[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Google has been stealth downloading audio listeners onto every computer that runs Chrome

To: [email protected]
Subject: Google has been stealth downloading audio listeners onto every computer that runs Chrome
From: [email protected] (Tim Beelen)
Date: Sun, 21 Jun 2015 17:28:21 -0400
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

How do I find out what program is listening to my microphone?

On 6/21/2015 4:55 PM, Shelley wrote:
> ----------
> On June 21, 2015 1:14:32 PM Seth <[email protected]> wrote:
>
>>  from
>> https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/ 
>>
>>
>>
>> Posted on June 18, 2015 by Rick Falkvinge
>>
>> Google Chrome Listening In To Your Room Shows The Importance Of Privacy
>> Defense In Depth
>
>
> Wow, this is exactly the kind of bullshit- and bullshit response- I'd 
> expect from this duplicitous NSA asset.
>
> I keep a seldom-used, older version of chromium on one of my debian 
> laptops so I'll check for this.  My webcam and microphone are 
> physically disconnected anyway, but I still want to see if their 
> spyware has infected my system.  Fuckers.
>
> Thanks for posting this; I've been out of the news loop for a couple 
> of days.
>
> -S
>
>
>>
>> Yesterday, news broke that Google has been stealth downloading audio
>> listeners onto every computer that runs Chrome, and transmits audio data
>> back to Google. Effectively, this means that Google had taken itself the
>> right to listen to every conversation in every room that runs Chrome
>> somewhere, without any kind of consent from the people eavesdropped 
>> on. In
>> official statements, Google shrugged off the practice with what 
>> amounts to
>> â??we can do thatâ??.
>>
>> It looked like just another bug report. "When I start Chromium, it
>> downloads something." Followed by strange status information that 
>> notably
>> included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes".
>>
>> chrome-voicesearch
>>
>> Without consent, Googleâ??s code had downloaded a black box of code that â??
>> according to itself â?? had turned on the microphone and was actively
>> listening to your room.
>>
>> A brief explanation of the Open-source / Free-software philosophy is
>> needed here. When youâ??re installing a version of GNU/Linux like 
>> Debian or
>> Ubuntu onto a fresh computer, thousands of really smart people have
>> analyzed every line of human-readable source code before that operating
>> system was built into computer-executable binary code, to make it common
>> and open knowledge what the machine actually does instead of trusting
>> corporate statements on what itâ??s supposed to be doing. Therefore, you
>> donâ??t install black boxes onto a Debian or Ubuntu system; you use 
>> software
>> repositories that have gone through this source-code audit-then-build
>> process. Maintainers of operating systems like Debian and Ubuntu use 
>> many
>> so-called â??upstreamsâ?? of source code to build the final product.
>>
>> Chromium, the open-source version of Google Chrome, had abused its
>> position as trusted upstream to insert lines of source code that 
>> bypassed
>> this audit-then-build process, and which downloaded and installed a 
>> black
>> box of unverifiable executable code directly onto computers, essentially
>> rendering them compromised. We donâ??t know and canâ??t know what this black
>> box does. But we see reports that the microphone has been activated, and
>> that Chromium considers audio capture permitted.
>>
>> This was supposedly to enable the â??Ok, Googleâ?? behavior â?? that when you
>> say certain words, a search function is activated. Certainly a useful
>> feature. Certainly something that enables eavesdropping of every
>> conversation in the entire room, too.
>>
>> Obviously, your own computer isnâ??t the one to analyze the actual search
>> command. Googleâ??s servers do. Which means that your computer had been
>> stealth configured to send what was being said in your room to somebody
>> else, to a private company in another country, without your consent or
>> knowledge, an audio transmission triggered byâ?¦ an unknown and 
>> unverifiable
>> set of conditions.
>>
>> Google had two responses to this. The first was to introduce a
>> practically-undocumented switch to opt out of this behavior, which is 
>> not
>> a fix: the default install will still wiretap your room without your
>> consent, unless you opt out, and more importantly, know that you need to
>> opt out, which is nowhere a reasonable requirement. But the second was
>> more of an official statement following technical discussions on Hacker
>> News and other places. That official statement amounted to three parts
>> (paraphrased, of course):
>>
>> 1) Yes, weâ??re downloading and installing a wiretapping black-box to your
>> computer. But weâ??re not actually activating it. We did take advantage of
>> our position as trusted upstream to stealth-insert code into open-source
>> software that installed this black box onto millions of computers, 
>> but we
>> would never abuse the same trust in the same way to insert code that
>> activates the eavesdropping-blackbox we already downloaded and installed
>> onto your computer without your consent or knowledge. You can look at 
>> the
>> code as it looks right now to see that the code doesnâ??t do this right 
>> now.
>>
>> 2) Yes, Chromium is bypassing the entire source code auditing process by
>> downloading a pre-built black box onto peopleâ??s computers. But thatâ??s 
>> not
>> something we care about, really. Weâ??re concerned with building Google
>> Chrome, the product from Google. As part of that, we provide the source
>> code for others to package if they like. Anybody who uses our code for
>> their own purpose takes responsibility for it. When this happens in a
>> Debian installation, it is not Google Chromeâ??s behavior, this is Debian
>> Chromiumâ??s behavior. Itâ??s Debianâ??s responsibility entirely.
>>
>> 3) Yes, we deliberately hid this listening module from the users, but
>> thatâ??s because we consider this behavior to be part of the basic Google
>> Chrome experience. We donâ??t want to show all modules that we install
>> ourselves.
>>
>> If you think this is an excusable and responsible statement, raise your
>> hand now.
>>
>> Now, it should be noted that this was Chromium, the open-source 
>> version of
>> Chrome. If somebody downloads the Google product Google Chrome, as in 
>> the
>> prepackaged binary, you donâ??t even get a theoretical choice. Youâ??re
>> already downloading a black box from a vendor. In Google Chrome, this is
>> all included from the start.
>>
>> This episode highlights the need for hard, not soft, switches to all
>> devices â?? webcams, microphones â?? that can be used for surveillance. A
>> software on/off switch for a webcam is no longer enough, a hard 
>> shield in
>> front of the lens is required. A software on/off switch for a microphone
>> is no longer enough, a physical switch that breaks its electrical
>> connection is required. Thatâ??s how you defend against this in depth.
>>
>> Of course, people were quick to downplay the alarm. â??It only listens 
>> when
>> you say â??Ok, Googleâ??.â?? (Ok, so how does it know to start listening just
>> before Iâ??m about to say â??Ok, Google?â??) â??Itâ??s no big deal.â?? (A company
>> stealth installs an audio listener that listens to every room in the 
>> world
>> it can, and transmits audio data to the mothership when it encounters an
>> unknown, possibly individually tailored, list of keywords â?? and itâ??s no
>> big deal!?) â??You can opt out. Itâ??s in the Terms of Service.â?? (No. 
>> Just no.
>> This is not something that is the slightest amount of permissible just
>> because itâ??s hidden in legalese.) â??Itâ??s opt-in. It wonâ??t really listen
>> unless you check that box.â?? (Perhaps. We donâ??t know, Google just
>> downloaded a black box onto my computer. And it may not be the same 
>> black
>> box as was downloaded onto yours. )
>>
>> Early last decade, privacy activists practically yelled and screamed 
>> that
>> the NSAâ??s taps of various points of the Internet and telecom networks 
>> had
>> the technical potential for enormous abuse against privacy. Everybody 
>> else
>> dismissed those points as basically tinfoilhattery â?? until the Snowden
>> files came out, and it was revealed that precisely everybody involved 
>> had
>> abused their technical capability for invasion of privacy as far as was
>> possible.
>>
>> Perhaps it would be wise to not repeat that exact mistake. Nobody, and I
>> really mean nobody, is to be trusted with a technical capability to 
>> listen
>> to every room in the world, with listening profiles customizable at the
>> identified-individual level, on the mere basis of â??trust usâ??.
>>
>> Privacy remains your own responsibility.
>>
>> Rick Falkvinge
>> ABOUT RICK FALKVINGE
>> Rick is the founder of the first Pirate Party and is a political
>> evangelist, traveling around Europe and the world to talk and write 
>> about
>> ideas of a sensible information policy. He has a tech entrepreneur
>> background and loves whisky. Read more of his articles on his website.
>>
>> Twitter |More Posts (91)
>>
>
>

Follow-Ups:
- Google has been stealth downloading audio listeners onto every computer that runs Chrome
  - From: [email protected] (Kurt Buff)

References:
- Google has been stealth downloading audio listeners onto every computer that runs Chrome
  - From: [email protected] (Seth)
- Google has been stealth downloading audio listeners onto every computer that runs Chrome
  - From: [email protected] (Shelley)

Prev by Date: Be alert - signs of Russian invasion may be strong
Next by Date: Google has been stealth downloading audio listeners onto every computer that runs Chrome
Previous by thread: Google has been stealth downloading audio listeners onto every computer that runs Chrome
Next by thread: Google has been stealth downloading audio listeners onto every computer that runs Chrome
Index(es):
- Date
- Thread