Google has removed an extension from its open source browser Chromium after people complained that it had been downloaded without permission and then listened to users through their microphones. The Chrome Hotword extension was used by Chromium to offer "OK, Google" voice activation to the browser.
Privacy advocates were concerned about the potential for eavesdropping, particularly in light of the fact that users were not warned of the presence of the extension. There was also concern that the extension is not open source, so it was not possible to see exactly what it was doing. In response to complaints, Chrome Hotword has now been made an optional component.
With Chromium being open source, users were especially disappointed to see the inclusion of a non-open source element. What was more worrying for some was the fact that Hotword did not appear in the list of extensions visible by visiting chrome://extensions/. Users looking to chrome://voicesearch/ quickly learned that the extension existed, was enabled, and had access to the microphone.
Writing on the Chromium message boards, Google said:
As of the newly-landed r335874 Chromium builds, by default, will not download this module at all.
A binary blob module like this can not be installed by a user via clicking on a link. Such a Native Client module can only be installed by the user deliberately from the Chrome Web Store.
Chromium is open source and it's important to us, as is it is to you, that it doesn't ship with closed-source components, lazily or not.
Is this enough to allay the fears of those concerned with privacy?