Is your Chrome browser spying on you?
It’s convoluted and unlikely, perhaps, but there’s a way that websites can trick the Chrome browser into leaving the mic open, allowing who knows whom to eavesdrop.
In Chrome, whenever a website wants to access a visitor’s microphone the browser prompts the user for permission which, if granted, is for that session only. Move to another site or close that tab and the mic is disabled. However, PCWorld reported on Wednesday, there is a way for a site to keep the mic turned on.
“But as Web developer Tal Ater discovered, malicious sites can use pop-under windows to keep listening even after the user has gone to another site or closed the main browser window. Unlike a regular browser tab, pop-under windows don’t show the recording status icon, and can continue to listen in for as long as the pop-under window stays open. The exploit can also stay dormant until the user utters certain key phrases.”
Techworld reported Thursday that although Google had a patch readied to fix this vulnerability on September 24, they decided not to use it.
“‘We’ve reinvestigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it,’ it [Google] said.”
This kind of makes the case for just using a plug-in mic instead of having one built-in, doesn’t it?
Is the balkanization of the Internet at hand?
It’s no longer news that quite a few countries are concerned enough about the NSA’s actions that they’re taking steps to protect themselves from our spying. This is leading some to suspect this might eventually result in a system of national Internets, as noted by IEEE Spectrum on Thursday.
To a degree, this is already happening. Germany is taking steps to assure that data packets originating in-country to be delivered in-country are never routed outside of Germany. In South America, Brazil’s president Dilma Rousseff is seeking legislation that will force companies, including Facebook and Google, to store all data on servers located within Brazil.
In addition, the NSA’s actions have resulted in a revival of the Open Root Server Network (ORSN), a system of root nameservers operating independently from ICANN. Taken offline in 2008, the system was put back in service in June as a result of Edward Snowden’s whistle-blowing.