By using the high sensitivity optical sensor in high performance mouse, researchers from UCI have been able to record the vibration of the desk perceived by the mouse, including speech-induced vibrations.
The original article is here though : https://arxiv.org/pdf/2509.13581 but there are other sources in the description of the video, most notably a more press-like article from the authors themselves : Mic-E-Mouse
Here is a small summary :
Essentially, the authors have developed a pipeline featuring multiple steps including :
Recording the vibration (typically propagating on the desk) perceived by the mouse (using its high sensitivity optical sensor). Some of the vibrations will come from nearby speaking people ;
Do some filtering/signal processing to clean up the sounds ;
Use some pre-trained neural network to reconstruct proper intelligible speech from the recorded sounds.
This is of course very advanced, and I don’t know to which extent people here will feel threatened by such a tool. But then again, it has been made available for free on GitHub by the authors, so…
For those of you who asks “where/when does it end” : apparently never. With tools like this, I can see why privacy-fatigue is more and more of a thing.
I’m pretty sure the moment when it ends is the moment the person starts threat modeling and finds out this is way above their threat level. Realizing it’s beyond what they are actually trying to achieve with privacy, because they evaluated their core needs and motivations and got a much clearer picture out of it.
To be honest, most such things are more for advanced spytools. If you only fear companies, I do not think that this will be implemented any time soon. They have a much easier time if they deliver software like Gemini or hardware like Amazons Alexa. This way they also get a much better quality to train their AI tools. They do not want to spy you to know your secrets, they want to spy you to make money and low quality data is not much helpful.
But slowly we really need some open source devices with FOSS firmware. This way we have full control about DPI and polling frequency and both values together set to a high value is an issue. But why you would want to send position data with 8kHz if you only play between 30-300 FPS? Even if these things are above a thread model, it just feels better to know it cannot happen.
This kind of hack reminds me of gravity sensor “microphone”. But the output quality on gravity sensor is worse I guess.
Yeah this is in accordance with LightningToaster comment as well regarding starting to properly threat model.
To me, such a tool would either be used by an information agency (although there are probably better tools) or a stalker, or companies trying to spy on other companies.
The thing is : I think most people (including me) don’t want the hassle to properly threat model.
It is easier to just implement everything and be protected from everything with a “fit all possible threats” solution rather than actually spending the time to understand how each and every threat (be it agencies, government, companies, hackers, stalkers, etc.), and the proper solution to implement again that specific threat.
And that’s even more true of people who are not technical.
A good and cheap “fix” is a mousepad. The autors wrote that it absorbs a lot of sound waves and so it is much harder to collect usable data. But as said earlier, it’s more for the own “paranoia” than something important. I will stay without mousepad with my 25kHz mouse, because I do not fear that attack on my Linux machine(s).
Well, thank god I never bought a gaming mouse. Why do people even buy a gaming mouse just buy some high quality mouse instead of a gaming mouse with a a lot of bloatware in the drivers.
Also the bloatware in gaming mouses probably tracks on you for some reason.
Since I bought a gaming mouse, I can answer the question very well: there was no single other mouse on the market with these features I need for non-gaming stuff. I hate everything with “gaming”-tag, but simple had no other choice.
Btw I managed to write my own script, so that bloatware-functionality (that require it to run in background) is not needed any longer and all functionality is saved to my mouse that works everywhere out of the box. Never touched this mouse-“software” again.
I agree only with the “fit all possible threats” solution when this actually helps making things more convenient for you in progressing your privacy journey.
For example: using Mullvad Browser with Mullvad VPN. It’s a great solution to browser privacy while arguably more convenient than manually hardening your browser, depending on how much you relied on extra extensions.
But on the contrary, there are things that will destroy your convenience if you go with the “fit all possible threats” solution.
CubesOS is still for a select group of people due to the convenience downgrade.
Switching entirely to Linux (no dual boot) is still for a select group of people due to the convenience downgrade.
GrapheneOS or any alternative ROM is still… etc. You get the gist of it.
You can’t go your entire privacy journey only having “black and white” opinions on privacy. This is what a threat model is for. So you can reduce mental load and do the things that matter for your threat case and intentfully balance that with your personal ideologies.
Also: therapy will help. (Speaking from experience)
It seems like you find it hard to know if a particular threat matters to you. It might be you want to know exactly who the threat is aimed at and why they do it.
This is not the point of threat modeling : )
The point is to evaluate your needs. And once you’ve got it totally narrowed down, to just the core of your threat protection needs, you can digest threats with a lot more ease.
You won’t even have to rely on understanding the threat in detail.
My bad I should have clarified. What I really meant was specifically “People want a fit all possible threats solution when it is convenient.”
Of course, some solution are “fit all”, but are unconvienient, as you mentioned Linux for example.
But I suppose what Techlore is also trying to do : break the stigma around it and provide easy solutions when possible (for example the privacy guides with different convenience tiers).
Regarding me personaly knowing my threat model, I actually do to some extent, and I know I’m bound to need maximum privacy and security. Of course, I could really spend some time digging really precisely for what I need, but this isn’t worth the hassle. My stance is : there is no point focusing on a specific threat model right now because you might be doing something else in your life tomorrow which would require you to redo your threat model and restarts from zero.
Have a “fit all” solution prevents that and gives you maximum freedom for your future self should you need it.