This is an interesting story. Researchers have identified an flaw in Alexa which would allow a “rogue skill” to listen to conversations, transcribe them, and send them along to the remote attacker. But for reasons I'll go into in a moment, this has renewed my confidence in Amazon's Alexa rather than making me more worried.
Firstly, to quell the most alarmist amongst us, you'd have first have installed the Alexa app, or “skill” which would be doing the listening. This is akin to installing a bad app on a phone or tablet. Worried? Just don't install shady stuff.
Secondly, while the device is listening, the light remains on, which should be a pretty obvious indicator. Kudos to the Alexa coders for making that light so low-level that code (apparently) can't suppress the light while the device is listening.
Third, Amazon handled the exploit notification correctly, which so many tech companies do not do. When the security researchers notified them, they quicky released a patch so that the exploit would no longer work. Then then public was notified. The security researchers weren't sued or jailed.
We have an Alexa in our house. Am I concerned about the always-on listening? A little. You'd have to be careless or ignorant to have zero concern. But the one thing that has given me comfort is understanding of networking and how the worldwide network security community functions. When any device sends information to the internet, someone monitoring their home router can see that traffic. So even if it's encrypted, you can see something being transmitted. If conversations were being streamed, some security researcher somewhere would have picked up on it.
I suppose it's possible in theory that the recordings could be stored, encrypted, compressed, and then sent out in a burst along with other traffic, but that would be a fairly large conspiracy and betrayal of trust by Amazon, and it would likely still be caught by security researchers. The likelihood is very very low.