On my systems, the 'audio' group is empty. The ACL of the audio device (and other devices with the `uaccess` tag) is adjusted by udev when the owner of the active console session changes.
(I don't know if the scheme is able to revoke access to a running process, but it's still a step up from a single, static 'audio' group).
How many Linux users really expect a hacker to 1) be on their local network, 2) find a zero-day exploit in SSH, and 3) want to eavesdrop on them? I'm pretty sure I'd get struck by lightning while attacked by a shark before that ever happened
I feel like this whole thing is driven by corporate interests. It would make sense in a context where a machine has multiple users (or: anyone at work can use their credentials on any workstation), which is not uncommon in a work environment. It seems largely irrelevant for a single-user desktop.
It irritates me that the Linux environment is constantly growing more complex to account for scenarios that are not relevant for me, and it's hard to opt out. That complexity is not zero-cost; I've been hit by many a bug (and have wasted a lot of time working around..) related to things that exist on my system yet serve no real purpose for me.
I guess it's the year of the Linux desktop when it gets corporate enough, and those who want a comfortable free operating system will be looking for alternatives :)
(I don't know if the scheme is able to revoke access to a running process, but it's still a step up from a single, static 'audio' group).