Tuesday, June 23, 2015
Google eavesdropping tool installed on computers without permission
Privacy advocates claim always-listening component was involuntarily activated within Chromium, potentially exposing private conversations
Privacy campaigners and open source developers are up in arms over the secret installing of Google software which is capable of listening in on conversations held in front of a computer.
First spotted by open source developers, the Chromium browser – the open source basis for Google’s Chrome – began remotely installing audio-snooping code that was capable of listening to users.
It was designed to support Chrome’s new “OK, Google” hotword detection – which makes the computer respond when you talk to it – but was installed, and, some users have claimed, it is activated on computers without their permission.
“Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room,” said Rick Falkvinge, the Pirate party founder, in a blog post. “Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by … an unknown and unverifiable set of conditions.”
The feature is installed by default as part of Google’s Chrome browser. But open source advocates are up in arms about it also being installed with the open source variant Chromium, because the listening code is considered to be “black box”, not part of the open source audit process.
“We don’t know and can’t know what this black box does,” said Falkvinge.
Google responded to complaints via its developer boards. It said: “While we do download the hotword module on startup, we do not activate it unless you opt in to hotwording.”
However, reports from developers indicate otherwise.
After having identified Chromium as the culprit, developer Ofer Zelig said in a blog post: “While I was working I thought ‘I’m noticing that an LED goes on and off, on the corner of my eyesight [webcam]’. And after a few times when it just seemed weird, I sat to watch for it and saw it happening. Every few seconds or so.”
Google also blamed the Linux distribution Debian for downloading the non-open source component with Chromium automatically, rather than Google Chrome.
“The key here is that Chromium is not a Google product. We do not directly distribute it, or make any guarantees with respect to compliance with various open source policies,” Google developer mgiuca said.
Falkvinge countered Google’s explanations saying: “The default install will still wiretap your room without your consent, unless you opt out, and more importantly, know that you need to opt out, which is nowhere a reasonable requirement.” He says a hardware switch to disable the microphone and camera built into most computers is needed.
Voice search functions have become an accepted feature of modern smartphones, but their movement into the home through the smart TV, and now browser, have caused concerns over the possibility of being listened to within the home.
While most services require a user to opt in, privacy advocates have questioned whether their use, which requires sending voice recordings over the internet to company servers for processing, risks unintentionally exposing private conversations held within the home.