# Google’s in hot water after dropping binary code in Chromium for Linux



## retrogamer (Jun 20, 2015)

I ran across this story, given the problems with that port right now I thought some users might be interested.  I think I'm done with that browser at this point.



> A Debian bug report indicated on Tuesday that the most recent version of the Chromium browser downloaded a "Chrome Hotword Shared Module" extension as a binary without source code.
> 
> Further investigation revealed that the extension was linked to "Ok Google", a voice search and actions service that uses the computer's microphone to run commands when the user speaks a command followed by instructions.
> 
> ...


http://www.ghacks.net/2015/06/19/go...r-dropping-binary-code-in-chromium-for-linux/


----------



## Cthulhux (Jun 20, 2015)

It's amazing how people complain about Google implementing binary blobs in their browser while no one complains about Google being the pioneer in binary blob DRM code in Chrome.


----------



## protocelt (Jun 21, 2015)

While I agree, to be fair, Chromium(as opposed to Chrome) is not supported officially in any way directly by Google.


----------



## drhowarddrfine (Jun 21, 2015)

I don't understand the issue. It allows voice commands to be entered using Chromium/Chrome. Great feature! I use it often on my phone and my wife found out it works on her Windows laptop. (Why aren't Windows users complaining?)

Here's another surprise, I guess. Chromium also allows entering commands with a keyboard! Do they want that removed, too?


----------



## Cthulhux (Jun 21, 2015)

The issue is that you can't see if it's only doing this or some evil things too.


----------



## retrogamer (Jun 21, 2015)

The concern with it would be that it can listen via the microphone, is enabled by default and is binary only, which while probably innocent is definitely something a lot of people might not want to sign up for (but if you were a Chromium user, you were not given any notice beforehand).  It's the same thing that caused an uproar with the XBox awhile back.


protocelt said:


> While I agree, to be fair, Chromium(as opposed to Chrome) is not supported officially in any way directly by Google.


I apologize for not clearing that up, I should have added to the article (all of that was copy+paste).  It was a bit clickbait-ish in nature, but explained the issue pretty well, I thought.

EDIT:  Cthulux beat me to the punch, sorry about that, I didn't mean to be redundant.


----------



## drhowarddrfine (Jun 21, 2015)

Cthulhux said:


> The issue is that you can't see if it's only doing this or some evil things too.


The same can be said for any program from anyone you installed.



retrogamer said:


> is enabled by default


Is it? I wasn't aware of that but it falls in line with Chrome on every device I own where the little microphone is on the screen and you can say, "Ok, Google!". So the announcement of the feature is right there.

Of course, anyone who thinks Google put that there so they can listen in on everything you say has far more problems than I care about.


----------



## Cthulhux (Jun 21, 2015)

People usually use Chromium instead of Chrome (or the much better Firefox) because it is said not to hide what it does, this is the point.


----------



## drhowarddrfine (Jun 21, 2015)

If they're hiding it, they're doing it in plain sight as I see the microphone on their front page on my FreeBSD workstation just like every other device I have, and hovering over it pops up "Search by voice" which implies a microphone is being used.


----------



## tingo (Jun 21, 2015)

If I press the microphone (in Chromium on my FreeBSD workstation) Chromium says: "Voice search has been turned off.". Good to have a machine without a microphone.


----------



## sossego (Jun 21, 2015)

Portions if the text-to-speech and speech-to-text were developed by Sun MicroSystems for one of their visually impaired employees. Emacs also has such an interface. OpenBSD has a few visually impaired programmers. Vinux was developed and works alongside the Gnome accessibility interface. Some are also used by those with limited speech capabilities. When used within reason and in the proper context, all technology is beneficial. A problem that many refuse to accept is the misuse and abuse by those who are complacent, lethargical, arrogant, and down-wrong - because they are not right - lazy individuals who find it too strenuous to hit a few keys while using that mass of cells known as a brain. I am thoroughly amused at both parties in this fiasco for refusing to accept responsibility of their own shortcomings. Just because the option and/or possibility is there does not give you the license and permission to be a foolish fooley fool.


----------



## protocelt (Jun 22, 2015)

I'd be willing to bet there is a ton of good open source software that does things like this behind the scenes. This doesn't automatically make the software malicious. If complete transparency is of the utmost importance to a user the great thing about open source is a lot of the source code is available to browse and vet the application yourself. If that isn't something you want to/can do you are of course free to not use it as well and use something else instead. Personally I love transparency, however, it's not enough in and of itself to make me drop an application from use. This is being blown out of proportion by some people in my opinion.


----------



## sossego (Jun 22, 2015)

It is neither the methodology nor the utility which is at fault but, it is the reason and the one utilizing the formerly mentioned. Transparency as a substitute for honesty and dignity in everyday affairs is lacking with Western Civilization's aporoach to the entire structure, whether it be social, political, or financial in origin - the last includes all business affairs for this post. 
The universe is an infinite set of finite possibilities and it is the chaotic harmony of it all which keeps things going. For some, to simply accept without questioning is nature. Others are there to play the satan in all of this.

I am enjoying the fact that every excuse is given and no responsibility is taken.


----------



## abishai (Jun 22, 2015)

Who cares ? If you think about security and privacy, you are probably running Firefox.


----------



## retrogamer (Jun 22, 2015)

abishai said:


> Who cares ? If you think about security and privacy, you are probably running firefox.


I can only speak for myself, but their targeted ads are one reason I quit using that browser (I realize you can opt out, but the decision itself made me wary of what might come later).
http://www.cnet.com/news/mozilla-officially-kicks-off-ads-in-firefox/

At this point I am just going to use www/seamonkey with multimedia/livestreamer, which is a bit of an annoyance (it can't do fullscreen HTML5 video), but outside of that is a great browser and still uses the Gecko engine.



protocelt said:


> I'd be willing to bet there is a ton of good open source software that does things like this behind the scenes. This doesn't automatically make the software malicious. If complete transparency is of the utmost importance to a user the great thing about open source is a lot of the source code is available to browse and vet the application yourself. If that isn't something you want to/can do you are of course free to not use it as well and use something else instead.


I don't disagree with that, I just thought that it was worth making anyone who uses Chromium based on transparency being important to them aware of the issue.


----------



## drhowarddrfine (Jun 22, 2015)

retrogamer said:


> I can only speak for myself, but their targeted ads are one reason I quit using that browser



Then turn off your TV, cancel your newspaper and magazines, and stay off the internet, cause targeted advertising is the norm, not the exception. Even the dozens of client web sites I develop for target advertising and these are mostly small outfits. There isn't an advertising agency in existence that doesn't target advertise. Google, essentially an advertising and marketing company, isn't doing anything that everyone else has been doing since time immemorial.


----------



## hitest (Jun 22, 2015)

That is indeed a bit annoying.  Eric Hameleers, a lead Slackware developer, has recompiled his Chromium packages such that this issue does not run.


----------



## Crivens (Jun 22, 2015)

To point out the main elephant in this mess (and maybe bring some peace to this thread) - the problem is that trust has been violated. Not how it was done, or why.


----------



## drhowarddrfine (Jun 22, 2015)

Crivens said:


> the problem is that trust has been violated.


I disagree though I may be missing something. As I said before, they added a feature that presents itself as a button and it's the same feature on every computer/device I own. I just don't understand the concern.


----------



## wblock@ (Jun 22, 2015)

Your computer is now listening to you, all the time.  Trust us.  We forgot to announce it.  You don't really need to know what that binary blob does.  Thanks for opting in by not saying no when we didn't ask.  Go ahead and click that icon to turn it off.  We promise it actually turns off the microphone.  You will almost certainly never be bothered by ads related to keywords said within hearing of the computer.  Likewise anything said within hearing range... er, when the microphone is on, we mean, will not be logged or used to build up a profile of what you use, buy, or think.  And that valuable data--which does not exist and is not stored--will certainly never be shared with corporations or governments, under any circumstances, except for profit or if they ask nicely.


----------



## protocelt (Jun 22, 2015)

wblock@ said:


> Your computer is now listening to you, all the time.  Trust us.  We forgot to announce it.  You don't really need to know what that binary blob does.  Thanks for opting in by not saying no when we didn't ask.  Go ahead and click that icon to turn it off.  We promise it actually turns off the microphone.  You will almost certainly never be bothered by ads related to keywords said within hearing of the computer.  Likewise anything said within hearing range... er, when the microphone is on, we mean, will not be logged or used to build up a profile of what you use, buy, or think.  And that valuable data--which does not exist and is not stored--will certainly never be shared with corporations or governments, under any circumstances, except for profit or if they ask nicely.



If that is the case(unless your playing the devil's advocate here, in which case - nice job  ) you might as well throw out all electronics you own, remove the ISP line from your residence, wrap it in a gigantic Faraday cage, and stick to books. There are ongoing talks about a web API being used for voice input across all mainstream browsers right now as we discuss this so at the very least www/firefox, www/chromium, Google Chrome, Opera, and Internet Explorer/Edge will all be just as untrustworthy soon enough. 

In all seriousness it's pretty well known by now you cannot trust anything you do, say or use on the Internet will be private at present. This issue isn't whether you can trust www/chromium or not. It is an issue of risk as with all software you choose to use without auditing the code first. As always it comes down to "How important is your privacy to you?".

Having said that, again, this is only my personal opinion and nothing more. After all, this discussion wouldn't exist without opinions and many good things come out of discussions based on differing opinions. 

As a side note, could a Moderator or Admin please remove wblock@'s post as I don't agree with it.


----------



## drhowarddrfine (Jun 23, 2015)

That's the thing (or is it there's the rub?). No one has claimed the microphone is always listening. If that were true, I'm sure we'd hear about that, too. Of course, every popular operating system has the ability to listen on your microphone but nobody seems bothered by that.

I call this "the internet scream".



protocelt said:


> could a Moderator or Admin please remove wblock@'s post as I don't agree with it.


Well, I don't agree with that! Could a mod remove protocelt 's post.


----------



## wblock@ (Jun 23, 2015)

It's kind of an arms race.  Part of the point was that it's up to us to be vigilant and not just willingly accept invasive things, and another part was that when there are capabilities, it's reasonable to extrapolate how they could be used.  Years back, I had a lot of people ask why I had a piece of paper stuck over the webcam on my notebook.  I told them it was because I could imagine what could be done with it.  Often they would laugh, sometimes slowly backing away.  Time went by, then there was news about a school monitoring their students after hours via the webcams in the school-issued computers, a surprise to the students: http://abcnews.go.com/GMA/Parenting...probe-webcam-students-spying/story?id=9905488.

Nobody asks why my webcam is blocked any more, and I noticed others at BSDCan had similar arrangements.

I'm not saying the microphone is always listening.  I'm saying the capability is there, and a binary blob is really, really suspicious.

Incidentally, I seem to remember that someone (Microsoft?) did patent having a microphone listen to ambient audio for keywords for marketing.  Recollection says that was when the (game?) system was not being used for its primary purpose.  Admittedly, paranoid memory might be shifting how I remember that.


----------



## junovitch@ (Jun 23, 2015)

wblock@ said:


> ...
> 
> Incidentally, I seem to remember that someone (Microsoft?) did patent having a microphone listen to ambient audio for keywords for marketing.  Recollection says that was when the (game?) system was not being used for its primary purpose.  Admittedly, paranoid memory might be shifting how I remember that.



In case you need a refresher:  http://www.theverge.com/2013/5/21/4352596/the-xbox-one-is-always-listening


----------



## protocelt (Jun 23, 2015)

An arms race is a good phrase to use. This could potentially turn into a very long winded discussion I suppose so I'm going to end my own 2 cents here. Oh, and I always have and still tape paper over my notebook webcams and still get confused looks from people when they see it.  BTW, Microsoft's  Xbox One still has and uses this "feature" to this day. I owned one... and sold it.


----------



## Beastie7 (Jun 23, 2015)

I don't expect Google to be ethical about privacy at all. Their business model negates it. It's extremely hard to sell social media, or any type of web based service; so you become the product. I wish there were more Apples in the world with vertically integrated products (horizontal business models don't work, IMO), at least they won't have to lean on selling ones data. This is why I will never use Google Photos, for example.

Damn you elop for destroying Nokia.


----------



## Crivens (Jun 23, 2015)

protocelt said:


> As a side note, could a Moderator or Admin please remove wblock@'s post as I don't agree with it.


No way, @wblock might might not agree with such a moderator 



protocelt said:


> An arms race is a good phrase to use. This could potentially turn into a very long winded discussion I suppose so I'm going to end my own 2 cents here. Oh, and I always have and still tape paper over my notebook webcams and still get confused looks from people when they see it.  BTW, Microsoft's  Xbox One still has and uses this "feature" to this day. I owned one... and sold it.



Something completely unrelated comes to mind... Trust the computer, the computer is your friend.

But to the topic: History tells us that, if something is possible and there is a chance to weasel out when being caught with the hands, head, torso and bootlaces in the cookie jar - it will be done.


----------



## drhowarddrfine (Jun 23, 2015)

I'll one up all of you. I intentionally code in the nude to dissuade any camera snoopers.


----------



## drhowarddrfine (Jun 23, 2015)

Beastie7 said:


> I don't expect Google to be ethical about privacy at all.


A lot of people get confused by statements like that as if Google watches your every move and reports it to some marketing agency with your name/address/phone/etc. which couldn't be further from the truth. In addition, Google doesn't do anything that any marketing agency/bank/credit card/grocery store/department store/TV station/restaurant/etc. hasn't done since time immemorial also including Microsoft/Apple/Nokia/Yahoo/etc.


----------



## protocelt (Jun 23, 2015)

Crivens said:


> Something completely unrelated comes to mind... Trust the computer, the computer is your friend.


Wow! That takes me back.  Never got the chance to play it as I was a D&D guy but I do remember it. 

Edit: If your not aware already, you might find this of interest. Ran into a while back looking at some other stuff on Kickstarter.


----------



## sossego (Jun 23, 2015)




----------



## hitest (Jun 23, 2015)

I thoroughly enjoyed wblock's dark, tongue in cheek post.  It illustrates the stark reality of on-line life. I'm quite certain that a lot of what we do is tracked by our Google overlords, the NSA, CIA or whatever other nefarious entities collect information.  Big Brother is watching and I behave accordingly with that knowledge in mind.


----------



## drhowarddrfine (Jun 23, 2015)

hitest said:


> I'm quite certain that a lot of what we do is tracked by our Google overlords, the NSA, CIA or whatever other nefarious entities collect information.


Then let's include Microsoft, Bing, Yahoo, British Mi6, Israeli Mossad, KGB, the Chinese, etc., cause they all do exactly the same thing and more.


----------



## freethread (Jun 23, 2015)

http://archive.wired.com/politics/law/news/1999/01/17538

...in January 1999


----------



## Crivens (Jun 24, 2015)

drhowarddrfine said:


> I'll one up all of you. I intentionally code in the nude to dissuade any camera snoopers.


The forum uses flash, there is not only your avatar picture but also a still shot when you click "reply" and - well, yes, we know. We know you do this. We even know of the trick you do with that... well, never you mind. 

Now without kidding around, all that listening and viewing is possible without or with little user error/sloppiness/whatever. Who thinks this will not be done? And since when was "everyone did this for eternity" a valid defense when caught in the cookie jar? I can only repeat, this can be done, it will be done wether you like it or not. This thread started about trust being broken, but we keep arguing if that was a bad thing. For me, there is no such discussion. Trust has been broken, it is not my part to mend it since I did not break it.


----------



## fw190 (Jun 24, 2015)

The thing is if a normal user like me can do something?

My first move will be moving to BSD - maybe a thread with info how to protect would be good?


----------



## drhowarddrfine (Jun 24, 2015)

Crivens said:


> Who thinks this will not be done? And since when was "everyone did this for eternity" a valid defense when caught in the cookie jar?


Now that's a question. If Microsoft started snooping, then all hell would break loose and the company would be driven into the ground and out of business in short order. That's why big companies won't. If you or I did this, we'd get arrested. So I can't think of any long term benefits.

My point about it going on for a long time already is that Windows, and other OSes, have had this capability since forever and you don't read about any issues other than the scandals of some rogue software someone installed on some college kid's laptop. If Microsoft of the government did that (why would they?!), to repeat myself, all hell would break loose; so they won't and, again to repeat myself, what is the benefit?


----------



## wblock@ (Jun 24, 2015)

drhowarddrfine said:


> If Microsoft started snooping, then all hell would break loose and the company would be driven into the ground and out of business in short order.



Maybe not.  Consider the recent example of Lenovo including a man-in-the-middle HTTPS exploit on their machines, presumably because the company that created the exploit paid them to include it "to assist customers with discovering products similar to what they are viewing".  That is a serious breach of trust as far as I'm concerned, and the people involved should be facing legal problems.  Lenovo said "oops, you caught us, oh well" and removed it.  When I ask people how they could consider trusting Lenovo or using their systems now, the reaction has mostly been "Those were just the home systems.  Their business systems don't have that."


----------



## protocelt (Jun 24, 2015)

Google disabled "hotword" by default in open source Chromium going forward:
https://chromium.googlesource.com/chromium/src/+/0366a5184a70b3eefb5fcef2c2e13721669f00d8


----------



## sossego (Jun 26, 2015)

fw190 said:


> The thing is if a normal user like me can do something?
> 
> My first move will be moving to BSD - maybe a thread with info how to protect would be good?


Security starts with you.


----------



## hitest (Jun 27, 2015)

fw190 said:


> The thing is if a normal user like me can do something?
> 
> My first move will be moving to BSD - maybe a thread with info how to protect would be good?



Excellent!  I would start by examining the FreeBSD Handbook and read up on how to patch your unit with security updates, and how to set up a firewall.  This forum also has a wealth of information.

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/


----------

