[aserr]

Pretty confident this is related to the way the Zoom app can detect what conference room you are in when that room is fully equipped with Zoom hardware.

From [Direct sharing in Zoom Rooms](https://support.zoom.us/hc/en-us/articles/214629303-Direct-s...):

> Direct sharing with proximity detection uses the microphone on your laptop to detect the Zoom Room controller.

[__MatrixMan__]

Is the zoom hardware shouting "welcome to thunderdome" at frequencies we can't hear so that the the app will realize it's in the thunderdome?

If so someone should make a jammer.

[paranoidrobot]

This is what Cisco's conferencing software does, too.

When it works, it means someone can walk into an appropriately equipped meeting room, and the software on their machine detects that. The audio, video, and screen sharing all route through the meeting room, rather than the laptop. Virtually zero involvement for the user.

[aerique]

Very convenient but not worth the price to set up a whole corporate surveillance nightmare.

[Steltek]

Certainly with the Cisco system, not worth the money they charge for the hardware! Every room has a few $25 wholesale price Ikea grade chairs, a table, and then a $100k conference phone.

[paranoidrobot]

The units we got were like TV sound bar format, with a camera in the middle. About $10-15k each.

[paranoidrobot]

They are priced high enough that companies doing this are already hip deep in Cisco's world. They probably already have the corporate surveillance thing going.

[amelius]

What happens if someone records a YouTube video in that room, and that video goes viral?

[paranoidrobot]

I dont know for certain.

I recall that if you were not signed in to an account on their Org, it would only show up with you as that you were a guest in the room, and you could not do much/anything without someone from that org authorising you.

I dont know if the token is long lived, i would hope its rotated frequently.

i also suspect that because it's above audible range, your average video compression might strip it out.

[ridgered4]

I had to turn this off (not sure how it ever got turned on) because the Microphone indicator was on 100% of the time it was running (as it should be) while it searched for nearby devices through some kind of audio communication.

[aspyct]

Probably more like "Welcome to zoombocom" :D

[schipplock]

you can do anything at zoombocom.

[kabdib]

Or a fake "welcome to thunderdome" generator . . .

[catfishx]

Not sure if all microphones are able to listen at that frequencies

[troupe]

I'm not as familiar with Zoom, but WebEx and Cisco video conferencing hardware use ultrasonic sounds to let you start and transfer meetings from the mobile and desktop app to video conferencing devices.

With WebEx you can turn this off in the preferences. I'd assume Zoom has a similar config setting.

[Sunspark]

They do? Ugh.. hopefully not continuous emitting of pulses.. I can hear some ultrasonics due to my cochlear implant, and it's been really annoying how these days Lutron is selling motion detectors that use both ultrasonics and IR. They like to buzz, even when people are already in the room.

[vorpalhex]

Have you contacted Lutron at all? Or your implant manufacturer? Something seems out of alignment.

[Sunspark]

I contacted the implant manufacturer when I became aware of the issue.. apparently there is even a warning that ultrasonics can damage it.. but it's not clear to me if that's just legalese or if it's actually a clear and present danger.

I haven't contacted Lutron yet which is bad of me, and I really should do that, but I don't think they would care since the amount of people who can identify that there's a problem with their devices is small.

[spoonjim]

Lutron may not care about you but they may care about an article in the news about how their products are harming people.

[dotancohen]

Today disability is an issue that is taken seriously. If Lutron's technology is affecting your disability then you should absolutely contact them, and barring a satisfactory solution you might even get aggressive with them. They cannot hurt you, arguing that people like you are rare.

[voakbasda]

Anxiety can be classified as a disability. Does that mean you can’t make someone anxious? That would be fun to see enforced.

[secabeen]

Yes, Zoom has a similar setting. I don't think the client is listening for the ultrasonics all the time; you need to click the "Share Screen" button on the main zoom page to have it work, and it presents a "please wait" screen for 5-10 seconds after pressing that button while it appears to detect the room info.

[bigmattystyles]

Yea, and it was a battery killer on a laptop - at my company, it even had a side effect of all but pegging the CPU. The confluence of poor software meets bad device driver is entertaining.

[ulfw]

That's such a hack. Seriously, this is how we do tech in 2022?

[snickerbockers]

You're right, they should have found a way to shoe-horn in kubernetes.

[dwaite]

proximity detection is done via the blockchain

[olliej]

What is the other way of doing it?

Because this “hack”:

* Works on devices without Bluetooth (or that have it disabled)

* doesn’t require anyone installing privileged software or drivers

* gives a very good “in the same room” indicator

* doesn’t require any custom/expensive hardware components

[gpvos]

The mechanism is not the problem, it's that it turns on the mic by default. Most Zoom users are not in the luxury position of being in a location with a presentation room where they might need to present something, so for most people this is just an unnecessary feature and a possible nuisance. So this setting should by default be turned off (it can still work when the mic is turned on already).

[olliej]

I was responding to the comment calling it a hack :)

Zoom deciding to use the mic while not in use is clearly a terrible bit of behavior :)

[dotancohen]

If I have NFC or Bluetooth disabled it is because I explicitly do not want software on my device to contact outside services.

[olliej]

Yes, but if you’re in a zoom/whatever conference room, with a zoom/whatever client running, it’s not unreasonable to think that you want to use the conference equipment. Couple with the various constraints on BT, etc this is a reasonable solution.

Where this reasonable solution is actually implemented securely is another question, and Zoom’s track record isn’t exactly fantastic.

[periheli0n]

But how is the device going to communicate with the zoom hardware in the room when Bluetooth is disabled?

[olliej]

The ultrasound is the communication.

From the description it sounds like it's just a handoff feature, as in you go into a conference room with whatever their conference room product is.

Once you get in handoff range they only need to exchange sufficient information to get the AV equipment to start a connection to the appropriate zoom/webex/whatever channel, and presumably the reverse of getting the original zoom client to close.

I'm assuming there is some work to reduce the likelihood of unintentionally triggering it, and some basic authentication, but this is not a lot of data, and ultrasound is more than sufficient to do it very "instantaneously".

[periheli0n]

OK, so the actual communication (the call itself) will be transmitted over wifi. But this means that at least some kind of access token must be transmitted over ultrasound. Is this safe? I would love to see an analysis of that communication; whether it is encrypted, is the handshake secure or can it be hijacked, does,it transmit only an anonymous access token or the whole user ID etc.

I mean, if I ever switch off Bluetooth it's exactly for the reason that I don't want my device to be detected/tracked. Zoom going around this by using ultrasound is kind of mean, since I can't prevent zoom from using audio if I want to be able to make calls.

[brokenmachine]

Lol, why don't they use ipv6? What would you use?

I think it's a pretty cool hack.

[throwaway34511]

It's pretty cool in that commodity integrated hardware is capable of doing something practical at those frequencies. Not long ago it was a struggle to get the Pro Audio Spectrum ISA card working at all.

It's awful in that using the auditory domain is too much an intrusion into the human space. There is enough noise pollution. Interference patterns around the room may generate harmonics at audible frequencies. Young kids can hear high frequencies we forgot we ever could. I can still hear CRT flybacks. Sometimes I thought I heard something electronic in conference rooms but convinced myself it was nothing.

Someone else was complaining about it affecting their cochlear implant. That is horrifying.

It is not so farfetched that it has an adverse affect on health either. America is losing diplomats left and right to some mysterious ultrasonic weapon, or at least that is one of the leading theories.

It is awful that my CPU has to be constantly running a FFT to read this signal. I think Apple has an ASIC which does the Siri voice recognition.

It's awful that it triggers the orange light to be constantly on so you end up ignoring it. What if Zoom is simultaneously using the microphone stream for nefarious purposes.

This is what Bluetooth was made for. This is a worse idea than Wifi over lighting. Even the 9-digit Zoom dial codes are better.

[brokenmachine]

>Someone else was complaining about it affecting their cochlear implant. That is horrifying.

Definitely.

>It is awful that my CPU has to be constantly running a FFT to read this signal. I think Apple has an ASIC which does the Siri voice recognition.

Isn't it the zoom box that has to be doing the detection? The pc is just sending the signal, which wouldn't take much processing.

>It's awful that it triggers the orange light to be constantly on so you end up ignoring it.

I think someone commented that's for the purpose of detecting if someone is muted and notifying them. Still, there should definitely be a choice to disable this behavior. I wouldn't be able to ignore it.

>What if Zoom is simultaneously using the microphone stream for nefarious purposes.

There's a lot of nefarious things they could potentially do even without using the mic, considering it's software already running on your pc that already has an encrypted connection to their servers.

>This is what Bluetooth was made for.

Good point, that would have been better.

[GekkePrutser]

> Isn't it the zoom box that has to be doing the detection? The pc is just sending the signal, which wouldn't take much processing.

If the PC were just sending the signal it wouldn't need the microphone to be on. And it would stop working when people turn off their speakers like a lot of people do in a busy meeting room.

By the way there seem to be other ways to do it too. Not sure if it's Bluetooth but MS Teams warned me in the past that I was in a room with a Surface display (the huge first generation one). It doesn't keep the microphone active though.. I never investigated how it figured that.

[bigbizisverywyz]

Bluetooth would be more appropriate for that I would say.

[olliej]

That gives an explanation but doesn’t actually answer the question - “why is it doing this when I’m not using zoom”

Plenty of people use conference rooms for non video chat reasons, and many of those reason have confidentiality rules.

I know for example there are strict rules around what is required to protect client/lawyer confidentiality, and most of the protection goes out the window if you record, or allow some one else to record them. Would zoom listening in on that count? I have no idea

The only class of apps that have any business using a microphone while not in active use are “assistants”, and those have no business doing anything other than listening for their initiator phrase (except haven’t they all been caught sending arbitrary recordings to their parent company?)

[actually_a_dog]

I can assure you Zoom is not doing anything that would legally constitute "recording." In all US states and probably a lot of countries, recording is illegal without the consent of at least one party to the conversation. In the US, in some states, all parties must consent to recording. If Zoom were even skirting the line here, their lawyers would put the kibosh on it real quick.

Hmm... but, then again, there was that thing where Amazon Alexa was recording people without their knowledge... hmm.

[chillfox]

I have seen the general sentiment of "their own lawyers would stop it" expressed many times about many different things, but who tells the lawyers?

Every place I have worked in the past there have been zero pathway for IT/Developers to notify a lawyer about anything or ask a question.

[actually_a_dog]

Really? At places I've been, you could definitely notify a lawyer of an issue, with the process ranging from walking up to their desk to looking up someone in the legal department and emailing them. I've never had cause to actually do it, but I certainly could have, had the situation warranted it.

[chillfox]

Not everywhere has lawyers on staff or an easily searchable directory with accurate titles and department names.

[RHSeeger]

> If Zoom were even skirting the line here, their lawyers would put the kibosh on it real quick.

And then the people in charge of the money would do the math on "this earns us 1 billion dollars and the fine has a 10% chance of happening and would be 100 million... so do it anyways, it's worth the tradeoff". This happens over and over.

[trasz]

On the other hand, like any other American company Zoom can be “asked” by intelligence services to “cooperate” - and there is no law that would protect its users against it.

[rvnx]

"American". The coincidence that "Zoom" and "Zhumu" share the same platform.

https://thenextweb.com/news/zooms-scary-webcam-flaw-also-aff...

[trasz]

It doesn't matter - the company is American, thus it can be "convinced" into cooperating.

[jamessb]

> If Zoom were even skirting the line here, their lawyers would put the kibosh on it real quick

Their lawyers didn't stop them from claiming to provide end-to-end encryption, a blatant misrepresentation that resulted in receiving a consent order from the FTC [1] and settling a class-action suit for $85M [2], so I don't think it's safe to assume that they would prevent the company from doing obviously unacceptable things.

[1]: https://www.ftc.gov/system/files/documents/cases/1923167zoom...

[2]: https://arstechnica.com/tech-policy/2021/08/zoom-to-pay-85m-...

[olliej]

> I can assure you Zoom is not doing anything that would legally constitute "recording."

No need to use quotes here, that was literally my question :D

> In all US states and probably a lot of countries, recording is illegal without the consent of at least one party to the conversation. In the US, in some states, all parties must consent to recording.

Literally every company that got caught having their assistants record conversations turned around and said the victims were informed and consented through the terms of use agreement.

[arwineap]

Is there any reason it couldn't do that at the start of the meeting?

Meeting start -> probe for hardware -> make decision where to host