Google has been under fire after it was revealed the company was secretly downloading an auto listener onto every computer that had Google Chrome installed. The software Chrome downloaded would capture and send back audio data to Google, meaning that when you are running Chrome, Google has the ability to potentially eavesdrop on your conversations or pick up on nearby sound.
The issue came to light through Rich Falkvinge, the founder of the original pirate party, who said Google is installing this software onto everyone’s computer without permission. According to Falkvinge, evidence suggesting Google may have downloaded an audio software capture tool had arisen when a bug report came out with users getting error notifications that the microphone and audio capture settings were being activated by default.
Falkvinge stresses how he believes Google intentionally installed the software on computers running Chrome, which automatically switches the microphone setting “On” by default, enabling Google to listen in on conversations. He believes that Google has silently installed black box code into the open-source Chromium browser which the closed-source Google Chrome is built off, meaning the browser comes with pre-compiled code were unable of verifying.
Chrome’s extension in question is “Chrome Hotword,” an extension responsible for activated Google’s signature “OK Google” functionality.
‘Ok Google’ is a feature that has enabled millions to search throughout Google via their voice, but the feature can also allow Google to eavesdrop on conversations made by end users.
Falkvinge says the black box code enables a feature that can activate search functions through the browser when you speak “OK Google,” however the listener is always active.
“Your computer has been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge,” Falkvinge said.
Falkvinge said Google’s voice command feature could capture audio which is then examined by Google’s servers, not your computer. This means Google Chrome would have the ability to consistently stream live audio feeds from wherever the computer is located. All of the data transactions would occur without the end users knowledge.
Following recent accusations, Google stood up trying to defend themselves saying the “OK Google” feature is an extension you choose to opt-in.
“First and foremost, while we do download the hotword module on startup, we do not activate it unless you opt into hotwording,” a Google team member said in their development forums. “If you go into ‘chrome://settings,’ you will see a checkbox ‘Enable ‘Ok Google’ to start a voice search. This should be unchecked by default, and if you do not check it, the hotword module will not be started.”
Google further argued how Chrome is not open source and if any open source distributors, such as Debian, have issues with it, they must disable the modules themselves.
However, after the amass of complaints how Google Chrome automatically installed Chrome Hotword without an opt-out feature, Debian mitigated the issue by disabling the extension by default in their latest distribution of Chrome.
Google has allegedly offered up a way to solve the problem and opt-out of their program, but given the fact that the program was secretly installed without users’ knowledge, most affected may never know their computers are wire-tapped grounds.
Falkvinge made a fair counterargument during his findings, stating it’s possible that data recorded is not sent to Google til the voice command was enabled. A reader told Falkvinge that while monitoring outgoing traffic, they ware able to identify the audio listener is not sending everything you say to Google Chrome from your computer.
It was made clear that Falkvinge laid immense stress on the fact that Google downloaded black box code to your computer without consent or knowledge, enabling your microphone, allowing them to listen in on any conversation.
[Photo via Stephen Shankland/Flickr [CC BY 2.0]]