Webex is a video call app made by Cisco targeted at business users. It did beef up its free version when the pandemic hit in 2020. The free version offers up to 100 participants per call and meetings as long as 50 minutes. Webex offers the standard fare of video call app features – high quality video and audio, downloads on desktop or mobile app or access through a browser, screen sharing and recording, and the like. Webex is used by many healthcare businesses as it can be compliant with US HIPAA medical privacy laws. Cisco Webex also touts their pioneering use of artificial intelligence in their video conferencing product to do things like facial recognition, meeting transcription, and an in-meeting AI personal assistant.
What could happen if something goes wrong?
Webex by Cisco seems to put a strong emphasis on security with its products. For a product that's used frequently by financial and healthcare providers and can be HIPAA compliant, that is a good thing. End-to-end encryption isn’t enabled by default, so good to enable that, even though it will cause some features to not work. Webex has had a few known security vulnerabilities pop up. Fortunately, it looks like the company was responsive when these vulnerabilities were discovered and quick to push a fix out to their users. They do say they can collect a fair amount of data, as most of these video call apps outside of the privacy focused apps seem to do. They say they won’t sell this data but they can share it with other Cisco businesses as well as third-parties and contractors. And we found the password requirement for free users is weaker than for business users, so if you're using the free version of WebEx, it's probably still wise to make your password something really long and complicated like "iMNotW3aringpAnyPanTsiNThisM33ting!" or something like that.
Can it snoop on me?
Camera
Device: N/A
App: Yes
Microphone
Device: N/A
App: Yes
Tracks location
Device: N/A
App: Yes
What can be used to sign up?
Yes
Phone
No
Third-party account
No
What data does the company collect?
Personal
Contact, subscription, registration, online identifiers, social media and discussion forum or communications details, financial information, voice collected as part of audio Cisco does not provide a product-specific privacy statement for Webex, so we have relied on their privacy data sheet for this information. We cannot verify which of the items listed for this specific product may or may not be collected.
Body related
Social
Communications (i.e., audio, video, text) content
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In November 2020, a flaw was discovered in Cisco Webex Windows application, with the help of their bug bounty program. With this flaw, a ghost could stay in a meeting while not being seen by others, even after being expelled by the host. Cisco addressed this vulnerability, and the company is not aware of malicious use of the vulnerability that is described in this advisory.
Can this product be used offline?
User-friendly privacy information?
Privacy policy could be simplified
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
No end-to-end encryption by default. End-to-end encryption can be enabled at the cost of some features not working.
Strong password
Password requirements could be stronger for free users. Business users are required to create a passphrase with "at least 8 characters, at least one number, at least one lower case letter, at least one upper case letter, at least one special character." For free users, password requirements are only six characters minimum, with at least one number and one letter.
Security updates
Webex updates its mobile apps at least once a month.
Manages vulnerabilities
Webex parent company Cisco has a bug bounty program and there is a successful track record of its implementation.
Privacy policy
https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Cisco is involved in the application of a range of AI-based technologies including natural language processing, speech technology, speech to text (STT) and text to speech (TTS), speech transcription and translation, noise detection and removal, face recognition, people insights.
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Dive Deeper
-
Rethinking Zoom? How WebEx, Teams, and Google Meet and Duo Compare on Privacy and SecurityInc.
-
Cisco Webex Meetings ReviewPC Magazine
-
Cisco Clarifies Privacy Policy for Webex VideoconferencingConsumer Reports
-
Webex security flaw allows people to secretly sneak into meetings as "ghosts"TechRepublic
-
Cisco patches dangerous Webex vulnerabilityComputer Weekly
-
Collaboration in the Age of AI: How Cisco is Pioneering the Use of AI and Emerging Technology Within CollaborationWebEx Blog
Comments
Got a comment? Let us hear it.