Zoom: Are you spying on me?
A third of the world is currently on lockdown. WFH became the new normal, and we’re getting used to seeing our oldest relatives on a small 6" screen. Economy forecasts are not getting better, and the world needs to keep moving.
The deadly Covid-19 will change the way we socialize, but also the way we work, learn, teach, and communicate.
While World Health Authorities encourage self-quarantining to contain the pandemic, the world turned into digital tools to keep communicating with each other. Usage of tools like Slack, Microsoft Teams, Google Hangouts, Zoom, Skype, all suddenly spiked around the world.
Zoom is getting particular attention, and even its stock prices are flying up. The Freemium model is attractive enough: “Sign Up Free!” You can also host group meetings with up to 100 participants for 40 minutes.
But at what price?
Zoom’s privacy policy gives the company the right to collect personal data of Zoom users, regardless of whether they have a Zoom account. This data they might collect might include their physical address, debit card information, and even what device they are using. Were you expecting something different? It is a free service.
And what are they doing with my data?
After a couple of public reports last week about Zoom’s privacy policy, Zoom has rewritten it, and a new version came out while I was writing this article. The March 29th version explicitly mentions, “we do not sell your data.”
Well, but one question remains: does Zoom exchange data with other parties?
According to Vice, Zoom’s app sends some analytics data to Facebook, even if you don’t use your Facebook account to sign in. According to Motherboard’s analysis, once you download and start the app, it connects to Facebook’s Graph API. The app notifies Facebook that you opened it. Then it sends details of your device such as the model, the time zone, and the city you are. It also shares which phone carrier you are using and your phone’s unique advertiser identifier. Using the advertising id, Facebook can then show Ads related to this activity. The sent data is similar to that which activist group The Electronic Frontier Foundation (EFF) found the app for surveillance camera vendor Ring.
At the time of this writing, Zoom’s privacy policy, their app or website doesn’t address this at all, even though Zoom has publicly stated they will remove this feature.
March 31st, 2020
UPDATE : Zoom is now being sued by a user who claims the popular video-conferencing service is illegally disclosing personal information. The company collects information when users install or open the Zoom application and shares it, without proper notice, to third parties including Facebook Inc., according to the lawsuit, filed Monday in federal court in San Jose, California.
Your meeting host might be tracking your attention
According to Input, Zoom monitors the activity on your computer and collects information about the programs running, as well as the window currently active. Zoom refers to this capability as “attendee-attention-tracking.”
This capability allows the host of a Zoom call to monitor the activities of attendees while screen-sharing. If attendees of a meeting do not have the Zoom video window in focus during a call where the host is screen-sharing, after 30 seconds, the host can see indicators next to each participant’s name indicating that the Zoom window is not active.
April 2nd, 2020
UPDATE: Zoom is removing Attendee Attention Tracking Feature, following community complaints, according to this post.
Your organization administrator, might access your recordings and contents
Zoom allows administrators to see detailed views on how, when, and where users are using Zoom, with comprehensive dashboards in real-time of user activity. Administrators can access the contents of recorded calls, including video, audio, transcript, and chat files.
Zoom also allows administrators to see the operating system, IP address, location data, and device information of each participant in any recorded call. This device information includes the OS, specs on the make/model of your peripheral audiovisual devices like cameras or speakers, and names for those devices.
Administrators can also look freely at a user’s chat history, if you didn’t activate end to end encryption for chat (not enabled by default).
So, whether you are a user from an organization that just adopted Zoom or you are an Individual that uses Zoom to communicate with your relatives, please make informed decisions before going further. One should make sure our vigilance and awareness about data collection and privacy is not compromised, even though we need to stay connected in this challenging time.
Lockdown. Stay Safe, but stay private.
