Be just as suspicious of your news providers as you are about your software providers

As a human who occasionally gets a giggle out of some news articles, I riff on Phoronix sometimes for the ‘sensationalist’ journalism on my G+ feed. While the news site can occasionally get excited for mundane developments, one important detail is that Phoronix doesn’t intentionally misrepresent issues. I may riff on Phoronix, but I genuinely trust their news as the baseline for reliable information, and if Larabel notices an inconsistency he’s quick to update his articles.

I can’t say the same for Rick Falkvinge and his “Privacy News Online” website.

I got linked to an article from OSNews and was absolutely disgusted by the amount of distortion in the article, which goes beyond sensationalism and straight into damaging and slanderous territory. I may titter at Phoronix once in a blue moon, but “PNO” actively made me sick.

So, what’s the article about?

Google provides a service binary for its “O.K. Google” voice search functionality, this package is downloaded by Chrome as a post-installation package. Open-source Chromium builds download the module the same manner. The function of the voice search module is to listen for a key phrase and transmit voice snippets to Google for interpretation, ultimately so the user may use a reliable voice-search mechanism. Despite being downloaded voice search is not activated by default.

The Pirate Party founder behind the article took offence that an open-source Chromium browser will download the binary blob which provides the service, and I imagine mouth-still-frothing decided the only way to solve this problem was to slam the Googley browsers through a litany of litigation-worthy libel.

Paraphrased, or rewritten? Rewritten.

The most egregious part of the article is a portion which “obviously paraphrases” a Google rep, and it offends me as a thinking person. The paraphrased content makes Google out like a villain ready to tie people to train tracks, wilfully rewriting the statements from a bug report to make it as draconian as possible.

The paraphrased content is a copy->paste away from landing in the article as-is, and when you read the original texts it’s all quite reasonable – my paraphrasing of it goes;

There’s a binary voice-search module which will be downloaded, but it’s not enabled by default, and you can specifically tell Chromium not to download it. We think voice is pretty important, so we give it to you by default and treat it as part of the core browser, but you need to enable it yourself for privacy reasons.

But the “paraphrased” cartoon-villain version of the same text from “Privacy News Online” would make the NSA blush. Below is snippets copied-and-pasted from the article, cropped for brevity. Though I added exclamation marks because I feel it’s more appropriate punctuation for the ridiculousness;

Yes! We’re downloading and installing a wiretapping black-box to your computer! We did take advantage of our position as trusted upstream to stealth-insert code into open-source software that installed this black box onto millions of computers! Yes, Chromium is bypassing the entire source code auditing process by downloading a pre-built black box onto people’s computers. But that’s not something we care about, really! Yes, we deliberately hid this listening module from the users! We don’t want to show all modules that we install ourselves!

(I also added the “Muahahaha”, sorry. It’s too ridiculous)

We must defend ourselves against features!

The article goes on to say that, because companies force these terrible optional binary features on us, that we need to start getting all kinds of tin-foil-hat crazy with our electronics.

Fun fact: I used to work in a call-centre troubleshooting mobile phones. My favourite call ever was from an individual who wrapped is battery in tin-foil so “the government couldn’t listen”

His first point is that people will “downplay the alarm”; Oh, you bet. He questions how it knows ‘OK Google” was spoken, implying that everything you say is always transmitted. There’s two problems with this point; he skipped the part where you need to enable it, and simple math dictates that even the great Google can’t beam millions of simultaneous voice-streams to their servers perpetually.

His next point is that it is a big deal for the same reasons as point #1; that Google is slurping up physically impossible amounts of bandwidth listening to millions of people across the world. He adds that maybe there’s keywords embedded in the software which Google is listening for, so every time you mention artichoke, broccoli, cauliflower, or dates Google will secretly log your love of vegetables or hot singles looking for a night out. One of the two.

Then he questions why it’s “opt-out”. Protip: when something isn’t enabled by default, it’s opt-in. But I get it! He wants all binary things in Chromium to be opt-in, not wanting binary components near his open-source sauce; but that’s a build issue, and if someone is building Chromium it puts that person in an entirely different league than someone who just wants their browser to work.

Lastly, he says the inverse of the previous argument which I just said; he states it’s opt-in except for having the binary component, but then implies “we don’t really know that for sure! It could still be running! Google could be downloading different spyware!”. This argument annoys me because that’s not how computers work; you can have the most malicious executable on your hard-drive, but it’s inert until you run it. I could have “babyeater.o” sitting on my computer right now, but until I choose to run it, it’s nothing. His entire argument here hinges on the idea that “Google put a binary service onto my computer, and they could secretly run it on my computer!”; but they aren’t. Google isn’t stupid. If they tried that Google would stand to lose billions of dollars in an international class-action lawsuit. If they say it’s “opt-in” it’s going to be opt-in, and just because it isn’t obvious doesn’t mean it’s hidden. Chrome and Chromium have a multitude of features, and for obvious reasons Google isn’t going to add a 12-part setup wizard to Chromium so every user can make decisions about highly technical aspects of a web-browser.

Finally, the cherry on the top is the article advocating all computer peripherals should have physical on/off switches. But! Companies are EVIL! DANGEROUS! WILLING TO DO THINGS WHICH WOULD GET THEM SUED! What if these evil companies put out webcams and microphones which simply had dummy on/off switches? Clearly, hardware manufacturers are above snooping. At his level of paranoia, there’s a much easier solution than making the hardware industry include physical switches for everything: unplug the damn devices. I mean, it’s common knowledge that many computer systems are vulnerable to remote tapping – and they don’t even turn on the “recording” LED on webcams. If you’re going to be paranoid, at least be paranoid *all the way*.

Should you don the tinfoil headgear?

I advocate crazy people. Crazy people let us know we’re all still sane, and sometimes crazy people find out crazy things or point out issues which should have been crazy obvious. People like Richard Stallman who are clearly insane are necessary, because they pull the whole baseline in a focused direction. They’ll more readily call out things which are on the verge of becoming dangerous. I enjoy people who are constructively crazy. Richard Stallman brought us wonderful ideal open-source licences, putting his brand of crazy in the “awesome” end of the spectrum.

But then you get people like Rick Falkvinge. Rick is being crazy too, but he’s not being constructive. I don’t like Rick. His article could have been incredibly informative; he could have taught us how Chromium works, what it’s doing, why it’s doing it, and how to make an informed choice.

Freedom is fake if your choices are based on lies. Choices aren’t real when you’re not informed. Decisions aren’t your own when someone scares you into them. It’s manipulation.

When I read article like “Google Chrome Listening In To Your Room Shows The Importance Of Privacy Defense In Depth” I get angry because of how it portrays the issue; it’s doing a disservice to his readers because they will not have an informed choice. The article is manipulating its users into thinking voice search is an evil scheme by a faceless behemoth.

I like Google – but while I’m cautious about my Google intake – they still provide high quality services and set a reasonable expectation about how they use my data. What if a handicapped user read his article? Or a friend of a handicapped person? What if that person who could have benefited from voice search thought it was malicious spyware, instead of knowing what it was really all about? I may never use voice search, but I think it’s a very reasonable inclusion provided in a way that minimises hoops for interested users.

In the end, I guess this all goes to say that we also need to look into our news sources; Rick Falkvinge doesn’t seem to be making any effort to provide valuable information, instead preferring to force klaxxon onto readers based on pre-conceived notions. So when you open up an article, keep in mind that authors can be biased just as much as software can be dangerous.

Now that you’ve finished my article on it, please, ponder what I’ve said and question what biases I have. Do some research on the topic – Google it. Come to a clear understanding, and make a real choice.