Google listening in to your room shows importance of privacy defense in depth

178 点作者 arto将近 10 年前

21 条评论

metric10将近 10 年前

Has anyone actually confirmed that Chrome is continuously sending audio back to Google? I highly doubt that this is the case. Instead, the plug in knows how to recognize "OK Google" all by itself. Once activated, then it starts sending audio data.IF it where really listening even when inactive, then people would be complaining about it sucking up bandwidth and data allotments.

评论 #9739042 未加载

评论 #9738998 未加载

评论 #9738929 未加载

评论 #9738870 未加载

评论 #9739379 未加载

评论 #9740030 未加载

评论 #9739382 未加载

评论 #9742647 未加载

评论 #9738932 未加载

评论 #9740219 未加载

Mithaldu将近 10 年前

This is pretty funny. He complains that Chromium managed to "bypass this audit-then-build process", by downloading stuff afterwards, while ignoring that this happening already shows that the audit process is completely useless since it failed to recognize and reject the code that would do this.There's a TSA joke somewhere in this.

评论 #9738768 未加载

jmnicolas将近 10 年前

I think this is the last straw for me : enough is enough.I need to sit and reflect a bit on this, but I'm contemplating abandoning every bit of non free software I currently use (and there's a lot of it since I'm using Windows and Android).

评论 #9739979 未加载

评论 #9738913 未加载

bhauer将近 10 年前

I want my desktop operating system to offer fairly fine-grained control of permissions I selectively grant to processes/applications. I would like the ability to easily revoke Chrome's ability to use my audio inputs, and then—if the use case comes up, such as a WebRTC conference—I can grant permission either on a one-time basis or until I revoke. This would be the operating system controlling the application's capability.I'm guessing a rough approximation is possible on some operating systems. Given the sprawling management infrastructure in Windows, I wouldn't be surprised if it has some "policy" framework in place that allows devices to be declared off-limits at a process granularity. The missing piece, then, is a viable user interface on top of that.I'm not asking for something akin to the simplified permissions model of mainstream sandboxed mobile operating systems. Not set-and-forget; and certainly not all-or-nothing ("accept these required permissions or don't install the app.") Rather, something quite a bit finer grained and with the necessary infrastructure to have the OS prompt for privileged access if the application wants something I've disallowed, in a manner akin to Windows UAC prompts for admin credentials.Imagine starting Chrome one day to have your operating system prompt you, "Chrome would like access to audio input 1 (microphone). Allow for now, permanently, or deny?"

评论 #9739583 未加载

turk-将近 10 年前

How does he know Chrome is transmitting ALL conversations that it hears? His arguments aren't valid:"(Ok, so how does it know to start listening just before I’m about to say ‘Ok, Google?’)"This could easily be achieved offline.The same argument could be made for Siri, a wiretapping device which you carry with you all the time. In fact wiretapping your phone would be much more effective then wiretapping a computer browser application.Before making such accusations he should present some solid data, like network traffic from an idle chrome application during conversations (with and without saying "Okay Google"). If an idle chrome application was always transmitting data to google, he would have a solid argument.

评论 #9739597 未加载

评论 #9739129 未加载

neumino将近 10 年前

> When you’re installing a version of GNU/Linux like Debian or Ubuntu onto a fresh computer, thousands of really smart people have analyzed every line of human-readable source codeIf this was true, Debian would have not build/release this version of Chromium. The author is living in the past or in another dimension. Some projects are complex, and it's hard/impossible to read/understand everything for a single human being.

uptown将近 10 年前

Type this into your Chrome address bar to see the extension status: chrome://voicesearch/

评论 #9738400 未加载

评论 #9738980 未加载

jimhefferon将近 10 年前

This is why there needs to be a switch on all computers to physically turn the microphone off.How is that hard?

评论 #9740310 未加载

评论 #9740102 未加载

评论 #9743710 未加载

ape4将近 10 年前

I always assumed the purpose of Chrome was to spy on us. So I don't use it.

rasz_pl将近 10 年前

I wonder if European Commission would be interested in adding this to their investigation, couple of hundred million dollars should be enough penalty for violating users privacy.

评论 #9738783 未加载

评论 #9739732 未加载

评论 #9738867 未加载

jonstokes将近 10 年前

Not surprised. I was a die-hard android user, but I kept having stuff like this happen to me, over and over again: <a href="http://www.reddit.com/r/technology/comments/2kwbl2/im_convinced_my_android_phone_listens_to_me_and/" rel="nofollow">http://www.reddit.com/r/technology/comments/2kwbl2/im_convin...</a>It also happens to my android-using friends. I've become convinced that Android phones are listening all the time so that they can figure out what we're about to search for and what to advertise to us.Given that this has been my (admittedly anecdotal) experience with Android, I wouldn't be surprised at all if Google was trying to take this type of thing to the desktop with Chrome.I love Google and have historically just not cared about my privacy as far as they're concerned, but I'm getting more creeped out as this kind of stuff becomes more pervasive.

评论 #9740062 未加载

评论 #9739205 未加载

评论 #9740410 未加载

Oletros将近 10 年前

has the author really tested if Chromium is listening?Downloading a binary blob is very bad, but the accusations that author makes wihouth a single proof is more FUD than anything

评论 #9739994 未加载

anaptdemise将近 10 年前

There is also a bug report from a year ago. <a href="https://code.google.com/p/chromium/issues/detail?id=381747" rel="nofollow">https://code.google.com/p/chromium/issues/detail?id=381747</a>

feld将近 10 年前

Is there a GPO to control this setting in Windows?edit:This might work<a href="http://www.chromium.org/administrators/policy-list-3#AudioCaptureAllowed" rel="nofollow">http://www.chromium.org/administrators/policy-list-3#AudioCa...</a>

izzydata将近 10 年前

My only audio recording device is my webcam and it is incapable of being in use without the light being on as far as I am aware. So how would it send them audio data without the audio device realize it is being used?

评论 #9740286 未加载

w8rbt将近 10 年前

One thing to keep in mind. If your friend has a Google device using Chrome, and you are close to them (in the same room) it hears your voice as well.

评论 #9740441 未加载

zobzu将近 10 年前

Note that all android phones have that issue. Also all windows phones and soon windows 10.Oh and smart tvs. it is a real problem though

评论 #9740210 未加载

lfender6445将近 10 年前

if you goto chrome://settings/content it appears you can disable mic + camera access for all pages

评论 #9738546 未加载

评论 #9738735 未加载

spdustin将近 10 年前

Okay, I'm going to put on my tin foil hat for a bit here.Think of the corporate boardrooms with Chromebox for meetings, listening in even when not actively used for meetings. An exec at the Better Business Bureau [0] who chose Chromebox because they were excited to, "[reduce] the time [they spend] ... worrying about security concerns," is discussing the growing complaints the BBB has received about a competitor to a company owned by Google. He says, "Ok, Google owns their primary competitor, and they may have insight to offer us."Wait, that's just my tin foil beanie. Let me put on the tin foil balaclava.The U.S. Department of State [1] is in an all-hands-on-deck crisis meeting over a deeply divisive political situation involving a first-world ally. Chrome is updated with the eavesdropping feature (remember, it's just my tin foil that's making me choose that word, I know it's hyperbole), and it's already been "deployed to production immediately, bypassing cumbersome testing." Someone in the meeting says, "OK, Google News has been trending a lot of stories about this issue." Sensitive things are then said about this ally, things that are now being heard by an enemy of the state, because they were able to use their previously embedded network sniffers to capture and forward interesting network traffic.It's frightening that a feature is enabled by default, and difficult to disable, that could capture sensitive conversations without the knowledge of the parties speaking because they innocently started a sentence with, "OK, Google." Certainly this violates wiretapping laws?Let's pile on. Hospitals and medical centers are using this too, according to the Chrome for Work pages. A doctor says, "Ok, Google had a lot of results about new HLA-B27 research," when discussing a patient's arthritic concerns, while proceeding to outline the patient's symptoms and how treatment should proceed and now we're looking at a potential HIPAA Privacy Rule violation.As I type this, I look over at my Amazon Echo, and I'm reminded of something I heard once. If you're not paying, you're not the customer, you're the product. Is that hypocritical of me to accept my Amazon Echo but not the behavior of Google Chrome?[0]: <a href="https://www.google.com/work/chrome/resources/customer-stories/better-business-bureau/index.html" rel="nofollow">https://www.google.com/work/chrome/resources/customer-storie...</a>[1]: <a href="https://www.google.com/work/chrome/resources/customer-stories/us-state-department/index.html" rel="nofollow">https://www.google.com/work/chrome/resources/customer-storie...</a>

评论 #9740005 未加载

wslh将近 10 年前

What happen if you play an audio file saying "Ok Google" ?

derptron将近 10 年前

Wow, is there really no way to disable this? I guess I'm going back to Firefox.

评论 #9739102 未加载