14 DAY TRIAL // A bug filed with the Debian project has sparked controversy in the Linux community after it has been observed how Chromium silently downloads a binary file which then turns on the user's microphone and starts listening in on conversations without asking for permission.
To fully understand the issue, we must set the table with a few extra details about how Linux distributions work and how Chromium relates to the Google Chrome project.
All packages for Linux distros are usually installed only after programmers have a look over their source code and clear it for distribution if no weird or hidden behavior is found.
This is true for Chromium as well, the open sourced version of Google Chrome, a playground where Google devs test features before adding them to Google's main Chrome browser.
Chromium browser starts listening to your microphone without asking for permission
Apparently, the latest version of Chromium (version 43) on Debian, silently installs a binary file without the user's consent or without being pre-checked or pre-approved.
This binary is, in fact, an extension responsible for the browser's voice search feature and adds the famous "OK Google" functionality found in the company's mobile apps to its Chromium project.
The problem, in the eyes of the Linux community, resides in the fact that this module's source has not been made available to them and the module goes on to make crucial changes to the browser's settings by activating the user's microphone and starting to listen to surrounding noise without ever asking for permission.
Google's answer makes "technical" sense
Google, when confronted with this problem, has responded that this module, even if downloaded, won't actually work unless the user turns on the 'Enable "Ok Google" to start a voice search' setting.
Rick Falkvinge, the founder of the Swedish Pirate Party, argues that this doesn't actually stop Google from listening in, but merely tells the browser not to respond to audio input. The monitoring feature still works, and the microphone still remains open, even if Google has provided an indirect method for opting-in.
He also points out that Google's promise not to listen in is not to be taken lightly, making a direct connection to the NSA and its promise not to abuse its surveillance powers. Just ask Edward Snowden how that worked out.
Since the issue was revealed, the Debian project, as of Chromium 43.0.2357.81-1, has disabled the loading of the aforementioned extension, but since Chromium is Google's Chrome testing ground, you can be 100% this feature is going to be, if already not, in Chrome's core.
You can download Chromium from Softpedia, with the appropriate version for your operating system: Windows, Linux, and Mac OS X.
UPDATE: Since we wrote the story, more and more security researchers, along with users are confirming that the same extension is present in Chromium on other operating systems like Windows, Mac, and Ubuntu.
