The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission. 

Google was downloading audio listeners onto computers without consent, say Chromium users

'We don’t know and can’t know what this black box does. But we see reports that the microphone has been activated, and that Chromium considers audio capture permitted'

Louis Dore
Wednesday 24 June 2015 15:01 BST
Comments
Sundar Pichai, senior vice president of Chrome, speaks at Google's annual developer conference, Google I/O, in San Francisco on 28 June 2012
Sundar Pichai, senior vice president of Chrome, speaks at Google's annual developer conference, Google I/O, in San Francisco on 28 June 2012 (KIMIHIRO HOSHINO/AFP/GettyImages)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Google was downloading audio listeners onto computers without consent before the bug was fixed, Rick Falkvinge, founder of the Pirate Party has claimed.

Writing on the website Privacy Online News, Falkvinge alleged that Google listened into the conversations of users of Chromium without consent, through a ‘black box’ of code.

The 'black box' code was downloaded to enable a feature that activates a search function when you say "Ok, Google," however the code appears to have enabled eavesdropping on conversations prior to this – in order to hear the phrase.

The software is able to transmit audio data back to Google, but Google claim the code was merely downloaded without consent and knowledge, not activated.

On Monday, Debian maintainer Michael Gilbert said that the bug has been fixed, and the latest version of the Chromium package will no longer download the Hotword code by default.

In response, some users questioned whether Google should be trusted as an upstream contributor to the Debian project following the incident, saying that the project needs stricter controls as the source for Google’s Chrome web browser.

Falkvinge wrote: "Chromium, the open-source version of Google Chrome, had abused its position as trusted upstream to insert lines of source code that bypassed [the] audit-then-build process, and which downloaded and installed a black box of unverifiable executable code directly onto computers, essentially rendering them compromised.

"We don’t know and can’t know what this black box does. But we see reports that the microphone has been activated, and that Chromium considers audio capture permitted."

A Google spokesperson said: "We're sure you'll be relieved to learn we're not listening to your conversations—nor do we want to.

"We're simply giving Chrome users the ability to search hands free at their computers by saying “OK Google” while on the Google homepage—and only if they choose to opt in to the feature"

Chromium is an open-source project from which Google Chrome draws its source code.

Debian user Yoshihito Yoshino first reported the bug in May, after noticing suspicious network activity from Chromium 43, the most recent stable release of the open source version of the Chrome browser.

"After upgrading chromium to 43, I noticed that when it is running and immediately after the machine is on-line it silently starts downloading 'Chrome Hotword Shared Module' extension, which contains a binary without source code," Yoshino wrote. "There seems no opt-out config."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in