Google ha estado descargando programas de escucha en cada PC que use Chrome y transmite el audio de vuelta a Google. Esto significa que Google se ha autorizado a sí mismo para escuchar cualquier conversación de cualquier habitación donde Chrome esté instalado en un PC. La respuesta oficial de Google "Podemos hacerlo".
May I ask why this extensions is hidden from the extension list at chrome://extensions/ , although the page chrome://voicesearch/ shows it as an enabled extension? I suggest that sensitive functionality intended to process data from the surroundings (sound input,video input, etc.) should be presented in an open and transparent way, with easy to find controls.
>May I ask why this extensions is hidden from the extension list at chrome://extensions/ , although the page chrome://voicesearch/ shows it as an enabled extension?
This weirds me out as well. The whole behaviour of hotword is pretty conspicuous: Opt-in default, downloading a binary blob without notification, extension being hidden, ability to record audio .. I almost fell out of my chair when I saw that. Great strategy to erode trust of any user who is even slightly concerned with security (which, I assume, a lot of chromium users are).
Is there a good reason for keeping this proprietary like code licensed from a third party? Chromium has plenty of open-source code based on Google services, so taking the Android approach for this one is out of character. It implies that there's some secret technology to hide which actually makes reverse engineering it a lot more interesting.
It's also odd that it's downloaded at runtime rather than simply being shipped with Chrome like the EME and Flash plugins, which both work in Chromium but are explicitly opt-in.
I've written a detailed answer to these questions on the other bug ( Issue 500922 , see Comment 6).
#6: We do not show built-in extensions in chrome://extensions because they are implementation details of Chrome. It would be confusing to users to see things there that they did not install (just like there is no list of C++ modules in the Chrome interface; we consider these extensions to be just another bit of the Chrome code).
#7: This is not "opt-in default". If you do not explicitly opt in (using the "Enable Ok Google" setting in chrome://settings), then this module will not run.
#8, #9: It's proprietary simply because it involves some Google technology (the hotword detection algorithm itself) which we could not open source. We had a choice to either bake it into Google Chrome (and take it out of Chromium), or provide it as a separate NaCl module. Since our policy is to put as little proprietary code in Google Chrome as possible (to keep it almost identical to Chromium), we chose the latter. Since the module does not run unless you opt in, I don't think it's cause for alarm.
Preceding "Enable Ok Google" a preferred step would be to have "Install Ok Google". If the software downloads and installs a closed-source binary, how do we know when it runs and when it doesn't?
I've "opted out" in the Chromium settings (unticked the "Ok Google" setting), but still chrome://voicesearch shows that the extension and module are both ENABLED. Additionally all audio recording options are set to "allow" on that page, even though I have not given the browser any permissions to do that.
The proper opt-in would be to make the module an optional download for those who want to use it.
As a web developer, I like chrome. As a private person, in uninstalled it. You might call it a feature or a core extension, most people consider this spyware.
hotword detection isn't a required feature for a functioning browser. I may install a binary blob to get better 3D acceleration for a linux distribution, for instance, and I accept the risks to get those required features. Opt-out vs opt-in.
Saying the module "does not run unless you opt in" is immaterial and misses the point entirely. Once the blob is on the system the security risks have been increased; an increase that is unnecessary if one has no reason to use the feature(s).
#11: "If the software downloads and installs a closed-source binary, how do we know when it runs and when it doesn't?"
Because the open source software has complete control of when the binary runs. You can look in the source code to see when it decides to start up and shut down the hotword module (I gave instructions on how to do that in the other bug).
Providing an extra step to install the module would be unnecessary friction for our users. There is literally no difference between downloading the module (without running it), and not downloading it, except a tiny amount of bandwidth saved. There is no difference from a privacy or security standpoint, because unless we run it, it can't do anything, no matter what behaviour it might contain within.
#13: "Once the blob is on the system the security risks have been increased". From our perspective, the blob is just another part of the Chrome codebase (just with a weird delivery mechanism). You could make a similar claim for any feature of Chrome, "it shouldn't be installed unless I ask for it." But that's not how software works. We don't download individual features of an application on demand. It's your choice whether to enable a given feature. But users generally don't get a choice of which features are downloaded when you download software. That's just never been the way software has worked.
"Providing an extra step to install the module would be unnecessary friction for our users."
What absolute bull pucky! As soon as I'm done with this browsing session, Chrome is being deleted from all my devices. No damn way am I going to allow spyware on any of my devices. If I want someone to use the microphones on my machines, I want to specifically install software to do so. And installing and activating it without telling users is just plain evil.
This is not "opt-in default". If you do not explicitly opt in (using the "Enable Ok Google" setting in chrome://settings), then this module will not run.
Que explica que es opcional y para que vale. Lo que digan otros arriba no cuenta, porque se pueden montar la película que quieran.
#7 Gilipollez la tuya que te tragas una mierda amarilla, nos la mandas y encima te enfadas cuandto te lo dicen. Toma, otro iconito, para que te relajes...
Comentarios
#6 #4 hay respuesta oficial de google y un opt-out
https://code.google.com/p/chromium/issues/detail?id=491435#c4
seguid con las gilipolleces de iconitos y riendo sin ni siquiera leer la noticia
#7 Leeyendo tu enlace explica claramente que es una funcionalidad voluntaria y necesaria para usar "Ok Google".
¿Como vas a decir "Ok Google, ir a meneame" y que chrome vaya a meneame si no está escuchando continuamente?
El nivel de paranoia amarillista está llegando a límites absurdos.
#9 la descarto y fuera , el link esta lleno de opiniones poniendo verde a google , vosotros mismos
#6 steffz...@gmail.com
May I ask why this extensions is hidden from the extension list at chrome://extensions/ , although the page chrome://voicesearch/ shows it as an enabled extension? I suggest that sensitive functionality intended to process data from the surroundings (sound input,video input, etc.) should be presented in an open and transparent way, with easy to find controls.
Jun 16 (2 days ago)
#7 mr.ana...@gmail.com
>May I ask why this extensions is hidden from the extension list at chrome://extensions/ , although the page chrome://voicesearch/ shows it as an enabled extension?
This weirds me out as well. The whole behaviour of hotword is pretty conspicuous: Opt-in default, downloading a binary blob without notification, extension being hidden, ability to record audio .. I almost fell out of my chair when I saw that. Great strategy to erode trust of any user who is even slightly concerned with security (which, I assume, a lot of chromium users are).
Here's a discussion on hacker news concerning the issue (mostly focused on debian): https://news.ycombinator.com/item?id=9724409
Jun 16 (2 days ago)
#8 danielmi...@gmail.com
Is there a good reason for keeping this proprietary like code licensed from a third party? Chromium has plenty of open-source code based on Google services, so taking the Android approach for this one is out of character. It implies that there's some secret technology to hide which actually makes reverse engineering it a lot more interesting.
It's also odd that it's downloaded at runtime rather than simply being shipped with Chrome like the EME and Flash plugins, which both work in Chromium but are explicitly opt-in.
Yesterday (38 hours ago)
#9 car...@thoughtcrime.org.nz
it's probably closed source for patent reasons (thanks Nuance)
Yesterday (36 hours ago)
#10 mgiuca@chromium.org
I've written a detailed answer to these questions on the other bug ( Issue 500922 , see Comment 6).
#6: We do not show built-in extensions in chrome://extensions because they are implementation details of Chrome. It would be confusing to users to see things there that they did not install (just like there is no list of C++ modules in the Chrome interface; we consider these extensions to be just another bit of the Chrome code).
#7: This is not "opt-in default". If you do not explicitly opt in (using the "Enable Ok Google" setting in chrome://settings), then this module will not run.
#8, #9: It's proprietary simply because it involves some Google technology (the hotword detection algorithm itself) which we could not open source. We had a choice to either bake it into Google Chrome (and take it out of Chromium), or provide it as a separate NaCl module. Since our policy is to put as little proprietary code in Google Chrome as possible (to keep it almost identical to Chromium), we chose the latter. Since the module does not run unless you opt in, I don't think it's cause for alarm.
Yesterday (26 hours ago)
#11 otto.r...@aucor.fi
Preceding "Enable Ok Google" a preferred step would be to have "Install Ok Google". If the software downloads and installs a closed-source binary, how do we know when it runs and when it doesn't?
I've "opted out" in the Chromium settings (unticked the "Ok Google" setting), but still chrome://voicesearch shows that the extension and module are both ENABLED. Additionally all audio recording options are set to "allow" on that page, even though I have not given the browser any permissions to do that.
The proper opt-in would be to make the module an optional download for those who want to use it.
Yesterday (25 hours ago)
#12 Guido.Ga...@googlemail.com
As a web developer, I like chrome. As a private person, in uninstalled it. You might call it a feature or a core extension, most people consider this spyware.
Today (16 hours ago)
#13 lance.ea...@gmail.com
hotword detection isn't a required feature for a functioning browser. I may install a binary blob to get better 3D acceleration for a linux distribution, for instance, and I accept the risks to get those required features. Opt-out vs opt-in.
Saying the module "does not run unless you opt in" is immaterial and misses the point entirely. Once the blob is on the system the security risks have been increased; an increase that is unnecessary if one has no reason to use the feature(s).
Today (8 hours ago)
#14 mgiuca@chromium.org
#11: "If the software downloads and installs a closed-source binary, how do we know when it runs and when it doesn't?"
Because the open source software has complete control of when the binary runs. You can look in the source code to see when it decides to start up and shut down the hotword module (I gave instructions on how to do that in the other bug).
Providing an extra step to install the module would be unnecessary friction for our users. There is literally no difference between downloading the module (without running it), and not downloading it, except a tiny amount of bandwidth saved. There is no difference from a privacy or security standpoint, because unless we run it, it can't do anything, no matter what behaviour it might contain within.
#13: "Once the blob is on the system the security risks have been increased". From our perspective, the blob is just another part of the Chrome codebase (just with a weird delivery mechanism). You could make a similar claim for any feature of Chrome, "it shouldn't be installed unless I ask for it." But that's not how software works. We don't download individual features of an application on demand. It's your choice whether to enable a given feature. But users generally don't get a choice of which features are downloaded when you download software. That's just never been the way software has worked.
Today (6 hours ago)
#15 customta...@gmail.com
"Providing an extra step to install the module would be unnecessary friction for our users."
What absolute bull pucky! As soon as I'm done with this browsing session, Chrome is being deleted from all my devices. No damn way am I going to allow spyware on any of my devices. If I want someone to use the microphones on my machines, I want to specifically install software to do so. And installing and activating it without telling users is just plain evil.
#10 Al final lo que cuenta es el
This is not "opt-in default". If you do not explicitly opt in (using the "Enable Ok Google" setting in chrome://settings), then this module will not run.
Que explica que es opcional y para que vale. Lo que digan otros arriba no cuenta, porque se pueden montar la película que quieran.
#7 Gilipollez la tuya que te tragas una mierda amarilla, nos la mandas y encima te enfadas cuandto te lo dicen. Toma, otro iconito, para que te relajes...
#13 stfu tard
#14 Uy, si en lugar de insultar a alguien como una persona normal pones memes, que ricura... ¿cuantos añitos tienes guapo?
¡No, no me pongas mas memes por favor! juasssssssssss
#15 stfu tard confundes memes con abreviaturas hax0r de hace 20 años que en los 90 ya usabamos en fidonet LOL n00b spotted kkthxbye l2p tard
#16 Las idioteces que hay que leer, que paciencia.
Uno: Eres MUY tonto. Dos: tu no has conectado a fido en tu puta vida, quizas tu hermano mayor y seguramente ni eso.
A ver si al final el retarded va a resultar que eres tu y no lo sabes. Como minimo apestas a niñato...
#0 Qué bien, mi pc no tiene microno
#1 Dificil, salvo que tengas el micro en la otra entrada.
#3 Ya te digo, yo para las videoconferencias tengo la camara aparte, si la uso, la conecto, sino, la quito.
Pues que le aprovechen los jadeos cuando veo porno.
#1 Yo voy a dejar de peerme que soy muy vergonzoso.
Me preocuparía, pero ni tengo micrófono ni tengo Chrome instalado.
estoy seguro que apple por el mobil tambien, no puede ser que cada vez que toso me salen anuncios de antitusivos
TRUE STORY
Google ha estado descargando programas de escucha en cada PC que use Chrome y transmite el audio de vuelta a Google.
Erronea o sensacionalista, a elegir.
No es lo que dicen mis logs del router.