Google Chrome Allows Websites to Use Your Microphone to Spy On You. Here's How to Turn It Off. [UPDATED]
Keep reading if you haven't heard this one before, or skip to the important update below — "UPDATE: Google Chrome Acts Like Spyware"
Before I get into telling you how to turn off your microphone in Chrome, read Forbes' "Here's How Easy It Is For Google Chrome To Eavesdrop On Your PC Microphone" to understand why this important:
What if the laptop on your desk is listening to everything that is being said during your telephone calls and conversation or from others near your computer? Then imagine that the audio from the internal microphone is being instantly uploaded to Google where it is transcribed and broadcast on a real-time basis to a malicious web site, Twitter, or to a competitor. Sound like a high-tech novel?
This isn't new news, but it's important, because once you grant microphone access to a website in Google Chrome, that website retains access until you revoke it. This wouldn't be too much of a problem, except that the audio can be uploaded even when you're not using your computer, and the privacy of everyone around you is also compromised, as background audio is uploaded, as well. This makes Chrome excellent spy technology for malicious websites to which you might inadvertently grant access.
So, what do you do now that you've potentially allowed Google to create gross privacy invasions (again) into your life? One thing to do, if you're going to continue to use Google's browser, is TURN OFF YOUR MICROPHONE IN CHROME.
How to Turn Off Your Microphone In
- Click on the little hamburger menu in the upper right of your Chrome browser window.
- Click on Settings in the drop-down menu. This will open a new tab in your browser window.
- Click Settings in the upper left under Chrome.
- Scroll down and click Show advanced settings… at the bottom of the page.
- Click the Content settings… button under Privacy.
- Scroll down to Media in the Content settings pop-up and choose the Do not allow sites to access your camera and microphone option.
- Click the Manage exceptions… button.
- If there are urls listed in the Media exceptions pop-up, hover over each one for which you want to revoke microphone access and click the X next to them at the right end of the line. To be able to test these new settings later, make sure to also revoke access to https://www.google.com:443.
- Click the Done button.
- Click the Done button on the Content settings pop-up below that.
- Quit your Chrome browser and then restart it.
- Go to Web Speech API Demonstration, where you will test your new settings.
- Click on the the small microphone in the right upper corner of the text box. If the microphone is crossed out and the message "Permission to use microphone is blocked" appears, you have successfully blocked websites with previous permissions.
Any sites that DO have permission to access your microphone will show a red dot in their tab when the microphone is in use, as it does when I use UberConference.
Seven, if you decide to keep using the Google Chrome browser.
In the future, if a website wants to access your microphone, it will have to ask permission to do so. When you give permission, though, that permission to access your microphone remains active until you repeat the above process to revoke their access. Because of this default continued microphone access, it is important to create a regular reminder in your calendar to check these permissions on an ongoing basis to make sure that your privacy, at least in this regard, is secure.
Even if you do all of this, though, Chrome retains access to your microphone by default unless you can figure out how to opt out, which Google has not made at all apparent (see UPDATE below). The fact that Google made this an opt-out rather than an opt-in process is pretty shady. It tells us that they hold their ability to record us as more important than their consumers' right to privacy, and this makes me distinctly uncomfortable. As a young woman, I was taught to avoid any potential romantic partner who used the words "You can trust me." This is basically the line Google has given us about this microphone access issue. I don't know about you, but I don't see why I should trust that kind of line when it comes out of a giant company's mouth, either.
Now, if you've done all the steps in this how-to and you're still on Google Chrome, you can sing like nobody's (probably) listening!
UPDATE: Google Chrome Acts Like Spyware Even Without Malicious Websites
On top of Google Chrome leaving the door open for malicious websites to spy on you, Chrome also, without your permission, installs code on your computer that is designed to support its new "OK, Google" hotword detection for voice search. The problem is that even when you have not enabled "OK, Google" voice search the code is activated in your computer and ready for use, if Google so chose to use it. Google's defence is, basically, "But we won't use it. Honest!" My question is this, though: if a user isn't going to use hotword detection for voice search, then why is the code installed covertly and left on without obvious user control?
Privacy campaigners and open source developers are up in arms over the secret installing of Google software which is capable of listening in on conversations held in front of a computer.
Want to see for yourself that you no longer control your microphone when you install Chrome? First, make sure you haven't enabled "OK, Google" voice search:
- Copy and paste the following link into your browser bar to go into your Chrome Settings: chrome://settings/.
- Find Search.
- Make sure that the box next to "Enable 'OK, Google' to start a voice search" is not checked.
- Now copy and paste the following link into your browser bar to see information about Voice Search on your computer: chrome://voicesearch/. This will bring up a page called About Voice Search.
You'll notice that Microphone and Audio Capture Allowed both show Yes, even when Hotword Search Enabled and Always-on Hotword Search Enabled show No, and you are not offered settings to turn these off. This means that your computer is now a potential listening device.
Why the back door sneakiness, Google? How do you ethically support the unnecessary installation of code that alters the basic functionality of an individual's computer without their consent?
Google Chrome is looking like a big old pile of shady nope, right now.