Google’s in hot water after dropping binary code in Chromium for Linux

retrogamer

retrogamer

I ran across this story, given the problems with that port right now I thought some users might be interested. I think I'm done with that browser at this point.

A Debian bug report indicated on Tuesday that the most recent version of the Chromium browser downloaded a "Chrome Hotword Shared Module" extension as a binary without source code.

Further investigation revealed that the extension was linked to "Ok Google", a voice search and actions service that uses the computer's microphone to run commands when the user speaks a command followed by instructions.

The company used the feature on Android and other mobile devices for some time already but has moved it to the Chrome web browser as well in the meantime.

The main idea behind the feature is to give users options to use their voice to run commands instead on devices supporting the feature.

Google is criticized for dropping the code for several reasons:

  1. Users don't get a choice. The code is downloaded to the system automatically.
  2. There is no switch to disable it.
  3. Only a binary is provided, no source code.
  4. The extension is enabled by default.
  5. The extension listens to the microphone.
  6. The extension is not listed on chrome://extensions.
You can check the chrome://voicesearch page in Chrome or Chromium to find out whether the feature is enabled on your end.
Click to expand...
http://www.ghacks.net/2015/06/19/go...r-dropping-binary-code-in-chromium-for-linux/
 
It's amazing how people complain about Google implementing binary blobs in their browser while no one complains about Google being the pioneer in binary blob DRM code in Chrome.
 
I don't understand the issue. It allows voice commands to be entered using Chromium/Chrome. Great feature! I use it often on my phone and my wife found out it works on her Windows laptop. (Why aren't Windows users complaining?)

Here's another surprise, I guess. Chromium also allows entering commands with a keyboard! Do they want that removed, too?
 
The concern with it would be that it can listen via the microphone, is enabled by default and is binary only, which while probably innocent is definitely something a lot of people might not want to sign up for (but if you were a Chromium user, you were not given any notice beforehand). It's the same thing that caused an uproar with the XBox awhile back.
protocelt said:
While I agree, to be fair, Chromium(as opposed to Chrome) is not supported officially in any way directly by Google.
Click to expand...
I apologize for not clearing that up, I should have added to the article (all of that was copy+paste). It was a bit clickbait-ish in nature, but explained the issue pretty well, I thought.

EDIT: Cthulux beat me to the punch, sorry about that, I didn't mean to be redundant.
 
Cthulhux said:
The issue is that you can't see if it's only doing this or some evil things too.
Click to expand...
The same can be said for any program from anyone you installed.

retrogamer said:
is enabled by default
Click to expand...
Is it? I wasn't aware of that but it falls in line with Chrome on every device I own where the little microphone is on the screen and you can say, "Ok, Google!". So the announcement of the feature is right there.

Of course, anyone who thinks Google put that there so they can listen in on everything you say has far more problems than I care about.
 
People usually use Chromium instead of Chrome (or the much better Firefox) because it is said not to hide what it does, this is the point.
 
If they're hiding it, they're doing it in plain sight as I see the microphone on their front page on my FreeBSD workstation just like every other device I have, and hovering over it pops up "Search by voice" which implies a microphone is being used.
 
If I press the microphone (in Chromium on my FreeBSD workstation) Chromium says: "Voice search has been turned off.". Good to have a machine without a microphone. :-)
 
Portions if the text-to-speech and speech-to-text were developed by Sun MicroSystems for one of their visually impaired employees. Emacs also has such an interface. OpenBSD has a few visually impaired programmers. Vinux was developed and works alongside the Gnome accessibility interface. Some are also used by those with limited speech capabilities. When used within reason and in the proper context, all technology is beneficial. A problem that many refuse to accept is the misuse and abuse by those who are complacent, lethargical, arrogant, and down-wrong - because they are not right - lazy individuals who find it too strenuous to hit a few keys while using that mass of cells known as a brain. I am thoroughly amused at both parties in this fiasco for refusing to accept responsibility of their own shortcomings. Just because the option and/or possibility is there does not give you the license and permission to be a foolish fooley fool.
 
I'd be willing to bet there is a ton of good open source software that does things like this behind the scenes. This doesn't automatically make the software malicious. If complete transparency is of the utmost importance to a user the great thing about open source is a lot of the source code is available to browse and vet the application yourself. If that isn't something you want to/can do you are of course free to not use it as well and use something else instead. Personally I love transparency, however, it's not enough in and of itself to make me drop an application from use. This is being blown out of proportion by some people in my opinion.
 
  • Thanks
Reactions: kpa
It is neither the methodology nor the utility which is at fault but, it is the reason and the one utilizing the formerly mentioned. Transparency as a substitute for honesty and dignity in everyday affairs is lacking with Western Civilization's aporoach to the entire structure, whether it be social, political, or financial in origin - the last includes all business affairs for this post.
The universe is an infinite set of finite possibilities and it is the chaotic harmony of it all which keeps things going. For some, to simply accept without questioning is nature. Others are there to play the satan in all of this.

I am enjoying the fact that every excuse is given and no responsibility is taken.
 
abishai said:
Who cares ? If you think about security and privacy, you are probably running firefox.
Click to expand...
I can only speak for myself, but their targeted ads are one reason I quit using that browser (I realize you can opt out, but the decision itself made me wary of what might come later).
http://www.cnet.com/news/mozilla-officially-kicks-off-ads-in-firefox/

At this point I am just going to use www/seamonkey with multimedia/livestreamer, which is a bit of an annoyance (it can't do fullscreen HTML5 video), but outside of that is a great browser and still uses the Gecko engine.

protocelt said:
I'd be willing to bet there is a ton of good open source software that does things like this behind the scenes. This doesn't automatically make the software malicious. If complete transparency is of the utmost importance to a user the great thing about open source is a lot of the source code is available to browse and vet the application yourself. If that isn't something you want to/can do you are of course free to not use it as well and use something else instead.
Click to expand...
I don't disagree with that, I just thought that it was worth making anyone who uses Chromium based on transparency being important to them aware of the issue.
 
retrogamer said:
I can only speak for myself, but their targeted ads are one reason I quit using that browser
Click to expand...

Then turn off your TV, cancel your newspaper and magazines, and stay off the internet, cause targeted advertising is the norm, not the exception. Even the dozens of client web sites I develop for target advertising and these are mostly small outfits. There isn't an advertising agency in existence that doesn't target advertise. Google, essentially an advertising and marketing company, isn't doing anything that everyone else has been doing since time immemorial.
 
That is indeed a bit annoying. Eric Hameleers, a lead Slackware developer, has recompiled his Chromium packages such that this issue does not run.
 
To point out the main elephant in this mess (and maybe bring some peace to this thread) - the problem is that trust has been violated. Not how it was done, or why.
 
Your computer is now listening to you, all the time. Trust us. We forgot to announce it. You don't really need to know what that binary blob does. Thanks for opting in by not saying no when we didn't ask. Go ahead and click that icon to turn it off. We promise it actually turns off the microphone. You will almost certainly never be bothered by ads related to keywords said within hearing of the computer. Likewise anything said within hearing range... er, when the microphone is on, we mean, will not be logged or used to build up a profile of what you use, buy, or think. And that valuable data--which does not exist and is not stored--will certainly never be shared with corporations or governments, under any circumstances, except for profit or if they ask nicely.
 
wblock@ said:
Your computer is now listening to you, all the time. Trust us. We forgot to announce it. You don't really need to know what that binary blob does. Thanks for opting in by not saying no when we didn't ask. Go ahead and click that icon to turn it off. We promise it actually turns off the microphone. You will almost certainly never be bothered by ads related to keywords said within hearing of the computer. Likewise anything said within hearing range... er, when the microphone is on, we mean, will not be logged or used to build up a profile of what you use, buy, or think. And that valuable data--which does not exist and is not stored--will certainly never be shared with corporations or governments, under any circumstances, except for profit or if they ask nicely.
Click to expand...

If that is the case(unless your playing the devil's advocate here, in which case - nice job :D ) you might as well throw out all electronics you own, remove the ISP line from your residence, wrap it in a gigantic Faraday cage, and stick to books. There are ongoing talks about a web API being used for voice input across all mainstream browsers right now as we discuss this so at the very least www/firefox, www/chromium, Google Chrome, Opera, and Internet Explorer/Edge will all be just as untrustworthy soon enough.

In all seriousness it's pretty well known by now you cannot trust anything you do, say or use on the Internet will be private at present. This issue isn't whether you can trust www/chromium or not. It is an issue of risk as with all software you choose to use without auditing the code first. As always it comes down to "How important is your privacy to you?".

Having said that, again, this is only my personal opinion and nothing more. After all, this discussion wouldn't exist without opinions and many good things come out of discussions based on differing opinions. :)

As a side note, could a Moderator or Admin please remove wblock@'s post as I don't agree with it. ;) :beer:
 
That's the thing (or is it there's the rub?). No one has claimed the microphone is always listening. If that were true, I'm sure we'd hear about that, too. Of course, every popular operating system has the ability to listen on your microphone but nobody seems bothered by that.

I call this "the internet scream".

protocelt said:
could a Moderator or Admin please remove wblock@'s post as I don't agree with it.
Click to expand...
Well, I don't agree with that! Could a mod remove protocelt 's post. :)
 
It's kind of an arms race. Part of the point was that it's up to us to be vigilant and not just willingly accept invasive things, and another part was that when there are capabilities, it's reasonable to extrapolate how they could be used. Years back, I had a lot of people ask why I had a piece of paper stuck over the webcam on my notebook. I told them it was because I could imagine what could be done with it. Often they would laugh, sometimes slowly backing away. Time went by, then there was news about a school monitoring their students after hours via the webcams in the school-issued computers, a surprise to the students: http://abcnews.go.com/GMA/Parenting...probe-webcam-students-spying/story?id=9905488.

Nobody asks why my webcam is blocked any more, and I noticed others at BSDCan had similar arrangements.

I'm not saying the microphone is always listening. I'm saying the capability is there, and a binary blob is really, really suspicious.

Incidentally, I seem to remember that someone (Microsoft?) did patent having a microphone listen to ambient audio for keywords for marketing. Recollection says that was when the (game?) system was not being used for its primary purpose. Admittedly, paranoid memory might be shifting how I remember that.
 
An arms race is a good phrase to use. This could potentially turn into a very long winded discussion I suppose so I'm going to end my own 2 cents here. Oh, and I always have and still tape paper over my notebook webcams and still get confused looks from people when they see it. :) BTW, Microsoft's Xbox One still has and uses this "feature" to this day. I owned one... and sold it.
 
You must log in or register to reply here.
Back
Top