Recently, a researcher revealed that Google might be spying on all of its Chromium web browser users by stealth downloading audio listeners onto their computer, which then transmits all the audio from computer’s microphone back to the Google servers.
Well, this determines that Google had given itself the right to listen to everything happening within the range of your computer’s microphone, and that too without any prior permission from the user.
According to the guy who reported this bug:
“After upgrading chromium to 43, I noticed that when it is running and immediately after the machine is on-line it silently starts downloading ‘Chrome Hotword Shared Module’ extension, which contains a binary without source code. There seems no opt-out config.”
Once that module was silently installed, there was a notable change in the voice search status information, particularly in the lines “Microphone” and “Audio Capture Allowed”, both of which were turned to “Yes” from “No”. So without user’s permission, Google have downloaded a black box onto your computer which automatically activates the microphone and begins listening.
For those of you who don’t know, the Chrome Hotword Shared Module is actually related to the Google’s hotword functionality that has been developed specifically for Chromium web browsers. What this module actually does is to monitor the user’s microphone input for the phrase “OK, Google”, which then further attempts to transform the spoken words or sentence into a search query.
However, Google has labelled this functionality as inactive until the said key phrase is spoken – apparently by dumping any voice waveform which does not match enough with the waveform truly generated by saying the phrase “OK, Google”.
Though the researcher has advised that this module continues to listen and monitor the audio coming from the microphone.
Before we proceed further, a brief clarification about the open source software is needed. Before any Linux or a GNU-based operating system like Ubuntu or a Debian is compiled and designed, there are developers who have already analysed each and every line of source code before it gets transformed into the binary code.
All of this is done to make sure that what the machine is actually supposed to do and what tasks it is actually allowed to perform, instead of depending upon the corporate company’s statements about what tasks it is supposed to perform. Therefore, you don’t install black box onto Ubuntu or a Debian based system, instead, you use software repositories that have gone through an in-depth analyzation process and is maintained by the developers.
Chromium, the open-source version of Google Chrome, has harmed its position as a trusted developer by inserting lines of code that bypassed the whole analyzation process, and also downloaded and installed a black box directly onto the computers. The researchers and the bug reporters don’t have any clue about the working of a black box but what they saw is that the microphone has been activated on the Chromium and audio capture is allowed.
Chromium, the open-source version of Google Chrome
The module we are talking about here is a built-in Chrome extension which enables the audio-recognition module that assists audio searches beginning with the phrase “OK, Google”. But the bug reporter as well as the bug researcher both are criticizing that not only the black box code was included within the Linux distribution repository, but also the said module is not in the Chromium extension list.
If you want to find out if the hotword feature is enabled on your version of Chrome or Chromium web browser, and if Google is eavesdropping you – then all you have to do is simply open Google web browser and in the address bar, type “chrome://voicesearch” and press enter. This will return you with a list of features that are enabled for voice search commands.
It is obvious that the process of voice analyzation of the search command is not performed by your computer, but by the servers located over at Google. Every voice note is transmitted (without your permission) from your computer, over to a corporation located in some other country!
When these criticisms were logged by the Chromium users and things begun to heat-up, it attracted attention of Matt from the Chromium development team who replied to the report and said,
“Since a lot of the discussion is centered around Chromium on Linux, I want to address the concern that Chromium is entirely open source and yet it downloads a proprietary module. The key here is that Chromium is not a Google product (we do not directly distribute it, or make any guarantees with respect to compliance with various open source policies). Our primary focus is getting code ready for Google Chrome. If a third party (such as Debian) destributes it, it is their responsibility to enforce their own policy. And I see that they have now done that (as of 43.0.2357.81-1) by disabling the hotword module. We have also made changes from Chromium 45 onwards to make it easier for third party distributors to disable hotwording”.
Apart from all that, you should also note that this is relevant to Chromium which is an open source version of Chrome. So in case if you have downloaded and installed Google Chrome then won’t even get a choice to opt out from the installation of this package because everything is incorporated from the beginning.
The incident like this highlights that to protect your privacy, you need to have a physical cover in front of a webcam. A hardware button to on/off the microphone. This way, we will be able to break the wireless connection to the device.
In this era, one can trust nobody who’s having a technical capability to secretly listen to what you are discussing. After all, it is our responsibility to keep ourselves masked.