> An extension that is enabled is not the same as an extension that is actually running. To see the list of Chrome processes that are actually running, use Chrome's task manager. Hotword Triggering, as well as many other extensions will run briefly at startup. Those that are not actually being used will quit in about 10-15 seconds.
I'm sorry, what?! So I still have to trust that it's not doing anything malicious for 10-15 seconds?
No, you can just use the open source build which doesn't include any of the google components, like the ticket says. I don't see how they can do any more for you than that.
> Chromium builds from r335874 (version 45) onwards will have hotwording disabled by default and will not download the module. There is no way to enable this feature at runtime.
So as long as you compile from source or trust your package maintainer to not enable the compile-time flag you should be good.
You don't have to trust your maintainer, just go to chrome://voicesearch and check the status (but read up on it, it's badly labeled) or search for "hotword-x86-64.nexe" inside your chromium extensions folder and delete the extension containing it.
You have to extend trust out at some point. Your only other alternative is to manually type the machine code required for a C compiler and start from that.
Additionally, it's fairly ironic this is about a browser. If you don't trust packages maintainers, yet you want to use a browser, which the whole point of is to download and interpret text, code and binaries which you have little in the way of actually controlling after pointing it at a site, then I think you've made some interesting security trade-offs in your mind.
Okay, so the only other alternative is to create your own processor[1], manually type the machine code required for a C compiler, and then start from that. Sheesh.
Really, this is what everything in life is like. Every time you cross a bridge, you are implicitly trusting the builders who built it, the engineers who designed it, the mechanical engineering processes they used, and the mathematical disciplines that they rely on, all the way down to their fundamental axioms. You have to extend trust at some point there as well, otherwise you can start by proving there exists a class of numbers we will call integers...
I agree with you, my point was to illustrate that at some point, everyone needs to place some trust (even if implicitly). I'm as paranoid as the next person, but this is just the reality.
Yeah, that "sheesh" wasn't directed at you, but at the even more ludicrous amount of work required to not have to trust a third party. The response wasn't a rebuttal, I just felt I had more to say. :)
It's easier to trust that the maintainer compiled upstream properly instead of backported/mismerged because of a stupid OS policy preventing you from incrementing version numbers
Ergo: use a distribution like Arch Linux or Gentoo. Arch Linux has the advantage that you don't have to build everything from source yourself. Both have the advantage that the build scripts are easy to understand (Arch PKGBUILDs more so, IMHO).
In the end you will always arrive at a chicken and egg situation, you will ultimately need to trust the engineers who designed your CPU and chipset, the VLSI design software which they used, the developers who wrote the compiler and toolchain, the tools used to bootstrap it, external libraries, etc.
The world ultimately runs on trust, no matter how you slice it.
If you don't have the time, skillset or inclination to review the source you're compiling yourself, trusting a third party who you have reason to put faith in beats compiling from source yourself.
I've no idea why you've been downvoted. While it's not amazingly pertinent, it's worthy to note that security from source assumes your compiler is being honest.
Release only open source products? Not sell our information to advertisers? Not collaborate with the government to spy on us? Not use their monopoly money to buy all of the smart people in the world? The list of how they could improve is endless.
Google open sources far more than most companies. They've also contributed greatly to building new open source projects, and they actually keep them open and are a generally benevolent maintainer. They're probably one of the best corporate citizens of the open source community.
> Not sell our information to advertisers?
It's their entire business model; if you don't like it, don't use their products.
> Not collaborate with the government to spy on us?
Google never willingly collaborated with the government. They were either hacked by the NSA (this isn't a mark of shame -- just read up on the Equation Group virus that went undetected for the better part of a decade) or they cooperated under a sealed court order. Corporations don't have the agency that individuals do in refusing to cooperate with a court order -- it's literally not possible for a company to refuse to comply with a court order because the feds can just keep arresting people until someone complies. Most companies refuse to put their employees in this position, so they comply under protest (which is exactly what Google did).
> Not use their monopoly money to buy all of the smart people in the world?
So they shouldn't hire under capitalist principles? Also note that this is beneficial for the smart people of the world, because it forces other companies to pay more as well.
Yeah, I realize this... Ultimately it's the same effect though (advertisers use your info to show you ads), which is why I didn't make the distinction.
I'm willing to trust this one, specific company with my data because I know their privacy policy and their practices. Handing that data off to arbitrary other companies for a buck is another matter entirely, I wouldn't be comfortable with that; that's what "selling your data" means, that phrase has a specific meaning, and claiming that's what Google does is a misrepresentation.
What you're saying is that if I tell my friend Sean a secret in confidence, it's all the same whether or not he proceeds to share it with all his friends. In my mind, and in most people's minds, it isn't.
>So they shouldn't hire under capitalist principles? Also note that this is beneficial for the smart people of the world, because it forces other companies to pay more as well.
Yes, basically I'm asking for non-capitalism (sorry, I'm a relentless anti-capitalist). It's too much for a HN thread. But I'm sick of this world - Google is a company BUILT on free software. They only exist because of public largesse. Without Linus Torvalds and Stallman (and a million others), Google would not exist, period. Without the Internet, Google would not exist.
This sort of thing is rampant - github has a billion-dollar valuation based on the fact that Linus Torvalds wrote and open-sourced git, and pretty much for no other reason.
I want a word that acknowledges that we exist together, dammit, that the wealth we've made - all of it - is produced in common, and that we don't use every single scrap of advantage we get to arrogate more power to ourselves.
Google is a company that is built on taking a public good, perhaps the greatest public good we have ever made, and turning it into an engine for generating wealth and power for a few individuals.
It's the 21st century, dammit. Let's do better. We have the fucking model for how to do this. Let's build on it. Let's share what we produce instead of taking the collective bounty and using it for our own personal gain.
> github has a billion-dollar valuation based on the fact that Linus Torvalds wrote and open-sourced git, and pretty much for no other reason.
No, github has a billion-dollar valuation based on the fact that they took a pretty empty market (source code hosting) and created a developer ecosystem around it. Whether they used git, or mercurial, or svn, or any other version control system really doesn't make a big difference. They happened to pick up on the fact that git was picking up steam and went all-in on that bet, but you can replace git with practically any other VCS and it still could have worked. In fact, I'd say it brought more younger developers and enterprise companies to git than git bringing the developers to them.
Creating GitHub required both vision and a lot of hard work. Building Google required both vision and a lot of hard work. Yes, they use open source tools, but ultimately they built something people could get huge amounts of value from at a time when no one else was.
If Linus was interested in turning git into cash, there are a variety of ways he could make that happen, but it doesn't seem like that's his goal.
> Yes, basically I'm asking for non-capitalism (sorry, I'm a relentless anti-capitalist).
Then we don't really have much to argue about on this. Google operates under a capitalist system, so to expect them to operate in a non-capitalist way is not realistic.
If Google has determined that they need the best employees, they have to pay high salaries.
And if you want to get pedantic about it, the roads were actually built by a private, for-profit construction company that was contracted by some level of government. Those workers didn't show up and pour asphalt because they felt like it; they did it because they were paid to do it. In a capitalist society, even non-capitalist activities have to abide by the rules of capitalism.
They're probably one of the best corporate citizens of the open source community.
Alternately, they're giving things away for free to discourage non-Google innovation and generally devalue the labor of other companies and developers.
They don't sell your information, they sell access to your eyeballs, _based on_ the information they have about you, combined with advertisers saying "We want to show advert X to these types of people".
If they sold that information directly, they'd make a load of money today, but then none tomorrow. User information is the 'goose that lays the golden egg'.
It should never have been flipped to opt-out in the first place. Google cares about open source only as long as it benefits them, and I wasn't surprised to see one of their flagship projects take a trip to the dark side for a few days.
To paraphrase a Jurassic Park character, they are testing the waters, checking for weaknesses. They remember...
Thanks to William Shatner for lots of things; least of all demonstrating how to deliver a line of dialogue without it sounding like you're reading off the back of a cereal packet and left your glasses at home.
My mother uses her Dell laptop with an Ubuntu installed on it. It is usually great to maintain from my part, as all she uses is Chromium and the files explorer. I just update the software sometimes.
But something that started happening in the latest versions of Chromium is driving me nuts. Every time I talk to my mother in my native language in front of the laptop, the "Ok, Google" functionality activates and starts the search of the "parsed" English sentence in Google.
At least in Google Chrome, "Enable Ok Google" is one of the few options in the settings that are not buried under "show advanced". It's very easy to find.
My point was more "i don't think trusted debian mirror buys you much either" if your goal is to not ship binary blobs not "billion dollar company is great".
This still buys you nothing, unless you have a good reason to trust everyone who has signed all of this?
In the end, they are people, you have no reason to trust them more than anyone else.
In particular, you have no reason to trust them more or less than a billion dollar corporation.
For some of us, the contributors of Debian are more trustworthy than corporations. We know to a degree of certainty that the maintainers have no interest in turning a profit of us, their user and will not do anything that would harm us. I trust the corporation to not do anything that would harm the corporation.
Usually the interests of corporations and users align, so you can't be sure with them. You can be with the maintainers of Debian.
"We know to a degree of certainty that the maintainers have no interest in turning a profit of us, their user and will not do anything that would harm us"
Why do you believe this?
How do you know they aren't on various forums selling ways to exploit users by inserting bugs, or whatever?
Most open source developers do not in fact, make a lot of money from their programs alone. What stops them from being just as greedy as corporations?
Note also this already happens, where open source maintainers sell access to their installers or whatever to malware companies.
Why would one believe it won't happen to debian maintainers?
Also, i'll also point out a lot of them are employed by corporations you distrust so much, and history shows most people will do what they are told, so if their corporations told them to do something, they'd probably do it.
So again, i don't get it. There seems to be no actual reason to trust them more or less. I just see misplaced trust in "the good of people". (Which study after study after study has shown, often goes out the window for very low prices :P)
Yes, exactly, clicking a link. An action taken by the user. Before the bit of code in question was reverted back to its normal behavior, just the act of launching the Chromium browser for the first time would silently download and activate the binary blob, the user was completely out of the picture and had no control over it. There's a huge difference.
I'm not complaining about what it does, I'm complaining about how it was delivered. If someone breaks into my house to put a new TV on the table, I'm still going to feel violated.
Google broke the trust the open source community had in them, by silently flipping a switch that surreptitiously downloads a binary blob. They have now gone on record saying that was wrong and have reversed the change going forward. Good on them for that, but as far as I'm concerned that trust is irrevocably broken.
Which is allowed to use your microphone at any time without asking. In contrast to javascript executed on a website.
Edit: To clarify, I'm only talking about the sandbox here, I'm aware that there is opt-in stuff and that there is open source code guarding the activation of that specific module, i'd argue that this isn't part of the sandbox though.
No, it can only use your microphone on New Tab pages and Google Search pages, and only after the user explicitly opts-in to it (the module is disabled by default).
If you read the responses on that bug tracker it does seem it was automatically activated for some.
Granted, these might have been a misinterpretation of that chrome://voicesearch page.
My phrasing of "anytime" was perhaps misleading, I'm aware that the module is guarded by open source code that activates it under specific conditions.
However I was talking about the sandbox, and when the module is running it does have access to the microphone without asking. The code guarding the activation of the module isn't relevant in this context.
> The hotword module has the same privileges as any website (except that it automatically has access to the microphone).
My original post was perhaps misleading, I'm only talking about the sandbox here, I'm aware that there is opt-in stuff and that there is open source code guarding the activation of that specific module, i'd argue that this isn't part of the sandbox though.
A slight tangent but is anyone else disappointed with the Chrome permissions system? The granularity of what you can allow is often inappropriate for what you really need to do. Example, the author of uBlock Origin needed to be able to turn off prefetching for obvious reasons. But the permission for it was grouped into the label "Control Security Settings". This confused a lot of people who became suspicious of what the extension was actually doing.
It makes me think of how Windows with it's very comprehensive mandatory access control remained vulnerable to simple attacks because the ACLs were too complicated. Thus application developers would request overly broad permissions, defeating the usefulness of the security model.
Seems to me that having too many difficult to use security features can be as bad as or worse than too little security.
I'm sorry, what?! So I still have to trust that it's not doing anything malicious for 10-15 seconds?