
Not OK, Google - oferzelig
http://fullstack.info/not-ok-google/
======
nightmiles
Not OK: Annoying pop-ups begging me to join a newsletter, interrupting my
ability to read your blog post. Stop that.

~~~
snowwrestler
I think a very positive change for HN would be to vote down meta-comments
about article design/ads/fonts/pop-ups.

I don't see how they add any substance to the discussion. We all got the same
pop-up, we all find it annoying. Voting it up to the top of every HN
discussion is not likely to change it. Who even knows if the author will ever
see this thread.

The topic of this post is whether Google can listen to, and presumably record,
our conversations with little to no warning. To me that seems more worth a
discussion than yet another pop-up email form.

~~~
DanBC
HN mod dang agrees. Here's his post:

[https://news.ycombinator.com/item?id=9238739](https://news.ycombinator.com/item?id=9238739)

> A reader emailed to complain about how this and other HN discussions often
> become derailed by off-topic carping about blog design. I agree completely.
> Could there be a more classic form of bikeshedding? It would seem parodic if
> it weren't sadly real. This has become more of a thing on HN lately. It
> needs to become less of a thing.

> I don't mean to pick on you personally, or just on this one comment. (Your
> second sentence alone, by the way, would have been a helpful contribution.)
> The problem is the tedious stampedes such comments spawn.

I agree. I used to make those comments. I've tried to cut it down.

------
fridek
This is spinning out of control. Regardless of whether the hotword detection
is enabled by default or not (it's not), arguing that loading a module may
harm your privacy is just plain nonsense. Most of software is loaded as one
big, binary blob. It may or may not contain harmful for privacy parts you know
or don't know about. The issue is totally orthogonal to how it is loaded.
Literally every binary you run may access your microphone and send whatever it
wants, wherever it likes, at any time. Until you prove an unwanted transfer of
recording you didn't ask for occurs, it is just ranting "binary blobs
considered harmful".

The original issue - loading a binary into an supposedly open source browser
(Chromium) does make sense and is valid. Making it something else than it is -
an issue about Google Chrome and how it loads its modules, shows ignorance or
purposeful bloating a news that is not a news.

Please rant on things in the right context. Otherwise you are hurting the case
you think you are fighting for.

~~~
hoers
Are you referring to the article or the general discussion?

I would see your point in general closed-source software but in this case the
way the module is loaded does indeed make a difference: it (silently)
downloads and installs a closed-source blob with the ability to record audio
into a piece of otherwise open source software. Specifically a browser, one of
the biggest attack vectors anyway.

~~~
fridek
Quoting
[https://code.google.com/p/chromium/issues/detail?id=500922#c...](https://code.google.com/p/chromium/issues/detail?id=500922#c6)

The significance of this depends on whether you're running Google Chrome (the
official distribution) or Chromium. Now, you've reported in your "steps to
reproduce" using Chrome on Mac.

If we're talking about Chrome: Google Chrome (as opposed to Chromium) is not
open source. It contains various bits of proprietary binary code, and always
has. Therefore, whether it downloads the hotword module from the web store, or
includes it in the distribution, is irrelevant from a trust standpoint. From
our standpoint, the fact that the hotword module is a separate extension
(rather than built in to the browser) is an implementation detail.

Since a lot of the discussion is centered around Chromium on Linux, I want to
address the concern that Chromium is entirely open source and yet it downloads
a proprietary module. The key here is that Chromium is not a Google product
(we do not directly distribute it, or make any guarantees with respect to
compliance with various open source policies). Our primary focus is getting
code ready for Google Chrome. If a third party (such as Debian) destributes
it, it is their responsibility to enforce their own policy. And I see that
they have now done that (as of 43.0.2357.81-1) by disabling the hotword
module. We have also made changes from Chromium 45 onwards to make it easier
for third party distributors to disable hotwording (see Issue 491435 ).

Another key point is that the binary blob is not a native executable or
library. It is a NaCl module, and therefore subject to the full sandbox of the
NaCl platform. The hotword module has the same privileges as any website
(except that it automatically has access to the microphone).

\-- EOQ --

Also I believe the binary blobs are downloaded from a static address and
hopefully signed somehow. The security concern is something I would accept as
a valid argument, but if Google domain and whatever certification they use is
compromised user has much larger issues than his audio being recorded.

Anyway, I'm trying to fight privacy-wackos that are spawning lately. Privacy
is about having a choice to not share. In such meaning you can take almost an
arbitrary definition of what you consider private and ask for a way to protect
this idea of privacy. It should however not hinder the innovation and prevent
developers from building great software. It's ok if I choose to trade some
information in exchange for an interesting feature.

There seem to be many people fighting for not giving up their extended vision
of freedom, not paying for software in any way, not even ads, and expecting
high quality results. "Expecting" is a keyword here. Everybody is very much
free to use Firefox, which is considered better for achieving the above
results, yet the talk about Chrome shows how many people want to have the cake
and eat it (and do it in private so nobody knows, because we all care so much
about your f-ing cake).

------
Mithaldu
A bit of analysis of how it actually operates:

On my windows pc chrome only reacts to ok google when you have a new, empty
tab, or the google search page open and active as the main tab. Additionally i
checked with procmon what network activity chrome was making, and while it
starts sending stuff AFTER "ok google" is activated, it doesn't send any
between me saying it and chrome confirming it.

The theory that it's a small local plugin is also affirmed by the fact that my
cellphone can do "ok google" without any sort of network, and is sometimes
tricked into activating by audiobooks that make noises completely unlike "ok
google".

I found the plugin installed, but deactivated by default. So, for the story of
this dude to make sense, he'd have to have someone at his computer activate it
(or if he's using a linux distro, the maintainers might've activated it by
default), and would see the light blinking on new tabs and google search
pages.

~~~
ohitsdom
Is your phone tricked by audiobooks playing from the phone itself, or another
source? I'd be really surprised if the phone's audio could trigger itself.

~~~
neotek
My iPhone regularly reacts to words that sounds like "Hey Siri" when I'm
listening to audiobooks using the in-built speaker.

~~~
ohitsdom
Wow, surprising. You'd think they would have that filtered out, just like they
have to when taking a call on speaker phone.

~~~
neotek
This is pure speculation and I'm nowhere near qualified to speak with any
accuracy, but perhaps it's the case that the processing requirements would
reduce battery life too quickly. Although, having said that, "Hey Siri" only
works when the phone is plugged into a power source, unless you use a
jailbreak tweak to turn it on all the time.

------
stray
At least as far back as 2011 or so, I noticed that Chrome was causing my
computer to behave differently when something was said.

My setup at the time: a mac pro with 3 30" cinema displays.

The first time I noticed it I was several feet away from the computer talking
on the phone -- actually about something the NSA probably _would_ have had a
keen interest in (the NDAA allowing for indefinite detention was about to be
passed and I had just booked a flight to Stockholm) -- when my screens flashed
and redrew slowly enough to be noticeable.

It happened more than once during that phone call.

And after I quit Chrome it didn't happen again.

Even during the phone call.

Everybody I mentioned it to seemed to think I was batshit insane. So I stopped
mentioning it years ago.

And now that I see this, I'm willing to bet that there's more: a screen-grab
capability that never accounted for grabbing 12,288,000 pixels at once.

The Ministry of Privacy (Minipriv) it seems, has had telescreens in our homes
for years.

~~~
vtlynch
> Everybody I mentioned it to seemed to think I was batshit insane.

------
spdustin
Okay, so it sends data after you've said the trigger phrase, but not before,
that much we've all agreed on. Has anyone determined what it's sending? Hear
me out here...

For the trigger to work, which doesn't require key presses or other physical
input, the microphone must be active and keeping a buffer of live speech,
right? Okay, let's step aside for a moment to examine another piece of
technology that keeps a live buffer of streaming media...

I have a TiVo. I love that thing. One of the coolest features is this: TiVo
keeps a buffer of live shows on each of its tuners so that, if you opt to
record a show that's been on for ten minutes, it can save it from the
beginning, literally "capturing and digitally storing the past", once I press
"record".

Back to Chrome/Chromium: Until someone determines what it's sending, and their
black box makes it difficult to see the source of what audio is encoded and
how it's encoded, and given that the technology to keep a rolling buffer of 30
minutes of streaming audio and video has been around in TiVo since, well, the
first TiVo... Is it really so hard to believe that Google could be sending
packets containing audio spoken in the room before the trigger phrase was
captured?

It wouldn't take much for Google to assuage this privacy concern.

1) Opt-in, not opt out

And

2) Show us what's in the black box (or at least publish tcpdump-verifiable
specs on what you're transmitting). If there was a debug option to transmit in
clear text, and a statement of the audio codec used, that would give me some
sense of understanding, even though that still leaves steganography as an
option. I don't have enough tin foil for that hat right now.

~~~
VLM
How would you prove everyone's black box behaves the same way and in certain
geographic areas or when it detects certain NSA software or certain keywords
on websites it goes into whole room bug-mode?

~~~
spdustin
I couldn't. I didn't say it would make me feel secure, just that it would give
me _some sense of understanding_. It would, at least, prove a modicum of
sincerity and authenticity to the otherwise opaque, "just trust us, okay?"
position they're currently taking.

------
droopybuns
Finally, a feature that helps me transition back to Firefox or safari.

------
thom_nic
Maybe someone should create a privacy-conscious Chromium fork.

Call it Duck-Duck-Chrome

~~~
Zikes
Whereas Iceweasel is the "free as in freedom" version of Firefox, perhaps the
Chromium fork should be a called Dullium.

~~~
thrillgore
SRWare Iron. It's still in development.

~~~
stullig
Yeah, don't use that, shady maintainer:
[http://www.insanitybit.com/2012/06/23/srware-iron-
browser-a-...](http://www.insanitybit.com/2012/06/23/srware-iron-browser-a-
real-private-alternative-to-chrome-21/)

------
fla
I wonder if they have a legal base for this in Europe.

This was severly frowned upon on the Debian Bugtracker last week. Thanks to
the Debian team for standing up!

Context:
[https://news.ycombinator.com/item?id=9724409](https://news.ycombinator.com/item?id=9724409)

------
hellbanner
How do I disable this?

chrome://settings/search#voice doesn't show anything

chrome://voicesearch/ shows

Google Chrome 43.0.2357.124 () OS Mac OS X NaCl Enabled Yes Microphone Yes
Audio Capture Allowed Yes Current Language en-US Hotword Previous Language en-
US Hotword Search Enabled No Always-on Hotword Search Enabled No Hotword Audio
Logging Enabled No Field trial Install

~~~
busted
> Hotword Search Enabled No

> Always-on Hotword Search Enabled No

It's already disabled.

I don't understand the outrage here. I remember chrome asking me if I want it
listening all the time for "Ok Google", I thought "Obviously not" and said no,
and that was the end of it.

~~~
psykovsky
It SAYS it is disabled, but do you know if it can be remotely enabled at will
or if they mean it is disabled only to send your search terms and open a
google.com page but still enabled for spying?

~~~
hamax
How do you know that firefox binary can't do that?

~~~
hellbanner
Theoretically you could build firefox from source..

But yes, it's still an issue. Does anyone have a solution to trusting GPG keys
on company websites? If their website gets hacked, the key could be replaced,
the source-control could be replaced and you'd never know..

------
nathanm412
The feature is opt-in. What am I missing here?

~~~
rdsnsca
What Goggle says is op-in to today often turns into op-out tomorrow.

~~~
deelowe
So FUD? What basis is this on? And, more importantly, how is this situation
any different than any other binary that have disabled features?

Are people just upset b/c chrome can access the mic and web cam? Browsers have
done this for decades.

------
zephyrwindow
The fact that device manufacturers do not generally provide a PHYSICAL switch
to toggle microphone (or camera) connectivity, irrespective of what any
software blob might attempt to do, says a lot about the state of respect for
user control in this industry.

------
Oletros
> While I was working I thought I’m noticing that an LED goes on and off, on
> the corner of my eyesight.

I'm sorry, this is bullshit. Even if Ok Google is activated it only listen in
a new tab.

~~~
mcphage
> Even if Ok Google is activated it only listen in a new tab.

So whenever the author opens a new tab—a thing that I do constantly when I
work—the LED goes on and off. What's bullshit about that? Maybe their story
is, but I'm not sure why you have a problem with that part.

~~~
Oletros
> So whenever the author opens a new tab

From the blog:

> While I was working I thought I’m noticing that an LED goes on and off, on
> the corner of my eyesight. And after a few times when it just seemed weird,
> I sat to watch for it and saw it happening. Every few seconds or so.

Can you tel me when it is stated when a tab is opened.

He claims that Chrome is listening in the background. I repeat, bullshit until
he can provide any proof of that.

------
brador
Are there any countries/jurisdictions/states where this style of Google
eavesdropping is or might be illegal? France maybe?

~~~
Oletros
What eavesdropping?

~~~
brador
I mean the activating an audio recorder when someone expects privacy. Some
European countries are big on that, right? or it might come under wiretapping
laws?

~~~
Oletros
First it has to be an activation of an audio recording, isn't?

What audio recording has been activated?

~~~
brador
Isn't that what this is? google activating the mic on his webcam to listen for
"ok google" without his permission?

~~~
Oletros
Then he has to show that this is the case, isn't?

------
aikah
AFAIK it is a opt-in at least here in France. However ,disabling it should be
made easier than going to the params menu.

------
EugeneOZ
SUBSCRIBE TO MY MAILING LIST!!!!!!!! AAAA!!!

how the hell i hate such popups

------
hoers
Here's the corresponding ticket:
[https://code.google.com/p/chromium/issues/detail?id=500922](https://code.google.com/p/chromium/issues/detail?id=500922)

