It is not unreasonable to assume that when you mute yourself in a virtual meeting, your microphone will no longer be accessed by the meeting application. However, a new study from the University of Wisconsin-Madison has found that in all cases, videoconferencing apps do not give up access to the microphone and collect some data. Full paper is available at https://wiscprivacy.com/papers/vca_mute.pdf.
The study examined a range of mainstream videoconferencing applications on major operating systems, including iOS, Android, Windows, and macOS. The researchers investigated the actual actions of the mute function within the software. Disturbingly, they found all the apps gathered raw audio data, with one application delivering that data to its server in the background at the same rate as when unmuted. Specifically, they found Cisco’s WebEx ignores the microphone status, continuously querying audio data from the microphone.
The subsequent investigations stemming from the study demonstrates another point where users need to take extra steps to verify personal data is not being collected without permission. Users may need to learn how to navigate settings to fully disable microphones when not in use, and the researchers suggest easier hardware or software “switches” may be the solution users need and expect.
This data was then analyzed to see if it could be used to provide personal information. Using machine learning algorithms, they trained software to classify the various activities that could be predicted from the raw audio data available when muted. The result was confirmation that physical activity of the user (e.g., cooking, watching a YouTube video) could be predicted with 82% accuracy.
This latest revelation about applications we have grown used to throughout the pandemic (and with perhaps less awareness than we should) underscores the need for users to be proactive about their own security, as companies will not always be forthcoming about the invasiveness of their products.