Due to the COVID-19 pandemic, we have become even more reliant on technology more than ever. Aside from frontline, essential workers, many workers have transitioned to working from home which means more usage on cloud-based platforms and virtual conferencing; enter Zoom.
Zoom has become one of the most popular video conferencing platforms in the US however it has also become the new face of privacy concerns. In just a few short months, Zoom has gone from 10 million users to 200 million users including educational institutions, research facilities, and various businesses. As Zoom grows popular with users, they are also gaining traction in the news headlines over privacy breaches. These concerns are enough for both the FBI and the Attorney General of New York to launch investigations into Zoom.
Zoom’s Privacy Failures
To give Zoom credit, many of the high-risk vulnerabilities are resolved quickly after discovery. Issues such as potential backdoors for hackers and account hijacking via email. However, many issues still exist such as weak encryption, easily corruptible software, and the infamous “zoombombing”. Zoombombing is when an unauthorized person is allowed to join Zoom calls. Recorded meetings and private chats have also been exploited and have been leaked online.
While many of these issues stem from outsides sources, the main inside source concern is with the data Zoom collects. Like many other big tech companies, Zoom collects your data. Lynn Haaland, Zoom’s global risk and compliance officer stated that they do not sell or rent user data however Haaland’s statement is not explicitly stated in their privacy policy. The language used here is important as experts can tell you there are many ways to monetize user data other than just simply selling it. Companies can share data with third parties for free to gain support from those same parties.
After widespread backlash, Zoom has removed a feature that allowed information to be shared without the user’s knowledge. Via data mining, information, such as name and email, would be matched to a LinkedIn account, even when using pseudonyms. The LinkedIn account would then become a clickable link for other participants to use if they were using LinkedIn Sales Navigator during Zoom meetings. Independent analysis has also indicated that Zoom sends data to Facebook whether or not you have a Facebook account with them.
On desktops, Zoom is not offered on the Apple or Microsoft app stores most likely because they do not want to, or they are unable to abide by their strict regulations. By having users install the app directly onto their computers, Zoom has more access to your computer for seamless use however it also allows for widespread data collection.
How Can You Protect Yourself?
Some of these concerns can be simply addressed by enabling stronger security settings within the app itself. Generating new meeting IDs each time instead of using your personal meeting ID, enabling passwords for your meetings, and enabling the waiting room feature can help secure your calls.
Additionally, weak personal security can be detrimental to overall protection. So far, over half a million accounts can be found on criminal markets. The majority of these accounts were leaked as a result of social engineering exploits which could have been prevented with better internet security practices or never reusing the same password on different accounts.
There are still major concerns and many educational institutions in New York, Washington D.C., and Las Vegas are dropping Zoom due to the potential risk. Unfortunately, asides from a major redesign, there is little users can do in regard to the weaker encryption and data mining that is inherently built into Zoom’s company and platform.
Is Zoom Safe?
Security experts have said that for the majority of people, Zoom is safe enough to use. It is important to keep in mind that Zoom does collect user data and there is very little transparency with what they use that data for.
For those who must use Zoom due to a school or work requirement and are concerned with privacy issues, it may be possible to suggest safer alternatives like Microsoft Teams, Skype, Google Hangouts, and Webex.
For everyone else who has a choice and continues to use Zoom for personal reasons, they are responsible for understanding the risks and practicing proper precautions to keep your data safe.
Comments