Read this yesterday and had to cover it. According to a recent study, the mute button in conferencing apps may not actually work like you think it should, with apps still listening in on your microphone.
According to Bleeping Computer (Mute button in conferencing apps may not actually mute your mic, written by Bill Toulas), not only are the apps still listening when you hit the mute button, in the studied software, pressing mute also does not prevent audio from being transmitted to the apps’ servers, either continually or periodically.
Due to this activity not being documented in related privacy policies, users have a poor understanding of how the mute system works, falsely assuming that audio input is cut when they activate it.
The study was conducted by a team of researchers at the University of Wisconsin-Madison and the Loyola University in Chicago, who published a paper on their results.
As part of the study, the researchers performed a thorough runtime binary analysis of selected apps to determine what type of data each app collects and whether that data constitutes a privacy risk.
The apps tested in this phase of the study were Zoom, Slack, MS Teams/Skype, Google Meet, Cisco Webex, BlueJeans, WhereBy, GoToMeeting, Jitsi Meet, and Discord.
The team traced raw audio transmitted from the apps to the audio driver of the underlying OS, and eventually to the network. This way, they could determine what changes actually occurred when a user presses ‘mute.’
They found that no matter the mute status, all apps occasionally collected audio data, except for web clients that used the browser’s software mute feature.
In all other cases, the apps sample audio intermittently for various functional or unclear reasons.
Zoom, likely the most popular video conferencing app worldwide, was found to actively track if the user is talking even while they were in mute mode. But the worst case, according to the study, was Cisco Webex, which continued to receive raw audio data from the user’s microphone and transmitted it to the vendor’s servers in precisely the same way it did when unmuted.
Even for the apps that collect limited audio data when muted, the researchers found that it’s possible to use that data to decipher what the user is doing 82% of the time, using a simple machine learning algorithm.
That concerns rough activity classification such as keyboard typing, cooking, eating, listening to music, vacuum cleaning, etc. Imagine what happens if that company gets hacked – your muted activity may be accessible.
Looks like the best way to ensure you’re fully muted – to everyone – is to use your OS’s audio control settings to mute your microphone’s input channel or to simply unplug your microphone (if you’re using an external mic). Don’t rely on the mute button in conferencing apps to mute unless you’re OK with them continuing to capture what you say and do. Doing so would be mute, er, moot. 😉
So, what do you think? Do you think the mute button in conferencing apps should refrain from collecting any data? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.