Google Chromium: eavesdropping tool installed without permission
Privacy campaigners claim that the ‘always listening’ component was activated within Chromium, meaning that private conversations held around a computer may have been monitored.
The feature was designed to support the company’s new “OK, Google” feature, that enables the computer to respond when it is spoken to but has since been installed and activated without permission.
The Chromium browser, which is the open source basis for Google’s Chrome browser began remotely installing the audio listening code, where the issue was first spotted by open source developers.
Rick Falvinge, the Pirate party founder published a blog identifying the issue, where he stated: “Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room.”
He continued “Obviously, your own computer isn’t the one to [analyse] the actual search command. Google’s servers do. Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by… an unknown and unverifiable set of conditions.”
A Google developer responded to comments on the company’s developer board, stating: “Starting and stopping the hotword module is controlled by some open source code in Chromium itself, so while you cannot see the code inside the module, you can trust that it is not actually going to run unless you opt in.”
They also continued to say that “the key here is that Chromium is not a Google product. We do not directly distribute it, or make any guarantees with respect to compliance with various open source policies,”
Investigations into the issue are still on-going.