6 Ways to Use Your New Smart Speaker for Greater Independence

Smart home technology is earning an important place among the ranks of assistive technology. There are a variety of devices and seemingly endless configurations that can increase independence, productivity, safety, and health both at home and elsewhere. People with disabilities and older adults are using these technologies to control their environments (lights, fans, and thermostats), access entertainment (TV, music, and internet), monitor their homes (video doorbells and video services), and control who can enter (smart locks and door openers).

But, while complex smart-home setups with multiple devices are impressive, don’t forget that the humble smart speaker can be powerful all on its own. These little virtual assistants – such as Amazon Echos, Google Nests, or Apple HomePods – can help you stay organized and connected. And, with all of us spending so much time at home these days, what better gift this holiday season than one that makes day-to-day activities at home easier?

Photo of Google Smart Speaker Device on a shelf in a home
Google Home Mini

Whether you are the lucky new owner of a smart speaker for the holidays or you have had one for years, here are six ways you can use your virtual assistant to improve your life without any extra “smart” equipment:


Imagine you are in bed about to fall asleep and suddenly remember you have an appointment first thing in the morning… or was it the next day? With a smart speaker, all you have to do is ask “What’s on my calendar tomorrow?” You can also add appointments to your calendar, change them, cancel them, and even reply with calendar invitations to other people all with your voice. Check your device’s instructions for details on how to integrate it with your calendar. Note: Amazon Echo can integrate with most calendars, including Google, Microsoft, and Apple, while Google Nest and Apple HomePod currently only integrate with their respective calendar apps.

Did You Know? Amazon Echo, Google Nest, and Apple HomePod are all capable of learning different people’s voices and linking each individual with their own account, making it easy for multiple people to control their personal calendars, make and receive phone calls, play their own music, and shop from their own accounts all through the same device.


Whether you want a daily reminder to take your medication at a certain time or a one-time reminder to take the chicken out when you get home, your smart speaker has you covered. Reminders and alarms can wake you up in the morning, help you stay on schedule, and make sure you don’t forget something important. Using Amazon Echo, Google Nest, and Apple HomePod, you can set a reminder by time of day or by location (for example, set a reminder to check in with your boss when you arrive at work). You can also set reminders to be recurring or one-time-only, and you can select which device you want to play the reminder.


Just as easy as accessing your calendar with your voice, you can listen to and reply to emails using your smart speaker too. Amazon Echo has this functionality built in, all you have to do is connect your device to your account (Amazon currently connects with Gmail, Microsoft Outlook, Hotmail and Live.com). Google Nest, on the other hand, doesn’t officially offer this feature yet, but there are a few possible workarounds.


Whether you want to know what the weather forecast is for the day, what the score was from the game last night, or how to spell “quarantine,” your smart speaker is ready to find the answer and report back to you. What’s even more impressive? You can teach your Amazon, Google, or Apple device more about your preferences and you’ll get more personalized information when you ask.

Did You Know? You can set up routines with most smart speakers to combine several actions together. For example, if in the morning you always ask to hear the weather, then your calendar appointments for the day, and finally a certain radio station, you can link these actions together with one verbal cue such as, “Alexa, what’s my morning update?” Read about routines for Amazon Echo, Google Nest, and Apple HomePod.


Perhaps one of the most powerful features of your smart speaker is its ability to help you communicate with others by making phone calls. If you use Amazon Echo you must associate your calls with your mobile phone for contacts and caller ID purposes. However, you are technically making the call through Amazon’s free Internet cloud services for the connection, not your phone, so your minutes are spared. Google has various methods to use phone numbers for caller ID and, like Amazon, there is no charge. A story from Suria, a member of our Smart Home Technology Advisory Committee who has a spinal cord injury, demonstrates just how impactful this can be:

“This morning I was in the shower chair and about to fall off – I can’t move, I can’t grab the phone, it won’t hear me – Echo was the only one there. All I had to say was, ‘Echo, call Kirby.’ It dialed his Echo and his cell phone and I was able to tell him, ‘Come back! It’s an emergency.’ I almost fell to the floor, but thankfully I have a superhero,” Suria said, “It’s my Echo!”

Did You Know? There are two other communication features you should know about: Announcements and Ask My Buddy. Amazon Echo and Google Nest both have an announcement feature that makes it possible to broadcast a message via multiple devices throughout a home at one time – anything from “Dinner’s ready” to “Help, I’ve fallen!” Ask My Buddy is an independent service available for both Amazon and Google smart speakers that lets you create a personal alert network. If you have an emergency, all you need to do is ask your smart speaker to “Ask My Buddy to send help” and a notification will be sent by phone, text, and/or email to a list of predesignated contacts. Ask My Buddy also has a way to contact emergency numbers like 911.


Before we dive into this topic, let us be clear: it is PATF’s belief that monitoring should only be pursued after receiving full, informed consent from the individual who may be impacted. While some people find the idea of monitoring to be invasive, others have expressed that they appreciate giving another person – family member, caregiver, or friend, for example – the ability to check in on them using their smart speaker. With Amazon Echo’s Drop In feature, another person can listen in from afar to make sure everything is OK. This feature is even more powerful if you have a smart display like an Amazon Echo Show with its built-in camera and screen. Please note that before connecting, an Echo Show will blur the screen and play a notification which allows the person receiving the Drop In to cancel it by saying “Alexa cancel/stop/hang-up/reject” if they do not want to accept the Drop In. You can also turn on Do Not Disturb to temporarily block Drop Ins on a device.

Note: Smart displays, such as the Amazon Echo Show family of products or Google Nest Hub, are smart speakers with the addition of a camera and touch screen. If you have one of these, here are a few extra things you can do with your device:

Show and Tell feature with Amazon Echo Show – If you are blind or have low vision, you need only hold up an object in front of your device’s camera and ask “Alexa, what am I holding” to find out what it is.

Make video calls – Just like you can use your smart speaker for phone calls, you can use your smart display for video calls. Stay connected with your friends and family, access your physician for telehealth, or give a loved one the ability to check in on you from afar with video calling on the Amazon Echo Show line of products.

Entertainment – Connect your smart display with a streaming account to watch TV shows, movies, and online content. Just check your device to see which content providers it can connect with: Amazon and Google.

Interested in getting some smart home technology? Pennsylvania Assistive Technology Foundations Mini-Loan program can help you cover the cost of purchasing smart home devices as well as the cost of installation. We can also help you determine if you are eligible for other funding resources that might cover the cost entirely. Apply for a loan or contact us to learn more.

Smart Home Subscription Fees and The True Cost of “Free” Services

By: Kirby Smith, Smart Homes Made Simple project consultant, and founder of SunKirb Ideas, LLC

Person sitting at a desk with a tablet and smart phone. Behind the desk is a TV and a smart speaker.
Image: Person sitting at a desk with a tablet and smart phone. Behind the desk is a TV and a smart speaker.

This article is written in response to popular smart home platform Wink’s recent announcement that they will begin charging a monthly $4.99 fee for their services starting July 27th.

First, a (slightly technical) History of the Universal Hub (e.g., Wink)

Smart home devices that are easy for the average person to install and manage started to become popular in 2014. This was driven by startup companies collaborating with mainstream companies to release affordable, easy to set up equipment and devices for the home. Starting with thermostats, cameras, smart doorbells and lights, the movement has since expanded to include many other home appliances.

Because of the popularity of smart phones and tablets, nearly everyone who purchased smart home products already had a centralized control system they conveniently carried with them. People liked the idea that with their phone they could control their home, answer the door, or change the temperature in their house from anywhere in the world.

The Dilemma: How to Connect a Network of Smart Home Devices

For a person to control a smart home device from anywhere, the device needs three things to work:

  1. The device must have electronic chips in it to communicate and physically control its function;
  2. The chips need a way to reach the Internet; and
  3. There must be a service operating on the Internet to receive and send information and commands to and from the chips in the device. Typically called cloud services.

Back in the early 2000’s, manufacturers struggled to find the best way for smart home devices to communicate between one another. We are all familiar with two communication standards used for things like our laptops, tablets and phones to connect to each other. Their brand names are WiFi and Bluetooth (FYI: WiFi is short for “Wireless Fidelity” which people agreed sounded silly, so it was shortened to WiFi). WiFi and Bluetooth use radio signals that send information around.

The electronic chips that use WiFi can send signals very far, but the chips back in the early 2000’s were comparatively large, used a lot of power, gave off a lot of heat, and they were costly. Also, we have all experienced how WiFi signals can drop. Almost every home has a spot where the WiFi stops working.

Bluetooth electronic chips are very small. So small that they can fit in earphones. They use very little power, don’t give off heat, and are very cheap. However, the range of Bluetooth is very short, only about 30 feet and the signal can’t travel through objects like walls and people’s bodies.

ZigBee and Z-Wave Offer a Solution

Two new electronic communication standards, ZigBee and Z-Wave, were adopted in the early 2000’s to solve the problems manufacturers were having. The electronic chips that communicate using ZigBee and Z-Wave are extremely small, energy efficient, and are cheaper to manufacture.

ZigBee and Z-Wave solved another big problem — signals being dropped or lost. Every device that uses one of these radio transmission protocols both receives and broadcasts, allowing each device to act as a relay. If we could see ZigBee and Z-Wave connections, they would look like a web, where everything is connected to each other. This is called a mesh and mesh systems have far better performance because of their dependable redundant connections. In fact, the more devices that are added, the faster and better the connections become unlike WiFi which slows when too many devices are added.

There was still one issue remaining: how the smart home devices reach the Internet. Something local was needed to receive the ZigBee and Z-Wave signals, convert the signals, and connect the devices to WiFi in a home in order to connect to the Internet. Devices that performed this function were called smart home hubs (hubs for short).

The problem was that each manufacturer created their own hub for the devices they made. For example, smart bulbs used a proprietary hub created by the manufacturer that made the bulb, while smart bulbs from another manufacturer used a different one. Smart locks had their own hubs, as did the smart light switches and plugs. Also, each hub used a different app that was installed on phones and tablets. It was normal for some people to have 5-10 apps to control their smart home. If someone wanted to set up a smart home, they encountered chaos and a lot of costs.

A New Player in the Game: Wink

Things changed in 2014 when small startup companies began manufacturing hubs that could communicate with multiple brands of home automation devices. These centralized hubs could talk to a wide range of home automation devices from multiple different manufacturers. This highly simplified the install process when using devices created by multiple companies. Also, for the user, you could use one app to wirelessly control your devices. If your WiFi changed, and if your hub was plugged into your WiFi router, you didn’t have to worry about setting everything up again. And, if you changed the router then you just plugged the hub into the new router, and you were done.

In a two-year period starting around 2013 through 2015 many companies released centralized home automation hubs and almost immediately went out of business because of the tremendous challenge of supporting the vast number of new smart home products that were being released. Companies that got a foothold included SmartThings, Insteon, Staples, Lowe’s and professional firms like ADT and AT&T. One company, Wink, took a different approach.

Wink simplified life for those who were not very technical. When putting new devices on the hub, the Wink app included videos of how to install the products for a vast range of manufacturers. Their support call center was also readily available to assist. From my personal experience, hold times were rarely over 5 minutes. Further sweetening the deal, unlike other manufacturers, Wink did not charge additional costs after the initial purchase of the hub which cost less than $100.

Wink starter kit with HUB, devices, and home automation app
Image: Wink starter kit with HUB, devices, and home automation app

For six years, people could use the Wink hub and its app for free and enjoyed:

Centralized installation
• Centralized management of devices from various manufacturers

• Continual updates for new features
The ability to create smart routines (called robots): One could click one button to dim multiple lights and bring the thermostat to a comfortable temperature to settle down and watch a movie
• Easy dependable security
• Excellent customer support
• Voice control of products on the hub using Amazon Alexa or Google Home

Wink Moves to Subscription-Based Services

Wink users received a shock in May of 2020 when Wink announced they were moving to a subscription service and users had to pay-up in one week or lose access to the hub and app they had used for years. The following is part of their statement:

“Since 2014, Wink has grown to support more than 4 million connected devices. During this time, Wink has relied solely on the one-time fee derived from hardware sales to cover ongoing cloud costs, development, and customer support. Providing users with local and remote access to their devices will always come at a cost for Wink, and over the years we have made great progress toward reducing these costs so that we can maintain that feature. Wink has taken many steps in an effort to keep your Hub’s blue light on, however, long term costs and recent economic events have caused additional strain on our business. Unlike companies that sell user data to offset costs associated with offering free services, we do not. Data privacy is one of Wink’s core values, and we believe that user data should never be sold for marketing or any purpose.”

This move infuriated users, forcing them to drop the product (and thus abandon or rebuild their smart home setup) or pay up. With the change announced during COVID restrictions, the short notice and lack of warning, users were justified in their frustration. The common question was, why should I have to pay for something that was free for so long?

In Favor of Fees

Because of popular free sites and services such as Google, Facebook, Instagram, and others, we have grown to believe we have the right to these services and that they should be “free”. However, if Wink is still committed to privacy, their original model was not sustainable and it was only a matter of time before they would need to make a change.

Companies have costs: staff, buildings and equipment, commerce and a host of other services for which they incur expenses. Also, they must return a profit. For a product to be reliable and worth investing in, the company’s operation must also be reliable and worth investing in. Over the past six years, a long list of companies have released great products, but due to poor management they went out of business. They left their customers with unusable devices and dead apps. These users received no reimbursement. I, myself, lost at least $2,000 worth of devices when Lowe’s shut down their Iris hub. The product lasted for less than 5 years. There are three ways companies cover their costs.

1) Target Marketing. If we look at Amazon and the Alexa Echo, there is the initial purchase that can be as low as $30. Each month there are new features added which have included free video and audio calling, home automation control, music, and other services. Alexa now performs almost all the functions of a central smart home hub.

How does Amazon cover the cost of this? The speakers give them insight into your home and how you use and consume things. In short, our use of the device tells them what to advertise and sell us. Also, many people, including myself, use the Alexa Echo to make purchases directly from Amazon. My family uses a good quantity of AA batteries and when we run low we say to the Echo, “Alexa, order more AA batteries.” It responds, “Based on your last purchase, is this what you want?” A picture of the last order appears, and we respond with, “Yes.” We like the convenience and have safely used our Echo for years.

2) Selling Your Personal Data. The second way companies make money, and the most insidious in my opinion, is they sell everything about you to other vendors and advertisers. They take the Amazon model one step further. For example, Google purchased and recently took complete control of the Nest company, which manufactures some of the most popular smart home products.

In 2019, Google created a new requirement: in order to use the products and all the features you must use a Google account and email. In fine print they state they will be linking your email, calendar, and document information to a pool of information about you. They also link your account to your Google Home account and smart speaker. This means they can sell information about how you use your lights, security, email, events, how you react to weather, etc. to anyone willing to get that information about you. In short, you are paying Google with information about everything you do.

Companies like Google and Facebook are so pervasive in our lives, we never stop to ask how we are getting all their services for free. As we click through the online agreements, we do so not realizing we are selling our privacy and giving them personal information to use any way they choose.

3) Subscription Services. The third and final way companies make money relates to subscription service. This method is typically used by smaller companies than say Google or Amazon. Wink is one of these companies. For Wink to continue to support their products and the users of their products, they must either: 1) receive a payment from companies like Google who pay smaller companies for specialized information about you; or 2) keep your information private but charge you a fee to provide their service.

At the end of the day, nothing is free and we will either pay with our money or pay with our privacy by sharing personal information about how we live.

What will you choose?

Guidelines for Eye-Gaze Technology for People with Cerebral Palsy

Eye-gaze control technology for people with cerebral palsy CLINICAL GUIDELINES 2021 is available as a free download by registering at https://redcap.sydney.edu.au/surveys/?s=EDC7P4E3TP. Smart Homes Made Simple Advisory Committee member, Sandra Masayko, was a contributing editor for this publication.

Published by Cerebral Palsy Alliance Research Group, the Clinical Guidelines are designed to provide information to assist decision-making. They are based on consensus of 126 respondents including clinicians, educators, families, people with cerebral palsy and others from 17 countries.  The topics addressed by the Clinical Guidelines include unique features of eye-gaze control technology, initial assessment, trial, learning, support, follow up, outcome measurement, and funding considerations.

For additional information, contact Dr. Petra Karlsson at Cerebral Palsy Alliance Research Institute, The University of Sydney, 88 Mallet Street, Camperdown, NSW, 2050, Australia
Email: pkarlsson@cerebralpalsy.org.au

Smart Homes Made Simple presentation at Disability PRIDE Virtual PA 2020

Today Pennsylvania Assistive Technology Foundation (PATF) presented on Smart Homes Made Simple as part of Disability PRIDE Virtual PA 2020. Susan Tachau, PATF Chief Executive Officer, and Kirby Smith, Founder and President of SunKirb Ideas, talked about the ways people with disabilities can benefit from the use of smart home technology, smart home devices that offer control and increased independence, things to consider when selecting and installing your smart home technology, and how to fund the assistive technology you want and need.

Download the “Smart Homes Made Simple” presentation slides (PDF)

Coming soon! Check back for the recording of the presentation which will be posted here in the coming days.

Click to access Smart-Homes-Made-Simple-DisabilityPRIDE-7.1.20-Final.pdf

New Video on Generic Smart Home Technology

Pennsylvania Assistive Technology Foundation (PATF) is pleased to announce it has produced a new video funded by a grant from the Pennsylvania Developmental Disabilities Council.

Full transcript available at https://patf.us/wp-content/uploads/2020/03/MeetSuriaVideoTranscript.docx

Suria Nordin is a member of PATF’s Generic Smart Home Technology project Advisory Committee. As part of the Generic Smart Home Technology project funded by the Pennsylvania Developmental Disabilities Council, PATF visited Suria and her smart home with film students from the Academies at Roxborough to create this short video showcasing how Suria is using her technology to increase her independence at home and at work.

In 2017, PATF launched the Smart Homes Made Simple campaign to help people with disabilities who want to live more independently and with greater autonomy using new types of smart home technology. You can learn more about smart home technology at Smart Homes Made Simple and then connect with PATF for information and assistance with funding the smart home devices you need and want.

This project is supported by a grant from the Pennsylvania Developmental Disabilities Council; in part by grant number (1901PASCDD-02) from the U.S. Administration for Community Living, Department of Health and Human Services, Washington, D.C. 20201. Grantees undertaking projects with government sponsorship are encouraged to express freely their findings and conclusions. Points of view or opinions do not, therefore, necessarily represent official ACL policy.

Treating Your Passwords Like the Keys to Your Home

By: Kirby Smith, Founder of SunKirb Ideas, LLC

No one is too busy to protect their passwords

My entire career has been involved with computer technology and digital devices. My past profession was as senior vice president of information technology for a mid-sized national company and now I own a business where I automate houses and set up smart homes. Both jobs have required me to set up and manage devices and network security for individuals and organizations. One area that has always stunned me is how lightly people treat the importance and protection of their passwords. Disproportionately, people live in ever-increasing fear of “hackers.” Just the mention of the word can cause people to rise up in outrage against companies blamed for not stopping the hackers. Before looking at why better password management should be higher on your list of online security priorities, let’s look at the reality of hackers and passwords.

What exactly is a Hacker?

Ironically, the word started off as something of a compliment. In the early days of computers, during the late 60s and 70s, computer technology started to move out of the military and corporations and into the hands of youthful people. These young pioneers could for the first time afford the technology to do something different. Many of these people would go on to form companies based on their creativity and perseverance. Some of these became familiar: Apple, Microsoft, Adobe, Intel, IBM, HP, Samsung (reborn 1960), Oracle, and Dell. When programmers would look at the accomplishments of others, knowing how much work it took to create something new or simplify something complicated, they equated it to cutting through a thick piece of wood or clearing a way through jungle growth. “They hacked away until they got through it!” If you developed a reputation for solving tech problems, you became known as a hacker.

Thieves followed the money

As the 80s rolled in, and more people started to use computers in the office, certain people found ways to exploit the system for personal gain or notoriety. The early 90s introduced the public to the Internet. Once the 2000s arrived, and people started to own more personal electronics, attention shifted to consumers instead of corporations to drive the economy. With the rise of Internet commerce, thieves adopted the tools and attitude of early developers. They used the same creativity and skills from the past to build theft technology and hacked away until they found cracks. For the first time, people started to think about internet security, and the word “hacker” entered the lexicon.

Years later, what is our primary means of identity security on the internet? Usernames and passwords, the same system we had in the 60s. For organizations and companies, it is the easiest and cheapest solution… if it is used effectively. Better systems involve biometrics. Biometrics use sensors or cameras to measure people’s unique physical characteristics, analyze them, and create a unique key based on the data. For example, one can log in to a Windows 10 computer using their face, iPhones use fingerprints and face measurements, and some banks use speech patterns to identify you when you call in by having you speak random phrases. However, these systems are costly and to be cost effective they would require all companies to standardize on one method. For the time being, passwords will continue to be the primary identification system.

Imagine your online identity is like your house

If you are trying to secure your house, you wouldn’t only look at the lock and key on the door. You would look at every way one could enter the house. Are the windows left open? Is the door securely on its hinges? Perhaps most importantly, you would consider who is being invited in. Do you invite just anyone to come into your home? Is there ever a circumstance where you would simply hand your key to a stranger?

Easy to guess passwords: The equivalent of hiding your key under the doormat
Online thieves take the path of least resistance when they “break in.” They are not going to invest hours of time hacking into individual accounts (unless they personally know you). If one is going to hack in, they are more likely to go after large organizations holding the information of 100,000s or more users (such as the recent Wawa, Capital One and DoorDash breaches). This allows them to sell that information, make a quick profit, and reduce their risk of being caught since they haven’t directly stolen goods. Online thieves do know people’s habits. A large number of people have the following passwords, which don’t take a lot of hacking:

Top 10 Worst Passwords 2019 – (Read the full list)

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 1234567
  6. 12345678
  7. 12345
  8. iloveyou
  9. 111111
  10. 123123

These passwords are ranked as the worst because they are the most commonly used – making them easy to guess! Other common password mistakes include using your close family member’s name, your birthday, or names of things like your boat, team, or other information readily available on Facebook and other social media apps.

A simple trick for hackers is to go to a popular site like Facebook, scan for people who post pictures that practically advertise they have good income, pull their email from their site, and then run a program using that email to log into Facebook. The program will try common passwords, and if there is a hit, the program (often called a “bot”) will add the valid email/password combination to a list. This technique is called “Brute Force” hacking, and it is one of the least efficient methods for a hacker to use, but it works. For a hacker that knows who you are personally or is aware of your history, you are more likely to come under this attack.


Another method for online thieves that doesn’t take much effort on their part is to drop some bait and let people come to them. This is called Phishing (a twist on “fishing”). One of the most prevalent methods of phishing is to blast out emails that look like they are from a person, an online store or financial institution you know or have done business with. See the example below.


This is a classic example. At first glance, the email looks like it is from service@intl.paypal.com. Between the email address, logo, and similar font and format of legitimate emails from PayPal, one may feel a sense of urgency to act quickly by clicking on the links. However, take a closer look at the email address. When you receive an email, it is displayed in two parts: the actual email address and a display name. Most people are familiar with the actual email address layout, such as JPSmith@gmail.com. However, to make it easier to be recognized, the sender can supply a display name. So, the “From:” line in your email will often show “Johnny Smith < JPSmith@gmail.com >”. Online thieves know most people do not fully read the “From” line, so in our email example in the image it is actually showing “service@intl.paypal.com < service.epaiypal@outlook.com >”. Few people notice that the display name and actual email address don’t match – the actual email address uses the name “epaiypal” and is an Outlook email address (outlook.com is a free email service provider), not a PayPal email address (paypal.com).

If you click on the link, you will end up at a fake website which might have the address “HTTPS://epaiypal.us/user-login”. The site will look exactly like PayPal, except for the web address. It will likely ask for your login and you might type it in thinking the information is being sent to PayPal. After the login, it may have a pop-up that says, “Thank you for securing your account,” and you will go away thinking you stopped someone from hacking your account, when in fact you actually provided the thief with everything they needed to open your account and seize control.

Another insidious Phishing method used by online thieves involves social media, especially Facebook and LinkedIn. Often, this method is specifically designed for mobile users. For example, you might get a Facebook message from someone you know saying something like, “OMG…you’ve got to check out this hilarious video of a baby tasting ice cream for the first time!” Attached to the message is what appears to be a link to a YouTube video. You click on it and you may see a pop-up that appears to be from your phone (iOS or Android) which say, “Please confirm your intent to use Facebook to log in.” A box appears with an Apple logo and asks, “please provide your Apple login.” Not thinking about it, you provide your Apple login. A pop-up appears that says, “Error in display, please log back into Facebook”. You log back into Facebook and you are back to where you started. You give up and forget about it. Here is what happened:

Despite this appearing legitimate, almost everything is fake. You provided the thief with your Apple or Android login as well as your Facebook login. You also may have executed what is called a Trojan App that will log in to your Facebook, scan your contacts and friends, and send them the same message you received. Your friends will get a message from you and will likely fall for the same stunt.

While there are other online theft methods, Phishing is becoming the most prevalent because online thieves can get your passwords, use your credit cards, and spread malware to you at the same time.

Let’s go back to thinking about the security of your house. Imagine you are careful to lock the doors and windows. However, a stranger knocks on the door and when you answer, they tell you they are checking the neighborhood safety and want to borrow your key to inspect it. They wear a tag that says, “Neighborhood Security.” Because of the tag you feel safer and you hand them the key. They turn their back and do something then turn and give the key back to you. Neighborhood Security says thank you and leaves. It is highly unlikely you would do this in real life. However, people do this online every day.

With all the methods online thieves are using, and the fear they generate, we can go back to the original question, why aren’t more of us taking more care in choosing and guarding our login credentials? Sometimes it’s a lack of information, sometimes it’s about convenience, and other times it has to do with misplaced trust. Even internet-savvy people can make mistakes and overlook things. And with so many accounts to manage these days, the challenge is magnified because each one needs a unique password and security settings. Unfortunately, according to a recent study, 83% of users surveyed use the same passwords for multiple sites.

So, if the odds are that some of your credentials have been stolen (remember, many thieves sell the data before using it directly), and are floating around on the dark web, then why do we persist in using the same combination for almost all our personal, confidential, and financial accounts? The Wall Street Journal published an article with research about this:

…[I]n my research with Robert Otondo and Merrill Warkentin of Mississippi State University, we discovered there’s something else happening here: People have an emotional attachment to how they create their passwords. To most people, passwords aren’t just random. They’re personal.

The article goes on to point out two insights:

First is the “endowment effect.” It turns out that when we own things, we get attached to them. This, in turn, leads us to overvalue the owned item. My coffee cup is worth more than your coffee cup, simply because it’s mine. We become unwilling to swap it for another item with the same functionality, even if the replacement is superior to an unbiased observer. The second factor is what economist Dan Ariely calls “the IKEA effect”: We become inordinately attached to the things we create and, again, we overvalue them.

There are tons of websites and publications that recommend how to create passwords. However, we all resist the advice to some degree. Beyond crafting a better password (and making sure each account’s password is unique), there are two other simple things you can do to at least improve your online security:

  1. It can’t be emphasized enough to use what is called two-factor authentication (2FA). It is based on three generally recognized factors for authentication: something you know (such as a password or detail from your past, something you have (such as a cell phone for text/email, a computer you are already logged into, or a device/app called a token that creates random numbers and is synched to a service)), and something you are (such as your fingerprint). Two-factor means the system is using two of these options. For tokens, you may get it through text or Google or Microsoft Authenticator (free on Android and iOS). Twilio Authy, Duo Mobile, SAASPASS, and LastPass Authenticator, among others, all do the same thing on mobile and some desktop platforms, and most popular password managers all have 2FA by default. Watch this video to learn more about two-factor authentication.
  2. Use password storage apps, or at the very least a written list (kept in a safe private place), to note and manage your logins. I personally use the app called Keeper. Other top managers are 1Password, Dashlane, LastPass, and RoboForm. Most of the top ones run on all platforms (phones, tablets, and computers) and synch all your information between them. They have multi-levels of protections and can even create and manage passwords for you. They also integrate with biometric login systems including Microsoft, Apple iPhones/iPads and Droid. Read the list of the best password managers of 2020 with descriptions and ratings.

Phishing has become an industry where hackers now sell their services and tools. There is just too much money, vulnerable people online, and low risk for thieves to ignore the opportunities available to them. It might feel like experts are nagging you, but the danger is very real. Your best defense is to protect your passwords the way you would protect your physical keys. Below are links to other articles explaining how to protect yourself.

List of state by state cyber crime

How to recognize and avoid phishing scams

Passwords dos and don’ts

How hackers use emails to fool you with detailed examples and pictures


Smart Home Tech Spotlight – Meet Suria!

Suria Nordin is a member of PATF’s Generic Smart Home Technology project Advisory Committee. When Suria was injured a few years ago, her husband Kirby Smith began researching ways to adapt generic smart technology to give Suria more independence in their home. They were so successful that they launched SunKirb Ideas, a company that focuses on identifying, adapting, and installing affordable products that make people’s homes “smarter” and provide them greater independence. As part of the Generic Smart Home Technology project funded by the Pennsylvania Developmental Disabilities Council, we visited Suria and her smart home with film students from the Academies at Roxborough to create this short video showcasing how Suria is using her technology to increase her independence at home and at work.

Full transcript available at https://patf.us/wp-content/uploads/2020/03/MeetSuriaVideoTranscript.docx

Amazon Alexa and Privacy

By: Kirby Smith

Is Alexa Recording Everything I say?

As Alexa has grown in popularity, one of the major concerns potential consumers express is around privacy. “Is Alexa recording everything I say and sending it to Amazon?” Where answers cannot be provided with 100% certainty, this article will attempt to examine what the true risks and best practices are that one should follow with Amazon Echos in the home. (Note: this article will focus primarily on Alexa Services. Google Home and other smart speakers operate differently.)

I have owned Amazon Echos since November of 2014. Since I own a business that configures and installs smart homes, I pay very close attention to the devices and the apps. I have also worked with hospitals that were interested in using Alexa for their patients, which carries HIPAA implications and has forced me to consider privacy across a broad band. For those who have deep worries and anxiety about the government or big business listening, I don’t believe there is any reassurance that can be given to take that away. My best advice to someone with level of concern is not to use the device (and for that matter, get rid of your smart phones and computers, too – more on this later). However, for those who want to understand the level of risk and learn how to mitigate what you can, I will attempt to explain how everything works.

First, let’s start with some background on Amazon Echo. There is the physical hardware, called Echo, and the service behind it, typically called Alexa.

The Echo Hardware

Echo is essentially a fancy Bluetooth speaker. It can fall into two categories, speaker only models and speakers with interactive touch screens. If you were to break down a basic unit that does not have a screen, you would find:

  1. Buttons: (Ø) = Mute/Stop Echo from listening, (-) = Volume down, (+) = Volume up
  2. A colored light ring (or line on the bottom of the models with screens), which indicates the activity taking place. Most important: when the device is listening, the Ring turns blue and pulses.
  3. An array of microphones that can pick up your voice from across the room, even distinguishing your voice from background noise in the environment. It has been suggested that the Echo name comes from the fact that it is listening to sounds spatially (think echoes) and isolating voice sounds.
  4. Multiple speakers (the higher the quality of the Echo, the more speakers it will have to convey added bass and treble).
  5. Small circuit boards that include chips that make the buttons work, control sounds and video (if there is a screen), and process input sounds from the mics.amazon-alexa-pic1

The Alexa Service

Like a computer, Alexa has memory used to store what it hears. However, this memory is only large enough to hold the equivalent of a long sentence. Locally it hears sounds but does not “activate” until it hears its wake word (which can be “Alexa”, “Echo”, “Computer” or “Amazon”). I will use the standard “Alexa” for simplicity. Until the word Alexa is heard, the memory continuously over-writes itself. Once the wake word is heard, the memory begins to store the sentence following the wakeup. From here, the sentence is encoded and sent to servers and software in the Cloud, which are collectively called Alexa Voice Services. Alexa Services is where the sentence is processed for understanding and acted upon if legitimate. The following image is from Amazon’s site:


Where it says, “Audio was not intended for Alexa,” I listened to the actual recording and most of the time it was something unintelligible from a television, non-sensical random words, or other extraneous background sound. In short, I didn’t hear anything that sounded like something truly important. Most of the time it recorded things like “Turn on the living room lights” or “What’s on the shopping list”. I personally did not find anything that alarmed me, and I also learned that it is very easy to delete them. In fact, by turning on the switch under Menu/Privacy/Review Voice Recording: Enable deletion by Voice, you can tell Alexa things like, “Alexa, delete everything I said today,” if you want to easily remove recordings. 

Alexa in the News

I do not intend to make light of the concern that Amazon may be collecting private information from us through Alexa. Let’s examine and address some of the headlines about Alexa and its lack of privacy and compare it to other real-world situations.

A family that had Alexa accidentally sends a recording of a conversation to a random contact:

“A Portland family tells KIRO news that their Echo recorded and then sent a private conversation to someone on its list of contacts without telling them.”

Amazon’s response:

“Echo woke up due to a word in background conversation sounding like ‘Alexa.’ Then, the subsequent conversation was heard as a ‘send message’ request. At which point, Alexa said out loud ‘To whom?’ At which point, the background conversation was interpreted as a name in the customers contact list. Alexa then asked out loud, ‘[contact name], right?’ Alexa then interpreted background conversation as ‘right. As unlikely as this string of events is, we are evaluating options to make this case even less likely.

Amazon’s response was that this was a very rare occurrence where things just happened to occur in the right sequence to send the snippet of conversation. There were numerous news reports and television/radio discussions about it. This was reported in May of 2018. Following this, with all the attention, there have been very few articles reporting similar occurrences.

However, consider for a moment your smart phone – something similar happens so often there is a name for it. It is called a “butt dial”. Your phone is in your pocket, purse, or even on the table and you accidentally dial someone. I have been treated to things I didn’t want to hear more times than I can count. While there is great alarm about Alexa violating our privacy, we do not seem to apply the same alarm to our phones. It begs the question, with Siri and Google assistant listening to us – not only at home, but everywhere we go – the larger threat may be our phones.

Amazon Staff Are Listening to Alexa Conversations

“Over 100 million Amazon Echos have been sold as of the start of 2019: That’s no small number. But some people might be looking to throw away their device after it emerged that Amazon employs thousands of people around the world to listen to voice recordings captured in Echo users’ homes and offices.

According to Bloomberg, the recordings are transcribed and annotated before being fed back into the software. The aim is to eliminate gaps in the voice assistant’s understanding of human speech so it can better respond to commands.”

Once again, there was media outrage. However, let’s step back and examine what is happening. First, note that by the time they are being reviewed by a human, the recordings are anonymous. If you created this product, how would you improve its understanding? You would have to examine its performance by checking what was said by your clients against the device’s understanding. To prevent overstepping privacy, you would strip away identifying information and then have people “quality check” it. I used to work in a call center. To improve customer service (as you are notified when you call) the calls are recorded and reviewed by supervisors and managers.

Amazon’s explanation was:

 “‘Amazon uses this information to train its speech recognition and natural language understanding systems, so Alexa can better understand requests and ensure the service works well for everyone,’ the spokesperson says. ‘We have strict technical and operational safeguards and have a zero-tolerance policy for the abuse of our system. Employees do not have direct access to information that can identify the person or account as part of this workflow. While all information is treated with high confidentiality and we use multi-factor authentication to restrict access, service encryption, and audits of our control environment to protect it, customers can delete their voice recordings associated with their account at any time.’”

Looking at the spectrum of devices that listen, it was admitted by Apple and Google that they do the same thing with phones, computers, watches, DVRs, and oddly, smart TVs. I have heard people say, “If you value your privacy, get rid of Echos in your home.” With so many people living in an eco-system of smart devices, simply eliminating Amazon Echo seems short-sighted.

What Can You Do?

So, what should you do, short of not using any smart devices? If you, like myself and many others, decide the pros of these devices outweigh the cons, but you are worried about your privacy, go to your settings on the device. Find the privacy settings and disable everything that might be collecting data. Quoting Forbes, April 12, 2019 article, Amazon Staff Are Listening To Alexa Conversations — Here’s What To Do:

On the Echo, you have the option to disable voice recordings for the development of new features. However, even if you do opt out, it’s possible that recordings will be analyzed by hand over the regular course of the review process.

The Alexa Privacy Settings page is available via www.amazon.com/alexaprivacy or through the Alexa Privacy tab in Settings in the Alexa App.

You can also switch the device off and only use it when needed, or ensure it only responds to one person’s voice. At the same time, it’s possible to listen to the voice recordings associated with your account and delete all previous voice recordings in your settings.

You can also configure certain Echo devices to play a short audible tone any time audio is sent to the cloud.

A Larger Issue – The Big Guys Collecting Your Data

As I stated earlier, the larger issue is the full eco-system of consumer data. Right now, it is my opinion that Google and Facebook have far more access to your information…wherever you are.

In response to concerns, many social media services have moved privacy up on their Menus within their apps. Let’s compare Alexa Privacy controls to others:

amazon alexa pic3.png

Amazon Alexa provides five straight-forward groups of information that you can control. These allow you to review your actual raw information (listen to what it recorded), look at and delete any history related to your smart home devices (such as when you turned off the bedroom lights), and manage each type of information stored (such as shopping lists, credit cards, you name, email, etc.).

If you wish to manage your Google information, the directions are on Google’s privacy page. This is where I personally became overwhelmed. As I scrolled (and scrolled… and scrolled…), I was shocked by how many different areas Google is collecting my data. It involved websites, ads, maps, phone locations (meaning my locations), sites I visited, stores I shopped at, purchases on sites (including Amazon), music I listened to, and more. The take-away is that even if you are not using a Google app, there is a large, almost universal eco-system of Google accessible information that is monitoring and storing almost everything you do. And this system is connected to Facebook. Although I had not posted pictures of a trip to California, a friend took a picture of me at a store there. Facebook’s facial recognition tagged me, Google gained the information, linked it to the store I was in, and I began receiving ads for the store. Also, I found no easy way to review all the information Google had stored about me. There was just too much.

The combination of Facebook and Google means by cross referencing data, the two can know almost everything I am doing whether I use an electronic device or not, or whether I am at home…or not. So, in the grand scheme of things, I find Alexa listening to be the smaller threat than the activity monitoring of the larger social media companies.

Europe has so far led the way in enacting laws to protect consumer privacy. As explained in The New York Times, June 8, 2019 digital edition, the article titled-  Why Is America So Far Behind Europe on Digital Privacy?

In the past year, Congress has been happy to drag tech C.E.O.s into hearings and question them about how they vacuum up and exploit personal information about their users. But so far those hearings haven’t amounted to much more than talk. Lawmakers have yet to do their job and rewrite the law to ensure that such abuses don’t continue.

Americans have been far too vulnerable for far too long when they venture online. Companies are free today to monitor Americans’ behavior and collect information about them from across the web and the real world to do everything from sell them cars to influence their votes to set their life insurance rates — all usually without users’ knowledge of the collection and manipulation taking place behind the scenes.

We must hold our government accountable for putting laws in place to protect us. The bottom line is, until changes are made, be an informed user. When you are using a device, check to see how transparent the company is when it comes to allowing you to control the data collected about you, and how they inform you about what you can do to protect your privacy. Then take whatever steps you need to find a level of protection and privacy that helps you sleep at night.




Automatic Door Openers

By Kirby Smith

The ability to come and go as you please from your own home is not one to take for granted. When you live with muscle weakness, a physical disability, or perhaps as you age, the seemingly simple task of opening and closing your front door may be difficult. Struggling with this everyday function can be a significant barrier to independence. Beyond the front door, interior doors can pose an equal challenge, making a trip to the bathroom or bedroom unnecessarily burdensome. However, new technology is making automatic door openers more available and often more affordable for those who would benefit.

How Automatic Door Openers Work

Let’s start by understanding how these openers work. Automatic door openers can be operated in a variety of ways, including through voice control, a motion sensor, the press of a switch stationed on a wall or stand, an app on a smart device, or a fob that opens the door at the press of a button or when the fob is near the door.

For an automatic door to be reliable, it should be operational even if the electrical power fails. One designed specifically for individuals with disabilities takes this into account and operates off an internal battery. The units are always plugged in to keep the unit charged, but they use the battery to operate.

Automatic door opener systems have five key parts:

The Door – The door is part of a frame and when a door is installed, especially a front door, they are installed together. Most homes use wooden doors, however, metal doors and frames are becoming more popular in homes built in recent years.

Examples of Smart Locks

The Lock and Knob – For those who are living with a disability, or have difficulty manipulating keys and knobs, the issue of the door lock is solved with the automated door. A door is locked when the bolt extends from the lock on the door into the opening on the frame. However, the automatic door gets around this by replacing the hole in the frame with an automatic latch. To further automate the door and control access, a smart lock can be added, which eliminates keys. Visitors are given a code to enter on a keypad that can be deleted if you no longer want to grant access (such as when a caregiver no longer works for the person). Remotely, one can unlock the door for someone using a smart device, and smart locks can be controlled from within the home using one’s voice.

The Door Operator Unit – This part is attached to the door and does the actual work. It will release and open a locked (or unlocked) door, pause to hold the door open for entrance or exit, close automatically, and then return the door to being locked. A good automatic door opener should give you the option to extend the time the door is open, and allow the door to be closed by pushing the remote control again. Also, I highly recommend units that leaves the door free-swinging for manual use.

The Automatic Strike (latch hole) – An important part that works with the door operator unit is the automatic strike. The way a door usually locks is by a bolt in the body of the door extending our and entering the latch hole in the door frame. This keeps the door from being opened. With an automated door, instead of the bolt being activated to unlock the door, an automatic latch hole, called a strike, opens on one side so that the lock bolt no longer catches on it, and the door can swing open without resistance. The automatic strike (latch hole) must be installed into the door frame. This involves cutting into the frame to add the mechanical parts and replace the standard the latch hole. The latch is then attached to the automatic door opener with a thin wire run through the frame.

The Remote Control – This is the electronic key. The remote control can be either handheld or easily mounted on a wheelchair. This high-powered remote device can activate the door system from anywhere in the home or a short distance outside of the front door, and many can be activated with fingers, palm, the side of the hand and more. Not all automatic door openers have a physical fob—some are activated by voice, motion, or from a smart device.

Most of us are familiar with industrial and commercial automatic door openers, such as the automatic doors at many supermarkets. These units are usually designed to handle a great deal of traffic and must be built to take a beating. However, these units are very expensive, large, and require special entry ways. Private and home door openers are specifically designed to work within a home and are adapted to function in smaller spaces. They can be installed in just about any door in a home, small business or office.

My Personal Automatic Door Opener Setup

My Open Sesame Automatic Door Opener

I have installed a lot of automatic doors, and I particularly prefer Open Sesame Door systems. Their automatic door openers are specifically made for people using wheelchairs and those with reduced mobility.

The unit is a little over a foot wide and only requires four screw points to be attached: two at the very top of the door and two where the swing arm is anchored. The unit is not noisy, and it comes in various colors to match the paint on a door, making it less noticeable. It is low voltage and requires little to no maintenance. My wife uses a wheelchair and for the past five years, our door opener has operated reliably every time. The only maintenance ever required was that once I had to tighten the screw on the swing arm. When the door is opened manually, the unit remains off and the door opens freely and swings normally. When engaged, the unit unlatches a locked door, then opens, pauses, and closes it – all automatically. Note: Open Sesame does not lock or unlock your door hardware. Meaning, your regular lock remains locked, and the automatic strike (latch hole) opens to allow the bolt on the lock to swing out. This way the automatic opener can open the door without the use of physical keys or turning a knob. A critical safety feature for Open Sesame Doors is that if the door is closing, and the person or object is still in the doorway and stops its progress, the door will swing back open, pause, and then try to close again. This is important if someone is coming through the door and experiences a problem halfway through, such as the wheelchair getting stuck.

Open Sesame Door Openers have solved many issues related to residential units. However, other automatic door openers have challenging issues that you may want to take into consideration when choosing your door opener, including:

  • Reliability – Many of these units have high failure rates. For example, many do not work well when pushed by a person not using the automated features. Some can be damaged if the person entering the door bumps the door while it is opening. If a person is using a wheelchair, this is going to be a likely occurrence. This can cause grinding in the motor and cause it not to work properly over time. Also, some units are under-powered and cannot properly handle the weight of a door,therefore leading to failure. Other units lack independent power, and in the event of a power outage they can cease working entirely.
  • Installation – Some units only work with specific door frames, resulting in a modification or total replacement of the door and frame in order to use that unit. Most openers require a power source (nearby outlet or power line installed specifically for the door), and some units require higher voltage requiring an electrician to run a special line for the unit to be able to draw enough power to open the door.
  • Noise – Many of these units can be very noisy when functioning. The sound is often described as a loud grinding sound.

Key Takeaways

To recap, here are a few questions to ask yourself when choosing your automatic door opener:

  • Does the unit work on battery or will it fail if the power goes out?
  • Do you have people coming in and out who will not use the opener? Consider one that will swing freely when opened manually and won’t fail over time if people push on it while it’s operating.
  • What is your preference for operating the door? Voice? Motion? The press of a switch mounted somewhere? The use of a fob with a button or that activates the door when in proximity?
  • Is it important to you to have the ability to control the door remotely through an app on your phone? Make sure the opener you’re looking at is compatible with the smart device you plan to use.
  • Is the door likely to get bumped as you’re moving through the doorway? Read reviews to see how the opener you’re interested in stands up to repeated bumps.