I might have exaggerated / misspoken in saying that, but at the same time it hinges on you trusting that the manufacturer is A) telling the truth and B) that device has not been compromised. It is fair to say that it is always listening. Also possible, is that a device positioned in the kitchen helping being used to lookup a recipe could overhear a sensitive conversation in an adjacent room.
I would bet that the Echo and devices like it are amongst the most monitored consumer devices in existence. Plenty of people either already have enough network monitoring to catch it misbehaving, or will install that monitoring just for the sake of catching it. In a weird sense it's like open source software in that regard. I haven't read all the code myself, I really on group knowledge to reassure me. Same for Echo. As a practical matter the Echo and other similar devices are difficult to turn into full-time listen-and-record devices unnoticed.
I think the GP meant that it's harder for _the vendor_ to do it, because there are assuredly many privacy-attuned nerds who would run wireshark a bunch on it and notice when the $ListeningPost becomes an always-on bug.
I don't think they meant to imply that it would be hard to to cause such behavior via malicious action by 3rd parties.
