Zoom is quickly becoming the favorite video meeting app as the novelcaused an increase in homeworking activity. As and offices become , it looks like Zoom is staying here. However, with that popularity comes privacy risks, which extend to a wider range of users.
From built-in attention tracking features to exploitable software bugs and issues with:(where uninvited attendees break in and disrupt meetings) — Zoom’s security practices have drawn criticism from users around the world over the past year. In March 2020, New York Attorney General Letitia James sent Zoom a letter outlining concerns about privacy vulnerabilities, while the New York Department of Education decided to prevent educators from using the software to communicate with students. The Electronic Frontier Foundation also warned users who work from home about the software’s built-in privacy features.
Privacy experts previously raised concerns about Zoom in 2019, when the video conferencing software experienced both a webcam hacking scandal and a bug that could have allowed snooping users to join video meetings they weren’t invited to.
The issues exacerbated by widespread adoption at the start of the pandemic were only the latest chapter in the software’s rocky security history and led toin April 2020, freezing feature updates to fix security vulnerabilities during a 90-day update rollout. Although Zoom has since added new security features such as , there are a few more things to keep in mind to keep your chats as private as possible.
Here are some of the privacy vulnerabilities in Zoom to be aware of when working remotely.
1. Zoom’s cutting-edge attention-tracking feature knows if you’re paying attention
Attention employers, managers and home workers. Zoom’s high-profile attention-tracking feature can tell your meeting host if you’re not paying attention to their carefully curated visual aids. Whether you’re using Zoom’s desktop client or mobile app, a meeting host can enable a built-in option that alerts them if attendees spend more than 30 seconds without Zoom focused on their screen.
If you’re anything like me, your Zoom meetings rarely take up your entire screen. Jotting down notes in a separate text file, adding dates to calendars, glancing at reference documents, or discreetly asking and answering clarifying questions in a separate chat – these important parts of any regular meeting are all indicators of an engaged listener. When translated to online conferences, they often mean switching windows and should not be mistaken for signs of inattention.
However, to bolster your privacy, consider switching to a separate device if you want to handle secondary meeting tasks or create memes about poorly constructed pie charts.
2. Zoom’s cloud recording feature can share meeting video with people outside the call
For paid subscribers, Zoom’s cloud recording feature can be a life saver or a catastrophic faux pas waiting to happen. If the feature is enabled for the account, a host can record the meeting along with the text transcript and text file of all active chats in that meeting, and store them in the cloud for later access by other authorized users at your company, including people who may never have attended the meeting in question. Yaks.
As Mashable’s Zack Morse put it, “What that suggests, but doesn’t clarify, is that for non-webinar/standard meetings, your personal chat messages are sent to your boss later after a conversation is recorded in the cloud.”
Zoom does, however, allow a narrowing of the audience here. Administrators can limit the accessibility of the recording to only certain pre-approved IP addresses, even if the recording has already been shared.
3. Zoom even shared information with Facebook
You’re used to it from privacy-conscious people: don’t use Facebook to log in to other sites and software, unless you want toon what you do. Fair enough. But what if Zoom gets caught sending some of your analytics data to Facebook — whether or not you have a Facebook account?
An analysis by Vice’s motherboard found that the iOS version of the Zoom app did just that. Thanks to Facebook’s Graph API, Zoom told Facebook when you opened the Zoom app, what phone or device you were using, and your phone company, location, and a unique advertising ID. Motherboard also reported that Zoom had updated its iOS app so that the app would stop sending certain data to Facebook.
Zoom did not respond to CNET’s request for comment at the time. But a statement to Motherboard reads:
“Zoom takes the privacy of its users extremely seriously. We originally implemented the ‘Sign in with Facebook’ feature using the Facebook SDK to provide another easy way for our users to access our platform. However, we were recently informed that the Facebook SDK collected unnecessary device data.”
“Zoom uses certain standard advertising tools that require personal data (for example, Google Ads and Google Analytics). We use these tools to help us improve your advertising experience (such as showing ads on our behalf across the web, personalized advertising on our website and the provision of analytics services),” the policy said at the time. “Sharing of personal data with the third party provider while using these tools may fall under the extremely broad definition of the ‘sale’ of personal data under certain state laws, because those companies may use personal information for their own business purposes, as well as Zoom’s purposes.”
You should probably review your Zoom and device security settings with a view to minimizing permissions and making sure any anti-tracking software on your device is up to date and running.
It might not help, but it can’t hurt.
For more information about using the sneaky sneakto get out of your meetings, and .