Google accused, Chromium eavesdropping tool installed on computers without permission

Pierluigi Paganini June 24, 2015

Privacy advocates claim snooping component was activated within Chromium, potentially exposing private conversations. Privacy advocates are accusing Google.

Privacy advocates and open source developers claim over the secret installing of Google software which is capable of listening in on conversations held in the surrounding environment. It seems that the listening component was involuntarily activated within Chromium and represent a serious threat for the users privacy.

Chromium is the open-source web browser project from which Google Chrome draws its source code, an open source developer discovered that it began remotely installing the dreaded audio-snooping code.

google-chrome-extensions based on chromium

Officially the code discovered in Chromium was designed to support the new “OK, Google” feature implemented in Chrome, the feature allows the system users to respond when they talk to it. Now the problem is that this code is installed and activated without the user’s permission.

“It looked like just another bug report. “When I start Chromium, it downloads something.” Followed by strange status information that notably included the lines “Microphone: Yes” and “Audio Capture Allowed: Yes”.”

Chromium listening component

 

“Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room,” explained Rick Falkvinge, the Pirate party founder, in a blog post. “Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by … an unknown and unverifiable set of conditions.”

“We don’t know and can’t know what this black box does,” remarked Falkvinge.

On his hand, Google has provided the following responses to complaints via its developer boards, I decided to propose them integrally in order of avoid misunderstanding, but the content is eloquent:

1) Yes, we’re downloading and installing a wiretapping black-box to your computer. But we’re not actually activating it. We did take advantage of our position as trusted upstream to stealth-insert code into open-source software that installed this black box onto millions of computers, but we would never abuse the same trust in the same way to insert code that activates the eavesdropping-blackbox we already downloaded and installed onto your computer without your consent or knowledge. You can look at the code as it looks right now to see that the code doesn’t do this right now.

2) Yes, Chromium is bypassing the entire source code auditing process by downloading a pre-built black box onto people’s computers. But that’s not something we care about, really. We’re concerned with building Google Chrome, the product from Google. As part of that, we provide the source code for others to package if they like. Anybody who uses our code for their own purpose takes responsibility for it. When this happens in a Debian installation, it is not Google Chrome’s behavior, this is Debian Chromium’s behavior. It’s Debian’s responsibility entirely.

3) Yes, we deliberately hid this listening module from the users, but that’s because we consider this behavior to be part of the basic Google Chrome experience. We don’t want to show all modules that we install ourselves.

Resuming, Chromium as the culprit and Google also blamed the Linux distribution Debian for downloading the non-open source component with Chromium automatically, rather than Google Chrome.

Google remarked that Chromium is not a Google product and also blamed the Linux distribution Debian for downloading the non-open source component with Chromium automatically.

“The key here is that Chromium is not a Google product. We do not directly distribute it, or make any guarantees with respect to compliance with various open source policies,” Google developer mgiuca said.

The developer Ofer Zelig provided an interesting testimony regarding the issue.

“A few days ago, while I was working on my PC at home, I noticed something strange. My PC has a web camera (combined with a microphone) that sits on top of my monitor, and the camera has a small blue LED that lights when the camera and/or microphone are operating.” he wrote in a blog post. “I opened Task Manager (I’m working on Windows. Apologies.) and looked for a process to blame on that dodgy activity. Who is listening to me? I didn’t find anything.” “And then I’ve come across this bug report – it’s Google! And according to them it’s not a bug! They silently put this new module in Chrome (or Chromium to be precise, doesn’t matter much from an end-user perspective). “

The principal problem is that a growing number of similar functions will be included in modern devices to improve the user’s experience, SmartTV and our cars are already watching us and listening to our conversation, that’s the way privacy issues must be carefully approached.

Pierluigi Paganini

(Security Affairs – Chromium, snooping features)



you might also like

leave a comment