Skip to content
Naked Security Naked Security

Humans may have been listening to you via your Xbox

Microsoft has given audio clips to contractors for years, but it says it recently stopped. ... For the most part.

Microsoft has (once again) joined the “our contractors are listening to your audio clips” club: up until a few months ago, your Xbox may have been listening to you and passing those clips on to human contractors, Vice’s Motherboard reported on Wednesday.

Like all the other revelations about tech giants getting their contractors and employees to listen in to voice assistant recordings – they’ve been coming at a steady clip since April – the purpose is once again to improve a device’s voice recognition.

Another similarity to earlier voice assistant news: Xbox audio is supposed to be captured following a voice command, such as “Xbox” or “Hey Cortana,” but contractors told Motherboard that the recordings are sometimes triggered and recorded by mistake. That’s the same thing that’s been happening with Siri: as we found out in July, Apple’s voice assistant is getting triggered accidentally by ambient sounds similar to its wake words, “Hey, Siri,” including the noise of a zipper.

This is Microsoft’s second eavesdropping headline this month: a few weeks ago we reported that humans listen to Skype calls made using the app’s translation function, as well as to clips recorded by Microsoft’s Cortana virtual assistant.

Can anybody NOT hear me?

Also earlier this month, thanks to whistleblowers who were disturbed by the ethical ramifications, we found out that Facebook has been collecting some voice chats on Messenger and paying contractors to listen to and transcribe them.

They were all doing it: Facebook, Google, Apple, Microsoft and Amazon.

The revelations started in April, when Bloomberg reported that Amazon employs thousands of people around the world to work on improving its Alexa digital assistant, which powers its line of Echo speakers. Amazon has confirmed that it keeps these recordings indefinitely instead of deleting the data.

It’s sometimes mundane work. It’s sometimes disturbing: contractors and employees have reported hearing what they interpret as sexual assault, drug deals, children screaming for help, and other recordings that users would be very unlikely to willingly share.

Then it was Google’s turn: in July, whistleblowing contractors who’d read the news about Amazon reached out to report that Google was doing the same thing. Next up was Apple: the Guardian ran a story revealing that contractors “regularly hear” all sorts of things Apple customers would probably rather they didn’t, including sexual encounters, business deals, and patient-doctor chats.

The vendors have said that the recordings are to some extent anonymized. It’s just done to improve Siri’s accuracy, Apple said. But according to the whistleblower who spoke to the Guardian, in some cases, the recordings that accompany the user data showed location, contact details, and app data.

Motherboard talked to several people who’ve worked on Xbox audio. One was a former contractor for Microsoft who did so from 2014 to 2015, shortly after Xbox One launched in 2013 with the option of being controlled by voice comments with the Kinect system. Cortana was implemented into the Xbox console in 2016.

The voice analysis continued with the incorporation of Cortana. The current contractor shared a memo from Microsoft that tells workers how to work with Cortana audio, including Xbox control commands. From a section of the document:

A domain for controlling gaming features, such as finding friends lists, creating a ‘party,’ inviting players to a party. Most Xbox controlling will belong to this domain.

Motherboard’s Joseph Cox explains that a “domain” is one of the topics that contractors who transcribed Cortana audio would sort clips into as they worked to improve the system.

It worked: as time went on, the former contractor said, the voice command feature got better, and the contractors picked up fewer accidental recordings. But those accidentally triggered recordings didn’t stop completely, said the current contractor:

Most of the Xbox-related stuff I can recall doing was obviously unintentional activations with people telling Cortana ‘No’ as they were obviously in the middle of a game and doing normal game chat.


Google and Apple suspended contractor access to voice recordings after the media reports. In the aftermath of those reports, Amazon said it will let users opt out of human review of Alexa recordings, though users have to actually go in and, periodically, delete those recordings themselves. Here’s how.

After its own voice kerfluffle with Messenger, Facebook said that it had “paused” the voice program. It didn’t say if or when it might resume.

After the reports about Skype and Cortana recordings, Microsoft updated its privacy policy to be more explicit about humans potentially listening to recordings. It’s still getting humans to review that audio, however. The company’s privacy policy now reads …

Our processing of personal data for these purposes includes both automated and manual (human) methods of processing.

Microsoft also has a dedicated privacy dashboard page where you can delete voice recordings.

As far as the Xbox listening goes, a Microsoft spokesperson told Motherboard that the company recently stopped listening to Xbox audio for the most part, but that the company has always been upfront about the practice in its terms of service:

We stopped reviewing any voice content taken through Xbox for product improvement purposes a number of months ago, as we no longer felt it was necessary, and we have no plans to re-start those reviews. We occasionally review a low volume of voice recordings sent from one Xbox user to another when there are reports that a recording violated our terms of service and we need to investigate. This is done to keep the Xbox community safe and is clearly stated in our Xbox terms of service.


You still need to connect a Kinect device to the Xbox. Without it no listening, but no voice commands either. I’m rather old school and don’t need to talk to all my devices. Sometimes it seems like the whole thing is getting more and more insecure in terms of privacy because the people just become kinda lazy?! My god, just learn how to push buttons again.


Can you imagine the names you’d get called if 30 years ago you told people that, their phones, computers, TVs, security cams, would have people listening to you on the other side. Adds would pop up about products you talked with someone on the phone with, or Emailed about, to the point it gets freaky. That your location could be found by anyone at any moment for a couple dollars, governments around the world would install spyware on your phone. They would call you crazy, maybe even lock you up – yet here we are… The only things missing from our future/present are hover boards and armies of killer robots. And both are under heavy development…. I guess the ’70’s weren’t so bad after all.
Going to have to make sure I enjoy this weekend, before term-inator gets here and ask me if I want to buy something I talked about last month before killing me for not agreeing with it’s term-s of service.


I’m honestly quite happy with microsoft’s response of “yeah, but we told you we are, how do you think we make it work better?” a hell of a lot more than the guilty child “oh but we’ve stopped now” from everyone else.

It’s not even buried in their TOS, the “we might listen in if you get reported as abusive” bit was right there at the top.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!