Skip to main content

Home/ Future of the Web/ Group items matching "Chromium" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Google Chrome Listening In To Your Room Shows The Importance Of Privacy Defense In Depth - 0 views

  • Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to “we can do that”.It looked like just another bug report. "When I start Chromium, it downloads something." Followed by strange status information that notably included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes".
  • Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room.A brief explanation of the Open-source / Free-software philosophy is needed here. When you’re installing a version of GNU/Linux like Debian or Ubuntu onto a fresh computer, thousands of really smart people have analyzed every line of human-readable source code before that operating system was built into computer-executable binary code, to make it common and open knowledge what the machine actually does instead of trusting corporate statements on what it’s supposed to be doing. Therefore, you don’t install black boxes onto a Debian or Ubuntu system; you use software repositories that have gone through this source-code audit-then-build process. Maintainers of operating systems like Debian and Ubuntu use many so-called “upstreams” of source code to build the final product.Chromium, the open-source version of Google Chrome, had abused its position as trusted upstream to insert lines of source code that bypassed this audit-then-build process, and which downloaded and installed a black box of unverifiable executable code directly onto computers, essentially rendering them compromised. We don’t know and can’t know what this black box does. But we see reports that the microphone has been activated, and that Chromium considers audio capture permitted.
  • This was supposedly to enable the “Ok, Google” behavior – that when you say certain words, a search function is activated. Certainly a useful feature. Certainly something that enables eavesdropping of every conversation in the entire room, too.Obviously, your own computer isn’t the one to analyze the actual search command. Google’s servers do. Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by… an unknown and unverifiable set of conditions.Google had two responses to this. The first was to introduce a practically-undocumented switch to opt out of this behavior, which is not a fix: the default install will still wiretap your room without your consent, unless you opt out, and more importantly, know that you need to opt out, which is nowhere a reasonable requirement. But the second was more of an official statement following technical discussions on Hacker News and other places. That official statement amounted to three parts (paraphrased, of course):
  • ...4 more annotations...
  • 1) Yes, we’re downloading and installing a wiretapping black-box to your computer. But we’re not actually activating it. We did take advantage of our position as trusted upstream to stealth-insert code into open-source software that installed this black box onto millions of computers, but we would never abuse the same trust in the same way to insert code that activates the eavesdropping-blackbox we already downloaded and installed onto your computer without your consent or knowledge. You can look at the code as it looks right now to see that the code doesn’t do this right now.2) Yes, Chromium is bypassing the entire source code auditing process by downloading a pre-built black box onto people’s computers. But that’s not something we care about, really. We’re concerned with building Google Chrome, the product from Google. As part of that, we provide the source code for others to package if they like. Anybody who uses our code for their own purpose takes responsibility for it. When this happens in a Debian installation, it is not Google Chrome’s behavior, this is Debian Chromium’s behavior. It’s Debian’s responsibility entirely.3) Yes, we deliberately hid this listening module from the users, but that’s because we consider this behavior to be part of the basic Google Chrome experience. We don’t want to show all modules that we install ourselves.
  • If you think this is an excusable and responsible statement, raise your hand now.Now, it should be noted that this was Chromium, the open-source version of Chrome. If somebody downloads the Google product Google Chrome, as in the prepackaged binary, you don’t even get a theoretical choice. You’re already downloading a black box from a vendor. In Google Chrome, this is all included from the start.This episode highlights the need for hard, not soft, switches to all devices – webcams, microphones – that can be used for surveillance. A software on/off switch for a webcam is no longer enough, a hard shield in front of the lens is required. A software on/off switch for a microphone is no longer enough, a physical switch that breaks its electrical connection is required. That’s how you defend against this in depth.
  • Of course, people were quick to downplay the alarm. “It only listens when you say ‘Ok, Google’.” (Ok, so how does it know to start listening just before I’m about to say ‘Ok, Google?’) “It’s no big deal.” (A company stealth installs an audio listener that listens to every room in the world it can, and transmits audio data to the mothership when it encounters an unknown, possibly individually tailored, list of keywords – and it’s no big deal!?) “You can opt out. It’s in the Terms of Service.” (No. Just no. This is not something that is the slightest amount of permissible just because it’s hidden in legalese.) “It’s opt-in. It won’t really listen unless you check that box.” (Perhaps. We don’t know, Google just downloaded a black box onto my computer. And it may not be the same black box as was downloaded onto yours. )Early last decade, privacy activists practically yelled and screamed that the NSA’s taps of various points of the Internet and telecom networks had the technical potential for enormous abuse against privacy. Everybody else dismissed those points as basically tinfoilhattery – until the Snowden files came out, and it was revealed that precisely everybody involved had abused their technical capability for invasion of privacy as far as was possible.Perhaps it would be wise to not repeat that exact mistake. Nobody, and I really mean nobody, is to be trusted with a technical capability to listen to every room in the world, with listening profiles customizable at the identified-individual level, on the mere basis of “trust us”.
  • Privacy remains your own responsibility.
  •  
    And of course, Google would never succumb to a subpoena requiring it to turn over the audio stream to the NSA. The Tor Browser just keeps looking better and better. https://www.torproject.org/projects/torbrowser.html.en
Paul Merrell

Blink! Google Is Forking WebKit - Slashdot - 0 views

  • "In a blog post titled Blink: A rendering engine for the Chromium project, Google has announced that Chromium (the open source backend for Chrome) will be switching to Blink, a new WebKit-based web rendering engine. Quoting: 'Chromium uses a different multi-process architecture than other WebKit-based browsers, and supporting multiple architectures over the years has led to increasing complexity for both the WebKit and Chromium projects. This has slowed down the collective pace of innovation... This was not an easy decision. We know that the introduction of a new rendering engine can have significant implications for the web. Nevertheless, we believe that having multiple rendering engines—similar to having multiple browsers—will spur innovation and over time improve the health of the entire open web ecosystem. ... In the short term, Blink will bring little change for web developers. The bulk of the initial work will focus on internal architectural improvements and a simplification of the codebase. For example, we anticipate that we’ll be able to remove 7 build systems and delete more than 7,000 files—comprising more than 4.5 million lines—right off the bat. Over the long term a healthier codebase leads to more stability and fewer bugs.'"
Paul Merrell

Google to block Flash on Chrome, only 10 websites exempt - CNET - 0 views

  • The inexorable slide into a world without Flash continues, with Google revealing plans to phase out support for Adobe's Flash Player in its Chrome browser for all but a handful of websites. And the company expects the changes to roll out by the fourth quarter of 2016. While it says Flash might have "historically" been a good way to present rich media online, Google is now much more partial to HTML5, thanks to faster load times and lower power use. As a result, Flash will still come bundled with Chrome, but "its presence will not be advertised by default." Where the Flash Player is the only option for viewing content on a site, users will need to actively switch it on for individual sites. Enterprise Chrome users will also have the option of switching Flash off altogether. Google will maintain support in the short-term for the top 10 domains using the player, including YouTube, Facebook, Yahoo, Twitch and Amazon. But this "whitelist" is set to be periodically reviewed, with sites removed if they no longer warrant an exception, and the exemption list will expire after a year. A spokesperson for Adobe said it was working with Google in its goal of "an industry-wide transition to Open Web standards," including the adoption of HTML5. "At the same time, given that Flash continues to be used in areas such as education, web gaming and premium video, the responsible thing for Adobe to do is to continue to support Flash with updates and fixes, as we help the industry transition," Adobe said in an emailed statement. "Looking ahead, we encourage content creators to build with new web standards."
Paul Merrell

Report: Microsoft is scrapping Edge, switching to just another Chrome clone | Ars Technica - 0 views

  • Windows Central reports that Microsoft is planning to replace its Edge browser, which uses Microsoft's own EdgeHTML rendering engine and Chakra JavaScript engine, with a new browser built on Chromium, the open source counterpart to Google's Chrome. The new browser has the codename Anaheim.
Gary Edwards

Wary of Upsetting Mighty Microsoft, Acer Limits Use Android for Phones, Not Netbooks. - 0 views

  •  
    "For a netbook, you really need to be able to view a full Web for the total Internet experience, and Android is not that yet," Jim Wong, head of Acer's IT products, said Tuesday while introducing a new line of computers."

    Right. Android runs the webkit/Chromium browser based on the same WebKit code base used by Apple iPhone/Safari, Google Chrome, Palm Pre, Nokia s60 and QT IDE, 280 Atlas WebKit IDE, SproutCore-Cocoa project, KOffice, Sun's javaFX, Adobe AiR, and Eclipse "Blinki", Eclipse SWT, Linux Midori, and the Windows CE IRiS browser - to name but a few. Other Open Web browsers Opera and Mozilla Firefox have embraced the highly interactive and very visual WebKit document and application model. Add to this WebKit tsunami the many web sites, applications and services that adopted the WebKit document model to become iPhone ready.

    Finally there is this; any browser, application or web server seekign to pass the ACiD-3 test is in effect an effort to become fully WebKit compliant.

    Maybe Mr. Wong is talking about the 1998 Internet experience supported by IE8? Or maybe there is a secret OEM agreement lurking in the background here. The kind that was used by Microsoft to stop Netscape and Java way back when.

    The problem for Microsoft is that, when it comes to smartphones, countertops and netbooks at the edge of the Web, they are not competing against individual companies pushing device and/or platform specific services. This time they are competing against the next generation Open Web. An very visual and interactive Open Web defined by the surge the WebKit, Firefox and the many JavaScript communities are leading.

    ge
  •  
    The Information Week page bookmarked says "NON-WORKING URL! The URL (Web address) that has been entered is directing to a non-existent page" Try this instead http://www.informationweek.com/news/hardware/handheld/showArticle.jhtml?articleID=216403510 Acer To Use Android For Phones, Not Netbooks April 8, 2009
  •  
    Microsoft conspiracies have happened in the past and we should watch for them. However, another explanation is that Android does not (yet) support many browser plugins. No doubt that is what the Microsoft drones remind Acer each time they meet with them, along with a pitch for Silverlight 2 !! For me, Silverlight 2 is so rare that I would not, personally, make it a requirement for a "full web". A non-Android Linux distribution on a netbook that ran Adobe Flash, Acrobat Reader, OpenOffice.org and AIR when necessary would suit me fine. One day Android may do all these things to, but for now Google has bigger fish to fry!
Gonzalo San Gil, PhD.

Google eavesdropping tool installed on computers without permission | Technology | The Guardian - 0 views

  •  
    "Privacy advocates claim always-listening component was involuntarily activated within Chromium, potentially exposing private conversations"
Gary Edwards

Is Google Chrome a dud? Or the second coming? | Google Finally Advertising The Dud Known As "Chrome" - Henry Blodget - 0 views

  •  
    Gary Edwards (URL) said: Mar. 05, 8:17 PM +1 Chrome! It's excellent, but not for the reasons most would insist are important. Neither is Chrome a disruptive technology. It's not. The real revolution is underneath Chrome in the open source WebKit engine. An engine shared with iPhone, Android, Safari, Palm Pre, Nokia, Iris, RiMM 's Blackberry Storm and KDE. Crossplatform WebKit IDE's now include QT, 280Atlas and Eclipse. It is the Apple iPhone that put WebKit on the map, demonstrating a revolutionary document/application model capable of leveraging and pushing the Open Web to be competitive with proprietary initiatives from Adobe and Microsoft. The WebKit engine is driving most of the smart devices at the edge of the Web, providing a consistent document rendering and application runtime layer that is highly visual, multi-dimensionally interactive, and fully competitive with the proprietary rich interactive application engines (RiA) provided by Adobe and Microsoft. Near 80% of these edge of the Web devices are based on WebKit.
1 - 7 of 7
Showing 20 items per page