Google might have been downloading and installing software to your computer that you didn’t even know about – and it could have been listening to all of your conversations.
According to reports from open source developers, the Chromium browser is capable of remotely installing audio-capturing code.
Rick Falkvinge, founder of the first Pirate Party, explained that the functionality was included so that users could use the “Ok, Google” voice search, but that also had some further implications.
“Obviously, your own computer isn’t the one to analyse the actual search command. Google’s servers do. Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by… an unknown and unverifiable set of conditions,” he wrote in a blog post for Private Internet Access.
Naturally, Google has responded to the claims, saying that it does indeed download the software, but there has to be input from the user.
“First and foremost, while we do download the hotword module on startup, we *do not* activate it unless you opt in to hotwording. If you go into “chrome://settings”, you will see a checkbox “Enable “Ok Google” to start a voice search”. This should be unchecked by default, and if you do not check it, the hotword module will not be started,” a Google developer explained.
While Google said user input is required, a number of people have complained that it started listening to conversations without their input.
Private Internet Access explained that this is exactly why there needs to be manual switches on computer peripherals.
“This episode highlights the need for hard, not soft, switches to all devices – webcams, microphones – that can be used for surveillance. A software on/off switch for a webcam is no longer enough, a hard shield in front of the lens is required. A software on/off switch for a microphone is no longer enough, a physical switch that breaks its electrical connection is required.
That’s how you defend against this in depth.”
[Image – CC by 2.0/Marcie Casas]