Tell HN: Otter.ai bot recording meetings without consent

612 points by arcticfox ↗ HN
I occasionally use Otter.ai to transcribe when I'm multitasking. Recently they made an update, which I carefully opted out of, to automatically join every meeting through my Google Calendar and transcribe it. Screenshots prove I had the feature disabled.

The bot proceeded to join two confidential meetings on my behalf and record the whole thing, then email every member an absurd, inaccurate "outline" after.

I am not much of a privacy person but I feel completely abused in this situation. I have opened a support ticket with screenshots but there is no response, and according to Twitter they are essentially not reviewing tickets from free users at the moment.

So just a heads-up to the HN community!

Are there other, more privacy oriented transcription services anyone can recommend?

190 comments

[ 3.3 ms ] story [ 240 ms ] thread
> I am not much of a privacy person but I feel completely abused in this situation. I have opened a support ticket with screenshots but there is no response, and according to Twitter they are essentially not reviewing tickets from free users at the moment.

Important thing here is, you're not a customer.

> Are there other, more privacy oriented transcription services anyone can recommend?

Probably not, since this is probably a bug that can affect any of these applications. And privacy focused apps are a niche and a niche that isn't that much fun to develop. The nature of these apps lean towards people who aren't privacy focused since you would be allowing a third party to listen to calls which is the opposite of privacy. You don't need a more privacy focused app, you just need another app and probably to become a customer so you can get the support you clearly want.

(comment deleted)
How are they going to upsell people to paid tiers if the free product is malfunctioning?
Let's be serious, if the bug exists it'll exist on all versions. So they'll fix it. But they'll be responding to customers and not resource drains.
> Important thing here is, you're not a customer.

That’s not the important thing at all. The important thing is the Otter.ai is violating the privacy of its users, potentially even breaking laws in some jurisdictions.

If anything, it raises some more red flags that they’re ignoring consent for free users, since that could be interpreted as an attempt to monetize them by collecting data (again, without consent)

If you don’t want non-paying users, then don’t offer a free tier. You don’t get a free pass to do whatever you want to a user just because they aren’t using your paid plan.

Yeah, gotta "love" the 'we can break the law cause you didn't pay' HN philosophy.

I would derive great enjoyment of them in court in a 2 party state telling a judge "well since they weren't really a customer....."

In a 2 party state the user would be the one breaking the law. They installed the software...

If you install recording software, you're liable for what it records. Bug or not bug, the liablity is yours. The only way you would get Otter.ai in a courtroom would be a civil case and then the not being a paying customer therefore no expectations of a warranty applies.

Seriously, this thread is "I installed recording software and it worked on things I didn't think it would. This company is terrible." while most of us work in tech and know that bugs exist and have generally written some bugs. Worse case, it's a bug. The solution is to stop using it and move on. Or pay for support and have them fix it.

> If you install recording software, you're liable for what it records

not if it's recording without your consent

> Seriously, this thread is "I installed recording software and it worked on things I didn't think it would.

a poor attempt to reframe the thread, which is actually about a company monitoring confidential meetings without consent

if affirmative consent is such a non-issue here, why couldn't the company get it?

TBH, the pro-business blatantly illegal hot takes here on HN are expected.

Because some company figured out a 'hack' to make more money, somehow turns from illegal to "legal". And so many users here will defend that.

In this case, it's violating interstate wiretapping laws and state-based 2 party consent laws. But.. they just squint hard and go "Hey we can violate the law and make MORE money".

Uber is exactly that. So is AirBNB. So is Lime/Bird. Just go look at much of the tech companies, and it's "Offline company + way to break law to get money + ONLINE!!!!1!!1!"

Change by definition requires breaking established rules and is how societies grow. Normal part of the process.
change doesn't require breaking established laws, however, and that's what we're talking about
Doesn’t require it but it is ok if that happens.
I'm not convinced, but I don't doubt that there is at least 1 person out of billions who believes that to be so
> You don't need a more privacy focused app, you just need another app and probably to become a customer so you can get the support you clearly want.

A local transcription, manually triggered service would solve the concern I think.

> You don't need a more privacy focused app, you just need another app and probably to become a customer so you can get the support you clearly want.

I think there's a difference between free users with a "hey, my app is broken" complaint and "hey, you just did something incredibly wrong" complaint. It would be like if free Dropbox started uploading random files that it wasn't allowed to in the settings.

> I think there's a difference between free users with a "hey, my app is broken" complaint and "hey, you just did something incredibly wrong" complaint. It would be like if free Dropbox started uploading random files that it wasn't allowed to in the settings.

The thing is, you would need to review each of the complaints to know which is which. If you're providing no support and because you're not taking money for the service there is no real liability (depending on the contract) being a non-customer would mean, if they do something incredibly wrong you need to get a new provider.

If you're not a customer, you can't expect support. If you want support, pay $10 and then fill the ticket. It just annoys me when people complain about not getting support when they've not paid for anything.

> because you're not taking money for the service there is no real liability

Just because you're not taking money doesn't mean you can break the law without liability! Even outside of GDPR/CCPA, most states require all parties to consent in recording and every state requires at least one party to consent in recording.

I do agree that this is the kind of service worth paying for if you want privacy and I'm not a lawyer so I can't say that this is actually illegal, but if you're ignoring not just "hey this is incredibly wrong" tickets but "hey this is illegal and I'm warning you before I file an official complaint" that seems like it will end poorly.

> If you're not a customer, you can't expect support. If you want support, pay $10 and then fill the ticket.

I think the support ticket was only mentioned in the sense that a journalist would: "we contacted the company; they did not respond to the allegations."

the whole purpose of taking complaints is to...review each one of them to get a view on what remediation is required of your service.
Tangential, but I often wish I had screenshots to prove I'd opted in, or out, or otherwise done the right thing. It shouldn't be too expensive to record and index the screen whenever I'm doing something important online and keep it for a week.
Multiple products exist to take multiple screenshots over a time period including details on which application was in focus. This might be an approach thqt would work for you.
Would be a privacy nightmare. But some companies do, using hotjar and other tools.
Would a screenshot really prove anything, though? It would be trivial to modify
If it comes down to an I-said/they-said about whether I checked some box, then:

- if it's my memory against their database, I'd probably lose.

- if it's my video capture against their database, it could go either way.

- if it's me and several others' videos against their database, we'd likely win.

But besides the win-lose proposition, it'd be worth something to me to be confident whether I was right or not.

But who are you trying to convince?

If it's them, they can just say "ok so what" to your footage, it existing or not or coming from multiple people or not is not entirely relevant, as a company they can choose to use it or throw it away.

If it's everyone else, why? What benefit does it get you to have others know you're right? You're still in the same position, with your choice discarded.

It could be a journalist writing a story about how some company sells your information despite users checking "[x] don't sell my information".

It could be a government consumer protection agency investigating the company, or a court asked to fine the company.

When working a large enterprise, legal asked technology if we could create and store a screenshot of every email going out for evidence in court.
Did you explain cryptographic signing to them?
How would you show the content and layout of an email with cryptographic signing?

You could sign the screenshot with a timestamp (out of my league though to get that right) from an untamperable source to show it hasn't been tampered with. Did you mean that?

Every day, generate an archive of all the email you received. Encrypt it, sign it, and generate a hash. Put all the hashes on a public page.

Write the procedure up, and have a VP attest that they ordered this done and have audited a random sample to ensure that it was done to spec. Get the attestation notarized. Repeat once a quarter or so. If the VP moves on or dies, make sure the new VP is on board immediately.

No need to have a screenshot, it's email. When a court requires you to show evidence, you bring in the VP, the notarized statement, a copy of the code, and the encrypted and unencrypted archive for that day.

I don't know if saving the email with all inline images and downloading all external images, having the mail clients to render this as it was at the time, packaging this up, etc. is easier than taking a screenshot (like E.g. Litmus does) E.g. for offers in an image.
Take more screenshots https://news.ycombinator.com/item?id=32215277 20220724

> record my screen with OBS (https://obsproject.com/)

>> 1080p in 10fps might be enough and it won't take ridiculous amount of space (ffmpeg de-dupe afterward: https://news.ycombinator.com/item?id=32215277#32223240)

--

> The space requirements can be very low capturing something like writing code (ffmpeg low fps: https://news.ycombinator.com/item?id=32215277#32235012)

--

> (Mac shell command & AppleScript: https://news.ycombinator.com/item?id=32215277#32219314)

--

Other OSS recommendations (there are a couple good offline Mac software recommendations as well):

https://getsharex.com - Windows

> You can also configure sharex to run tesseract ocr locally on the images

https://github.com/soruly/TimeSnap - Windows, archived

https://github.com/wanderingstan/Lifeslice - Mac

https://flameshot.org

https://tropy.org - organize images

AI bot covertly joins company meetings to record conversations to monetize freemium users.
> I have opened a support ticket with screenshots but there is no response, and according to Twitter they are essentially not reviewing tickets from free users at the moment.

Are you living somewhere covered by GDPR (=EU, UK, nordic states) or in California? If yes, complain at the data protection agency.

I just deleted my account because of that, also they share conversations with everyone in the meeting by DEFAULT, it wasn't nice receiving a message from a co-worker telling me that he received an email with the transcription it generated.
Wtf, that's terrible UX.
For sure, it’s almost certainly a “growth hacking” attempt (they’re hoping the ppl they email signup to otter.ai), but a pretty terrible one. Every other similar growth hacking attempt I’ve seen will explicitly ask for consent before sending anything to non-users of the app.

Overall, sounds like a VERY unscrupulous company, that you shouldn’t trust with your personal data.

That's not what the UI says, or does. I signed up and actually looked, before posting.
Even more terrible is using a recording service when you're in a meeting with me, not telling me, then complaining the real problem is the service told me
He didn't want Otter.ai to transcribe. He had turned it off!
As understandable as the mistake is, I would be upset if I had arranged a private meeting with someone and they let a third party into the conversation (excluding force majeure such as sophisticated hacking, violence, etc).

Especially if it was some unaccountable third party recording agent! Who knows where that data is going?

OK, and nobody is disputing this. The fact remains, he did not let any third party into the conversation.
If some of the participants are located in the EU this is a GDPR violation.
How so?
If the bot transcribes anything GDPR considers personal data and then emails it out you're already in breach. Simply someone telling their phone number to another participant over the call would result in a violation.
It wouldn't be in breach. otherwise, you sending an email with someone's email/phone number via gmail in it would cause Google to breach it. That would be on the software user. If you use somewhere that to breach GDPR, the software provider is not liable for how the user uses it.
If the software is transcribing and sending emails without the user's awareness, much less permission... then the responsibility must rest with the software. Software isn't responsible for my deliberate decisions, but it is responsible for anything it does without consulting me.
That isn't going to fly is it? I didn't know this software did this when configured in this way isn't really something that moves the liability.
He specifically _didn't_ configure it in that way.
How many times has a user said they didn't configure something that way and when you checked they did and they were thinking about a different setting for something else? Realisitically, it's actually the most likely thing that happened.

And he did have it configured to send out emails. So that part is true.

If they're lying or mistaken, let us discuss the lie or mistake, and even the possibility that there could have been a lie or mistake (based on something.) Just dismissing it based on a obvious counterfactual that you're declaring based on no evidence other than that you think users lie and developers don't make mistakes is a waste of time.

If you have some kind of insight into the specific configuration of otter.ai, or evidence that this specific person has made a mistake (and that all of the other people that have also seen this behavior are also mistaken) that would be constructive. As it is, you're not even carrying water for a company, you're offering water to a company that didn't ask for it by denigrating the people around you.

Thank you for defending me; my HN has anti-distraction timer so I wasn't able to respond to them.

Like I explained in the other comment, while mistaken configurations are frequently a user mistake, I was exceptionally careful in this instance because the same thing had just happened to my boss and I was wondering what the mistake she made was.

Also, I was hoping for a quality investigation and response from otter.ai but I think anyone can compare the credibility of my account to their response in this thread to figure out who they believe.

> And he did have it configured to send out emails. So that part is true.

This isn't true at all. This feature was and is disabled on my account.

> How many times has a user said they didn't configure something that way and when you checked they did and they were thinking about a different setting for something else? Realisitically, it's actually the most likely thing that happened.

Normally I would agree with you - the same thing happened to my boss earlier in the day, the Otter bot joined a call before she did and she was baffled how it was there. I thought she must have accidentally enabled a new feature.

So when I looked at my otter.ai account after that I was exceptionally careful to not just click through the big blue "Enable Otter Assistant" button and find the light grey "Skip" button in the upper right. To no avail, as the Otter bot started to invade my meetings after that.

I only stopped it by disabling the Google Calendar integration they had had prior, which was only to suggest which meeting to link recordings to, and not the new "Otter Assistant" feature that automatically joins meetings.

If you made a draft email with those details, then GMail sent that draft without your authority then they too would be in breach, albeit unwittingly. That seems like a reasonable analogy to what happened in the OP, assuming it was a bug and not some 'growth hacking' plan as others have speculated.
If you tell the software to do something that is a breach, or used it when you could reasonably be expected to know it would behave in such a way, then yes you are responsible.

If, for custom software/configuration, you specify software to do something automatically that is a breach, then yes also.

If the software does it without your instruction, especially if you explicitly opted out, that is in beach, then the service responsible for the software may be liable instead.

How enforceable this is, is a different discussion…

(comment deleted)
Also deleted account. If anyone from Otter.ai is here - don't do this, reverse this change, email anyone affected since the change and apologise and also, i'd advise you to lawyer up.
Odds are they know their market better than you do, and are fully aware of just how serious the consequences from shit like this can be.

but this is capitalism afterall, kind of the point

He is the market, so I'm pretty certain he knows what he wants.
Yeah, I just signed up to play with this and was surprised that a random "get started" sort of forced me into it to continue. After I noticed an incredibly faint "SKIP" text button in the corner. I disabled it afterwards.
Same, deleted my account over this. One of the most comically egregious UX fuckups I’ve ever seen.

Maya Angelou is apposite: “When people show you who they are, believe them the first time.”

There are plenty of places where this is illegal wiretapping, whether it’s you doing it or otterai is debatable.

https://recordinglaw.com/party-two-party-consent-states/

In an all-party consent state you would need everyone in the call to consent for recording to be legal, but even in one-party consent states you would still at least need OP's consent to be recording! If the user says no and they record anyway, I can't think of any state where that's legal (though the EULA probably has something covering that, unsure if that holds up in court).
We are building a privacy-first transcription & recording solution. Sign up at https://www.rewind.ai for early access or if you are super eager email me at dan@ at the domain above.
Unless it's entirely self-hostable and/or runs entirely locally on the user's machine, it's a hard pass from me.

Also, this marketing copy makes your product sound a lot more like some kind of AI hype scam than an actual product:

> What if we could use technology to augment our memory the same way a hearing aid can augment our hearing? This question is why we founded Rewind. > > Our vision is to give humans perfect memory. > > We are building a search engine for your life.

That was a pretty good Black Mirror episode!
Fantastic episode! “The Entire History of You”

The biggest difference is that I believe we would all be more honest with one another if we had perfect memory.

It would prevent more marital strife than it would create.

I hope you're right, because that world is probably coming, but to play devil's advocate:

The biggest difference is that I believe we would all be more honest with one another if we had perfect memory.

This reminds me of Mark Zuckerberg believing the world would be a better place if we couldn't have multiple identities, because multiple identities showed a lack of integrity.

It would prevent more marital strife than it would create.

It depends on which way the causality goes in "forgive and forget"!

Good points.

To be more precise, my point was more practical and less utopian.

The main characters in this episode lie in a way that could easily be proven wrong. It’s fun to watch and dramatic, but I think unrealistic in a world of perfect memory.

> Unless it's entirely self-hostable and/or runs entirely locally on the user's machine, it's a hard pass from me.

It runs locally on your machine.

> Also, this marketing copy makes your product sound a lot more like some kind of AI hype scam than an actual product

Yea, I can see your perspective. We're still in stealth mode so will be more forthcoming soon. For more context, here is the full founding story:

I started to go deaf in my 20s. When I turned 30, a hearing aid changed my life. To lose a sense and gain it back again feels like gaining a superpower. Ever since that moment, I’ve been on a hunt for ways technology can augment human capabilities and give us superpowers.

That hunt ultimately led me to memory. Studies show 90% of memories are forgotten after a week. Just like going deaf, our memory gets worse as we get older. But does it have to? If we have hearing aids for hearing and glasses for vision, what’s the equivalent for memory?

What if we could use technology to augment our memory the same way a hearing aid can augment our hearing? This question is why we founded Rewind. Our vision is to give humans perfect memory. We are building a search engine for your life.

The big names provide recording and transcription now - Zoom has it, Teams has it (Teams apparently does it realtime and live and it's not bad, great for the deaf!).

I suppose those are part of paid plans, and they trigger the "your shit is being recorded, dude." warnings.

Don't the need the permission of all participants to transcribe?
No you do not - at least not technically! I had to look into this at work. I looked at WebEx, Teams, and Zoom - all three let auto-transcribe just roll. I think on one of them it gives a quick popup saying it's transcribing but no consent required. Contrast with audio/video recording where Zoom lets you either consent or leave the meeting. I asked our legal counsel and they said it's kind of iffy whether live auto-transcription counts as recording - didn't seem like a settled matter.
In Teams at least, it's called transcription, but really it's captioning. It's not recorded unless you also turn on recording.
Can you cut the text out of the caption window before leaving? The one I saw it was appearing in chat (I think?).
Maybe? But you can also point a camera at your screen and record the whole thing...or do it in software with screen/audio capture.

The point is the app isn't recording without telling people just to do captioning.

No app prevents bad actors from recording.

The big difference here is that in such a scenario all of the participants explicitly use the Teams or Zoom and they're technically "getting notified about recording" in the terms and conditions of Teams or Zoom telling that Microsoft or Zoom is getting the recordings which they got when starting to use Teams or Zoom. However, in that bot scenario, none of the other participants are users of otter.ai, have no relationship with them and so can't grant any permissions.
I think as long as you notify people and give them the opportunity to disconnect that's generally considered consent, as with 800 numbers where they tell you calls are recorded for quality assurance or whatever.
The company who predominantly works in that space is called "CallMiner".
Depends on the jurisdiction. In many states you only need 1st party consent to record a call. If you're ON the call (as opposed to say, wire taping it...) you're your own first party.
Zoom does realtime too
That's not the news. The news is that otter.ai did it automatically and even though the user had it disabled.
Zoom's live and post-meeting transcription happens to be done using licensed Otter.ai code.
Employee installs something on company computer and gives access to company content. Program does something nefarious but employee innocent.
Um, yes? That's how it works with literally every piece of software that have any permissions locally. What if Google Chrome decided to do the same thing unilaterally?
Some security conscious organizations will ban all external software and then approve exceptions on a case by case basis as they pop up.

In such a place, someone has already long ago submitted a ticket to have Google Chrome blessed and the employee installing Chrome is following regs.

Yes, in my case the CEO recommended we use Otter to keep all of the meetings on our dozens of projects straight.

It's not that we didn't want to use it sometimes, it's that I had no desire to use it for these times and it went completely rogue. That could happen with any software, even an OS itself.

Depending on where you live, that might violate wiretapping laws. Most of North America requires at least one party consent.
I’m not in agreement with this idea, but i wonder if these companies could legally be considered a participant and therefore the one party consenting…
Interesting thought, that's something that could be buried deep in a EULA.
It probably counts as one-party consent, but not two. California requires two.
(comment deleted)
Although the standard description is "two-party", it's almost always really "all-party".
(comment deleted)
It could also not count as wiretapping, since it's about transcription, not about audio recordings.

If the transcription service's presence in the call isn't hidden from other participants, is it still wiretapping?

For Otter.ai that's probably moot because it also saves an audio recording that can be played back alongside text.
(comment deleted)
I stopped using them when I saw they share with everyone by default. I wanted the notes only for myself so I could be more present in meetings but not at the expense of making everyone feel like they have to watch what they're saying because it's being transcribed.
That approach sounds like a potential problem for more-than-one party consent jurisdictions.
(comment deleted)
Even in one party consent jurisdictions you're not just allowed to send a copy off to whoever you like. Often it's permitted for personal review or for gathering evidence, but it's not necessarily allowed to sell the conversation (or send it to a third party in exchange for something else, like this transcription).
That's really only just hiding the fact that they should be watching what they're saying, though. If someone is sending a copy of our private conversation to a random third party, I'd certainly like to know about it.

If anything, this "warning" only makes me trust this service more because I don't have to wonder if this service is listening in.

"by default". I assume sharing can be turned off by the user.
I have been a user of Grain for a while, and I appreciate that it auto-joins all of my meetings. However, in a couple of situations it has been with non-tech people who were absolutely confused "what this is" and I didn't see an easy way to disable ahead of time for specific meetings or specific participants.

These tools need a lot more UX work considering the sensitivity of the outcomes.

Is there such a thing as a simple audio transcribing system that can turn a recording into a text file? I have this problem where I sometimes forget a sentence someone JUST told me. And often my notes aren't sufficient compared to a verbatim recording because I'm liable to forget important contextual info very rapidly. But dealing with raw audio files is a PITA.
Turn on closed captioning?
The more uncomfortable truth is that I'd rather be able to record on a separate device because I will get in trouble for it if it comes to light. It is legal in my region, but people will be (very rightfully) creeped out by it and are unlikely to ever buy my short term memory sob story.

OP mentioned multitasking so maybe they had a similar version of this problem. People aren't going to be happily recorded just for the purpose of someone wanting to preserve their own energy during meetings.

> It is legal in my region, but people will be (very rightfully) creeped out by it and are unlikely to ever buy my short term memory sob story.

Okay, so maybe it's best if you don't do it then?

No, because no harm is done once I delete the files after looking over the notes, and I am able to perform my job far better than otherwise. It's just that from an outside perspective it is unlikely to sound innocuous despite being so.

It's a bit like those 'wait I can explain' situations in sitcoms.

You do you, but if it would creep them out and you knowingly continue while hiding the fact from them, that feels to me like a breach of trust.
The VOSK library is good for transcription but there seems like a lack of good simple command line frontends for offline transcription of audio files.

mp4grep works and I've been using it but it has some unnecessary features if this is all you want to do (it's mainly designed to cache the transcriptions and let you search them rather than just write them to a text file) and hopefully someone will make a simpler command line transcription tool.

https://alphacephei.com/vosk/install#usage-examples demonstrates the bare-bones vosk-transcriber sample, and there's also https://www.assemblyai.com/blog/getting-started-with-espnet

I wasn't able to play with https://github.com/o-oconnell/mp4grep on ARM.

Ah, vosk-transcriber looks like it's decent, especially if you use srt output so you have timestamps. Probably no reason to use mp4grep for this purpose then.
I'm still hoping for a turn-key open source solution that includes speaker identification.
macOS added this to the OS

https://www.maketecheasier.com/enable-live-captions-ios-maco...

Google meet also has it built in on the client.

Edit: previously incorrectly linked to https://support.apple.com/en-au/guide/mac-help/mchlc1cb8d54/...

"I am not much of a privacy person but I feel completely abused in this situation"

On the plus side you have been given a valuable lesson.

For example: you may be more of a privacy person that you thought, you may want to be more careful about sharing your data. You may want to consider if you are paying for a service or not makes any difference in the way your data is handled.

Since tracking and selling of data, in general, is free revenue on top of any service fees, it seems to me that successful companies will over time trend towards service fees AND tracking/selling personal data.
I agree except that such company need not be successful nor do this over time.

Every day a company is not selling your data, it is "leaving money on the table" - a mortal sin.

Is anyone here a lawyer that can explain the ramifications of this in all party consent states?
I don't know whether this is bumping into a complicated legal area of audio recording consent, but your company might want to ask a lawyer (about any wrongs to the company, any obligations the company has, etc.).

https://en.wikipedia.org/wiki/Telephone_call_recording_laws#...

If you're not the head of the company, you could raise it with a higher level of management, or ask in-house counsel.

IANAL But transcriptions of calls don't GENERALLY run into the multi-party consent state laws, because the concept of a non-human listening/transcribing a call didn't exist when most of those laws were created. So if the service doesn't keep a copy of the recording (they just transcribe on the fly), then it's probably legal.

That being said, most services do announce themselves in someway to cover the legal grey areas. Plus it's the right thing to do ethically.

How do you know recordings aren’t kept? For “quality control?” And they probably are recorded and cached. Even if for a minute, that violates statutes. Statutes don’t care about some progressive overbroad app.
Does anyone know of a good app for voice journaling?

I use Otter for that purpose exclusively, and between this news and their recent UI changes to make the record/stop button tiny on their iOS app I'd like to seek an alternative.

I use DayOne for written journals and know it offers voice capabilities, but the limits are pretty short. I'd like something more akin to Otter.

Tangential question: I know that wiretapping laws in many states require everyone to be notified if a recording is being made. Does anyone know if the same applies to a transcription?
> The bot proceeded to join two confidential meetings on my behalf and record the whole thing, then email every member an absurd, inaccurate "outline" after.

Can you explain how it was able to do this, apparently without people noticing? From what I understand it joins the meeting as a participant, which would be pretty obvious?

I'm curious about this too. Possibly some large internal meeting, like a company quarterly update on performance and plans going forward? If there's 200 attendees someone might not notice a random one. Though Google still requires approval whenever someone outside your domain joins a meeting, so I feel like that would get caught easily too.
To clarify, it joined as a very obvious user. It was not without people noticing, they didn't really seem to care but I did. I was not the meeting organizer so I could not kick it and didn't want to derail the discussion with explaining how I couldn't control my own computer (great look in front of clients), so we just proceeded with it recording.

The automatically emailed outline afterwards was the cherry on top, though, as it was filled with AI generated questions that I absolutely did not need answered. I got one response from someone that patiently explained some of the answers to the (idiotic) questions - how embarrassing.

> I am not much of a privacy person but I feel completely abused in this situation.

This is part of the reason why it's important to have strong privacy protections, even if it doesn't feel like privacy issues have impacted you personally. Eventually everyone has their private data abused.