Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SpeechRecognition MUST be granted permission to record and send users voice to a remote web service #56

Open
guest271314 opened this issue Jul 16, 2019 · 1 comment
Open

SpeechRecognition MUST be granted permission to record and send users voice to a remote web service #56

guest271314 opened this issue Jul 16, 2019 · 1 comment

Comments

@guest271314
Copy link

guest271314 commented Jul 16, 2019
edited
Loading

Google Chrome and the ostensibly open source browser Chromium implementation of SpeechRecognition records the user voice and sends the users' biometric data to a remote web service https://bugs.chromium.org/p/chromium/issues/detail?id=816095 without the notifying the user or being granted permission by the user (cannot grant permission if not notified) that use of SpeechRecognition at that browser will perform the preceding with their voice. Some of the issues relating to that undisclosed practice are described at w3c/webappsec-secure-contexts#66 (comment).

To remedy that horrendous issue at the specification level it should be a simple matter of inccluding language that states SpeechRecognition MUST do at least the following if the implementation records the user voice and sends that recording to a remote web service

  1. If SpeechRecognition is not performed in real-time at the browser source code locally in the browser, MUST notify the user that if they use that implementation of Web Speech API at that browser, their voice will be recorded and send to a remote web service when they use SpeechRecognition;
  2. The SpeechRecognition implemented MUST get permission from the user before recording their voice to send to a remote web service;
  3. The SpeechRecognition implemented MUST let the user know precisely where their biometric data is being sent and for how long their recorded voice will be stored and the when the recording of their voice is deleted from the storage devices at the remote web service.

Will file the PR if necessary to fix this long-standing issue at the specification level.
@kdavis-mozilla
Copy link

In the context of speech recognition the term "real-time" has an existing meaning. It means that the audio is transcribed in a time period which is shorter than or equal to the time required to play the audio.

Thus it already has a meaning which differs from the meaning it has in the sentence

If SpeechRecognition is not performed in real-time at the browser source code...

which I read as meaning...

If SpeechRecognition is not performed locally in the browser...

So I'd suggest not using the term "real-time" here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@guest271314 @kdavis-mozilla