Not OK, Google! Covert installations of ‘eavesdropping tool’ raise alarm
Open source developers and privacy campaigners are raising concerns over the automatic installation of a shady “eavesdropping tool” designed to enable ‘OK Google’ functionality but potentially capable of snooping on any conversation near the computer.
When one installs an open source Chromium browser, as it turns out, it “downloads something” followed by a status report that says “Microphone: Yes” and “Audio Capture Allowed: Yes,” according to an article by Rick Falkvinge, Swedish Pirate Party founder, published on the website Privacy Online News.
While the Chromium, the open source basis for Google’s browser, at least shows the code and allows user to notice it and turn it off, the same installation is included by default in the most popular browser Chrome, used by over 300 million people.
The code was designed to enable the new “OK, Google” hot word detection, which lets the computer do things like search or create reminders in response to human voice. Yet, some users are worried that the service could be activated without their permission, eventually sending recorded data to Google. The worried users describe the Chrome Hotword Shared Module as an audio-snooping “black box”, with only the corporation that provided it fully aware of what the injected pre-compiled code is capable of.
“Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room,” wrote Falkvinge.
“Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by … an unknown and unverifiable set of conditions.”
“We don’t know and can’t know what this black box does,” he added.
The users’ complaints were received with the Google developers’ words that: “While we do download the hot word module on startup, we do not activate it unless you opt in to hot wording.” They also underlined the fact that “Chromium is not a Google product. We do not directly distribute it, or make any guarantees with respect to compliance with various open source policies”.
However, according to Falkvinge, the default install will still “wiretap your room without your consent, unless you opt out, and more importantly, know that you need to opt out, which is nowhere a reasonable requirement.”
While the fact that the voice recognition module is always listening does not mean it transmits all the data to Google’s servers, Falkvinge argues that no one knows what other keywords could trigger the feature on.
The only reliable measure against mass surveillance, according to the first Pirate Party leader, is a manual disabling of the microphone and camera on the computer with a hardware switch.
The latest voice search functions have raised the concerns of privacy advocates, as their use presupposes the sending of voice recordings to company servers, as well as the controversy over the continuous recognition to catch the moment a user says the ‘hot’ phrase.