Audio listeners stealthily installed on Chrome
The Findings
It was recently discovered that Google has been dropping audio listeners on every Chrome user. This can enable the company to record all of the conversations that take place in the room you are in. What is more, users are completely uninformed that this is happening. The eavesdropping capabilities were discovered by a Chromium (the open-source version of Chrome) user. Initially, it was listed as a bug report. The user simply discovered that Chromium had downloaded some extension completely on its own. Then, some status information appeared with the following contents:
- “Microphone: Yes”.
- “Audio Capture Allowed: Yes”.
As you can see, without the user consenting Google’s code managed to install an extension that can serve as a black box, collecting any and all sound in the room. This is a severe privacy issue.
Open-Source Audit System
As we already mentioned, Chromium is the open-source version of Chrome, and it runs on systems like Debian and Ubuntu, for instance. All software that is released for these operating systems is peer-reviewed beforehand. This method allows for multiple users to “chip in” with developing the final product, so that everyone is satisfied with how it works, and nothing is hidden from future users of the program.
Chromium Circumventing the Audit
It was discovered that Chromium can bypass the audit system. This is done by downloading additional code after the program has been installed. What is more, the so-called, extension that enables Google to listen in on your conversations is not even listed in the extensions menu. So the tech-giant is really trying to hide it, and good luck with uninstalling it. There is no telling when this “black box” is operational. And there is no telling whether it records or not, and how much of it is sent out and to whom exactly.
Google’s Position on the Matter
This extension’s supposed purpose is to help the “Ok, Google” voice search. In order to use this function of Google, you definitely will have to have your microphone turned on at all times, which leaves the door open for potential eavesdropping.
After, this “bug” was discovered, many Chromium users wanted to opt out of the module that enabled their microphones. Google did oblige with providing a build-time flag for those who want to develop Chrome without the hotwording module.
Google admitted that there Chromium was indeed installing the hotwording module by default, but stated that it was not being activated. This would only happen if users opt in to using “Ok, Google.” This, however, sounds quite fishy as the module was downloaded without consent, so why would anybody trust that it was not being operational, as well?
Google also refused to take any responsibility for this as they do not distribute Chromium and Chromium is not one of Google’s official products. It was stated that it was up to Debian, as distributor of Chromium, to keep an eye for such things.
What about Chrome?
It should be pointed out that with Google Chrome, you don’t get a choice whether you’re eavesdropped or not. Once you install the program, the two options shown above will be automatically activated. If you want to check for yourself, type chrome://voicesearch in the address box of Chrome and see for yourself. I just did, and they both say “Yes.”
Audio capture is not something you would expect from a browser. What is more, it doesn’t seem like there is a way to disable this on Chrome unless you disable your microphone. And once Google has access to your microphone, who’s to say that it can’t use it at any time. If you’re someone who values their privacy you should seriously think about what browser you should use.