Google Pulls Controversial Audio Listening Code from Chromium Browser

Google Insists that concerns over its hotword module being used for eavesdropping are off target, but it has removed the module that's meant to enable hands-free search.

Chromium Handsfree

Google has removed an audio listening component from the Chromium open source browser after some developers complained the code was being quietly installed and activated on the browser without the user’s knowledge or consent.

However, the company flatly denied the so-called hotwording component was doing the same on its proprietary Chrome browser, and insisted that users had to proactively opt in for the feature to get into active, listening mode.

“We're sure you'll be relieved to learn we're not listening to your conversations—nor do we want to,” a Google spokeswoman said in an emailed statement to eWEEK. “We're simply giving Chrome users the ability to search hands- free at their computers by saying “OK Google” while on the Google homepage—and only if they choose to opt in to the feature.”

Concerns that Google was secretly listening to conversations of Chrome users surfaced recently after some developers reported observing Chromium—the open source project on which Chrome is based—silently downloading an extension on startup dubbed the “Chrome Hotword Share Module.”

The developers expressed concern over the apparent fact that the module’s audio-capture capability was activated by default, and that the extension itself appeared to be proprietary and hidden from the extension list.

“Without consent, Google’s code had downloaded a black box of code that—according to itself—had turned on the microphone and was actively listening to your room,” Rick Falkvinge, the founder of Swedish Pirate Party wrote in a blog last week.

Google initially responded via its developer boards noting that the significance of the issue depended on whether the user was running Chrome or Chromium. On Chrome, which Google controls, hotword activates and records audio only after user permission has been explicitly given, the company noted.

“While we do download the hotword module on startup, we do not activate it unless you opt in to hotwording,” the company said.

The company absolved itself of any responsibility for the proprietary module’s behavior and its presence on an open source project like Chromium. Chromium is not a Google product and the company makes no guarantees with respect to the code’s compliance with open source policies, the company said.

“If a third party (such as Debian) distributes it, it is their responsibility to enforce their own policy,” Google said, adding that Debian had disabled the hotword module in its Linux distribution.

Because of the concerns about the feature, Google said it also has made it easier for third-party distributors to disable hotwording going forward. But amid persisting concerns over the hotword module’s presence in Chromium and despite Google’s earlier explanations, the company on June 24 said it had removed the hotwording component entirely from Chromium. “As it is not open source, it does not belong in the open source browser,” Google noted on its developer board, offering no explanation of what it was doing there in the first place.

According to Google, Chrome’s hands-free search on Google Search is available only through explicit opt-in. The hotword module has the permission to listen to the computer’s microphone, but does not do so by default.

When enabled, the module waits for the user to say “Ok Google” into the microphone. It then displays a message to the user indicating that Chrome is ready to respond to voice searches, the company said. The module converts the audio query into text via the Web Speech API and sends the resulting text to Google as a search query.

The module does not send audio the entire time users are surfing the Web or when the computer is switched on, the company said. However, it does keep an anonymized copy of the query, even if the user has not enabled storage of the data.

Jaikumar Vijayan

Jaikumar Vijayan

Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.