Google is under fire for downloading and installing a Chrome browser extension that allegedly listens to a user's conversations.

The accusations first came from Rick Falkvinge, founder of the Pirate Party, who says Google has installed black box code, or code that cannot be audited by other parties, into the open-source Chromium, the browser upon which Chrome is based. This code is said to be downloading and installing an extension that activates the "Ok Google" search function, which allows users to search for things via voice when they open Google's home page or a blank, new tab on Chrome.

"Your computer has been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by... an unknown and unverifiable set of conditions," says Falkvinge.

Google is certainly not the best corporation to trust with the information about ourselves we put online. The search company is widely known as having connections with the National Security Agency (NSA) in implementing its wide-reaching surveillance program as revealed by the Edward Snowden archives.

However, Google has responded to this issue, pointing out that the ability to use "Ok Google" commands and enable the extension is an opt-in feature. Under Settings in Chrome, one will find a box that says "Enable 'Ok Google' to start a voice search." This box is not checked by default, and for Google to start listening out for "Ok Google," users will have to have checked this box before.

"First and foremost, while we do download the hotword module on startup, we do not activate it unless you opt in to hotwording," says Google in its development forums. "If you go into 'chrome://settings,' you will see a checkbox 'Enable 'Ok Google' to start a voice search.'" This should be unchecked by default, and if you do not check it, the hotword module will not be started."

Also key to the issue is the inclusion of black box code into Chromium, which is supposedly an open-source project that allows everyone to audit the code. Falkvinge says Chromium "had abused its position as trusted upstream to insert lines of source code that bypassed this audit-then-build process, and which downloaded and installed a black box of unverifiable executable code directly onto computers, essentially rendering them compromised."

Google does not deny installing the black box code into Chromium, but it does not consider itself responsible for other browsers that include the code. Debian, for instance, which has received complaints about a "bug" that automatically downloads the Chrome Hotword Shared Module without an opt-out configuration, has fixed the problem by disabling the extension.

"Our primary focus is getting code ready for Google Chrome," says Google. "If a third-party (such as Debian) distributes it, it is their responsibility to enforce their own policy."

Falkvinge says the solution to stop technology companies from eavesdropping is not a software switch but a physical hardware switch that can cut the microphone off from its electrical supply. However, unless somebody gets to audit that code, we can't really know for sure if Google, or Apple listening out for "Hey Siri" and Microsoft listening out for "Hey Cortana," is actually eavesdropping in on you right now.

Photo: Vincent Bellet | Flickr

ⓒ 2021 All rights reserved. Do not reproduce without permission.