Welcome to WebmasterWorld Guest from 3.80.6.254

Forum Moderators: goodroi

Message Too Old, No Replies

Google Hotwording, Chrome Now Has Audio Spy Payload

     
9:48 pm on Jun 23, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 29, 2007
posts:2014
votes: 215


I've read on a couple of smaller tech news sites that Google Chrome downloaded an update that turned on audio capturing when a microphone was detected, without the users knowledge or permission. While I won't link the articles as per WW policy I will link to a Google Code bug report describing the issue as it has links to Google's solution(which is apparently to leave it enabled by default without telling the end user they are being recorded).

Hotwording downloads a shared module from the web store containing a NaCl module. There is a desire to build and distribute Chromium without this happening. This change adds an "enable_hotwording" build flag that is enabled by default, but can be disabled at compile time.


Link: [code.google.com...]

To me this is a HUGE violation of privacy, I can't stress how troubling I find it that Google would record conversations in people's homes without warning them. It makes one wonder what else google is up to. One would suspect this is in Firefox as well given it's backing by Google.

To disable hotwording, pass "enable_hotwording=0" in your GYP_DEFINES, or "enable_hotwording = false" in your GN config. This will prevent the shared module from being downloaded, and also prevent the option from showing up in settings.

It should never have been on by default, I for one thought it was just another Google feature I had no desire to install or use but I didn't know it was already on and activated. I'm hoping someone can share some method of knowing for certain if my voice was ever recorded without me knowing while using Chrome.
10:19 pm on June 23, 2015 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:7139
votes: 413


On Debian it apparently was only in the version 43 of chrome..the "spy activity" was not noticed before version 43..and Google now say that on Debian at least "the module" is no longer in the binary..
Article with more detail on el reg a week ago..
[theregister.co.uk...]

You don't mention your OS..nor your Chrome version number..

Firefox source has not been flagged by anyone ( and the open source code it is built from is inspected by a great many people ) as containing anything similar..

Google's "backing" for Firefox would not allow Google to hide things in Firefox..
Obviously Google did not think that anyone at Debian would notice..
Which no-one did, for a while..

The Firefox builds for all platforms come under a great deal more scrutiny..

edited to add..
All versions of chrome that I have tested "phone home" a great deal to Google, as I have mentioned here in the past ( wireshark shows Chrome to be very communicative with the mothership )..Hotword merely ramps up Google's spying another notch..

I've tested Chrome to see if it has has stopped "phoning home" to Google, and so far, all versions still do, so I remove it each time after testing..
10:37 pm on June 23, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15928
votes: 884


I don't understand. Where is the recorded material stored, and for how long? Are we talking about "Yuk, they shouldn't be doing that" or about "Vast potential for abuse"?
11:02 pm on June 23, 2015 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:7139
votes: 413


Where is the recorded material stored, and for how long?

Stored on Google servers, ( and probabaly those of the N.S.A too ) could be stored for years..
Are we talking about "Yuk, they shouldn't be doing that" or about "Vast potential for abuse"?

Both..
And as a ( until now ) trusted by many, ( not I ) contributor to Debian..Google really have crossed way over the creepy and dishonest line..
You don't set a "Browser"* to silently download a spy module which is set to "default" to, "listen to conversations mode" ( without notifying the user of this behaviour ) by accident , nor do you forget to include the source code for that action and "module" , nor excuse it ( as they have done in the past ) by the actions of a distracted engineer who did not get the approval of his superiors..

*Chrome fits all the definitions of Spyware / Malware..Google's actions here were sleazy..
12:52 am on June 24, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15928
votes: 884


Stored on {third party} servers

WebmasterWorld forums software interferes with every response I could possibly make.
12:57 am on June 24, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10557
votes: 1118


Hey guys, you're missing the big picture! Hotwording is research for voice activated devices. G just needs a large sampling to make sure the tech will work with any voice, language, or device in natural speaking. It's just research! (Sheesh, get on board!) We all know that folks get self-conscious and speak differently if they know there is a microphone on, changing voice stress and cadence. G needs is as natural as possible.

(Note, for the humor impaired, the above is satire)
4:13 am on June 24, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 29, 2007
posts:2014
votes: 215


I was gonna say Tangor, lol, until you added that last line I wanted to volunteer you for their testing and kindly ask to be left out. Honest research usually involves being honest about your practices and intentions, they actually hid this and didn't warn anyone.

I've read up a bit more on it and Google's primary reasoning seems to be that this is not their doing, it's the same on the software which they do not own(Chrome is based on Chromium code which they do not own) BUT, and it's a big but, the code in Chromium IS Google's proprietary technology and they (apparently) knowingly hid it and used it without people's knowledge or permission.

I'm creeped out, there's no excuse to have avoided disclosure. Google also claims they have your permission because your settings give them permission but does that count when they secretly update your permissions to be on by default? I don't think so. A simple litmus test, how many computers out there are recording ambient sounds and voices without the owners knowing? Put into context, this same company is wanting everyone to install NEST in their homes and has had a few rough patches with privacy issues recently, trust should be their top priority but they sure played fast and loose with this, or so it would seem.

I'm still hoping that someone can point out some facts that confirm my worries are unfounded, I'd love to hear that there is zero chance I was being recorded by this without my knowledge.
3:39 pm on June 25, 2015 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member redbar is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Oct 14, 2013
posts:3365
votes: 557


I'm not quite sure what you peeps are talking about however I use Chrome for accessing my AdSense acount, absolutely nothing else other than testing new website pages, as soon as I have finished doing "whichever" I close the browser clearing the cache and history.

Can I assume that I am safe from the snooping porkers?
8:13 am on June 28, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10557
votes: 1118


UPDATE:

New Chromium builds will no longer download/install the Hotword Shared Module and will automatically remove the module on startup if it was previously installed.

A closed-source and binary-only kernel module caused a fair fuss when it was found inveigling its way into the very much open-source Chromium.

Thanking the community for their attention and input on the issue, one of the project developers told the issues ticket thread that "as of the newly-landed r335874, Chromium builds, by default, will not download this module at all."


[theregister.co.uk...]
6:02 am on June 29, 2015 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member graeme_p is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:3022
votes: 213


If the privacy problem is not bad enough, there is another issue: Chromium is supposed to be open source, and this is a work around that installs closed source with no warning.

Google cannot be regarded as a trusted upstream provider, as @Leosghost says

There are plenty of other webkit browsers around. Just in case keep your microphones off (unplug if possible, otherwise turn off in the OS) when not in use
8:23 am on June 29, 2015 (gmt 0)

System Operator from US 

incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14664
votes: 99


My Android tablet often listens on purpose as I have an assistant enabled that engages when I say it's name.

If I'm not mistaken, the latest Android version does the same thing when on certain pages you say "OK Google" and it then responds to an audible query, perhaps that's what ended up in the desktop version of Chrome.

I'd get used to it because the only way technology can respond to oral commands is to listen, which my tablet does. :)

This is what many devices will be doing soon, including phones, tablets, computers, game, perhaps TV and even appliances.

Always on the bleeding edge...

IMO the simple solution is to just use Firefox which I do as well.
1:02 pm on June 29, 2015 (gmt 0)

Preferred Member from BG 

5+ Year Member Top Contributors Of The Month

joined:Aug 11, 2014
posts:547
votes: 174


and then they tell me CIA =/= Google - yeah, right..
6:08 pm on June 29, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15928
votes: 884


Idle query: do people want their Internet-connected devices to respond to voice input? It would drive me stark staring bonkers.
:: pause here for inevitable wisecrack ::
I'll talk to the cats, to the rats, occasionally even to the fish, but an inanimate object? Nuh-uh. When I get one of those telephone menus where you have to speak your question, I dial 0 and continue doing so until they give up and transfer me to a human.

Decades in the future, someone will brilliantly invent a way that you can tell the computer what you want with no possibility of anyone else overhearing. It will be called ... drumroll ... The Keyboard.
6:21 pm on June 29, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10557
votes: 1118


Nah... soon we'll all be hooked up like that wise-acre flunky in the Andromeda series. It will be called ....

Plug and Play
6:43 pm on June 30, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 5, 2002
posts: 1864
votes: 5


This is pretty insane. Was this included in the open-source Chromium version or just the binary?

If I mute my internal mic in Linux, can a browser unmute it? Hopefully this can be "firewalled" that way.