Yesterday, news broke that Google was stealth listeners audio download on each computer that runs Chrome, and transmits the audio data to Google. In effect, this means that Google had made itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent of the people listened on. In official statements, Google has ignored the practice with the equivalent of "we can do it."
It just looked like another bug. "When I start to Chrome, it downloads something" Followed by the strange status information included in particular the lines "Microphone: Yes." And "Audio Capture Allowed: Yes"
Without consent, the code downloaded Google had a black box code. - he said -. had turned on the microphone and was actively listening to your room
a brief explanation philosophy Open-source / Free-software is needed here. When you install a version of GNU / Linux such as Debian or Ubuntu on a fresh computer, thousands of very smart people have analyzed every line of source code human readable before the operating system was built in binary executable code by computer, to make it common knowledge and open the machine is done instead of trusting corporate statements that it is believed to do. Therefore, do not install black boxes on a Debian or Ubuntu system; you use software repositories that have gone through this verification process-then-build source code. Maintainers operating systems like Debian and Ubuntu use a lot of so-called "upstream" source code to build the final product.
Chromium, the open source version of Google Chrome, had abused its upstream position of trust to insert source code lines convoluted process this check-then-build, and which downloaded and installed a black box unverifiable executable code directly on computers, making them essentially compromised. We do not know and can not know what that black box did. But we see reports that the microphone was on, and Chrome consider the authorized audio capture
This was supposed to enable the behavior "Ok, Google" -. That when you say certain words, a search function is enabled. Certainly a useful function. Definitely something that allows listening to all the conversations in the whole room, too.
Obviously, your own computer is not the one to analyze the actual search command. Google's servers are. This means that your computer has been configured to send stealth what was said in your room to someone else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by .. . unknown and unverifiable set of conditions.
Google had two answers to that. The first was to introduce a practice-undocumented switch to withdraw from this behavior, which is not a solution: the default installation will always bugging your room without your consent, unless you exclude yourself, and more importantly , know that you need to withdraw, which is nowhere a reasonable requirement. But the second was more of a formal statement following technical discussions on Hacker News and other places. This official declaration amounted to three parts (paraphrased, of course):
1) Yes, we download and install a black box wiretaps to your computer. But we are not actually activate it. We also took advantage of our upstream position of trust stealth-insert code in open-source software that installed that black box on millions of computers, but we would never abuse the same confidence in the same way insert the code Active listen-blackbox we have already downloaded and installed on your computer without your consent or knowledge. You can look at the code as it appears at the moment to see that the code does not do that right now.
2) Yes, Chrome bypasses the entire source code verification process by downloading a pre-built black box on people's computers. But that's not something we really care. We are concerned about building Google Chrome, Google's product. As part of this, we provide the source code for others to pack if they like. Anyone who uses our code for their own purposes takes responsibility. When this happens in a Debian installation, it is not the behavior of Google Chrome, this is the behavior of Debian Chrome. It is the responsibility of Debian entirely.
3) Yes, we have deliberately hidden this user listener, but this is because we consider this behavior to be part of the core Google Chrome experience. We do not want to show all the modules that we settle.
If you think it is excusable and responsible statement, raise your hand now.
Now it should be noted that this was Chromium, the open source version of Chrome. If someone downloads the Google Chrome product, as in the prepackaged binary, you get not even a theoretical choice. You already download a black box from a vendor. In Google Chrome, this is all included from the start
This episode highlights the need to drive, not soft, light switches in all devices -. Webcams, microphones - which can be used for surveillance. A power switch software / off for a webcam is not enough, a hard shield in front of the lens is necessary. A power switch software / off microphone not enough, a physical switch that breaks its electrical connection is required. Here's how you defend against this in depth.
Of course, people have been quick to minimize the alarm. "He does not listen when you say" Ok, Google '. "(Ok, so how does he know to start listening right before I say' Ok, Google?)" There is not much. "(a company stealth installs an audio listener that listens to every room in the world it can, and transmits audio to the mothership data when it encounters an unknown, can be adjusted individually, the list of keywords - and he does there is not much!?) "You may withdraw. It is in terms of use. "(N Just not. This does not mean something that is the least amount of allowed just because it is hidden in legalese.)" It is opt-in. It really will not listen unless you check this box. "(Maybe. We do not know, Google just downloaded a black box on my computer. And it can not be the same black box as has been downloaded on your own.)
early past decade, activists of virtually yelled privacy and shouted that taps NSA different points of Internet and telecommunications had the technical potential [pourd'énormesabuscontrelavieprivéeToutlemondearejetécespointscommefondamentalementtinfoilhattery-Jusqu'àcequelesfichiersSnowdensontsortisetilaétérévéléqueprécisémenttouteslespersonnesimpliquéesavaientabusédeleurcapacitétechniquepouratteinteàlavieprivéeencequiaétépossible
Perhaps it would be wise not to repeat this exact mistake. Nobody, and I mean really people, is to trust technical ability to listen to all the parts in the world, with profiles customizable listening identified individual level, only on the basis of "trust us."
Privacy remains your own responsibility.
0 Komentar