Google Chrome Silently Listening to Your Private Conversations
Google was under fire of downloading and installing a Chrome extension surreptitiously and subsequently listened to the conversations of Chromium users without consent.

After these accusations, a wave of criticism by privacy campaigners and open source developers has led Google to remove the extension from Chromium, the open-source version of the Chrome browser.

The extension in question is "Chrome Hotword," which was found to be responsible for offering the browser's famous "OK, Google" functionality.
Cybersecurity

'Ok, Google' is certainly a useful feature that allows users to search for things via their voice when they use Google as their default search engine, but its something that also enables eavesdropping of every single conversation made by a user.

Google Silently Listens to your Conversation


This issue came to light by Pirate Party founder Rick Falkvinge, who says Google has silently installed black box code into the open-source Chromium browser, meaning it contains pre-compiled code that users cannot see.

Exactly what this black box does is still unclear, but Falkvinge claimed that Google is listening to the conversations of Chromium users through this black box of code.

The 'black box' code enabled a feature that activates a search function on the browser when you say "Ok, Google," however the code enabled the microphone, as well as permitted to capture audios.
"Your computer has been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge," says Falkvinge.

Google Responded to the Issue


Google since defended itself, arguing the ability to use "Ok Google" commands and enable the extension is an opt-in feature.
"First and foremost, while we do download the hotword module on startup, we do not activate it unless you opt into hotwording," Google wrote on its development forums.
"If you go into 'chrome://settings,' you will see a checkbox 'Enable 'Ok Google' to start a voice search. This should be unchecked by default, and if you do not check it, the hotword module will not be started."
Google also argued that Chrome is not open source and if any of the open source distributors such as Debian have any issue with it, they should disable the module themselves.

However, after receiving complaints about the "bug" that automatically installs the Chrome Hotword Shared Module without an opt-out configuration, Debian has fixed the issue by disabling the extension in their distribution of Chromium.

Google - We aren't Responsible for other browsers


Google doesn't deny installing the black box code into Chromium browser, but the company doesn't consider itself responsible for other web browsers that include the code.
"Our primary focus is getting the code ready for Google Chrome," says Google. "If a third-party (such as Debian) distributes it, it is their responsibility to enforce their own policy."
The key issue here is the inclusion of black box code into Chromium, which is supposed to be an open-source project that lets everyone audit the code.

However, Falkvinge says Chromium "had abused its position as trusted upstream to insert lines of source code that bypassed this audit-then-build process, and which downloaded and installed a black box of unverifiable executable code directly onto computers, essentially rendering them compromised."

This issue forced Google to make changes in Chromium 45 by disabling the Chrome Hotword extension, making it easier for third party distributors to disable hotwording.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.