Page 1 of 1

Re: Big Brother

Posted: Tue Jan 28, 2014 12:40 pm
by prophecy
Given the following information would recommend you remove Google Chrome and other Google products from your PC ( Personally I have never used and will not use Google products )

Google Chrome can be deliberately compromised by a new exploit which lets malicious sites turn Google Chrome into a listening device, one that can record anything said in your office or your home, as long as Chrome is still running.

How it Works

A user visits a site, that uses speech recognition to offer some cool new functionality. The site asks the user for permission to use his mic, the user accepts, and can now control the site with his voice. Chrome shows a clear indication in the browser that speech recognition is on, and once the user turns it off, or leaves that site, Chrome stops listening. So far, so good.

But what if that site is run by someone with malicious intentions?

Most sites using Speech Recognition, choose to use secure HTTPS connections. This doesn’t mean the site is safe, just that the owner bought a $5 security certificate. When you grant an HTTPS site permission to use your mic, Chrome will remember your choice, and allow the site to start listening in the future, without asking for permission again. This is perfectly fine, as long as Chrome gives you clear indication that you are being listened to, and that the site can’t start listening to you in background windows that are hidden to you.

When you click the button to start or stop the speech recognition on the site, what you won’t notice is that the site may have also opened another hidden popunder window. This window can wait until the main site is closed, and then start listening in without asking for permission. This can be done in a window that you never saw, never interacted with, and probably didn’t even know was there.

Full link to article : http://talater.com/chrome-is-listening/

To make matters worse, even if you do notice that window (which can be disguised as a common banner), Chrome does not show any visual indication that Speech Recognition is turned on in such windows - only in regular Chrome tabs.

Google security risks

Posted: Tue Jan 28, 2014 8:11 pm
by editor
Thanks, Prophesy, for your post on Google Chrome. I've moved it to Security, since this seems more appropriate.

Re: Google security risks

Posted: Mon Oct 01, 2018 3:31 pm
by Eowyn O Rohan
Is there a Linux alternative to Android for "SmartPhones" and tablets?

Re: Google security risks

Posted: Mon Oct 01, 2018 7:47 pm
by editor
Eowyn O Rohan wrote:
Is there a Linux alternative to Android for "SmartPhones" and tablets?
Yes, there are alternatives.

Depending on the device, there are some upon which you can install a full GNU/Linux distro. But this rare, and not always desirable. It's still all fairly new; telephony specific apps are not very well supported, and a lot of functionality is experimental. In other words, not really ready for prime time.

However, there is a rich environment of open source and custom Android distros which can be installed to replace the stock Android that comes with many Android-based smartphones and tablets. Some manufacturers are more customization friendly than others. You'll want to check your specific device for compatibility. Some manufacturers, such as LG, habitually lock their bootloaders, so it's impossible to install a custom OS.

The originators of these alternate Android distros was a group that produced CyanogenMod, and which now is called LineageOS. This is still the most mainstream group, and many other custom ROMs (a ROM is the file containing the new OS which gets "flashed" or copied over top of the stock OS) are based on LineageOS.

If your device isn't supported by LineageOS (or even if it is) you might check out the forum at XDA-Developers. You can do a search there for your particular device, and that's where all the developers and modders hang out.