Author Topic: Chrome is listening to you right now...  (Read 1991 times)

0 Members and 1 Guest are viewing this topic.

Offline kenCode

  • Hero Member
  • *****
  • Posts: 2283
    • View Profile
    • Agorise
Sad world we live in form surveillance perspective ..

Exactly. +5% - Let's Decentralize everything!
kenCode - Decentraliser @ Agorise
Matrix/Keybase/Hive/Commun/Github: @Agorise
www.PalmPay.chat

Offline cass

  • Hero Member
  • *****
  • Posts: 4311
  • /(┬.┬)\
    • View Profile
i was looking into the plugin files etc .. also NaCl is enabled on my side ..
It's really scaring me what going on here ...

Before 2 years i was thinking taht i'm really paranoid due the fact i've removed micro imac etc.
But now .. i begin to think ... this will be my usual how to for new devices also.

Sad world we live in form surveillance perspective ..
 
█║▌║║█  - - -  The quieter you become, the more you are able to hear  - - -  █║▌║║█

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
This is hyperbolic.

First, Chrome is closed-sourced so it can in theory be doing all kinds of things even worse than listening in.

Second, Chromium, the open-source browser that Chrome is based on, shows that the binary blob that does this listening in is in its own sandbox with a well-defined interface to the rest of the world. That interface can enable connection to the microphone if the hot word option is enabled in the browser, which is by default disabled. All of those facts can be verified by studying the interface because Chromium is open source.

Now, downloading and running binary blobs as part of an open source program may go against the spirit of open source. But the truth is that all browsers have been doing something close to this for a while now anyway. That Javascript code that the browser downloads and runs in a secure sandbox is in theory open source, but the reality is that it is usually minified and obfuscated (comments removed, variables renamed). How much more useful is that "code" in that form to an auditor / hacker than an assembly dump of the binary executable (and there can be other sophisticated tools to convert it back into C code, granted with nonsense variable names, no comments, and other oddities)?

The reality is that the modern browser is a software platform just like the OS. And I would argue that running any closed-source software on your OS is analogous to running these binary blobs in the browser, except in practice it is even worse because a modern browser has better sandboxing enforced than today's desktop OSes (mobile OSes, like iOS and Android, are much better on this front). So unless you are an open source purist [1] and every single piece of software in the stack running on your system from the user-facing applications to the kernel is open source (and I doubt the firmware to make your hardware devices work is open source), then I find objections to binary blobs running in the browser platform in secure sandboxes with well-defined open-source interfaces to be a bit hypocritical.


Edit: Anyway, apparently they now disabled it for the default build of Chromium (https://code.google.com/p/chromium/issues/detail?id=500922#c31). And I assume this will be the build configuration that will be used for official binaries provided from the repositories of popular Linux distros. Obviously Chrome (which is not open source) will be unaffected by this change.

[1] And before anyone complains, I know the difference between open source and free software. I realize Stallman would be a free software purist. But by definition free (libre) software is a superset of open source software, thus a free software purist would also necessarily be an open source purist.
« Last Edit: June 26, 2015, 02:22:10 am by arhag »

Offline pgbit

  • Sr. Member
  • ****
  • Posts: 241
    • View Profile
chrome://settings

Settings > Show advanced Settings > Privacy > Content settings Privacy <---- manage permissions here

Offline kenCode

  • Hero Member
  • *****
  • Posts: 2283
    • View Profile
    • Agorise
Where this sends your audio (and video?).. who knows...
 
Type this into the URL field: chrome://voicesearch
 
h/t to yt @dahboo777 for this tip:
https://www.youtube.com/watch?v=AMmEhCke_eE
kenCode - Decentraliser @ Agorise
Matrix/Keybase/Hive/Commun/Github: @Agorise
www.PalmPay.chat