You are absolutely right guys, I tried to communicate with the popup provider to fix the issue that causes it to display twice, they failed to do that, and I'll replace the provider soon. Thank you.
Also the guy just read the story that was previous on HN how that was discovered in Debian https://news.ycombinator.com/item?id=9724409 (but it doesn't affect them) and made a post about it. 1000 thumbs down for him.
Agree with this sentiment. A popup asking me to subscribe before I read the article, and another when my mouse left focus towards the top of the page (headed to the back button).
I think a very positive change for HN would be to vote down meta-comments about article design/ads/fonts/pop-ups.
I don't see how they add any substance to the discussion. We all got the same pop-up, we all find it annoying. Voting it up to the top of every HN discussion is not likely to change it. Who even knows if the author will ever see this thread.
The topic of this post is whether Google can listen to, and presumably record, our conversations with little to no warning. To me that seems more worth a discussion than yet another pop-up email form.
> A reader emailed to complain about how this and other HN discussions often become derailed by off-topic carping about blog design. I agree completely. Could there be a more classic form of bikeshedding? It would seem parodic if it weren't sadly real. This has become more of a thing on HN lately. It needs to become less of a thing.
> I don't mean to pick on you personally, or just on this one comment. (Your second sentence alone, by the way, would have been a helpful contribution.) The problem is the tedious stampedes such comments spawn.
I agree. I used to make those comments. I've tried to cut it down.
I generally agree with you. My comment did not add to the discussion meaningfully, and I apologize for that.
I chose to comment because the author of the linked post and the HN submitter are the same person; my reaction came directly from this association. All the same, the remark doesn't belong on HN.
At least as far back as 2011 or so, I noticed that Chrome was causing my computer to behave differently when something was said.
My setup at the time: a mac pro with 3 30" cinema displays.
The first time I noticed it I was several feet away from the computer talking on the phone -- actually about something the NSA probably would have had a keen interest in (the NDAA allowing for indefinite detention was about to be passed and I had just booked a flight to Stockholm) -- when my screens flashed and redrew slowly enough to be noticeable.
It happened more than once during that phone call.
And after I quit Chrome it didn't happen again.
Even during the phone call.
Everybody I mentioned it to seemed to think I was batshit insane. So I stopped mentioning it years ago.
And now that I see this, I'm willing to bet that there's more: a screen-grab capability that never accounted for grabbing 12,288,000 pixels at once.
The Ministry of Privacy (Minipriv) it seems, has had telescreens in our homes for years.
As this blog post shows, certain system privileges like microphone and webcam access are hard to sneak into black box binaries that are bundled with open source software.
chrome://settings/search#voice doesn't show anything
chrome://voicesearch/ shows
Google Chrome 43.0.2357.124 ()
OS Mac OS X
NaCl Enabled Yes
Microphone Yes
Audio Capture Allowed Yes
Current Language en-US
Hotword Previous Language en-US
Hotword Search Enabled No
Always-on Hotword Search Enabled No
Hotword Audio Logging Enabled No
Field trial Install
I don't understand the outrage here. I remember chrome asking me if I want it listening all the time for "Ok Google", I thought "Obviously not" and said no, and that was the end of it.
I've been confused for the whole week about this. Everyone is saying it's enabled by default but it's disabled on my chrome 44 and I don't remember ever disabling it explicitly in settings.
It SAYS it is disabled, but do you know if it can be remotely enabled at will or if they mean it is disabled only to send your search terms and open a google.com page but still enabled for spying?
Theoretically you could build firefox from source..
But yes, it's still an issue. Does anyone have a solution to trusting GPG keys on company websites? If their website gets hacked, the key could be replaced, the source-control could be replaced and you'd never know..
On my windows pc chrome only reacts to ok google when you have a new, empty tab, or the google search page open and active as the main tab. Additionally i checked with procmon what network activity chrome was making, and while it starts sending stuff AFTER "ok google" is activated, it doesn't send any between me saying it and chrome confirming it.
The theory that it's a small local plugin is also affirmed by the fact that my cellphone can do "ok google" without any sort of network, and is sometimes tricked into activating by audiobooks that make noises completely unlike "ok google".
I found the plugin installed, but deactivated by default. So, for the story of this dude to make sense, he'd have to have someone at his computer activate it (or if he's using a linux distro, the maintainers might've activated it by default), and would see the light blinking on new tabs and google search pages.
Is your phone tricked by audiobooks playing from the phone itself, or another source? I'd be really surprised if the phone's audio could trigger itself.
Edit: I guess depending on how powerful OK Google and Siri become it would be possible to embed instructions to download a virus into an audiobook or song.
This is pure speculation and I'm nowhere near qualified to speak with any accuracy, but perhaps it's the case that the processing requirements would reduce battery life too quickly. Although, having said that, "Hey Siri" only works when the phone is plugged into a power source, unless you use a jailbreak tweak to turn it on all the time.
Okay, so it sends data after you've said the trigger phrase, but not before, that much we've all agreed on. Has anyone determined what it's sending? Hear me out here...
For the trigger to work, which doesn't require key presses or other physical input, the microphone must be active and keeping a buffer of live speech, right? Okay, let's step aside for a moment to examine another piece of technology that keeps a live buffer of streaming media...
I have a TiVo. I love that thing. One of the coolest features is this: TiVo keeps a buffer of live shows on each of its tuners so that, if you opt to record a show that's been on for ten minutes, it can save it from the beginning, literally "capturing and digitally storing the past", once I press "record".
Back to Chrome/Chromium: Until someone determines what it's sending, and their black box makes it difficult to see the source of what audio is encoded and how it's encoded, and given that the technology to keep a rolling buffer of 30 minutes of streaming audio and video has been around in TiVo since, well, the first TiVo... Is it really so hard to believe that Google could be sending packets containing audio spoken in the room before the trigger phrase was captured?
It wouldn't take much for Google to assuage this privacy concern.
1) Opt-in, not opt out
And
2) Show us what's in the black box (or at least publish tcpdump-verifiable specs on what you're transmitting). If there was a debug option to transmit in clear text, and a statement of the audio codec used, that would give me some sense of understanding, even though that still leaves steganography as an option. I don't have enough tin foil for that hat right now.
How would you prove everyone's black box behaves the same way and in certain geographic areas or when it detects certain NSA software or certain keywords on websites it goes into whole room bug-mode?
I couldn't. I didn't say it would make me feel secure, just that it would give me some sense of understanding. It would, at least, prove a modicum of sincerity and authenticity to the otherwise opaque, "just trust us, okay?" position they're currently taking.
This is spinning out of control. Regardless of whether the hotword detection is enabled by default or not (it's not), arguing that loading a module may harm your privacy is just plain nonsense. Most of software is loaded as one big, binary blob. It may or may not contain harmful for privacy parts you know or don't know about. The issue is totally orthogonal to how it is loaded. Literally every binary you run may access your microphone and send whatever it wants, wherever it likes, at any time. Until you prove an unwanted transfer of recording you didn't ask for occurs, it is just ranting "binary blobs considered harmful".
The original issue - loading a binary into an supposedly open source browser (Chromium) does make sense and is valid. Making it something else than it is - an issue about Google Chrome and how it loads its modules, shows ignorance or purposeful bloating a news that is not a news.
Please rant on things in the right context. Otherwise you are hurting the case you think you are fighting for.
Are you referring to the article or the general discussion?
I would see your point in general closed-source software but in this case the way the module is loaded does indeed make a difference: it (silently) downloads and installs a closed-source blob with the ability to record audio into a piece of otherwise open source software. Specifically a browser, one of the biggest attack vectors anyway.
The significance of this depends on whether you're running Google Chrome (the official distribution) or Chromium. Now, you've reported in your "steps to reproduce" using Chrome on Mac.
If we're talking about Chrome: Google Chrome (as opposed to Chromium) is not open source. It contains various bits of proprietary binary code, and always has. Therefore, whether it downloads the hotword module from the web store, or includes it in the distribution, is irrelevant from a trust standpoint. From our standpoint, the fact that the hotword module is a separate extension (rather than built in to the browser) is an implementation detail.
Since a lot of the discussion is centered around Chromium on Linux, I want to address the concern that Chromium is entirely open source and yet it downloads a proprietary module. The key here is that Chromium is not a Google product (we do not directly distribute it, or make any guarantees with respect to compliance with various open source policies). Our primary focus is getting code ready for Google Chrome. If a third party (such as Debian) destributes it, it is their responsibility to enforce their own policy. And I see that they have now done that (as of 43.0.2357.81-1) by disabling the hotword module. We have also made changes from Chromium 45 onwards to make it easier for third party distributors to disable hotwording (see Issue 491435 ).
Another key point is that the binary blob is not a native executable or library. It is a NaCl module, and therefore subject to the full sandbox of the NaCl platform. The hotword module has the same privileges as any website (except that it automatically has access to the microphone).
-- EOQ --
Also I believe the binary blobs are downloaded from a static address and hopefully signed somehow. The security concern is something I would accept as a valid argument, but if Google domain and whatever certification they use is compromised user has much larger issues than his audio being recorded.
Anyway, I'm trying to fight privacy-wackos that are spawning lately. Privacy is about having a choice to not share. In such meaning you can take almost an arbitrary definition of what you consider private and ask for a way to protect this idea of privacy. It should however not hinder the innovation and prevent developers from building great software. It's ok if I choose to trade some information in exchange for an interesting feature.
There seem to be many people fighting for not giving up their extended vision of freedom, not paying for software in any way, not even ads, and expecting high quality results. "Expecting" is a keyword here. Everybody is very much free to use Firefox, which is considered better for achieving the above results, yet the talk about Chrome shows how many people want to have the cake and eat it (and do it in private so nobody knows, because we all care so much about your f-ing cake).
I mean the activating an audio recorder when someone expects privacy. Some European countries are big on that, right? or it might come under wiretapping laws?
> Even if Ok Google is activated it only listen in a new tab.
So whenever the author opens a new tab—a thing that I do constantly when I work—the LED goes on and off. What's bullshit about that? Maybe their story is, but I'm not sure why you have a problem with that part.
> While I was working I thought I’m noticing that an LED goes on and off, on the corner of my eyesight. And after a few times when it just seemed weird, I sat to watch for it and saw it happening. Every few seconds or so.
Can you tel me when it is stated when a tab is opened.
He claims that Chrome is listening in the background. I repeat, bullshit until he can provide any proof of that.
The fact that device manufacturers do not generally provide a PHYSICAL switch to toggle microphone (or camera) connectivity, irrespective of what any software blob might attempt to do, says a lot about the state of respect for user control in this industry.
The fact that device manufacturers do not generally provide a PHYSICAL switch to toggle microphone (or camera) connectivity, irrespective of what any software blob might attempt to do, says a lot about the state of respect for user control in this industry.
73 comments
[ 2.4 ms ] story [ 142 ms ] threadDefinitely not OK, especially for a tech blog.
I don't see how they add any substance to the discussion. We all got the same pop-up, we all find it annoying. Voting it up to the top of every HN discussion is not likely to change it. Who even knows if the author will ever see this thread.
The topic of this post is whether Google can listen to, and presumably record, our conversations with little to no warning. To me that seems more worth a discussion than yet another pop-up email form.
https://news.ycombinator.com/item?id=9238739
> A reader emailed to complain about how this and other HN discussions often become derailed by off-topic carping about blog design. I agree completely. Could there be a more classic form of bikeshedding? It would seem parodic if it weren't sadly real. This has become more of a thing on HN lately. It needs to become less of a thing.
> I don't mean to pick on you personally, or just on this one comment. (Your second sentence alone, by the way, would have been a helpful contribution.) The problem is the tedious stampedes such comments spawn.
I agree. I used to make those comments. I've tried to cut it down.
I chose to comment because the author of the linked post and the HN submitter are the same person; my reaction came directly from this association. All the same, the remark doesn't belong on HN.
My setup at the time: a mac pro with 3 30" cinema displays.
The first time I noticed it I was several feet away from the computer talking on the phone -- actually about something the NSA probably would have had a keen interest in (the NDAA allowing for indefinite detention was about to be passed and I had just booked a flight to Stockholm) -- when my screens flashed and redrew slowly enough to be noticeable.
It happened more than once during that phone call.
And after I quit Chrome it didn't happen again.
Even during the phone call.
Everybody I mentioned it to seemed to think I was batshit insane. So I stopped mentioning it years ago.
And now that I see this, I'm willing to bet that there's more: a screen-grab capability that never accounted for grabbing 12,288,000 pixels at once.
The Ministry of Privacy (Minipriv) it seems, has had telescreens in our homes for years.
chrome://settings/search#voice doesn't show anything
chrome://voicesearch/ shows
Google Chrome 43.0.2357.124 () OS Mac OS X NaCl Enabled Yes Microphone Yes Audio Capture Allowed Yes Current Language en-US Hotword Previous Language en-US Hotword Search Enabled No Always-on Hotword Search Enabled No Hotword Audio Logging Enabled No Field trial Install
$ ls -l | grep Chrome
drwxrwxr-x@ 3 stray admin 102 Jun 19 21:41 Google Chrome.app
> Always-on Hotword Search Enabled No
It's already disabled.
I don't understand the outrage here. I remember chrome asking me if I want it listening all the time for "Ok Google", I thought "Obviously not" and said no, and that was the end of it.
But yes, it's still an issue. Does anyone have a solution to trusting GPG keys on company websites? If their website gets hacked, the key could be replaced, the source-control could be replaced and you'd never know..
On my windows pc chrome only reacts to ok google when you have a new, empty tab, or the google search page open and active as the main tab. Additionally i checked with procmon what network activity chrome was making, and while it starts sending stuff AFTER "ok google" is activated, it doesn't send any between me saying it and chrome confirming it.
The theory that it's a small local plugin is also affirmed by the fact that my cellphone can do "ok google" without any sort of network, and is sometimes tricked into activating by audiobooks that make noises completely unlike "ok google".
I found the plugin installed, but deactivated by default. So, for the story of this dude to make sense, he'd have to have someone at his computer activate it (or if he's using a linux distro, the maintainers might've activated it by default), and would see the light blinking on new tabs and google search pages.
² https://play.google.com/store/apps/details?id=ak.alizandro.s...
Edit: I guess depending on how powerful OK Google and Siri become it would be possible to embed instructions to download a virus into an audiobook or song.
Call it Duck-Duck-Chrome
This was severly frowned upon on the Debian Bugtracker last week. Thanks to the Debian team for standing up!
Context: https://news.ycombinator.com/item?id=9724409
For the trigger to work, which doesn't require key presses or other physical input, the microphone must be active and keeping a buffer of live speech, right? Okay, let's step aside for a moment to examine another piece of technology that keeps a live buffer of streaming media...
I have a TiVo. I love that thing. One of the coolest features is this: TiVo keeps a buffer of live shows on each of its tuners so that, if you opt to record a show that's been on for ten minutes, it can save it from the beginning, literally "capturing and digitally storing the past", once I press "record".
Back to Chrome/Chromium: Until someone determines what it's sending, and their black box makes it difficult to see the source of what audio is encoded and how it's encoded, and given that the technology to keep a rolling buffer of 30 minutes of streaming audio and video has been around in TiVo since, well, the first TiVo... Is it really so hard to believe that Google could be sending packets containing audio spoken in the room before the trigger phrase was captured?
It wouldn't take much for Google to assuage this privacy concern.
1) Opt-in, not opt out
And
2) Show us what's in the black box (or at least publish tcpdump-verifiable specs on what you're transmitting). If there was a debug option to transmit in clear text, and a statement of the audio codec used, that would give me some sense of understanding, even though that still leaves steganography as an option. I don't have enough tin foil for that hat right now.
Are people just upset b/c chrome can access the mic and web cam? Browsers have done this for decades.
The original issue - loading a binary into an supposedly open source browser (Chromium) does make sense and is valid. Making it something else than it is - an issue about Google Chrome and how it loads its modules, shows ignorance or purposeful bloating a news that is not a news.
Please rant on things in the right context. Otherwise you are hurting the case you think you are fighting for.
I would see your point in general closed-source software but in this case the way the module is loaded does indeed make a difference: it (silently) downloads and installs a closed-source blob with the ability to record audio into a piece of otherwise open source software. Specifically a browser, one of the biggest attack vectors anyway.
The significance of this depends on whether you're running Google Chrome (the official distribution) or Chromium. Now, you've reported in your "steps to reproduce" using Chrome on Mac.
If we're talking about Chrome: Google Chrome (as opposed to Chromium) is not open source. It contains various bits of proprietary binary code, and always has. Therefore, whether it downloads the hotword module from the web store, or includes it in the distribution, is irrelevant from a trust standpoint. From our standpoint, the fact that the hotword module is a separate extension (rather than built in to the browser) is an implementation detail.
Since a lot of the discussion is centered around Chromium on Linux, I want to address the concern that Chromium is entirely open source and yet it downloads a proprietary module. The key here is that Chromium is not a Google product (we do not directly distribute it, or make any guarantees with respect to compliance with various open source policies). Our primary focus is getting code ready for Google Chrome. If a third party (such as Debian) destributes it, it is their responsibility to enforce their own policy. And I see that they have now done that (as of 43.0.2357.81-1) by disabling the hotword module. We have also made changes from Chromium 45 onwards to make it easier for third party distributors to disable hotwording (see Issue 491435 ).
Another key point is that the binary blob is not a native executable or library. It is a NaCl module, and therefore subject to the full sandbox of the NaCl platform. The hotword module has the same privileges as any website (except that it automatically has access to the microphone).
-- EOQ --
Also I believe the binary blobs are downloaded from a static address and hopefully signed somehow. The security concern is something I would accept as a valid argument, but if Google domain and whatever certification they use is compromised user has much larger issues than his audio being recorded.
Anyway, I'm trying to fight privacy-wackos that are spawning lately. Privacy is about having a choice to not share. In such meaning you can take almost an arbitrary definition of what you consider private and ask for a way to protect this idea of privacy. It should however not hinder the innovation and prevent developers from building great software. It's ok if I choose to trade some information in exchange for an interesting feature.
There seem to be many people fighting for not giving up their extended vision of freedom, not paying for software in any way, not even ads, and expecting high quality results. "Expecting" is a keyword here. Everybody is very much free to use Firefox, which is considered better for achieving the above results, yet the talk about Chrome shows how many people want to have the cake and eat it (and do it in private so nobody knows, because we all care so much about your f-ing cake).
What audio recording has been activated?
I'm sorry, this is bullshit. Even if Ok Google is activated it only listen in a new tab.
So whenever the author opens a new tab—a thing that I do constantly when I work—the LED goes on and off. What's bullshit about that? Maybe their story is, but I'm not sure why you have a problem with that part.
From the blog:
> While I was working I thought I’m noticing that an LED goes on and off, on the corner of my eyesight. And after a few times when it just seemed weird, I sat to watch for it and saw it happening. Every few seconds or so.
Can you tel me when it is stated when a tab is opened.
He claims that Chrome is listening in the background. I repeat, bullshit until he can provide any proof of that.
how the hell i hate such popups