Google has been stealth downloading audio listeners onto every computer that runs Chrome

[Seth]

 from  
https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/


Posted on June 18, 2015 by Rick Falkvinge

Google Chrome Listening In To Your Room Shows The Importance Of Privacy  
Defense In Depth

Yesterday, news broke that Google has been stealth downloading audio  
listeners onto every computer that runs Chrome, and transmits audio data  
back to Google. Effectively, this means that Google had taken itself the  
right to listen to every conversation in every room that runs Chrome  
somewhere, without any kind of consent from the people eavesdropped on. In  
official statements, Google shrugged off the practice with what amounts to  
“we can do that”.

It looked like just another bug report. "When I start Chromium, it  
downloads something." Followed by strange status information that notably  
included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes".

chrome-voicesearch

Without consent, Google’s code had downloaded a black box of code that –  
according to itself – had turned on the microphone and was actively  
listening to your room.

A brief explanation of the Open-source / Free-software philosophy is  
needed here. When you’re installing a version of GNU/Linux like Debian or  
Ubuntu onto a fresh computer, thousands of really smart people have  
analyzed every line of human-readable source code before that operating  
system was built into computer-executable binary code, to make it common  
and open knowledge what the machine actually does instead of trusting  
corporate statements on what it’s supposed to be doing. Therefore, you  
don’t install black boxes onto a Debian or Ubuntu system; you use software  
repositories that have gone through this source-code audit-then-build  
process. Maintainers of operating systems like Debian and Ubuntu use many  
so-called “upstreams” of source code to build the final product.

Chromium, the open-source version of Google Chrome, had abused its  
position as trusted upstream to insert lines of source code that bypassed  
this audit-then-build process, and which downloaded and installed a black  
box of unverifiable executable code directly onto computers, essentially  
rendering them compromised. We don’t know and can’t know what this black  
box does. But we see reports that the microphone has been activated, and  
that Chromium considers audio capture permitted.

This was supposedly to enable the “Ok, Google” behavior – that when you  
say certain words, a search function is activated. Certainly a useful  
feature. Certainly something that enables eavesdropping of every  
conversation in the entire room, too.

Obviously, your own computer isn’t the one to analyze the actual search  
command. Google’s servers do. Which means that your computer had been  
stealth configured to send what was being said in your room to somebody  
else, to a private company in another country, without your consent or  
knowledge, an audio transmission triggered by… an unknown and unverifiable  
set of conditions.

Google had two responses to this. The first was to introduce a  
practically-undocumented switch to opt out of this behavior, which is not  
a fix: the default install will still wiretap your room without your  
consent, unless you opt out, and more importantly, know that you need to  
opt out, which is nowhere a reasonable requirement. But the second was  
more of an official statement following technical discussions on Hacker  
News and other places. That official statement amounted to three parts  
(paraphrased, of course):

1) Yes, we’re downloading and installing a wiretapping black-box to your  
computer. But we’re not actually activating it. We did take advantage of  
our position as trusted upstream to stealth-insert code into open-source  
software that installed this black box onto millions of computers, but we  
would never abuse the same trust in the same way to insert code that  
activates the eavesdropping-blackbox we already downloaded and installed  
onto your computer without your consent or knowledge. You can look at the  
code as it looks right now to see that the code doesn’t do this right now.

2) Yes, Chromium is bypassing the entire source code auditing process by  
downloading a pre-built black box onto people’s computers. But that’s not  
something we care about, really. We’re concerned with building Google  
Chrome, the product from Google. As part of that, we provide the source  
code for others to package if they like. Anybody who uses our code for  
their own purpose takes responsibility for it. When this happens in a  
Debian installation, it is not Google Chrome’s behavior, this is Debian  
Chromium’s behavior. It’s Debian’s responsibility entirely.

3) Yes, we deliberately hid this listening module from the users, but  
that’s because we consider this behavior to be part of the basic Google  
Chrome experience. We don’t want to show all modules that we install  
ourselves.

If you think this is an excusable and responsible statement, raise your  
hand now.

Now, it should be noted that this was Chromium, the open-source version of  
Chrome. If somebody downloads the Google product Google Chrome, as in the  
prepackaged binary, you don’t even get a theoretical choice. You’re  
already downloading a black box from a vendor. In Google Chrome, this is  
all included from the start.

This episode highlights the need for hard, not soft, switches to all  
devices – webcams, microphones – that can be used for surveillance. A  
software on/off switch for a webcam is no longer enough, a hard shield in  
front of the lens is required. A software on/off switch for a microphone  
is no longer enough, a physical switch that breaks its electrical  
connection is required. That’s how you defend against this in depth.

Of course, people were quick to downplay the alarm. “It only listens when  
you say ‘Ok, Google’.” (Ok, so how does it know to start listening just  
before I’m about to say ‘Ok, Google?’) “It’s no big deal.” (A company  
stealth installs an audio listener that listens to every room in the world  
it can, and transmits audio data to the mothership when it encounters an  
unknown, possibly individually tailored, list of keywords – and it’s no  
big deal!?) “You can opt out. It’s in the Terms of Service.” (No. Just no.  
This is not something that is the slightest amount of permissible just  
because it’s hidden in legalese.) “It’s opt-in. It won’t really listen  
unless you check that box.” (Perhaps. We don’t know, Google just  
downloaded a black box onto my computer. And it may not be the same black  
box as was downloaded onto yours. )

Early last decade, privacy activists practically yelled and screamed that  
the NSA’s taps of various points of the Internet and telecom networks had  
the technical potential for enormous abuse against privacy. Everybody else  
dismissed those points as basically tinfoilhattery – until the Snowden  
files came out, and it was revealed that precisely everybody involved had  
abused their technical capability for invasion of privacy as far as was  
possible.

Perhaps it would be wise to not repeat that exact mistake. Nobody, and I  
really mean nobody, is to be trusted with a technical capability to listen  
to every room in the world, with listening profiles customizable at the  
identified-individual level, on the mere basis of “trust us”.

Privacy remains your own responsibility.

Rick Falkvinge
ABOUT RICK FALKVINGE
Rick is the founder of the first Pirate Party and is a political  
evangelist, traveling around Europe and the world to talk and write about  
ideas of a sensible information policy. He has a tech entrepreneur  
background and loves whisky. Read more of his articles on his website.

Twitter |More Posts (91)