Just recently, open-source developers have discovered that the Chromium browser, an open-source web browser where Google Chrome is based, has been automatically installing a program secretly that contains audio code. This program can be used to listen to users, and record everything that is heard. This then caught the attention of developers and organizations that promote privacy.
The program installed was reportedly an add-on that could enable the usage of the "Ok, Google" hotword, which enables searching by voice on the computer browser. Some users allegedly are claiming that the program has been activated on their computers without their permission.
Rick Falkvinge, the Pirate party founder, claims that Google"s code for the program had downloaded a "black box of code" that had turned on the microphone by default, and was actively listening to any audio that can be registered in a room. He elaborates further:
Obviously, your own computer isn’t the one to analyze the actual search command. Google’s servers do. Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by… an unknown and unverifiable set of conditions.
Google has been made aware of the issue, and has since then offered a response. The company did confirm the installation of black box code on to a user"s computer, but has claimed that the program is never activated, unless a user opts in. Also, it said that the Linux distribution Debian was the reason behind the installations, and not Google Chrome. The company commented:
Yes, Chromium is bypassing the entire source code auditing process by downloading a pre-built black box onto people’s computers. But that’s not something we care about, really. Anybody who uses our code for their own purpose takes responsibility for it. When this happens in a Debian installation, it is not Google Chrome’s behavior, this is Debian Chromium’s behavior. It’s Debian’s responsibility entirely.
Furthermore, mgiuca from the Chromium development boards, emphasized that Chromium is not a Google product, and that they do not distribute it, or make any guarantees regarding compliance with various open-source policies.
Despite these defenses made by Google, Falkvinge stated that the default installation will still wiretap a room without any consent, unless a user opts out. He also suggested the need to manually disable microphones and cameras built and connected into computers, to be able to really disable the program and prevent it from listening in.
Source: The Guardian, Privacy Online News