Google launches privacy-sensitive Guest Mode on Google Assistant devices

Google today launched Guest Mode, a new way to use Google Assistant on smart devices like Nest Audio and Nest Hub Max without having to sign into a Google account. First announced last fall, Guest Mode allows users to use Google Assistant-powered smart speakers and smart displays without having their activity saved, offering ostensibly stronger privacy guarantees.

Maintaining privacy with voice assistants is a challenging task, given that state-of-the-art AI techniques have been used to infer attributes like intention, gender, emotional state, and identity from timbre, pitch, and speaker style. Recent reporting revealed that accidental voice assistant activations exposed private conversations, and a study by Clemson University School of Computing researchers found that Amazon Alexa and Google Assistant voice app privacy policies are often “problematic” and violate baseline requirements. The risk is such that law firms including Mishcon de Reya have advised staff to mute smart speakers when they talk about client matters at home.

Google Assistant, Siri, Cortana, Alexa, and other major voice recognition platforms allow users to delete recorded data, but this requires some (and in several cases, substantial) effort. Guest Mode aims to make it easier on Google Assistant with a straightforward activation phrase: Say “Hey Google, turn on Guest Mode” and Google Assistant won’t offer personalized responses or save interactions to whichever account is signed in on the device within earshot. Guest Mode will remain enabled until it’s turned off with the command “Hey Google, turn off Guest Mode.”

“While in Guest Mode, you can enjoy popular features, like asking questions, controlling smart home devices, setting timers and playing music. Your device won’t show personal results, like your calendar entries or contacts, until you turn the mode off,” Google Assistant product manager Philippe de Lurand Pierre-Paul explains in a blog post. “Once Guest Mode has been turned on, your device will play a special chime and you’ll see a guest icon on the display. If you’re ever unsure if you’re in Guest Mode, you can always ask your device, ‘Is Guest Mode on?’ Guest Mode will stay on until you choose to turn it off.”

Late last year, Google turned off the saving of future audio recordings for people who’d opted in and asked all users to decide whether they wanted to share recordings with Google. (Recordings can be manually deleted or set to expire after 3-, 18- or 36-month intervals.) The company also added more commands and answers to questions regarding security and privacy to which Google Assistant will respond, like “Hey Google, delete everything I’ve said to you this week” and “Where can I change my privacy settings?”

Tech giants including Apple and Google have been the subject of reports uncovering the potential misuse of recordings collected to improve assistants including Siri and Google Assistant. In April 2019, Bloomberg revealed that Amazon employs contract workers to annotate thousands of hours of audio from Alexa-powered devices, prompting the company to roll out user-facing tools that quickly delete cloud-stored data. And in July, a third-party contractor leaked Google Assistant voice recordings for users in the Netherlands that contained personally identifiable data, like names, addresses, and other private information. Following the latter revelation, a German privacy authority briefly ordered Google to stop harvesting voice data in Europe for human reviewers.

Increasingly, privacy isn’t merely a question of philosophy, but table stakes in the course of business. Laws at the state, local, and federal levels aim to make privacy a mandatory part of compliance management. Hundreds of bills that address privacy, cybersecurity, and data breaches are pending or have already been passed in 50 U.S. states, territories, and the District of Columbia. Arguably the most comprehensive of them all — the California Consumer Privacy Act — was signed into law roughly two years ago. That’s not to mention the Health Insurance Portability and Accountability Act (HIPAA), which requires companies to seek authorization before disclosing individual health information. And international frameworks like the EU’s General Privacy Data Protection Regulation (GDPR) aim to give consumers greater control over personal data collection and use.