Advertisements

Zoom’s A Lifeline During COVID-19: This Is Why It’s Also A Privacy Risk

I admit it, I’ve been using Zoom during the COVID-19 crisis to carry on with my yoga classes without having to leave my home. It’s been a lifeline using the video conferencing app to take an exercise class, and Zoom’s so functional it allows multiple people to be in the same “virtual” room at once.

Other friends are using it for virtual parties, and of course, business meetings and conferences. Even UK Prime Minister Boris Johnson was seen using Zoom for his recent cabinet meeting.

As someone who works in the security industry, I hear a lot about the privacy risks associated with the big tech firms Facebook and Google.

But now the COVID-19 crisis is increasing the frequency people use the video chat service Zoom, it’s important we are aware of the implications for our privacy. And Zoom might not be the best choice for privacy-conscious users, it seems.

Facebook COVID-19 Fallout: Why Is The Social Network Taking Down Legitimate Posts?

 

How private and secure are your Zoom calls? So, what’s the problem? For a start, Zoom’s privacy policy outlines some rather concerning data collection practices, according to research by consumer advocacy organization Consumer Reports.

On the surface of it, Zoom’s privacy policy is similar to the likes of Facebook and Google–it collects and stores personal data and shares it with third parties such as advertisers.

But Zoom’s policy also covers what it labels “customer content,” or “the content contained in cloud recordings, and instant messages, files, whiteboards … shared while using the service.”

This includes videos, transcripts that can be generated automatically, documents shared on screen, and the names of everyone on a call.

Consumer Reports points out that your instant messages and videos can be used to target advertising campaigns or develop a facial recognition algorithm, like videos collected by other tech companies. “That’s probably not what people are expecting when they contact a therapist, hold a business meeting, or have a job interview using Zoom.”

Consumer Reports reached out to the company for comment on its privacy practices. A Zoom spokesperson told me via email that the firm “does not sell user data of any kind to anyone.”

Zoom isn’t necessarily doing anything users would object to with the data, says Bill Fitzgerald, a Consumer Reports privacy researcher who analyzed the company’s policies. However, the firm’s terms of use provide “a whole lot of leeway to collect information and share it, both now and in the future.”

Data that can be collected and shared by your meeting host

The information that Zoom itself can share and collect is a worry, but what about the data handled by your host? Another big concern about Zoom, which you might not be aware of, is that the video app offers hosts “rights that might not be immediately apparent to other participants—or, in some cases, to the hosts themselves,” Consumer Reports states.

You might be using Zoom for work, so your boss could be the host, or you might be buying a service such as a class. Perhaps even more concerningly during this COVID-19 crisis, you may be using Zoom to talk to a health professional about your symptoms.

“Zoom puts a lot of power in the hands of the meeting hosts,” says Justin Brookman, director of privacy and technology policy at Consumer Reports. “The host has more power to record and monitor the call than you might realize if you’re just a participant, especially if he or she has a corporate account.”

Another particularly intrusive Zoom feature offers hosts the ability to turn on “attention tracking” to check whether you are paying attention during the call. This allows the hosts–who could be your boss or client–to monitor whether you click away from the Zoom window for more than 30 seconds while a screen is being shared.

Meet Lockdown, The App That Reveals Who’s Tracking You On Your iPhone

 

Zoom privacy: “A bucket of red flags” 

I asked Rowenna Fielding, a privacy expert and head of individual rights and ethics at Protecture, what she thought. She says Zoom’s privacy policy “is a bucket of red flags.”

“They collect a potentially huge amount of personal data from accounts, calls made through the service and from scraping social profiles, but there’s no way to opt out of specific use purposes while continuing to use the service.”

In addition, she says, although the policy is careful to state that no data is “sold”, it is still used for targeting and marketing purposes. “This in many cases is the harmful use that individuals most object to, especially if programmatic advertising, such as real-time-bidding, is involved.”

Fielding warns: “For an employee or contractor whose boss or clients require them to use Zoom, this is bad news because they are required to expose, or accept the passive collection of, personal data which is not strictly necessary for the operation of the call, and which is then used for a variety of vaguely-described purposes by Zoom.”

She says that while the policy might meet U.S. privacy standards, she’d give it a C- for transparency and accountability according to the more stringent EU data protection regulation’s (GDPR) standards.

Can you use Zoom while protecting your privacy?

Given these concerning privacy flaws, it almost seems impossible to see Zoom as a privacy conscious option. However, sometimes it’s your only choice, especially when the decision is made by a boss or provider of a service.

Consumer Reports experts advise you to keep your camera and mic turned off unless you’re actually speaking. If you feel that you need to have the camera turned on, the experts advise you use a background image so the host can’t see inside your home.

If you care about your privacy, Fielding advises using a unique email address specifically for Zoom, clearing cookies and blocking trackers after every call, opting out of all secondary data uses where possible, and leaving feedback that explains the problems with the service’s privacy.

And if you don’t have to use Zoom, why not choose something else? Many of us are stuck inside for a while during COVID-19, and Houseparty might be a good idea for social chats, while Signal provides a much more secure video service. Jitsi, an open source app that supports multiple chats, is also a good option.

Whatever you choose, check the privacy policy: When you’re on video, it matters even more.

 

Zoom has now sent me a longer statement in response to this story. “Zoom takes its users’ privacy extremely seriously,” a spokesperson told me via email. “Zoom only collects data from individuals using the Zoom platform as needed to provide the service and ensure it is delivered as effectively as possible. Zoom must collect basic technical information like users’ IP address, OS details and device details in order for the service to function properly. 

“Zoom has layered safeguards in place to protect our users’ privacy, which includes preventing anyone, including Zoom employees, from directly accessing any data that users share during meetings, including – but not limited to – the video, audio and chat content of those meetings. Importantly, Zoom does not mine user data or sell user data of any kind to anyone.”

Meanwhile, Zoom says its attention tracking feature is “built for training purposes.”

This is “so hosts can tell if participants have the app open and active when the screen-sharing feature is in use,” the spokesperson says, adding that the feature is off by default and only the account admin can enable it. 

“It is important to note the attention tracking feature only tracks if a participant’s Zoom video window is open and in focus when the host is sharing their screen. It does not track any aspects of the audio or video content of a call, and it also does not track any other applications or activity on your device.”

Follow me on Twitter.

I’m a freelance cybersecurity journalist with over a decade’s experience writing news, reviews and features. I report and analyze breaking cybersecurity and privacy stories with a particular interest in cyber warfare, application security and data misuse. Contact me at kate.oflaherty@techjournalist.co.uk.

Source: Zoom’s A Lifeline During COVID-19: This Is Why It’s Also A Privacy Risk

Please follow my instagram: http://instagram.com/arminhamidian67

Advertisements

What Will Happen to Internet Privacy in the Future?

Unfortunately, we have reached a point where the internet doesn’t work correctly unless we sacrifice some of our privacy. Everything from Twitter to cell phones wants access to our personal information, GPS location, and more. To most of us, how companies store and use our information is mostly a mystery. There are constant stories about stolen consumer information, yet we still, willingly, give out ours because the alternative is cloud services and social networks locking us out. If internet privacy has already eroded so much in the present day, what will things be like in the future? Read more…..

Source: What Will Happen to Internet Privacy in the Future?

%d bloggers like this:
Skip to toolbar