sales leads back to Amazon to help the company sell more and more products.

Or as the company might express that: Alexa helps deepen relationships with customers.

More than a speaker

Alexa is about more than smart speakers. It comes pre-installed on other devices. Many new headphones and earbuds come with technology to enable Alexa or its rival voice systems.

At Stacy on IoT, Kevin C. Tofel reports Amazon planned to flood the market with low-cost speakers at a loss, then make money when people use the device to buy from the company.

That’s an established business model. Amazon is rich enough to lose a bundle on seeding speakers that never stay in use long enough to channel shoppers to its online checkouts.

The fact that when that happens, Alexa then nags the customer to leave a review on the Amazon website will accelerate Echo speaker unplugging.

Who wins most from Alexa?

Like the suggestions mentioned earlier, this is all about benefiting Amazon, not the customer.

We know Amazon’s model works, but it puts sales at the centre of its operations, not customer needs.

Over time this gets tiresome.

A different business model

In contrast Apple operates a different business model. For a start, it doesn’t lose money every time someone buys a speaker.

Apple’s goal is to sell hardware and wrap you further into its walled garden where you can buy lucrative value-added services.

Amazon has the resources and motivation to fix these smart speaker problems, yet it is hard to know where it can go in the short term. It finds abusing that business model is far too tempting and that tests customers’ patience with the technology.


Alexa is one part of Amazon’s assault on privacy. The company’s Ring home surveillance system and the Halo wearable band are as intrusive. They are the thin end of the wedge. Amazon plans to sell drones and autonomous surveillance robots.

These tools would be bad enough if their sole purpose was to build a fuller profile and sell you Amazon products and services.

Yet Amazon is sloppy about security. That should not come as a surprise. The company doesn’t value privacy, hence it doesn’t waste resources on protecting something it considers worthless.


Criminals regularly break into Amazon Ring cameras. It would be prudent to consider the possibility the other surveillance products are either compromised or soon will be.

Amazon works hard to lobby against privacy legislation around the world. It has vast resources to pour into this campaign.

All of which goes to explain why Amazon persists with Alexa and its Echo smart speakers despite losing money on sales and customers turning away from the technology.

*Normally a blog post like this attracts plenty of “I’m happy with…” comments from readers. Feel free to add yours. *

  1. The same logic applies to phone or PC-based versions of the technology. That would be Apple’s Siri or Google Assistant. Microsoft no longer pushes Cortana but that now turns up in the company’s enterprise products and services. ↩︎

Sky cost cutting delivers, Vodafone drops TV

Sky cost cutting delivers profit upgrade

Sky doubled its profit guidance for the 2022 financial year.

The broadcaster, and now broadband service provider, says it has found significant cost savings that won’t impact on the service it provides.

Previously Sky told the market it was on track to make a profit of between $17.5 and $27.5 million this year. That’s been upgraded to between $40 and $48 million, in effect doubling its profit.

The company’s EBITDA, Earnings before interest, taxes, depreciation and amortisation is now expected to climb from $115–130 million to $150–160 million.

Sky’s turnaround follows a company wide cost review. The company expects to save an extra $35 million in operating costs this financial year, this includes $26 million of recurring cost reduction and a $9 million one-off saving.

In future years this will amount to $40 to 45 million of savings each year.

Despite this, Sky says it will deliver more hours of programming.

One area of cost saving was to continue the practice of using local sports commentary for overseas coverage of events. In the past Sky would send its own crew overseas. The company stopped this practice because of Covid, and now plans to continue with it.

Telco complaints fall by a third

The Telecommunications Dispute Resolution service saw a 31 percent drop in enquiries in 2021. Fairway, the business managing the service, received a total of 1940 enquiries.

Billing remains the main cause of concern with customers disputing charges on invoices. Customer serves is the second biggest complaint with users telling the resolution team telcos failed to follow up requests or keep them informed.

There was a huge increase in complaints about service interruption, up 658 percent on a year earlier. Many were about congestion meaning customers did not see expected speeds or about dropped connections.

Fairway says the drop in enquiries was helped by a number of Covid related measures put in place by telcos. These include a moratorium on referring accounts to debt collectors and extended payment terms.

Fewer enquiries meant fewer complaints went through to the formal dispute resolution stage. The service resolved 1961 cases during the year, nearly all of these were dealt with at an early phase.

Customer service tops ComCom todo list

The Commerce Commission says it will prioritise work on improving customer service. The move comes after a Commission poll that found half of all consumers want the regulator to do more to fix poor customer service.

The poll asked consumers for feedback on a range of issues and will be used to help plan the Commission’s work in the telecommunications sector.

Common customer service complaints include long waiting times, multiple transfers and poor record keeping.

Around one in five consumers wants the commission to focus on product disclosure practices and one in ten wants the regulator to look at billing, debt and affordability.

Telecommunications Forum CEO Paul Brislen says the guidance from the Commerce Commission means the industry body can prioritise its work over the next year.

Pulling the plug on Vodafone TV

Vodafone says it plans to switch off its Vodafone TV service. The service will stop on September 30 next year.

The company says it is giving customers nine months notice to help them make a smooth transition to an alternative service.

Vodafone TV launched in 2017 as a joint project with Sky TV. The company says it will now work with Sky to help move its customers across to that company’s services.

It will be interesting to see how the relationship between Vodafone and Sky develops now Sky is a broadband service provider.

Thinxtra, Tether build IoT tools for managing Covid risk

Australian IoT business Thinxtra is working with New Zeland’s Tether to work on projects tackling the Covid risk in public buildings. The pair will use Thinxtra’s low-power wide area network for a system monitoring indoor air quality at places like schools, aged care facilities and commercial buildings.

Aura: Ransomware, not if but when

Research conducted by Aura Information Security, part of Kordia, says 55 percent of New Zealand businesses saw ransomware attacks in the last year.

Two-thirds of those companies managed to fix the problem before significant damage was done. The other third did not.

Hilary Walton, Kordia Group’s chief information security officer says: “Ransomware is a matter of when, not if, for New Zealand businesses. While it’s not a new threat, cybercriminals have perfected the way they target and breach their victim’s networks.”

Opensignal: 5G users seeing fast download speeds

A report from Opensignal says the average download speed for 5G users is 240.7Mbps. This compares with an average of 41.9Mbps for 4G mobile users. This puts New Zealand in the top 15 countries for 5G download speeds.

The report goes to great pains to spell out the performance difference between 5G mobile and Wi-Fi speeds.

It says Wi-Fi is on average 21 percent faster than 4G, while 5G is close to five times the speed of Wi-Fi. Yet Opensignal says games players get much the same experience on 5G and Wi-Fi.

Telcos sponsoring Rugby teams

Tuatahi First Fibre has signed to be a sponsor of the Gallagher Chiefs Rugby Club.

As part of the deal it will become the official broadband fibre infrastructure network for the club. That’s a curious choice of words given TFF is the monopoly fibre infrastructure network in the Hamilton area where the club is located.

The TFF brand will feature on the club’s training jersey.

Meanwhile 2degrees is the sponsor and “exclusive telecommunications partner” of all four Super Rugby Aupiki teams in the woman’s professional club competition.

The telco’s logo will feature on jerseys and on the jersey’s of New Zealand’s five Super Rugby teams where it also has a sponsorship agreement.

‌In case you missed it: In the first part of this week’s RNZ Nine to Noon technology segment I talk to Kathryn Ryan about the work done over the last year to fill in gaps on the telecommunications network.

The Download 2.0 is a free weekly wrap up of New Zealand telecommunications news stories published every Friday.

All it requires is an email address. Your address is only used to send out the newsletter. It will not be sold to anyone.

I’m not collecting the data for anything other than sending out the newsletter. You name isn’t going to be sold anywhere.


* indicates required

Multi-Factor Authentication: Better with Apple

I’ve written a backgrounder on multi-factor authentication at the Network for Learning blog. It’s written for teachers and people working in the educational sector, which means it’s accessible for non-technical readers.

You’ll see 2FA when you use popular online sites and services. Google’s G Suite for Education uses it. You’ll see it when you use Gmail, Apple or Microsoft cloud services.

There are a couple of points the N4L blog post doesn’t make, mainly in the interest of keeping things simple and not taking sides.

Easier with Apple

The first is that multi-factor or two-factor Authentication is much easier if you live in Apple’s world. When you get a txt confirmation during the sign-in process on your iPhone, your Mac or iPad will automatically insert this on the web page, there’s nothing else to do.

Apple calls this feature ‘continuity‘.

There is no racing to copy the code down, no risk of mistyping those codes.

It makes multi-factor authentication frictionless. That’s good, because you are more likely to use it and not be tempted to avoid it.

At the time of writing there is no direct comparison for this if you choose to work with Windows and Android devices. While some geekier types do have workarounds, they are far from frictionless and are too complex for everyday users to master.

Safer option

This level of integration and convenience is often overlooked by Apple’s critics, but it saves time and keeps you safer.

Likewise, biometric log-ins are dependent on your hardware choices. In this case it is far wider than Apple. Not every brand of phone or computer deals well with fingerprint or face recognition.

There are workarounds, but it is worth checking on the biometric options before you buy a laptop or a phone. You may pay a little more for a device with face recognition or a fingerprint reader. It’s worth it.

Enable move sees Christchurch join 300mbps party

More New Zealanders will get a fast fibre upgrade as Enable joins Chorus in moving base speeds to 300mbps. 

Christchurch users to get fibre speed bump

Enable, the fibre company serving Christchurch, is following Chorus and upgrading customers to 300mbps. The company says the upgrades could start on December 1 although that depends on retail service providers.

The upgrade could affect up to 90,000 homes in the Enable fibre area. That’s the number that are currently on 100 or 200mbps plans.

Customers on upgraded plans will be able to upload data at 100mbps.

Enable Chief Executive, Johnathan Eele says his company’s customers use around 500GB of data each month. That’s a rise of 33 percent from a year ago.

In August Chorus announced it would replace 100mbps lines with 300mbps lines at no additional cost to customers. The company is still working through the process with retail service providers but expects some upgrades to happen before Christmas.

The move will help shore-up fibre’s competitive position against fixed wireless broadband and low earth orbit satellite services in areas where the technologies compete.

Fewer telco complaints in early 2021

A report from the Telecommunications Dispute Resolution service says it received fewer customer complaints and enquiries in the first half of 2021 compared with a year earlier.

The number of complaints was down 24 percent to 935. Almost all these cases (98 percent) were resolved or closed directly after initial assistance from the TDR. The remainder either went to facilitation and mediation or required the organisation to make a decision.

Pace, sophistication of cyber attacks increasing

The National Cyber Security Centre’s annual Cyber Threat Report says the number of serious online attacks continues to grow. At the same time the NCSC reports the attacks are growing in frequency and sophistication.

It says there were 404 incidents affecting nationally significant organisations in the last year. That’s a 15 percent increase year-on-year.

NCSC points out its focus is on New Zealand’s larger organisations. This means its numbers represent a small fraction of the total number of incidents.

The growth is in line with overseas trends.

NCSC Director Lisa Fong says: “It is becoming increasingly difficult to distinguish between state and criminal actors, particularly in cases where we are able to intervene early, but also because the line between state and criminal is becoming increasingly indistinct.

“State actors sometimes work alongside or provide havens for criminal groups, and we are increasingly seeing criminal groups now using capabilities once only used by sophisticated state actors.”

Worldwide cloud revenue surging thanks to pandemic

Gartner reports worldwide cloud revenue will reach US$474 billion in 2022 up from $408 billion this year.

The company says the Covid pandemic and booming digital services put the cloud at the centre of digital experiences.

Milind Govekar, a Gartner vice-president says:“The adoption and interest in public cloud continues unabated as organisations pursue a cloud first policy for onboarding new workloads.

“Cloud has enabled new digital experiences such as mobile payment systems where banks have invested in startups, energy companies using cloud to improve their customers’ retail experiences or car companies launching new personalisation services for customer’s safety and infotainment.”

UFB uptake hits two-thirds milestone

In its latest quarterly broadband update Crown Infrastructure Partners reports UFB uptake is now 66 percent. The fibre network now covers 327 towns and cities. The average speed of UFB services is now 277mbps.

CIP says the UFB programme is now 98 percent complete with 85 percent of New Zealanders now able to connect to fibre.

In other news

The Commerce Commission has given Eroad’s acquisition of Coretex the green light. Both companies sell software for fleet managers to know more about vehicles and meet statutory requirements.

A Reseller News story from Rob O’Neill says the partnership between Spark and Auckland based managed services company IT360 has helped the smaller company extend its reach beyond the North Shore and Waitakere areas.

Catalyst Cloud has appointed Doug Dixon as its new CEO. Dixon joins Catalyst Cloud from the ANZ where he was practice lead for services and integration. He has previously worked in technology roles for Kordia and ACC.


The Download 2.0 is a free weekly wrap up of New Zealand telecommunications news stories published every Friday.

All it requires is an email address. Your address is only used to send out the newsletter. It will not be sold to anyone.

I’m not collecting the data for anything other than sending out the newsletter. You name isn’t going to be sold anywhere.

National Cyber Security Centre sees growing threat

Criminal cyber attacks targeting Aotearoa New Zealand skyrocketed in numbers over the last year and continued to grow in sophistication.

At Reseller News Rob O’Neill writes: National Cyber Security Centre reports a surge in criminal cyber attacks.

While the proportion of state-linked malicious cyber activity was down slightly from last year’s 30 per cent, this was because of the greater proportion of criminal incidents recorded.

The report showed there were 404 incidents affecting nationally significant organisations in the 2020/21 year, a 15 per cent increase on last year.

These numbers reflect the NCSC’s focus is on incidents affecting New Zealand’s nationally significant organisations, and on incidents likely to have a national impact, which means the numbers represent just a small proportion of the total incidents affecting New Zealand

This squares with anecdotal evidence from New Zealand businesses that they are now constantly under attack.

Inside job

When it comes to government and large scale business systems, it is likely the attackers are already inside the systems waiting for an opportunity.

Everyday crime rates are dropping in most rich countries like New Zealand. There’s a clear switch from activities such risking your life with weapons to rob a a physical bank and getting online to steal money. Computer fraud is on the rise everywhere.

Technology doesn’t help. Bitcoin, a cryptocurrency, may not have been invented to smooth the way for criminals, but it is used by the underworld to move money around. Drug gangs are carrying fewer suitcases full of banknotes and dealing with more crypto transactions. Encrypted messaging services are used to communicate.

While these tools have legitimate uses, criminals have embraced them and depend more on them.

Ransomware remains the biggest threat. Criminals lock up data or disrupt systems until victims pay them, almost always the transaction is in Bitcoin.

At first ransomware gangs targeted small business. It turns out that was all about learning their trade. Today they target government departments, a DHB in New Zealand, police departments overseas.

They operate on an industrial scale and there are well established digital underworld supply chains.

We know most of the gangs are based in a small number of countries. Officials don’t like to talk about this because of diplomatic niceties. As a journalist I can tell you that Russia, other parts of eastern Europe and China are the main sources. We also know some states turn a blind eye to the activity so long as the gangs focus on foreigners. There’s evidence criminal gangs and state hackers co-operate.

Governments have been slow to focus on fighting cybercrime. We can expect that change, but don’t expect a let up from the gangs.

Your home printer could be a security risk

Overpriced home printer ink is annoying. On its own it doesn’t pose a security risk.

We can’t say the same about the technology printer makers use to keep paying too much for their overpriced ink.

There are home office printer models that stop working if they are not connected to the printer maker.

Connection risk

That’s risky on two fronts.

First, it means you can’t print if you lose the connection.

There are many ways the link can fail. It could be your local wi-fi network, your internet connection or the submarine cable connecting your country to the printer maker’s servers.

All these need to work for you to print a page on your home printer.

To be fair, connections don’t fail often. But the failure rate is not zero.


Another way you might lose the connection is if the printer maker’s servers stop working.

Given that the cloud giants all experience downtime, it’s possible your printer maker might be offline when you need to print something in a hurry.

The outages may not be long, but it is ridiculous that your ability to print at home depends on the conditions in a remote server on another continent.

To big to fail

In a similar vein, your printing days could be over if the printer manufacturer goes out of business.

Admittedly that’s not a huge risk, but, again, it is not a zero risk.

Add all the risks together and you realise you have to put a lot of faith in things you have little control over just to get a page out of your printer.

Security alert

A bigger, more worrying, risk is your security.

An internet connection going to your printer potentially punches another hole in your cyber defences.

Connecting printers to the internet isn’t new. It’s been possible to remote print on your home inkjet from anywhere in the world for years.

Modern devices can have embedded servers. They are, in effect, computers in their own right. Again, this is not new.

They perform tasks like installing new drivers and telling printer makers you are using third party ink.

Vulnerable all the time

The difference now is today’s printer servers have to be on all the time. If you block the connections you can’t print.

Chances are the server on your home printer is one of the weakest links in your security chain.

These servers are rarely protected with more than a password. Sometimes not even that.


You may be careful when it comes to updating your computer, phone and apps. Keeping a printer patched is harder work.

Apart from anything else, it can require manual intervention. Automatic software update options are rare.

The controls can have minimal, hard to understand interfaces. There are plenty of opportunities for things to go wrong.

In the past there have been attacks where printers are used to remotely print messages. That’s not serious, but it illustrates the vulnerability.


The main problem is that a compromised printer can open the door to everything on your home network. It can be taken over and used to snoop for data or mount external attacks elsewhere. Your printer could become part of a botnet.

Until now printer-to-internet connections have been, up to a point, optional. You could almost always print out pages without needing a live internet link.

Looking at the bigger picture, adding an extra connection back to an account with the printer maker is a small additional security risk. But we live at a time when the idea is to eliminate security risks, not add fresh ones where there is no benefit.

It’s yet another reason to keep the printer turned off and to work on weaning ourselves off printing.

Footnote: Matt East points out that turning the printer off isn’t a great idea. He is right, but that’s where the printer makers have taken us: to a point where you have to make tradeoffs that should not be necessary.