Discussion:
Get _off_ the mic
(too old to reply)
Don Marti
2015-06-23 15:45:49 UTC
Permalink
Just wondering about this LWN story...

"Even if the binary only does what it is purported
to do, it can turn on the microphone and upload
what it hears to a remote site to search for a
key phrase."

https://lwn.net/Articles/648392/

Hooray for Debian for catching the immediate problem,
but now I'm wondering: Is there some kind of wrapper
that would prevent a certain application from getting
access to the mic in the first place? Something like

nomic /usr/bin/wtf

or some PulseAudio command that would have the same
effect?
--
Don Marti <***@zgp.org>
http://zgp.org/~dmarti/
Are you safe from 3rd-party web tracking? http://www.aloodo.org/test/
Teh Entar-Nick
2015-06-23 23:03:58 UTC
Permalink
but now I'm wondering: Is there some kind of wrapper that would
prevent a certain application from getting access to the mic in the
first place? Something like
nomic /usr/bin/wtf
or some PulseAudio command that would have the same effect?
Usually if you scramble the $PULSE_SERVER env var, you confuse most
programs that try to play with audio. Setting to /dev/null or /dev/zero
may have useful effects, though I haven't fussed with it much.
Don Marti
2015-06-24 13:48:53 UTC
Permalink
Post by Teh Entar-Nick
but now I'm wondering: Is there some kind of wrapper that would
prevent a certain application from getting access to the mic in the
first place? Something like
nomic /usr/bin/wtf
or some PulseAudio command that would have the same effect?
Usually if you scramble the $PULSE_SERVER env var, you confuse most
programs that try to play with audio. Setting to /dev/null or /dev/zero
may have useful effects, though I haven't fussed with it much.
When I look at /proc/$chromium_pid/environ I don't
see any PULSE.* environment variables at all.

Now I'm going to have to dig into this.

Then: Why won't media on Linux "Just Work"?

Now: This program is doing WHAT with my mic?
--
Don Marti <***@zgp.org>
http://zgp.org/~dmarti/
Are you safe from 3rd-party web tracking? http://www.aloodo.org/test/
Ruben Safir
2015-07-15 10:21:57 UTC
Permalink
Post by Don Marti
Post by Teh Entar-Nick
but now I'm wondering: Is there some kind of wrapper that would
prevent a certain application from getting access to the mic in the
first place? Something like
nomic /usr/bin/wtf
or some PulseAudio command that would have the same effect?
Usually if you scramble the $PULSE_SERVER env var, you confuse most
programs that try to play with audio. Setting to /dev/null or /dev/zero
may have useful effects, though I haven't fussed with it much.
When I look at /proc/$chromium_pid/environ I don't
see any PULSE.* environment variables at all.
Now I'm going to have to dig into this.
Then: Why won't media on Linux "Just Work"?
Now: This program is doing WHAT with my mic?
How pulseaudio works at all has been a mystery with me of late. It
drives me crazy.
Post by Don Marti
--
http://zgp.org/~dmarti/
Are you safe from 3rd-party web tracking? http://www.aloodo.org/test/
_______________________________________________
Do not Cc: anyone else on mail sent to this list. The list server is set for maximum one recipient.
linux-elitists mailing list
http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
Shlomi Fish
2015-06-24 09:05:37 UTC
Permalink
On Tue, 23 Jun 2015 08:45:49 -0700
Post by Don Marti
Just wondering about this LWN story...
"Even if the binary only does what it is purported
to do, it can turn on the microphone and upload
what it hears to a remote site to search for a
key phrase."
https://lwn.net/Articles/648392/
Since this story is behind a pay-wall for now, here is a link (which requires
neither payment nor enabling/whitelisting JS) to what the story probably is
about:

http://thestack.com/google-audio-debian-binary-hotword-190615

Is it the same story?

Regards,

Shlomi Fish
--
-----------------------------------------------------------------
Shlomi Fish http://www.shlomifish.org/
Freecell Solver - http://fc-solve.shlomifish.org/

It does not mean what I think it means, but it means what *you* think it
means.

Please reply to list if it's a mailing list post - http://shlom.in/reply .
Don Marti
2015-06-24 12:35:24 UTC
Permalink
Post by Shlomi Fish
On Tue, 23 Jun 2015 08:45:49 -0700
Post by Don Marti
Just wondering about this LWN story...
"Even if the binary only does what it is purported
to do, it can turn on the microphone and upload
what it hears to a remote site to search for a
key phrase."
https://lwn.net/Articles/648392/
Since this story is behind a pay-wall for now, here is a link (which requires
neither payment nor enabling/whitelisting JS) to what the story probably is
http://thestack.com/google-audio-debian-binary-hotword-190615
Is it the same story?
Yes, it's the same story. Debian bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909

upstream bug:
https://code.google.com/p/chromium/issues/detail?id=491435

(This is an interesting example of how as soon as
a company adopts a surveillance marketing business
model, the fraction of cases in which it gets the
benefit of the doubt on software issues goes way down.
Companies other than the big G would probably have
gotten a less vehement reaction.)

And, by the way:
1. Install tracking protection if you don't have it
( http://www.aloodo.org/test/ )

2. Advertisers will no longer be able to track the
Linux audience from Linux sites to other sites,
forcing the value of ads on Linux sites up.

3. LWN starts making so much money from ads that it
can turn off the paywall.

(What, it's worth a try...
http://blog.aloodo.org/misc/site-request/ )
--
Don Marti <***@zgp.org>
http://zgp.org/~dmarti/
Are you safe from 3rd-party web tracking? http://www.aloodo.org/test/
Loading...