Archives

Ok, Google - Is it Ok?

Dear Maintainer,

 After upgrading chromium to 43, I noticed that when it is running and immediately after the machine is on-line it silently starts downloading “Chrome Hotword Shared Module” extension, which contains a binary without source code. There seems no opt-out config. “

Web OS Chromium users, like the one who posted in a message board above, recently discovered a hidden code with the ability to record and transmit audio picked up by their computers’ microphones without consent.  A search function called “Ok Google” allows users to search, map, and set reminders by simply saying aloud “Ok Google” and then stating their question or command.  Users can check the weather, define a word, or even make dinner reservations with nothing more than their voice when a new tab is open in Chrome.   In June, news spread that it may be recording more than just your search commands.

 

Hotwording in the Hot Seat

Google Chrome, initially released in 2008, is the most popular web browser in the US and the world since 2013.  Chromium is an open-source project that runs in parallel development with Google Chrome.  Chromium and Chrome share much of the same source code, only Chromium code is offered under a BSD license where as Chrome contains some proprietary code not available as open source.

Google does not own or have rights to Chromium.  As an open source, users and developers all over the world can rewrite any of its content.  There is also a distinct difference in how Ok Google and its “hotwording” voice control are enabled in the browser and OS.  In Chrome, it is an “opt-in” feature.  On its forums, a Google developer states, “If you go into ‘chrome://settings,’ you will see a checkbox ‘Enable ‘Ok Google’ to start a voice search.’ This should be unchecked by default, and if you do not check it, the hotword module will not be started.”  The privacy issue lies with some Chromium users because they are not given an opt-in option.  The extension is enabled by default and listens to the microphone for the user to say “Ok Google” to process the search.

chromium

The listening code, a Googleproprietary technology, is said to be “black box” in Chromium.  That means that it is not part of the open sourcing.  This does not allow users to see the code and verify what it is doing; defeating the purpose of the so-called open-source process.  Blogger Rick Falkvinge writes it may be doing more than simply searching:

“This was supposedly to enable the “Ok, Google” behavior – that when you say certain words, a search function is activated. Certainly a useful feature. Certainly something that enables eavesdropping of every conversation in the entire room, too.

Obviously, your own computer isn’t the one to analyze the actual search command. Google’s servers do. Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by… an unknown and unverifiable set of conditions.”

 

Changes to Chromium

After much attention from privacy advocates, developers removed “Ok Google” from Chromium in June 2015 stating, “In light of this issue, we have decided to remove the hotwording component entirely from Chromium.   As it is not open source, it does not belong in the open source browser.”  The hotwording program is still available to Google Chrome users as an optional download.  On the Chromium webpage, privacy information begins with their promise “Chromium provides users full transparency and control over the information managed by the browser.”

 

Summary

Ok Google, a voice activated search program in the Chrome web browser and Chromium OS  has raised questions about privacy.  Users of the open-sourced Chromium version automatically download a “black box code” for the application.  The privacy concern is that users are unable to opt-in, and may be transmitting room audio to Google or another third party without their control.

 

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/United States (CIPP/US) exam, a privacy professional should be comfortable with topics related to this post, including:

Information Management from a U.S. Perspective (1.C.)

Limits on Private-sector Collection and Use of Data (II.A.)

Share

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>