Recently, I updated my Debian Linux installation using apt. After the updates, Google Chrome plugins stopped working. I got the error message “installation not enabled” when trying to install extensions. After some searching around, I found a fix.
Run:
sudo gedit /etc/environment
(or edit /etc/environment as root with your favorite editor)
And add the following lines:
CHROMIUM_FLAGS=’–enable-remote-extensions’
Logout and login again and Google Chrome extensions will work again.
We should know why that option was turned off. Lookup bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909 to find that Chromium (which is supposed to be open source) was downloading a binary blob that couldn’t be turned off.
“The binary blob in question is hotword-x86-64.nexe with sha256sum 8530e7b11122c4bd7568856ac6e93f886bd34839bd91e79e28e8370ee8421d5a.
This is labelled as being a “hotword” implementation, ie, something that will monitor the microphone until someone says “OK google”, then start listening and transmitting the following words for a search. However, there is no guarantee that it does what it says it does; in particular, it might instead accept instructions to transmit audio from particular parties that Google wants to spy on.
I understand there are likely to be many uninvolved engineers within Google who have access to the source code. It would do a lot to restore trust if a few such engineers could take a look through the source code and find out whether it has a remote trigger, and whether the source code in Google’s repo matches the file that’s being distributed.
This is not the first time Google has taken an open-source project and added closed-source components to it. They did the same thing to Android, twice: once with the “Play Service Framework”, which is a collection of APIs added to Android but theoretically independent of it, and again with Google Glass, which ran an entirely closed-source fork. In the case of Glass, I did some reverse-engineering and found that it would send all photos taken with Glass, and all text messages stored on a paired phone, and transmit them to Google, with no feasible way to stop it even with root. This was not documented and I don’t think this behavior was well understood even within Google.”
from:
~news.ycombinator.com/item?id=9724409