Is Your Microphone Truly Muted?
We explore privacy in the online conferencing era and cite an intriguing study on how the mute button truly works in teleconferencing services.
During the pandemic’s two years, millions of people learned to use a variety of remote communication tools. Users previously paid little regard to security, but following the widespread adoption of such services, they began to pay much more attention to it. Researchers at three colleges in the United States published a study on whether the microphone mute button in popular tools actually accomplishes what it says on the tin. The findings were mixed, but they all point to the need to reassess attitudes toward privacy during professional contact.
What Inspired the Concept?
Actually, the concept was fairly obvious. If you’ve ever used Microsoft Teams, you’ll be familiar with the following scenario: you connect to a call in Mute mode, forget to turn it off, and start talking, at which point the computer notifies you that the microphone is muted. Clearly, such an (apparently useful) feature cannot function if the mute button disconnects the microphone entirely. So, how is this feature actually implemented? Is sound from the microphone routed to the solution vendor’s server even when it is muted?
These are some of the study’s authors’ questions. But how do you know? The researchers examined the complexities of microphone contact for ten services, each of which examined the situation for browser-based calls.
Findings from Research
A web client appears to be the best solution for conference calls in terms of privacy. All web-based conferencing services were evaluated in a browser powered by the open-source Chromium engine (the basis of many browsers, including Google Chrome and Microsoft Edge). In this mode, all services must follow the microphone interaction guidelines established by the browser engine’s creators. That is, when the microphone mute button in the web interface is activated, the service should pick up no sound at all. Native desktop programmes are given higher privileges.
The researchers compared audio data taken from the microphone with the stream of information given to the programme to determine how and when the application interacts with the microphone. And they discovered that different programmes behave differently. This is what they discovered about the most popular services.
The Zoom client exemplifies “decent” conduct. It does not capture the audio stream in Mute mode, thus it does not listen in on what’s going on around you. Having stated that, the client frequently asks for data that allows them to identify the noise level around the microphone. When the silence is broken (you start talking or make a noise), the client urges you, as always, to turn off Mute mode.
Teams by Microsoft
Things are a little more tricky with the previously mentioned native client for Microsoft Teams: For microphone contact, the programme does not use the usual system interface.
and instead connects with Windows directly. As a result, the researchers were unable to explore how the Teams client handles muting during a call in depth.
Webex by Cisco
The oddest behaviour was displayed by the Cisco Webex client. Unlike the other solutions evaluated, it processed the sound from the microphone continuously during the call, regardless of the state of the Mute button inside the programme. However, after further investigation of the client, the researchers discovered that Webex does not spy on you: in Mute mode, the sound is not transferred to the remote server. However, it does communicate metadata, specifically the signal’s loudness level.
On the surface, this does not appear to be a major deal. However, even without access to the actual audio stream, the researchers were able to infer a number of basic aspects of what was happening at the user’s end based purely on this information. For example, with a reasonable degree of certainty, it was feasible to ascertain that the user had turned off the microphone and camera and turned on his vacuum sweeper. Or you might cook. Or that there was a dog barking. It was easy to determine whether or not additional people were present in the room (for example, that the call was coming from a public place). This required the employment of an algorithm that was similar to Shazam and other music discovery apps in certain aspects. A set of patterns is constructed for each “noise sample” and compared to the data captured from the Cisco Webex client.
Levels of Privacy
The report provides some practical suggestions and verifies one clear fact: you do not have complete control over what data is gathered about you or how it is obtained. The investigation revealed no evidence of criminal activity in the use of popular conferencing software, which is a positive conclusion. When it comes to microphone use, many applications exercise extreme caution.
If despite these encouraging results, you’re still concerned about having a native application on your computer with constant access to your microphone, a simple solution, if practicable, is to connect via a web client. Yes, functionality will be limited, but privacy will be enhanced: the Mute button really disconnects the microphone from the service.
If your computer has a hardware microphone Mute button, there is another alternative. Or an external headset – the Mute button on top-of-the-line devices often physically blocks the microphone from the computer, rather than through software.
The true threat is spyware that may snoop on users and provide audio recordings of key talks to its developers, rather than the conferencing tools themselves. In this situation, you’ll need not only a security solution to deal with malicious programmes but also a way to manage who has access to the microphone and when — in case legitimate software decides to do so without your permission.