Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Chrome Flaw Sets Your PC's Mic Live

Posted by timothy on from the lives-of-others dept.

First time accepted submitter AllTheTinfoilHats (3612007) writes "A security flaw in Google Chrome allows any website you visit with the browser to listen in on nearby conversations. It doesn't allow sites to access your microphone's audio, but provides them with a transcript of the browser's speech-to-text transcriptions of anything in range. It was found by a programmer in Israel, who says Google issued a low-priority label to the bug when he reported it, until he wrote about it on his blog and the post started picking up steam on social media. The website has to keep you clicking for eight seconds to keep the microphone on, and Google says it has no timeline for a fix." However, as discoverer Guy Aharonovsky is quoted, "It seems like they started to look for a way to quickly mitigate this flaw."

87 of 152 comments (clear)

  1. Flaw? by GodfatherofSoul · · Score: 5, Interesting

    Yeah right.

    --
    I swear to God...I swear to God! That is NOT how you treat your human!
    1. Re:Flaw? by fustakrakich · · Score: 5, Insightful

      Yeah, the flaw is that it wasn't hidden well enough..

      --
      “He’s not deformed, he’s just drunk!”
    2. Re:Flaw? by noh8rz10 · · Score: 2, Interesting

      WTF WHY IS CHROME TRANSCRIBING EVERYTHING I SAY??? are they looking for keywords to advertise against, like they do in gmail? the bug here is that some websites are gaining access to the transcriptions that are supposed to only go to google?

      I admit that sometimes I have my tinfoil hat on, but this is absurdly beyond the scope of anything I could have imagined.

    3. Re:Flaw? by Anonymous Coward · · Score: 2, Interesting

      WHY are you using a proprietary commercial suite to browse the web??

      Captcha: nonsense

    4. Re:Flaw? by Anonymous Coward · · Score: 3, Insightful

      But why is the browser accessing the microphone in the first place?

    5. Re:Flaw? by Your.Master · · Score: 1

      So it's unreasonable to boycott Mozilla for hiring Eich, but reasonable to to boycott it for letting Eich go? Isn't that an inconsistent position?

    6. Re:Flaw? by narcc · · Score: 2

      Also, I will no longer test the software I develop with their browser. In this way, I will contribute to making Firefox deliver a substandard user experience to those who do choose to support them.

      How consistent are you?

      Do you use Google Chrome? Google openly supports gay marriage, so you must not test your code in their browser either, right? So does Microsoft, so IE is right out.

      Ah, you must be a Safari user! Oh, wait. Apple also openly supports gay marriage. I guess that can't be it.

      So... with what browser DO you test your software? Are you the last HotJava user? That would be pretty wild.

      --
      Required reading for internet skeptics
    7. Re:Flaw? by Anonymous Coward · · Score: 1

      I test all my web apps in Lynx. If it works there, it's ready to go out the door ;-)

    8. Re:Flaw? by GodfatherofSoul · · Score: 1

      Has anyone noticed that on stories about Google, if you post a negative comment almost immediately you get negative banged? Over time other readers pos bang you back up. This is probably the 5-10th time I've seen this happen. They must have PR guys trawling for this stuff.

      --
      I swear to God...I swear to God! That is NOT how you treat your human!
    9. Re:Flaw? by Richy_T · · Score: 1

      He didn't say anything about the boycotters. It's possible for both boycotts to be reasonable but for Mozilla's actions to not be.

    10. Re:Flaw? by noh8rz10 · · Score: 1

      What if homosexual couples adopt? Then your society marriage contract is still secure and everybody is good, yes?

  2. Google had to have put this in on purpose by Animats · · Score: 1, Insightful

    An "accidental bug" which enables not only the microphone (even when it's supposed to be turned off) but text to speech conversion? No way.

    If anyone can find an honest prosecutor, criminal prosecution is in order.

    1. Re:Google had to have put this in on purpose by MozeeToby · · Score: 4, Informative

      Of course it's built in, it's part of the "ok google" keyword that Google Now (recently added to the Chrome browser) uses to detect an incoming command. The flaw is that transcript is kept for any length of time and that it's available to websites being viewed.

    2. Re:Google had to have put this in on purpose by R.Mo_Robert · · Score: 1

      An "accidental bug" which enables not only the microphone (even when it's supposed to be turned off) but text to speech conversion? No way.

      Did you even read the summary? It offers access only to the text-to-speech conversion output, not the microphone itself. (But yes, that was my first thought, and no, this should still not be happening.)

      --
      R.Mo
    3. Re:Google had to have put this in on purpose by Anonymous Coward · · Score: 4, Informative

      speech-to-text

      Not sure why everybody keeps writing text-to-speech even though that makes no logical sense in this context :)

    4. Re:Google had to have put this in on purpose by alen · · Score: 1

      and i bet google gets a text stream of speech to text data of what people are saying
      i'll have to test this

    5. Re:Google had to have put this in on purpose by SumDog · · Score: 1

      People can get access to horrible transcripts that vaguely resemble words you said...or random noise it decides are words.

    6. Re:Google had to have put this in on purpose by Actually,+I+do+RTFA · · Score: 4, Funny

      Google Now (recently added to the Chrome browser)

      That's why it's always more secure to run software 6 or more versions out of date. No zero-day bugs for me!

      --
      Your ad here. Ask me how!
    7. Re:Google had to have put this in on purpose by 0ld_d0g · · Score: 2

      So, your privacy hinges on the fact that Google programmers remain incompetent?

  3. How conveeeenient! by plover · · Score: 5, Insightful

    This flaw, plus heartbleed, makes it sound like all the conspiracy theorists got together for a secret cabal to convince the world that the NSA really is out to get everyone.

    --
    John
    1. Re:How conveeeenient! by ArcadeMan · · Score: 4, Insightful

      The NSA really is out to get everyone! Except themselves, of course. That's private.

      --
      Get free satoshi (Bitcoin) and Dogecoins
    2. Re:How conveeeenient! by Wootery · · Score: 3, Insightful

      What the NSA does with itself in the privacy of the its comically failed oversight process, is its own business.

    3. Re:How conveeeenient! by Anonymous Coward · · Score: 1

      Echo chamber groupthink. You guys are a minority.

    4. Re:How conveeeenient! by Johann+Lau · · Score: 1

      So? People who resisted Hitler were in the minority, too. That just made it more valiant, not less worthwhile. In contrast, do you know what even 7 billion times zero adds up to? I think you might, deep inside, hence

      http://en.wikipedia.org/wiki/A...

      ^ I love how you come with that right after complaing about an "echo chamber", too.

    5. Re:How conveeeenient! by drolli · · Score: 1

      it makes it even believable that the NSA "accidentally" records all infromation which it "accidentally" acquired. You know, in times when even google "accidentally" turns on the microphone and a security library has "accidentally" simple checks deactivated, you know they just "accicentally" forgot the "SELECT" statement.

    6. Re:How conveeeenient! by mythosaz · · Score: 1

      Colorless green ideas sleep furiously.

    7. Re:How conveeeenient! by KliX · · Score: 1

      It's not the NSA, it's really /shit/ programmers. We're looking for you :p

    8. Re:How conveeeenient! by cascadingstylesheet · · Score: 3

      The NSA really is out to get everyone! Except themselves, of course. That's private.

      If only there were some way to rein them in ...

      I've got it! "Progressives" could control the Executive branch for over five years. I'd love to see the NSA pull this stuff then!

    9. Re:How conveeeenient! by Johann+Lau · · Score: 2

      I could have made the exact same point using a million comparisons, but I like to stick with Hitler just to give people like you something to get excited about ^^

    10. Re:How conveeeenient! by Johann+Lau · · Score: 1

      The counterclaim was that they do not.

      Actually, the response was "Echo chamber groupthink. You guys are a minority." Apologies for picking up on the undertones and jumping right to the meat of it.

      Then your claim is, basically, that it makes the people who agree that the NSA is not for protecting Americans is basically a hero and if more people were skeptical of the NSA then the holocaust might not have happened. Or some damned thing.

      Huh, I guess reading and thinking does not come easy for you. Keep trying!

  4. Don't Worry, Folks. by IonOtter · · Score: 4, Funny

    I talk to myself in different voices all the time, and engage in detailed plots to take over the world.

    If I haven't been picked up by the Men In White Coats by now, they aren't listening.

    --
    [End Of Line]
    1. Re:Don't Worry, Folks. by Ronin+Developer · · Score: 1

      And, the drone's payload of missiles.

      Now, I must re-engage my cloaking device and hope the missiles can't follow the heat signature from my chimney.

  5. Oh really.. EXCELLENT NEWS! by bobbied · · Score: 1

    They are turning on the built in microphone? EXCELLENT! Google can sure do stuff I never imagined possible...

    I have an old cheap laptop (still running XP) that doesn't have a microphone built in so somehow I don't think they are doing anything of the kind, at least to me.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    1. Re:Oh really.. EXCELLENT NEWS! by noh8rz10 · · Score: 4, Interesting

      the news here is that the website doesn't turn on the microphone, google turns on the microphone and starts making transcriptions of everything you say. the website just accesses the transcriptions. why is goog recording everything? rhetorical question, they are looking for keywords that they can advertise against. did you just say "cancun"? they will give you hotel and airline ads.

      that is super creepy.

    2. Re:Oh really.. EXCELLENT NEWS! by LookIntoTheFuture · · Score: 1

      the news here is that the website doesn't turn on the microphone, google turns on the microphone and starts making transcriptions of everything you say. the website just accesses the transcriptions. why is goog recording everything? rhetorical question, they are looking for keywords that they can advertise against. did you just say "cancun"? they will give you hotel and airline ads.

      that is super creepy.

      I have been very interested to see what will cause a large number of people to stop using Google products. We have got to be getting close.

      --
      Brave Sir Robin ran away. ("No!") Bravely ran away away. ("I didn't!")
  6. Undetectable Heartbleed bug? by DTentilhao · · Score: 2

    "The security flaw in the Chrome browser emerges just as the world is confronting the frightening prospect of an undetectable bug known as Heartbleed, that makes millions of passwords vulnerable to being stolen".

    'It is being widely reported in the popular press as well as many technical sites that a Heartbleed exploitation "leaves behind no trace"`. That of course is not true.

    SSL Server Test

    1. Re:Undetectable Heartbleed bug? by Johann+Lau · · Score: 2

      person reporting on toxicologist conference: "What we are dealing with here is a toxin that leaves no traces in the human body, making it impossible to find out the cause of death."

      Dwight: "FALSE! If you make a spectral analysis of ever particle of food and air that enters the body, and store them forever, you will find plenty of evidence for this supposedly undetectable poison!"

      I'd say they're both right, in a way. For most real world deployments, it's impossible to find out if they have been compromised by this in the past because they didn't have a packet filter installed, so it's best for them to assume that they have been.

    2. Re:Undetectable Heartbleed bug? by Swave+An+deBwoner · · Score: 1

      The popular press incorrectly "reports" lots of thing that are just plain wrong. However heartbleed.com already explained that such detection was possible if an IDS were looking for the fingerprint:

      Can IDS/IPS detect or block this attack?

      Although the content of the heartbeat request is encrypted it has its own record type in the protocol. This should allow intrusion detection and prevention systems (IDS/IPS) to be trained to detect use of the heartbeat request. Due to encryption differentiating between legitimate use and attack can not be based on the content of the request, but the attack may be detected by comparing the size of the request against the size of the reply. This seems to imply that IDS/IPS can be programmed to detect the attack but not to block it unless heartbeat requests are blocked altogether.

      It's just that now that a patch is available most folks would rather just fix the problem than watch their systems get compromised. And like Johann Lau already noted, not many sites keep an archive of all the network traffic that has passed through their site, so retrospective analysis is extremely unlikely.

    3. Re:Undetectable Heartbleed bug? by Johann+Lau · · Score: 1

      You mean NSW, which is short for NSFW, which stands for New South Fucking Wales, right?

      You have a point, but I think they generally use their ill-gained information to exploit sheep rather than to help people protect internet infrastructure :(

  7. Don't worry by Junior+J.+Junior+III · · Score: 1

    This is how Batman is going to be able to find the Joker, and we're all going to be glad when he puts a stop to his plot to poison the whole city.

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
    1. Re:Don't worry by roc97007 · · Score: 1

      ...and then destroys the eavesdropping tool after he catches the bad guy. Really.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    2. Re:Don't worry by stoploss · · Score: 1

      ...and then destroys the eavesdropping tool after he catches the bad guy. Really.

      ...which is how you know it's fantasy.

  8. Temporary workaround by Alain+Williams · · Score: 4, Funny

    Get the wife & kids to learn and speak Navajo at home. It worked for the USA in World War II so it can work for you too!

    1. Re:Temporary workaround by mythosaz · · Score: 2

      Crazy-aside. I'm in Arizona, and I used to work with one of the 100,000 or so people on the planet who speak Navajo, [hick voice] and let me tell you what [/hick] it's a baffling language.

      Not only does it requires sounds I can't make...
      http://en.wikipedia.org/wiki/N...

      ...but I challenge anyone who isn't a linguist to read and even vaguely comprehend the Navajo language Wikipedia article. :/

    2. Re:Temporary workaround by gman003 · · Score: 1

      ...but I challenge anyone who isn't a linguist to read and even vaguely comprehend the Navajo language Wikipedia article. :/

      Challenge accepted - I'm not a professional linguist, nor do I have even an iota of formal training in the field, but I read most of that just fine, only having to look up "head-marking language". Just don't ask me how to pronounce the ejective consonants... I still can't figure that out. The written language certainly looks complex and intimidating, but that's at least partly because they're using a slightly-modified Latin alphabet rather than one that was designed purely for the needs of their language, making it less efficient.

      It actually isn't too weird of a language, from the looks of it. A lot more precise than Romance languages, and the verb construction is complex, but there are no linguistic concepts in Navajo that I haven't seen elsewhere - even the stuff like a fourth-person verb tense or deverbal nouns. The vocabulary is completely unfamiliar, of course - they don't even seem to have many loanwords from any language I would recognize. But that only matters if I were trying to actually understand Navajo, rather than an article about it.

    3. Re:Temporary workaround by fnj · · Score: 1

      yes, but only because it was a spoken and language with no written documentation. now a days not so much. but I like where you are headed.

      I would tell you to use American Sign Language, but then They would just turn on the camera.

  9. Hardware off switches by ArcadeMan · · Score: 2

    This kind of thing should push manufacturers to put hardware on-off switches for both the microphone and the webcam. A simple LED isn't enough, especially if those LEDs aren't directly tied to the power lines of the hardware anymore - I'm looking at you, Apple.

    --
    Get free satoshi (Bitcoin) and Dogecoins
    1. Re:Hardware off switches by BlazingATrail · · Score: 2

      Just like auto manufacturers put cosmetic do-nothing switches in for disabling the airbags. Also, the emergency air masks in the airplanes are just hooked up to each other, not to oxygen. Take quick panic breaths and see who passes out first!

    2. Re:Hardware off switches by khellendros1984 · · Score: 1

      "Should", maybe. But you know it won't. It's a "not our problem" situation; Google's got egg on their face, not the hardware manufacturers. Only the people that actually look bad are going to have any pressure to fix the problem.

      --
      It is pitch black. You are likely to be eaten by a grue.
    3. Re:Hardware off switches by SumDog · · Score: 1

      Apple and Logitech.

    4. Re:Hardware off switches by exomondo · · Score: 1

      It's time to turn off the computer and find a nice place with neighbors at least a mile away.

      You're only just now realizing that any communication can be intercepted?

    5. Re:Hardware off switches by cavreader · · Score: 1

      The only thing you should push lawmakers towards is a high cliff so they take a flying leap and protect the country from their idiocy and malfeasance. And there are plenty ways to disable a microphone and a little piece of black tape takes care of the camera problem. If you need the government or a corporation to protect your privacy then you really don't deserve any.

    6. Re:Hardware off switches by noh8rz10 · · Score: 2

      I put a little static cling sticker on the lens. it acts like a simple lenscap. I push it aside when I want to take a photo, move it back when I'm done. sometimes the simplest solutions are the best. haven't solved the microphone problem yet though...

    7. Re:Hardware off switches by marciot · · Score: 1

      I put a little static cling sticker on the lens.

      They are working on bypassing that particular security measure:

      https://medium.com/the-physics...

    8. Re:Hardware off switches by noh8rz10 · · Score: 1

      +1 very cool, thanks

    9. Re:Hardware off switches by perryizgr8 · · Score: 1

      moto x already does continuous audio recording and sends it to google. it has a dedicated cpu core just for that. and people are very happy with the functionality :/

      --
      Wealth is the gift that keeps on giving.
    10. Re:Hardware off switches by Impy+the+Impiuos+Imp · · Score: 1

      Yes. As soon as some new phone is released there's always web sites that rip it apart instantly.

      They can add "Verified LED is hardware tied to powering the mic." to their report.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  10. Old news? by SmilingBoy · · Score: 2

    I assume that this is the same thing as reported a few months ago? If so, then it is not so simple: the attacking website needs to create a pop-under so that the microphone symbol is hidden. And pop-unders are difficult to achieve with Chrome with the popup blocker activated (as is usually the case).

    1. Re:Old news? by SmilingBoy · · Score: 1

      This now has a different proof of concept and I get a pop up that asks me to "speak now". Doesn't seem very stealth to me.

    2. Re:Old news? by SmilingBoy · · Score: 3, Interesting

      And what a weak article. A link to the Chromium issue tracker but not the actual issue, and a link to Reddit but not the actual submission. Are you kidding me?

  11. Kinect also listening? by SuperKendall · · Score: 2

    Since Kinect also has a model where it's always listening in order to be able to execute commands, I wonder if there's any similar vulnerability from the Kinect web browser (not that many people probably use the Xbox One for browsing, but still).

    ---> Kendall

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Kinect also listening? by TrancePhreak · · Score: 1

      As far as I could tell, the browser gets no data from the Kinect other than for navigation.

      --

      -]Phreak Out[-
    2. Re:Kinect also listening? by lgw · · Score: 1

      I was never willing to connect the Kinect for my Xbone. But the joke's on me: I've since discovered I don't like playing games with a console controller, so the only reason I'll use my Xbone again is if there's a game that plays best through the Kinect. Still hoping for that.

      (I really wanted to like the Forza game, as I'm tired of my PC driving games where I just use the arrow keys, but even after a few hours I couldn't guess what laws of physics the game was modeling. Wow, what a stinker.)

      --
      Socialism: a lie told by totalitarians and believed by fools.
  12. Trust no one by BlazingATrail · · Score: 1

    Simple solution, make a personal "cone of silence" around your chair and wear a mask.

  13. Precursor by FuzzNugget · · Score: 4, Funny

    "Let's give web browsers direct access to hardware!", they said, "it'll be great!"

    1. Re:Precursor by mythosaz · · Score: 1

      Yeah, how dare they take input from the keyboard and mouse!

  14. What microphone? by Anonymous Coward · · Score: 1

    I haven't had a microphone connected to my computer since about 2001.

    1. Re:What microphone? by fnj · · Score: 2

      I haven't had a microphone connected to my computer since about 2001.

      No laptop? The mid 1990s called. They want to know how you missed the last 20 years.

  15. Can they hear the voices in my head? by mmell · · Score: 1

    Actually, that's not the problem. The voices in my head are okay. The voices in your head are a bunch of assholes, however. Tell them to shut up, please.

  16. Paranoid? by used2win32 · · Score: 1

    Call me paranoid, but I always keep a blank plug in the mic jack, effectively disabling the mic input. When I ~want~ to use the mic, I will remove the plug. (I also have a cover over the camera....)

    --
    Procrastination; I'll think of a sig tomorrow.
  17. Re:and the transcripts all say... by SumDog · · Score: 2

    WTF have I dicking miss loopy cotton for eight reconed to take this site to work?

  18. Re:8 seconds? by mythosaz · · Score: 2

    Please [diety], let this guy be watching bull riding.

  19. He only gave Google 2 days before going public? by Dahan · · Score: 5, Informative

    So, no thanks to TFA, I found the actual bug report, and it turns out the guy went public less than 2 days after reporting the bug to Google. Talk about impatient. And it's not true that "Google issued a low-priority label to the bug when he reported it, until he wrote about it on his blog and the post started picking up steam on social media". It's true that it was originally given a low-severity label at first, it was bumped to medium a day-and-a-half later, then up to high a few hours after that--around the same time that he went to reddit about it. Not exactly sure if it was before or after, since I don't know the timezone of the times reported on Chrome's issue tracker, but one of the comments from Google says that they had already bumped the severity rating before they knew about him going public.

  20. Re:8 seconds? by sexconker · · Score: 2

    Please [diety], let this guy be watching bull riding.

    He is, but in my opinion it makes the furious masturbation more disturbing, not less.

  21. Re:Good. by jtownatpunk.net · · Score: 1

    I hope they like belches and farts 'cause that's most of what goes on in front of my laptop.

  22. It's still through a driver by tepples · · Score: 3

    Since DOS fell into general disuse, neither audio input nor keyboard input is especially "direct access to hardware". The device driver handles the direct access under the control of the API infrastructure in the operating system. Thus being able to read an audio input device through an audio input API is not direct access any more than being able to read an alphabetic keyboard device through a keyboard API is direct access.

  23. Click frenzy! Production x777 for 13 seconds by tepples · · Score: 1

    The more you click, the more cookies you bake during a click frenzy. (Not that Cookie Clicker uses this exploit, mind you.)

  24. Google Voice Search Isn't On By Default by saudadelinux · · Score: 1

    I did a little critical thinking. I asked myself, "What's the story behind voice search? I don't know anything about it." It turns out you have to click to turn on voice Search. They aren't recording everything by default: https://support.google.com/chr... What they do with the recordings and how long they keep them, I don't know.

    --
    I didn't think the house band in Hell would play this badly.
    1. Re:Google Voice Search Isn't On By Default by noh8rz10 · · Score: 4, Informative

      they say "To improve processing of your voice input, Google may record a few seconds of ambient background noise in temporary memory at any time.". I take this to mean, they are recording constantly into a buffer at all times.

  25. Re:Good. by TheP4st · · Score: 1

    I hope they like the Vogon poetry I leave on repeat when not around my computer.

    "Oh freddled gruntbuggly,
    Thy micturations are to me
    As plurdled gabbleblotchits on a lurgid bee.
    Groop, I implore thee, my foonting turlingdromes,
    And hooptiously drangle me with crinkly bindlewurdles,
    Or I will rend thee in the gobberwarts
    With my blurglecruncheon, see if I don't!"

    --
    "I have downloaded hundreds and hundreds of records, why would I care if somebody downloads ours?" Robin Pecknold
  26. In a related news... by ctrl-alt-canc · · Score: 1

    ...NSA spokeperson declared: "It's not a bug, it's a feature".

  27. Opt-out is the new default... by 0ld_d0g · · Score: 1

    Remember that awkward interview with Zuckerberg where he was asked why some of t he FB privacy stuff was opt-out instead of opt-in.. ? I think a lot of companies have learnt from that exchange. Other than nerds, the average person won't care about this as well. Hell 7 years ago all of us would be highly suspicious of software that downloaded unverifiable executables and could update them behind your back like Chrome does now. In the same way where you don't have control over the UI experience of a website, soon any program will be able to modify itself at-will removing control from the user. I remember people being outraged by cookies in the early 00s. The frog has been in the water too long...

    1. Re:Opt-out is the new default... by Blaskowicz · · Score: 1

      You want a browser to auto-update, though (or have it be handled by something like Windows Update, APT, yum etc.)

      If a browser doesn't update, your freedom and privacy is at risk and assuming the current story is a bug, that's how it gets fixed. Silly maybe but there's no way around it. Or use a browser that doesn't know about javascript, video, sound, mics etc.

  28. Chromium issuetracker / bugtracker link by Barryke · · Score: 1

    I think this is the link of the bugreport in question:
    https://code.google.com/p/chro...

    Seems legit. f#$!.. Google don't be evil. This attributes to being evil, regardless whether it happened knowingly.

    --
    Hivemind harvest in progress..
    1. Re:Chromium issuetracker / bugtracker link by Barryke · · Score: 1

      Sorry for the bad link, i meant
      https://code.google.com/p/chro...

      --
      Hivemind harvest in progress..
  29. "Speak Now" bubble give it away by marciot · · Score: 1

    I get a "Speak Now" bubble when I visit the demonstration website. Isn't that sort of a dead giveaway that something is amiss?

    I don't see this as a particularly big flaw unless there bubble is hidden in certain instances.

    -- Marcio

  30. good job by slashmydots · · Score: 1

    So they went from actively looking for bugs from users and paying for them to the traditional lying about them, downplaying them, and never patching them until someone blows the whistle on it.