Webex
Video Call Apps

Webex

Cisco
Wi-Fi

Review date: Sept. 8, 2021

|
Mozilla researched 8 hours
|

Mozilla says

|
People voted: A little creepy

Webex is a video call app made by Cisco targeted at business users. It did beef up its free version when the pandemic hit in 2020. The free version offers up to 100 participants per call and meetings as long as 50 minutes. Webex offers the standard fare of video call app features – high quality video and audio, downloads on desktop or mobile app or access through a browser, screen sharing and recording, and the like. Webex is used by many healthcare businesses as it can be compliant with US HIPAA medical privacy laws. Cisco Webex also touts their pioneering use of artificial intelligence in their video conferencing product to do things like facial recognition, meeting transcription, and an in-meeting AI personal assistant.

What could happen if something goes wrong?

Webex by Cisco seems to put a strong emphasis on security with its products. For a product that's used frequently by financial and healthcare providers and can be HIPAA compliant, that is a good thing. End-to-end encryption isn’t enabled by default, so good to enable that, even though it will cause some features to not work. Webex has had a few known security vulnerabilities pop up. Fortunately, it looks like the company was responsive when these vulnerabilities were discovered and quick to push a fix out to their users. They do say they can collect a fair amount of data, as most of these video call apps outside of the privacy focused apps seem to do. They say they won’t sell this data but they can share it with other Cisco businesses as well as third-parties and contractors. And we found the password requirement for free users is weaker than for business users, so if you're using the free version of WebEx, it's probably still wise to make your password something really long and complicated like "iMNotW3aringpAnyPanTsiNThisM33ting!" or something like that.

  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

Cisco claims to not sell data nor to serve ads on its app. They also promise to not track your usage or content for advertising purposes. However, the data may be shared with numerous Cisco's business partners, service vendors, authorized third-party agents, contractors, etc.

How can you control your data?

The retention rights are stated, but the retention periods are missing in Cisco's privacy policy. The method of data retention is data being either destroyed, deleted, anonymized, and/or removed from their systems. It's great to know they have a method to destroy data. We want to know how long they retain data and we could find no mention of that.

What is the company’s known track record of protecting users’ data?

Average

In November 2020, a flaw was discovered in Cisco Webex Windows application, with the help of their bug bounty program. With this flaw, a ghost could stay in a meeting while not being seen by others, even after being expelled by the host. Cisco addressed this vulnerability, and the company is not aware of malicious use of the vulnerability that is described in this advisory.

Can this product be used offline?

N/A

User-friendly privacy information?

No

Privacy policy could be simplified

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

No end-to-end encryption by default. End-to-end encryption can be enabled at the cost of some features not working.

Strong password

Yes

Password requirements could be stronger for free users. Business users are required to create a passphrase with "at least 8 characters, at least one number, at least one lower case letter, at least one upper case letter, at least one special character." For free users, password requirements are only six characters minimum, with at least one number and one letter.

Security updates

Yes

Webex updates its mobile apps at least once a month.

Manages vulnerabilities

Yes

Webex parent company Cisco has a bug bounty program and there is a successful track record of its implementation.

Privacy policy

Yes

https://www.cisco.com/c/en/us/about/legal/privacy-full.html

Does the product use AI? information

Yes

Cisco is involved in the application of a range of AI-based technologies including natural language processing, speech technology, speech to text (STT) and text to speech (TTS), speech transcription and translation, noise detection and removal, face recognition, people insights.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

No

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

  • Rethinking Zoom? How WebEx, Teams, and Google Meet and Duo Compare on Privacy and Security
    Inc. Link opens in a new tab
  • Cisco Webex Meetings Review
    PC Magazine Link opens in a new tab
  • Cisco Clarifies Privacy Policy for Webex Videoconferencing
    Consumer Reports Link opens in a new tab
  • Webex security flaw allows people to secretly sneak into meetings as "ghosts"
    TechRepublic Link opens in a new tab
  • Cisco patches dangerous Webex vulnerability
    Computer Weekly Link opens in a new tab
  • Collaboration in the Age of AI: How Cisco is Pioneering the Use of AI and Emerging Technology Within Collaboration
    WebEx Blog Link opens in a new tab

Comments

Got a comment? Let us hear it.