Is mumble safe (privacy wise)?

2

When chatting on IRC, it is possible to leak data like OS, CPU type if the IRC client happens to leak it in VERSION string. Anybody doing /CTCP VERSION can see it. Same about timezone (/CTCP TIME). This can be mitigated by turning replies to CTCP queries off. Also, IP address is leaked to others (/whois nickname will show it if it's not cloaked).

By analogy, does the mumble client expose such sensitive data to others that are connected to the same server? If it does, what are the ways to mitigate this?

AnonymousLurker

Posted 2012-07-30T20:19:10.440

Reputation: 775

FYI, mumble.com is a commercial service providing hosting for the Mumble VoIP software. This open-source software can be found on SourceForge : http://mumble.sourceforge.net/ .

– piernov – 2014-07-05T19:00:00.133

To clarify are you talking about http://www.mumble.com/ ? And if YES, are you asking about the server or the downloadable mumble client?

– Anthony Hatzopoulos – 2012-07-30T20:44:53.140

I am asking about the mumble voice chat client. Will edit my question to make it clear. – AnonymousLurker – 2012-07-30T21:04:49.363

Answers

1

According to this thread on their developer technical forum. Yes Murmur does send info like operating system and version info.

Here is a list of configuration options for murmur and the source code on github

Add this line to your murmur.ini to stop sending OS version info.

sendversion=False

Add this line to obfuscate your IP

obfuscate=true

You can disable allowing pings

allowping=false

Disable logging which is accessible via RPC

logdays=-1

If you run this under linux or mac, do not run it has root or a super user, but if you have to use the uname config option

I could not find anything about timezone.

The only EULA and privacy document I found is the one on their order page, linked in the section about having to agree to their 'Services Agreement'. Second place I found some privacy info was on their wiki

Anthony Hatzopoulos

Posted 2012-07-30T20:19:10.440

Reputation: 244

1Murmur is the server, not the client, I am concerned about the client. In a [me - mumble server - you] scenario, generally there's no way for you to sniff and find my IP. While mumble is indeed used in online games, my question isn't asked in this context, it's strictly about the mumble client and private data it may eventually leak. – AnonymousLurker – 2012-07-30T21:32:21.790

I would ask your question in their technical forum. You can also check out the source code if you are so inclined https://github.com/mumble-voip/mumble

– Anthony Hatzopoulos – 2012-07-30T21:38:27.007

Asked: 2012-07-30T20:19:10.440

Viewed: 8 465 times

Active: 2014-09-08T16:23:36.263