Well it is all part of the same pattern of ‘mostly’ american tech firms being on the ‘dark side’, but that is not surprising when the country itself has pretty much fallen to it (via it’s political arms/oil backed arm). It’s an american issue, which of course becomes everyone elses issue as is the way of Super Powers and their global reach.
I always knew that people like Zukerberg worked with NSA etc, and probably they get funded by them in an impossible to track down way (these people are not stupid), which is why i never used Facebook myself as it always seemed like a spy tool first. Google and all the rest are likewise on this dark side and always have been (probably).
How do we know this? Well there are the leaks stuff (wikileaks/Snowdon etc) but also you have products that specifically set themselves up as being ‘different from’ the big brands as a point of sale. So Duckduckgo (which does no tracking etc) vs Google (which is all about tracking). Steam (which is all about control of your games for their profit) vs GoG (which is all about you controlling your games for their profit).
So you can use the various available tech prodoucts to gage how far into the dark side a company actually is. It’s not a perfect science by any means, but if you can feel the force, you can get an idea of what to avoid etc.
For example i’ve completely shut down my american based email (yahoo/hotmail etc) in favour of one that specifically sets itself up as not a tool of the NSA/MI5 etc. I’ve shutdown my youtube account, and don’t log on to view youtube anymore (i feel bad about that for the view count support etc, but it is You Tubes policies that are at fault not me), i never in a blue moon would use Facebook as it was so apparant from the outset this was all about data gathering and connecting groups of people (and the associated spying issue), and the list can go on and on for many people if they look into things a little bit, as most of the american tech industry is playing (and probably being paid to do it) spy games on users data.
But when you have a far right government (institutionally) these are all things to expect, you have plenty of historic examples to measure against (the Stazi and all the fascist regimes (including Communism after Stalin)).
I understand germany has even built itself an internal email system that only it’s own citizens can use, to better protect information theft that was going on before. We (as in all of us) should probably be doing the same? We need much better control over information technology and whom is using our data, the current system is obviously not fit for purpose.
Google eavesdropping tool installed on computers without permission:
Privacy campaigners and open source developers are up in arms over the secret installing of Google software which is capable of listening in on conversations held in front of a computer.
First spotted by open source developers, the Chromium browser – the open source basis for Google’s Chrome – began remotely installing audio-snooping code that was capable of listening to users.
It was designed to support Chrome’s new “OK, Google” hotword detection – which makes the computer respond when you talk to it – but was installed, and, some users have claimed, it is activated on computers without their permission.
“Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room,” said Rick Falkvinge, the Pirate party founder, in a blog post. “Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by … an unknown and unverifiable set of conditions.”
In light of this issue, we have decided to remove the hotwording component entirely from Chromium. As it is not open source, it does not belong in the open source browser.
Chromium builds from r335874 (version 45) onwards will have hotwording disabled by default and will not download the module. There is no way to enable this feature at runtime. Google Chrome users will be unaffected (although, as always, will have to opt in using settings before the hotword module will activate).
Can also confirm that my currently installed (latest) version of Chrome did not have the module active (though it is installed - we’ll see if it is removed):
So, I am glad it has been identified and raised as an issue, but Google weren’t deploying this to eavesdrop. Seems a natural extension of functionality that exists on mobile that is NOT switched on by default in Chromium or Chrome.
Big issue that the module code in question could access the devices without the user being made aware or giving permission. Google had not abused that, but the possibility may have existed (may still exist if activated) for it to be an attack vector by less savoury types on the interwebs.
Anyway, crisis averted and given the quick resolution, seems like something that was never intended to be malicious.
Maybe not malicious, but pretty dumb. Even installation of such a feature clearly should have been an opt-in situation. Pretty tone deaf of Google in these post-Snowden days.
There’s no way to restrict permissions in a granular manner on OSX or windows, like there is on iOS and Android. Any program you run on your computer has access to every device. This places the burden of notification on every program’s developer, which is an unreasonable stance to take. The android/iOS method is the right way to go.
Note windows can do granular permissions in universal (metro) apps, but I don’t believe that applies to win32 programs.
The problem here isn’t that Chrome didn’t ask if it’s OK. It’s opt-in, and that’s perfectly fine. The problem here is that Chromium included that functionality. Chromium is supposed to be fully open-source, and this component isn’t.
yeah it was the mixing of open-source and closed source that was the main issue i think, a simple mistake or maybe just one of the issues open-source is going to have to be increasingly vigilant over as it gets all snuggly with some of the most powerful software companies in history?
@sharaleo, my search is set as Duckduckgo, so it seems the google stuff is not even active ( i get no option on the google voice stuff etc)? Not that i use Chromium much, but as i also put covers over my camera’s (on laptops) i also might start to muffle the microphones. Just the world we live in these days (thanks spy-loving 'merica!).
I was being sarcastic. :) The Brits have had no shortage of success in the realm of espionage, which is why I found Zak’s comment amusing. I mean we’re talking about the country that cracked the Enigma machine!
Haha, no problem, man. You know how it is, when you’re typing it out it the sarcasm seems so clear, but it often doesn’t come across that way. I’m surprised there’s so internet standard font for sarcasm or something.
Hold on, i thought i saw it in a film that the US captured a sub and they cracked the Enigma code? ;) But yes i agree Britian has had James Bond in the past etc, but we are talking a different level of global spying, that people unknowingly opt-in too when they choose to use american software, or so it seems. I’m not saying it is only america tech doing this, but it seems to have become the norm in our post 9/11 world, and i’m not a fan of any kind of Orwellian social model.
This also applies to yourselves off course, which is why i post about here :) Anyway my concerns are pretty high for all this, so much so i changed a bunch of email to non-spying versions and avoid the cloud etc. Google are just big time players in all this it seems with the kind of projects they run etc?
They have their limits (which is why they push for more controls all the time), which is as it should be. One of the side issues of this ‘facebook’ generation of spyware is that it is eroding the regular skills of spycraft, simply sitting on facebook (etc) all day is reducing their ability to actually do what they did more traditionally, so that is a not often talked about side effect of this general shift to us giving them all our data on a plate. Poor spies!
Google is Facebook these days isn’t it? (or the other way around perhaps?) Anyway some more typical kind of stuff if you use those:
‘Harvest of Facebook user data prompts calls for tighter privacy settings’:
Facebook has been urged to tighten its privacy settings after a software engineer was able to harvest data about thousands of users – simply by guessing their mobile numbers.
The developer obtained the names, profile pictures and locations of users who had linked their mobile number to their Facebook account but had chosen not to make it public.
Security experts said the loophole would allow hackers to build enormous databases of Facebook users for sale on internet black markets. “They should be attempting to prevent the widescale hoovering up of data, and I’m disappointed to hear that they appear to have failed on this occasion,” said Graham Cluley, a computer security analyst.
Reza Moaiandin, the software engineer who discovered the flaw, exploited a little-known privacy setting allowing anyone to find a Facebook user by typing their phone number into the social network.
By default, this Who can find me? setting is set to Everyone/public – meaning anyone can find another user by their mobile number. This is the default setting even if that user had chosen to withold their mobile number from their public profile.
Using a simple algorithm, Moaiandin generated tens of thousands of mobile numbers a second and then sent these numbers to Facebook’s application programming interface (API), a tool that allows developers to build apps linked to the social network. Within minutes, Facebook sent him scores of users’ profiles.
In two minds about that one. Definitely a flaw that should be tightened, but at the same time its not like gray pages have not existed for decades. It is usually not that hard to get hold of those directories if you hang around dark places of the interwebs.
But FB is not a sanctioned legit gray directory service run by a sovereign entity and additional data was scraped (profile pic). But that is moot, given criminals getting access to most of that data via leaked gray pages already happens.
Social media just presents a new attack vector. The more this kind of stuff is spoken about though, the sooner users wise up to understanding that and taking precautions - like reviewing the privacy settings that are available to them.
The funny thing is, I know that facebook and google and twitter all collect data on me to varying degrees, and I think I’m actually OK with that. I think I’m definitely more OK with those folks gathering data on me than I am with, say, my bank or my government. I trust google and facebook more. Their motive is more pure.
Their motive is cash.
Google and Facebook will never sell my data. It’s the most valuable currency they possess. That user data is their monetization. They’re going to guard it like Smaug sitting atop his hoard. Google and Facebook base so much of their revenue generation around “Advertise with us, and we’ll show your ads to a highly selective and targeted audience.”
So, while I’d prefer that no one collects data on me, I’m also happily a citizen of the 21st century that understands that such information is the currency of the time. Thus, I’m much happier if the entities collecting that information on me value it so highly that I can trust them somewhat more to safeguard it better.
Yeah, Google and Facebook monetize your user data, by essentially selling the ability to leverage it to advertisers.
Although the potential for an issue remains in cases like the most recent Facebook thing, where they don’t effectively protect their own stores of your information, and enable others to easily access it.
I’m not confident in Google’s ability to keep my data safe than I am Facebook.
Of course… are folks still using facebook? I haven’t used facebook in ages. In my mind, it’s become what MySpace became when Facebook showed up. It’s the social media of old people now.
