“Yesterday, news broke that Google has
been stealth downloading audio listeners onto every computer that runs
Chrome, and transmits audio data back to Google. Effectively, this means
that Google had taken itself the right to listen to every conversation
in every room that runs Chrome somewhere, without any kind of consent
from the people eavesdropped on.” (Angry Arab)
.
Google Chrome Listening In To Your Room Shows The Importance Of Privacy Defense In Depth
Yesterday, news broke that Google
has been stealth downloading audio listeners onto every computer that
runs Chrome, and transmits audio data back to Google. Effectively, this
means that Google had taken itself the right to listen to every
conversation in every room that runs Chrome somewhere, without any kind
of consent from the people eavesdropped on. In official statements,
Google shrugged off the practice with what amounts to “we can do that”.
It looked like just another bug report.
“When I start Chromium, it downloads something.” Followed by strange
status information that notably included the lines “Microphone: Yes” and
“Audio Capture Allowed: Yes”.
Without consent, Google’s code had
downloaded a black box of code that – according to itself – had turned
on the microphone and was actively listening to your room.
A brief explanation of the Open-source /
Free-software philosophy is needed here. When you’re installing a
version of GNU/Linux like Debian or Ubuntu onto a fresh computer,
thousands of really smart people have analyzed every line of
human-readable source code before that operating system was built into
computer-executable binary code, to make it common and open knowledge
what the machine actually does instead of trusting corporate statements on what it’s supposed
to be doing. Therefore, you don’t install black boxes onto a Debian or
Ubuntu system; you use software repositories that have gone through this
source-code audit-then-build process. Maintainers of operating systems
like Debian and Ubuntu use many so-called “upstreams” of source code to
build the final product.
Chromium, the open-source version of
Google Chrome, had abused its position as trusted upstream to insert
lines of source code that bypassed this audit-then-build
process, and which downloaded and installed a black box of unverifiable
executable code directly onto computers, essentially rendering them
compromised. We don’t know and can’t know what this black box does. But
we see reports that the microphone has been activated, and that Chromium
considers audio capture permitted.
This was supposedly to enable the “Ok,
Google” behavior – that when you say certain words, a search function is
activated. Certainly a useful feature. Certainly something that enables
eavesdropping of every conversation in the entire room, too.
Obviously, your own computer isn’t the
one to analyze the actual search command. Google’s servers do. Which
means that your computer had been stealth configured to send what was
being said in your room to somebody else, to a private company in
another country, without your consent or knowledge, an audio
transmission triggered by… an unknown and unverifiable set of
conditions.
Google had two responses to this. The first
was to introduce a practically-undocumented switch to opt out of this
behavior, which is not a fix: the default install will still wiretap
your room without your consent, unless you opt out, and more
importantly, know that you needto opt out, which is nowhere a reasonable requirement. But the second was more of an official statement following technical discussions on Hacker News and other places. That official statement amounted to three parts (paraphrased, of course):
1) Yes, we’re downloading and installing a
wiretapping black-box to your computer. But we’re not actually
activating it. We did take advantage of our position as trusted upstream
to stealth-insert code into open-source software that installed this
black box onto millions of computers, but we would never abuse the same
trust in the same way to insert code thatactivates the
eavesdropping-blackbox we already downloaded and installed onto your
computer without your consent or knowledge. You can look at the code as
it looks right now to see that the code doesn’t do this right now.
2) Yes, Chromium is bypassing the entire
source code auditing process by downloading a pre-built black box onto
people’s computers. But that’s not something we care about, really.
We’re concerned with building Google Chrome, the product from Google. As
part of that, we provide the source code for others to package if they
like. Anybody who uses our code for their own purpose takes
responsibility for it. When this happens in a Debian installation, it is
not Google Chrome’s behavior, this is Debian Chromium’s behavior. It’s
Debian’s responsibility entirely.
3) Yes, we deliberately hid this
listening module from the users, but that’s because we consider this
behavior to be part of the basic Google Chrome experience. We don’t want
to show all modules that we install ourselves.
If you think this is an excusable and responsible statement, raise your hand now.
Now, it should be noted that this was
Chromium, the open-source version of Chrome. If somebody downloads the
Google product Google Chrome, as in the prepackaged binary, you don’t
even get a theoretical choice. You’re already downloading a black box
from a vendor. In Google Chrome, this is all included from the start.
This episode highlights the need for
hard, not soft, switches to all devices – webcams, microphones – that
can be used for surveillance. A software on/off switch for a webcam is
no longer enough, a hard shield in front of the lens is required. A
software on/off switch for a microphone is no longer enough, a physical
switch that breaks its electrical connection is required. That’s how you
defend against this in depth.
Of course, people were quick to downplay
the alarm. “It only listens when you say ‘Ok, Google’.” (Ok, so how does
it know to start listening just before I’m about to say ‘Ok, Google?’)
“It’s no big deal.” (A company stealth installs an audio listener that
listens to every room in the world it can, and transmits audio data to
the mothership when it encounters an unknown, possibly individually
tailored, list of keywords – and it’s no big deal!?) “You can opt out.
It’s in the Terms of Service.” (No. Just no. This is not something that
is the slightest amount of permissible just because it’s hidden in
legalese.) “It’s opt-in. It won’t really listen unless you check that
box.” (Perhaps. We don’t know, Google just downloaded a black box onto
my computer. And it may not be the same black box as was downloaded onto
yours. )
Early last decade, privacy activists
practically yelled and screamed that the NSA’s taps of various points of
the Internet and telecom networks had the technical potential
for enormous abuse against privacy. Everybody else dismissed those
points as basically tinfoilhattery – until the Snowden files came out,
and it was revealed that precisely everybody involved had abused their
technical capability for invasion of privacy as far as was possible.
Perhaps it would be wise to not repeat
that exact mistake. Nobody, and I really mean nobody, is to be trusted
with a technical capability to listen to every room in the world, with
listening profiles customizable at the identified-individual level, on
the mere basis of “trust us”.
Privacy remains your own responsibility.
(angryarab/privateinternetaccess/bugs.debian/code.google/myartikel/ABNS)
Post a Comment
mohon gunakan email