Skip to main content

OK, Google: Privacy concerns

At the Google I/O conference last week, the company rolled out "OK, Google," which is a universal version of the Siri-style of conversational interaction. But instead of being solely on the phone, it will also work on your desktop via Chrome. Immediately after seeing this product, I feared for my privacy.

My concerns were allayed by the people at Google who explained the reasonable mechanism, but I still have problems. Let me explain further.

The product is a voice recognition system and a computer voice response situation combined with a search engine.

It works like this:

You are in front of your computer and you say: "OK, Google." This brings up a flashing mic icon into which you ask the computer a question such as "Where is the nearest Chinese restaurant?" The computer then says: "The nearest Chinese restaurant is two streets away at this address." It then brings up a search page with the restaurant and alternatives.

The first thing I thought of was that Google must be listening in at all times waiting for you to say "OK, Google." So I investigated because I do not need an ear in the room listening to everything I say.

Google says that this is not the case and, in fact, there is a small piece of code that listens locally for the "OK, Google" command and that is what opens the mic to stream to Google. Furthermore, this feature will only be available as a Chrome plug-in rather than being bundled with a normal Chrome download.

Curiously, this opens a whole new product line because this concept is named "hotwording." I'm assuming that there will be other hotwords like "OK, Maps" or "OK, Music."

I'm still concerned because if the browser can somehow open my microphone with the "OK, Google" command, when else can the browser open the mic?

We already know about remote viewing and it's been sold to us as a good thing. Imagine that a guy gets his laptop stolen. He runs a program that's installed on the laptop so he can remotely turn on the camera and the mic to figure out who took the computer. Over in the US, this sort of code was actually implemented at a school and the school administrators ended up spying on kids in their bedrooms.

I do not know of any browser-based code that will turn on the mic so it can stream to some service over the Internet. But as I think about it, I can see it working and not be based on permission. No matter what Google says to ease our fears, I'm distrustful.

Whatever the case, I do not like this. That said, I use the Google voice recognition constantly on my Android phone. Most of Google's services are addictive and fun, and they can certainly be useful.

This will be another one of those services. But as a user I'm cautious. You should be too.