Chromium spying on you in Linux?

[VirtualLarry]

http://distrowatch.com/weekly.php?issue=20150622#news

Chromium is an open source web browser which acts as a testing ground for Google's Chrome web browser. Since Chromium is an open source product and Chrome is not, Chromium is more often included in distribution repositories. Several Chromium users have noticed recently that the web browser silently installs additional, closed-source extensions which it then hides from the user. This behaviour has triggered a good deal of concern, especially in the Debian community where software licensing and security are high priorities. In a Debian bug report one user observes, "After upgrading Chromium to 43, I noticed that when it is running and immediately after the machine is on-line it silently starts downloading `Chrome Hotword Shared Module' extension, which contains a binary without source code. There seems [to be] no opt-out config." A similar bug has been reported to the Chromium team, stating, "I find the new behaviour of hotword (from v43 on) extremely conspicuous: Opt-in default, downloading a binary blob without notification, extension not being shown in extension list, ability to record audio... I almost fell out of my chair when I saw that. Great strategy to erode trust of any user who is even slightly concerned with security." The Chromium developers are making the closed-source module an optional feature which distributions can enable or disable as they see fit.

 

[smakme7757]

Seems like a poor decision. I see no reason to hide "features". Auto downloading binary blobs after install just seems really strange. Even more so in an open source project.

 

[Dude111]

www.dslreports.com/forum/remark,30125148