TheVortiq
Inteligencia Artificial

Automatic Meeting Transcripts: Who Actually Reads Them?

A Zoom 'hack' exposes the privacy problem with AI notes

July 19, 2026 · 5 min read

An adult man in a suit engages in a video call while sitting on a sofa indoors.

TL;DR: A developer created a script that blocks automatic transcription in Zoom, revealing that AI tools can access meetings without user control. This raises serious privacy concerns and could accelerate regulation.

What happened?

A software developer, known under the pseudonym 'dee-see', has published a tool on GitHub that, when run on the Zoom desktop client, overlays a message on the screen saying 'Don't record me' and blocks third-party applications from accessing the meeting audio in real time. The code exploits a vulnerability in Zoom's API that allows intercepting the audio stream before it is sent to external transcription services. Although it is not a traditional security exploit — it does not allow access to others' data or take control of the system — it does interfere with the legitimate functionality of tools like Otter.ai, Fireflies.ai, or Zoom's own native transcription. The repository has accumulated over 2,000 stars in a few days, indicating public interest in privacy control. According to the author, cited by TechCrunch, 'If every meeting, hallway conversation, and appointment is transcribed and summarized, who is actually reading all that?' This question reflects a growing concern about transparency and the use of personal data on video conferencing platforms.

Why is this important?

The incident is not isolated; it is part of a broader trend of distrust towards AI recording and analysis of conversations. According to a 2023 Gartner report, it is estimated that by 2027, 60% of virtual meetings will be transcribed by AI, whether for productivity, regulatory compliance, or model training purposes. However, the privacy policies of major tools are often opaque. For example, Otter.ai states in its policy that transcription data may be used to 'improve its services,' which includes training AI models. Fireflies.ai, on the other hand, allows account administrators to access all team transcriptions. In Zoom's case, native transcription is processed in the cloud and may be retained by the company, according to its data policy. The hack exposes that users have no real control over who accesses their conversations: even if the host does not activate official recording, third-party tools can capture audio if the user has the corresponding extension installed. This has reignited the debate about the need for explicit and granular consent, similar to what the European General Data Protection Regulation (GDPR) requires for call recording. A 2022 University of Oxford study found that only 12% of transcription tool users were aware that their data could be reviewed by humans. The hack, though technically simple, highlights a gap between privacy expectations and technical reality.

Consequences

This incident could have several short- and medium-term consequences. First, it is likely to accelerate regulation of automatic transcriptions. The European Union is already evaluating including these tools under GDPR, requiring explicit consent from all participants before starting any transcription. In the United States, the Federal Trade Commission (FTC) has shown interest in the case, according to sources from The Verge, although there is no formal investigation yet. Companies like Zoom and Microsoft Teams may be forced to offer more granular privacy options, such as the ability to block transcription per participant or to process audio locally. In fact, Microsoft has already announced that Teams will allow local transcription on devices with NPUs (neural processing units) starting in 2025, a direct response to privacy criticisms. For users, this means they should review the privacy settings of their meeting tools and consider using solutions that process transcriptions locally, such as OpenAI's Whisper (which offers local transcription on compatible devices) or open-source software like Vosk. Privacy startups, like the German 'Sembly', which promises not to store transcriptions in the cloud, could gain traction. However, most companies still rely on cloud services for convenience and scalability. The hack also raises a legal dilemma: although it is not illegal, it violates Zoom's terms of service, which could result in the suspension of the user's account. Zoom has told TechCrunch that it 'will investigate the matter and take appropriate action,' but has not specified whether it will patch the vulnerability.

What should readers know?

  • Automatic transcriptions can be accessed by third parties even if the meeting is not officially recorded. Tools like Otter.ai or Fireflies.ai connect to Zoom's API to capture audio in real time, and their privacy policies allow human employees to access, review, and label data for model improvement or legal requests. A 2023 report by the Electronic Frontier Foundation (EFF) warned that 'meeting transcripts are a treasure trove of personal data that companies can exploit without users' knowledge.'
  • The Zoom hack is not illegal, but it violates the terms of service; its use may result in account suspension. The code modifies the behavior of the Zoom client, which is prohibited by the license agreement. However, there are no precedents of legal action against individual users for such modifications, although companies could sue if the hack is used to interfere with paid services.
  • To protect your privacy, disable automatic transcription in Zoom settings and use tools that process data locally. In Zoom, you can disable native transcription under 'Settings > Recording > Automatic transcription.' To prevent third-party tools from accessing audio, you can revoke integration permissions in the Zoom web portal. Local alternatives include running OpenAI's Whisper locally or using the 'Local Transcription' browser extension, though they are still less accurate than cloud services.
  • Demand that your company review the privacy policies of meeting tools and inform employees about data handling. Many companies adopt transcription tools without adequately assessing their privacy implications. Employees should have the right to know if their conversations are transcribed and who has access to them. Transparency is not only ethical but also reduces the risk of data breach litigation.
The question of who reads the transcripts remains unanswered. Meanwhile, the best defense is transparency and user control. As the hack developer noted, technology advances faster than social and legal norms, and each user must decide what level of privacy they are willing to sacrifice for the convenience of automatic summaries.

Keep reading