iPhone 4S Siri Defaults Put Privacy at RiskIf you care about your privacy at all, you might want to muzzle Siri.

The groundbreaking voice-recognition personal assistant on the brand-new Apple (AAPL) iPhone 4S turns out to be quite the chatterbox when you least expect her to be. As reported by CNET, Siri doesn't go to sleep when the phone is locked. This means that the best password or most intricate unlock pattern won't stop her from responding to requests at the least opportune of times.

Let's say you locked your phone, then left it on your desk. Prank-happy coworkers are then free to send embarrassing text messages or emails to anyone in your address book while you're gone. That's a pretty harmless example. You certainly wouldn't want to leave Siri this exposed if you lost the phone outright.

That's the default behavior. In a couple of clicks, Siri's outgoing nature can be put on permanent hold. Problem solved, right? Nope, sorry.

When "Off" Doesn't Mean "Off"

As it turns out, the average user of modern technology very rarely messes with system settings like Siri's lock-screen functionality.

Consulting firm User Interface Engineering asked lots of regular users to send in their settings file for their Microsoft (MSFT) Office word processor. Guess how many respondents never changed a single setting?: A whopping 95%. Whatever Microsoft saw fit to use as a default was good enough for nearly everyone, leaving only 5% with a fully functional setup.

That's a problem. Many of those default settings are downright bad, such as the inexplicable decision to turn off document auto-save features. In a similar vein, Microsoft threw in some new security features for its Hotmail service last year. Eight months later, only 0.4% of Hotmail users had enabled them.

Opt-in Security Is a Terrible Idea

Microsoft certainly isn't alone in putting the onus on users to fix their own security leaks. Users of other companies' products are just as complacent. It only takes a very simple program and no hacking skills at all to place calls with a fake caller ID number -- which then lets you log in automatically to many voice mail systems.

This is why Verizon (VZ) always requires a passcode before playing voice mails -- anything less is just too insecure.
AT&T (T) is coming around to the same conclusion, and all of Ma Bell's voice mail accounts will require actual logins staring in 2012. Meanwhile, Sprint Nextel (S) leaves it up to you to enable passwords. So you probably haven't.

Now go and check your default settings. Security is no laughing matter.

Motley Fool contributor Anders Bylund holds no position in any of the companies discussed here. He routinely changes more settings than he should. The Motley Fool owns shares of Microsoft and Apple. Motley Fool newsletter services have recommended buying shares of Apple, Microsoft, and AT&T, as well as creating bull call spread positions in Apple and Microsoft.

Increase your money and finance knowledge from home

How Financial Planners go Grocery Shopping

Learn to shop smart and save.

View Course »

Getting out of debt

Everyone hates debt. Get out of it.

View Course »

Add a Comment

*0 / 3000 Character Maximum


Filter by:
Ben Griffiths

The user has to enable a lock code in the system settings in the first place. That means that anyone who sets a lock code "messes with system settings". And, wouldn't enabling a lock code be considered "Opt-in Security"?

This isn't the first time users are forced to balance usability with security. And, when you mass produce a product like an iPhone, you better believe it's better to lean toward usability. Anyone who is concerned with security will enable the lock code and be given the option to lock Siri when they lock their phone. This is an example of Apple understanding who its customers are.

October 24 2011 at 10:29 AM Report abuse +1 rate up rate down Reply
Tymek Borowski

It's stange that so many people are afraid of loosing their online privacy....

sorry for posting the link but as I'm a painter, graphical comment is easier for me ;)

October 24 2011 at 10:17 AM Report abuse rate up rate down Reply

From what I've read, Android and previous iOS devices do this very same thing. Also, it was recently exposed that WIndows Phone 7 is tracking users without permission.

Whether intentionally or by software bug, this has already been happening in other areas of the mobile market. Even google.com on a personal computer (a device without GPS) traces your general location via IP address and ISP to provide more relevant search results and ad placement. I don't think it's fair to try to use scare tactics with a headline like this that makes it sound like the iPhone 4S is the only device that does this.

October 24 2011 at 10:17 AM Report abuse rate up rate down Reply
Joshua Wyner

This is an absurd statement. Every smartphone uses "opt-in" security by this definition. When your phone arrives from the factory, it does not ship locked with a default PIN. If you wish to lock your smartphone, you must go into the settings and activate a password lock. When you do so, a toggle switch appears, right in front of you, asking if you still want Siri to remain active.

So yes, you're right -- the majority of users don't bother going through the settings to turn of Siri. Except these are the same users who don't bother going through the same settings to password lock their phone, so it makes no difference.

October 24 2011 at 10:15 AM Report abuse +1 rate up rate down Reply