Chapter 04: The House You Live In Is a 24/7 Recording Studio
Right now, as you read this, there is a good chance that something inside your house is listening to you. And watching you. And collecting information about what you do, when you do it, who you do it with, and how often you do it. It is sending all of that information to a corporation you have never met, where employees you will never know can access it, review it, and sell it.
I need you to sit with that for a second.
The smart speaker on your kitchen counter. The doorbell camera on your front porch. The television mounted on your living room wall. The thermostat in your hallway. These devices were sold to you as tools of convenience. Ask for a recipe. See who is at the door. Adjust the temperature from bed. Simple. Helpful. Modern. And every single one of them is generating a continuous stream of personal data about you and your family that feeds a multibillion dollar surveillance economy you never agreed to join.
Here is what almost nobody tells you. Nearly half of American homes now have at least one of these devices. And the companies that make them have been caught, fined, sued, and sanctioned for secretly recording people in their own homes, for letting employees watch private camera feeds of women in their bedrooms and bathrooms, for retaining voice recordings of more than 800,000 children even after their parents demanded deletion, and for building tracking technology into your television that captures what is on your screen twice every second and sells that information to advertisers. The combined fines, settlements, and legal judgments against these companies have reached hundreds of millions of dollars. And those numbers keep climbing.
This chapter is going to walk you through exactly what is happening inside your connected home. You are going to learn which devices collect the most data about you, what those companies do with that data once they have it, what happened when they got caught, and most importantly, what you can do right now to take back control of the most private space in your life.
Every Device in Your Home Is Collecting More Than You Think
Let me start with the device that sits in more American homes than any other smart product. Amazon Alexa.
A 2024 privacy study found that Alexa collects 28 out of 32 possible categories of personal data, making it the most data hungry smart home device on the market. That is more than three times the average. Those categories include every voice recording you make after the wake word, full text transcripts, your location, your shopping habits, your payment information, how you use every connected device in your home, and even ambient sounds picked up by features that listen for things like glass breaking and smoke alarms.
Until September 2019, Amazon stored all of those recordings forever. Today, the default setting is still "save until I delete them," which means most people never delete them. And here is something that should concern every parent, grandparent, and caregiver reading this. The FTC discovered that Amazon gave approximately 30,000 employees access to users' voice recordings. Thirty thousand people could listen to what you said in your living room.
In March 2025, Amazon made things worse. The company eliminated the option to process voice commands locally on your Echo device. Every single thing you say to Alexa now travels through Amazon's cloud servers.
The end result is that you lost the ability to keep your voice inside your own house.
Google Home and Nest devices collect 22 out of 32 data categories. Your Nest thermostat knows when you wake up, when you leave, when you come home, and when you go to sleep, because it tracks occupancy patterns, ambient light, and even syncs with your phone's location. Nest cameras collect video and audio, run facial recognition through a feature called Familiar Faces, and log every person and object that passes through the frame. Google says it does not sell your personal data to third party marketers. Your data still flows through Google's own massive advertising system.
Apple takes a different approach with its HomePod and HomeKit products. Siri requests get associated with a random identifier instead of your Apple ID. Audio recordings are not stored by default. Many commands get processed right on the device without ever leaving your home. And Apple's HomeKit Secure Video analyzes camera footage locally on your home hub, encrypts clips with military grade encryption before uploading to iCloud, and uses end to end encryption that Apple itself cannot break. After the 2019 listening scandal, Apple made its human review program something you have to choose to participate in, and limited reviewers to Apple employees only.
Ring doorbells sit on the front porches of more than 10 million American homes. They collect HD video, audio, motion data, and facial recognition information. The FTC found that before September 2017, Ring employees could access every single customer video with zero restrictions. One employee spent months watching thousands of private video recordings from female users' cameras positioned in bathrooms and bedrooms. Think about that. The camera you bought to protect your home was used by a company employee to spy on women in the most intimate spaces of their lives.
Wyze cameras, which are popular because they cost so little, have experienced a cascade of security disasters. A 2019 data leak exposed 2.4 million customers. A vulnerability that lasted from 2019 to 2022 allowed anyone to bypass the login screen and access camera feeds. And in February 2024, about 13,000 Wyze users opened their apps and saw thumbnail images from other people's cameras due to a system error. Strangers were looking into other families' homes.
Even your thermostat plays a part. Ecobee smart thermostats use built in radar sensors that detect which rooms in your house are occupied, with up to 32 sensors covering a 60 foot range per sensor. To their credit, Ecobee reportedly refused when Amazon demanded access to passive device data from Alexa enabled thermostats when customers were not actively using the voice assistant. That refusal is the exception, not the rule.
The Super Bowl Ad That Showed America What Surveillance Really Looks Like
On February 8, 2026, more than 120 million Americans watched Ring air a Super Bowl commercial for its new Search Party feature. The ad told the heartwarming story of a lost yellow Labrador named Milo. A family uploaded Milo's photo to the Ring app, blue circles bloomed across a neighborhood map as interconnected Ring cameras activated one after another, and a tracking box locked onto the dog with a green confirmation. Tearful reunion. Amazon announced a million dollar donation to animal shelters. It was, on its face, a puppy rescue story.
And it terrified people.
Within hours, the backlash went viral. Matt Nelson of WeRateDogs, who has roughly 20 million followers, posted a video calling the ad an attempt to manufacture consent for mass surveillance. The Electronic Frontier Foundation said Americans should feel unsettled about the potential loss of privacy, pointing out that Ring already runs facial recognition through its Familiar Faces feature and that applying that same technology to scan an entire neighborhood of cameras was the obvious next step. The ACLU published an analysis that asked a question every American should think about. Today this technology searches for puppies. Tomorrow it could search for immigrants. Or people wearing political t-shirts. Or anyone a government agency decides to target.
Senator Ed Markey wrote directly to Amazon's CEO urging the company to stop using facial recognition technology in Ring products. And the controversy deepened when reporters revealed Ring's recent partnerships with Flock Safety, a company that makes automated license plate readers used by law enforcement, and Axon Enterprises, which makes body cameras and Tasers. These partnerships had relaunched police access to Ring footage through a feature called Community Requests. Investigative journalists found that local police departments were already searching Flock's camera network on behalf of federal immigration agencies, giving ICE and CBP what amounted to a side door into neighborhood surveillance networks.
An internal email from Ring's founder revealed he planned to expand Search Party far beyond lost pets. He said the technology would help, in his words, zero out crime in neighborhoods. The ACLU noted that achieving that goal would require extraordinarily pervasive surveillance of American life.
Four days after the Super Bowl, Ring canceled its Flock Safety partnership. The company said it was about resources, not public pressure. The cancellation did nothing to change Ring's facial recognition features, the Community Requests tool, or the Search Party feature itself. The infrastructure remains in place.
They Were All Listening and They All Got Caught
In the summer of 2019, the biggest names in technology got exposed for doing exactly what millions of Americans feared most. They were listening to private conversations inside people's homes.
On April 10, 2019, a major business news outlet reported that thousands of Amazon workers around the world, in Boston, Costa Rica, India, and Romania, were listening to, transcribing, and annotating Alexa voice recordings. Each worker processed up to 1,000 audio clips during a nine hour shift. They heard people asking for recipes and setting timers. They also heard a woman singing in the shower, a child screaming for help, and what two reviewers believed was a sexual assault. The recordings were linked to account numbers, device serial numbers, and each user's first name. A follow up report two weeks later revealed the auditing team could also access users' home addresses.
Amazon's response followed a predictable pattern. Acknowledge. Minimize. Add an opt out option buried deep in the settings menu. The company created a way to disable human review inside the Alexa app. They made it opt out, meaning you had to go find it and turn it off. It was on by default. Amazon's devices chief admitted the company considered making human review something you would have to opt into. They decided not to.
Three months later, a Belgian news outlet revealed that Google contractors were systematically listening to Google Assistant recordings. A whistleblower shared more than 1,000 recordings, and 153 of those recordings were never intentionally triggered by the user. Google had claimed the recordings were anonymous. Reporters proved that was not true. They were able to identify specific users and locate their homes from spoken addresses captured in the recordings. Google suspended human review and later brought it back on an opt in basis.
Two weeks after the Google story, a major newspaper revealed that Apple contractors were hearing confidential medical conversations, drug deals, and recordings of couples having sex through a Siri quality program Apple called grading. Apple suspended the program, issued an apology, and changed the review process to require users to opt in. They also limited the program to Apple employees.
The legal fallout was enormous. In May 2023, the FTC brought two enforcement actions against Amazon on the same day. The first hit Amazon with a 25 million dollar civil penalty for violating children's privacy law. Amazon had kept voice recordings from more than 800,000 children indefinitely and used them to train its algorithms, even when parents specifically asked for those recordings to be deleted. The second action resulted in a 5.8 million dollar settlement against Ring for failing to prevent employees from watching customer video feeds and for security failures that allowed hackers to access roughly 55,000 user accounts. In 2024, the FTC sent refund checks to Ring customers affected by those failures.
In the class action arena, the numbers are staggering. Apple agreed to a 95 million dollar settlement over Siri's recording practices, with payments starting in January 2026. Google proposed a 68 million dollar settlement for its Assistant recording practices, filed in January 2026. Amazon faces an active nationwide class action in which a federal judge certified a class of Alexa users in July 2025, making it one of the most expansive privacy cases involving voice devices in American legal history.
Your Television Is Watching You
Your smart TV does not just show you content. It watches what you watch. And it does this through a technology called Automatic Content Recognition, or ACR. Think of it as a system that works like a music recognition app that never turns off. Your television periodically captures small pixel or audio samples from whatever is on your screen, converts those samples into compact digital fingerprints, sends them to the manufacturer's servers, and matches them against a library of known content. Your Samsung TV does this approximately every 60 seconds. Your LG TV does it every 15 seconds. A 2024 university study confirmed that ACR stays active even when you are watching content through an external device connected by HDMI. That means your TV is tracking what you watch on your gaming console, your streaming stick, and your laptop.
The most aggressive offender was Vizio. Starting in February 2014, Vizio installed tracking software on all new TVs and then remotely downloaded that same software onto TVs people had already purchased. The system captured what was on your screen on a second by second basis, collecting more than 100 billion data points per day across 11 million televisions. Vizio combined your viewing data with your IP address, demographic information including your age, sex, income, marital status, and education level, and sold all of it to third parties for advertising and targeting. ACR was turned on by default. A pop up notification about the change timed out after just one minute and never mentioned data collection.
In February 2017, the FTC and the New Jersey Attorney General hit Vizio with a 2.2 million dollar settlement. A follow up class action settlement reached 17 million dollars, covering about 16 million televisions. And here is the part that tells you everything you need to know about the economics of smart home surveillance. By the third quarter of 2021, Vizio's advertising and data division generated 57.3 million dollars in gross profit. That was more than double the 25.6 million dollars Vizio earned from selling the televisions themselves. The TV was never the product. You were the product. The TV was just the delivery mechanism.
In December 2025, Texas Attorney General Ken Paxton filed suit against five TV manufacturers, Samsung, Sony, LG, Hisense, and TCL, under the Texas Deceptive Trade Practices Act. The complaint alleged that ACR captures screenshots every 500 milliseconds, monitors all content sources including anything connected through HDMI, and that companies bury their disclosures behind more than 200 clicks spread across four or more menus. Against the Chinese manufacturers Hisense and TCL, Paxton raised national security concerns, noting that Chinese law can compel companies to share data with the Chinese government. A Texas court issued the first ever temporary restraining order against a TV maker for ACR, blocking Hisense from collecting data from Texas consumers in December 2025. Samsung reached a settlement in February 2026, agreeing to stop all ACR collection without express consent.
Your Home Has a Fingerprint and Advertisers Already Know It
Here is something that most people have never heard of, and it matters enormously. The collection of smart devices in your home creates a unique digital fingerprint that identifies your household, even without your name or address attached. Researchers have shown that internet service providers can identify specific homes just by analyzing the smart devices connected to their network. Because every device in your home transmits from the same IP address, that address becomes a cross device identifier that the advertising industry uses to target your household as a single unit.
The privacy risks go deeper than advertising. Academic researchers built a system that can listen to the encrypted network traffic coming from smart home devices and classify specific events, like which lights turn on, when doors open, and whether anyone is home, with 89 percent accuracy. They did this without cracking the encryption. Another study from 2025 showed that someone in an adjacent apartment could learn personal details about a household using three inexpensive antennas placed along a shared wall, detecting when devices change state and mapping daily routines.
The advertising industry has built massive infrastructure around this concept. Companies maintain what they call device graphs that stitch together identifiers from your web browsing, your apps, your connected TV, and your smart home devices into clusters that belong to the same household. One major media company claims its identification system covers 110 million households and 260 million device IDs. When you combine your TV's viewing data, your smart speaker's voice recordings, your thermostat's occupancy data, and your camera's visitor logs, all linked through a shared IP address, you get a portrait of your daily life that is more detailed than anything a private investigator could assemble in a month of surveillance.
Hackers Can Take Your Home Hostage
In January 2026, Experian published its annual fraud forecast and named smart home hijacking as one of the top five threats Americans will face this year. The warning was blunt. Devices like virtual assistants, smart locks, security systems, and smart appliances will be targeted by criminals to access personal data, monitor household activity, and take control of physical access points. Experian specifically predicted new forms of ransomware that could lock people out of their own homes and create opportunities for account hijacking on a massive scale.
This is not speculation. It has already started happening.
In December 2019, a hacker broke into a Ring camera in an eight year old girl's bedroom in Mississippi and told her he was Santa Claus. In another incident, a hacker used a Ring device to demand a ransom of 50 bitcoin, worth about 400,000 dollars. An Illinois couple watched helplessly as a hacker took over their Nest camera, screamed profanities at their child through the speaker, and cranked their thermostat up to 90 degrees at the same time. A podcast called NulledCast featured hosts breaking into Ring and Nest devices live on air for entertainment.
At a major hacking conference in 2016, a researcher demonstrated the first smart thermostat ransomware, locking the device at 99 degrees, displaying a payment demand on the screen, and changing the unlock PIN every 30 seconds. The researcher completed the entire attack in two evenings. Security researchers who tested 16 popular Bluetooth smart locks found that 75 percent had serious vulnerabilities, including locks that transmitted passwords as plain text. One researcher was able to change a lock's administrator password remotely, permanently locking the actual owner out of their own home.
The numbers tell a sobering story. Global IoT attacks now reach 820,000 per day. More than half of all smart home devices have critical security weaknesses. One in every three data breaches involves a connected device. And a 2024 consumer investigation found that cheap smart doorbells sold on major retail websites had security flaws so severe that anyone could access photos and footage from the cameras, and most of those doorbells lacked required federal identification numbers, making them effectively illegal products.
You Can Take Your Home Back
The single most important decision you can make for your family's privacy right now is choosing devices that keep your data inside your house. When a device processes your voice commands, your video footage, and your sensor data locally, on the device itself, that information never leaves your home network. When a device sends everything to the cloud, your data ends up on corporate servers where companies can store it forever, analyze it, sell it to advertisers, let employees review it, or hand it to law enforcement, sometimes without a warrant.
Apple currently offers the strongest mainstream privacy protections. HomeKit Secure Video analyzes your camera footage locally on a HomePod or Apple TV hub, identifies people, pets, vehicles, and packages using on device artificial intelligence, and encrypts everything before sending it to iCloud with end to end encryption. Since 2021, Siri speech processing happens on your device. Apple's newer Private Cloud Compute system makes sure that any data that does reach the cloud is never stored and can be independently audited.
For the highest level of privacy, an open source platform called Home Assistant runs entirely on a small piece of hardware you keep in your home, a dedicated hub that costs about $129. It supports more than 1,000 device integrations, processes all your automations locally, and sends zero data to any company. This is significant because multiple smart home cloud services have shut down over the years, turning purchased hardware into paperweights overnight. When your system runs locally, no company decision can take it away from you.
If you want security cameras that do not feed a corporate cloud, you have real options. Reolink cameras store footage locally on microSD cards or network video recorders with zero recurring costs. Lorex is the only major camera brand that does not even offer a cloud storage plan, shipping a microSD card with every camera. Frigate is an open source video management system that runs on your own hardware with local AI detection. Over their lifetime, local storage camera systems cost about 40 percent less than cloud subscription alternatives, which can add up to more than 1,000 dollars over a decade.
A new connectivity standard called Matter, backed by Apple, Google, Amazon, and Samsung, uses local communication with mandatory encryption and has reached version 1.5 with camera support. More than 750 certified products exist as of early 2026. The companion Thread networking protocol keeps device to device communication local. Look for the Matter logo when you shop for new smart home products. It is not a complete privacy solution because manufacturers can still route data through their cloud servers. It is a meaningful step forward.
The Law Is Catching Up, State by State
The United States has no federal privacy law that specifically protects your smart home. A bipartisan bill called the American Privacy Rights Act was introduced in April 2024 with provisions for data minimization and a private right of action. It died without a vote. Experts estimate that full federal privacy legislation remains at least two to three years away.
So the fight is happening in the states.
As of January 2026, more than 20 states have enacted broad consumer privacy laws, covering close to half of all Americans. California's updated privacy regulations took effect on January 1, 2026, requiring cybersecurity audits, risk assessments, and disclosures about automated decision making technology. Illinois' biometric privacy law continues to drive voice data litigation. A federal judge ruled in 2023 that even someone who spoke to an Alexa device just once, on someone else's device, could join a class action over voiceprint collection. Florida brought the first enforcement action under its new Digital Bill of Rights against a streaming device maker in October 2025. New York's Attorney General settled with a camera company for security failures that left video streams accessible to anyone. Nebraska's Attorney General sued a home security company for selling cameras manufactured by companies identified as national security risks.
Texas has been especially aggressive. The Texas Attorney General secured a 1.4 billion dollar settlement from one social media company in 2024 for biometric violations and a 1.375 billion dollar settlement from a major search engine company in 2025 for data tracking, in addition to the December 2025 lawsuits against five television manufacturers. The December 2025 suits, and the temporary restraining order against Hisense, represent the first time a state has moved to actively block a TV manufacturer from collecting ACR data.
The FTC remains the primary federal enforcer. Beyond the Amazon fines, the commission finalized updated children's privacy rules in January 2025, published a report in September 2024 finding that major tech companies engaged in vast surveillance of consumers, and issued a November 2024 report revealing that 89 percent of connected device manufacturers fail to tell you how long they will provide software updates. The FCC created a cybersecurity label for smart home products in March 2024 called the U.S. Cyber Trust Mark. As of early 2026, no products carry the label because the program's lead administrator withdrew in December 2025.
What You Need to Know Right Now
Almost 70 million American households now use smart home technology. Smart speakers sit in about 35 percent of homes. Smart TVs are in 82 percent of TV households. Video doorbells cover roughly a third of all homes. Smart security cameras are in 38 percent of households. More than 300 million devices have been connected to Alexa alone. And ACR is built into virtually every smart TV on the market, turned on by default, with vendors reporting that more than 90 percent of users never turn it off.
Here is what those numbers tell us about awareness. Fifty seven percent of Americans say they are concerned about smart home data collection. At the same time, 52 percent of smart thermostat owners have no idea how their data is collected. Only 14 percent of buyers researched a manufacturer's privacy policy before purchasing. Manufacturers know this. They design their products to collect the maximum amount of data by default and bury the settings that would let you change that behind menus, submenus, and confusing language.
This is what I need you to understand. Your concern about privacy is valid. Your instinct that something is wrong is correct. The companies making these devices have been caught over and over again doing exactly what you feared they were doing. They recorded your children. They let employees watch your private video. They tracked your screen twice per second and sold the data. They eliminated your option to keep your voice inside your own home. And when they got caught, the fines they paid were a fraction of the profits they earned from doing it.
You deserve a home where the walls do not have ears. Where your television watches nothing. Where your thermostat does not report your sleep schedule to an advertising company. Where your front door camera belongs to you and only you. That home is possible. It requires you to make different choices about what you bring into your house, which companies you trust with your most private moments, and how you configure the devices you already own.
Go into your Alexa app today and review your privacy settings. Disable the Help Improve Alexa program. Delete your stored voice recordings. Check your smart TV settings and turn off ACR. Look for the words "viewing data," "content recognition," or "recommendations" in your TV's privacy menu and disable them. Next time you shop for a smart home device, look for products that keep data local. Consider whether the convenience of any device is worth what you give up for it.
The companies selling these devices are not going to protect your privacy for you. They have proven that, repeatedly, under oath, in court, and in regulatory filings. The law is catching up, slowly, state by state. And until a federal privacy law exists, the most reliable protection you and your family have is your own informed decision making.
Your home should be the one place in the world where you are not being watched, not being recorded, and not being sold. You have the right to make it that way. And now you know how.