Zoom
Zoom’s popularity went from 0 to 60 at the start of the coronavirus pandemic in 2020. Its daily meeting participants grew from 10 million to over 300 million in just a few months. With so many more people working, schooling, and socializing from home, Zoom became a favorite video call app for many because of its high video quality, call recording, and ease of use. With Zoom’s rapid growth came a number of growing pains. Like the phenomena known as Zoombombing, when strangers, often with bad intent, invade video calls and cause problems. Full disclosure, here at Mozilla we use Zoom and have worked closely with the company to get its privacy and security features right for us.
What could happen if something goes wrong?
Zoom’s privacy and security problems since 2020 are well documented -- not being completely honest about it being fully end-to-end encrypted, security flaws the company failed to disclose, zoomboomings that included abuse and hate speech, over 500,000 users accounts up for sale on the dark web, a lawsuit filed because Facebook was allegedly allowed to "eavesdrop" on Zoom users' personal data. The list of failures and vulnerabilities is long. So, have they gotten better? Zoom has acknowledged their mistakes and appears to be invested in fixing them, for the most part. As of July 2021, end-to-end encryption is in technical preview. Because it disables several features. Zoom recommends using end-to-end encryption only for meetings where additional protection is needed. And Zoom says it does not sell personal information. Zoom does share personal information with third-parties for advertising and other purposes. This sharing of data is fairly common with many similar video call apps we reviewed like Microsoft Teams and Cisco Webex doing the same thing. All in all, Zoom is an OK video call app for most purposes. Still, given Zoom’s many very public missteps over the past couple of years, we really hope they keep working to get better at both privacy and security.
Can it snoop on me?
Camera
Device: N/A
App: Yes
Microphone
Device: N/A
App: Yes
Tracks location
Device: N/A
App: No
What can be used to sign up?
Yes
Phone
No
Third-party account
N/A
Optional Facebook sign up is available.
What data does the company collect?
Personal
Account Information (including contact details and billing), Profile and Participant Information (name, email address, phone number), Registration Information (name, contact information) and potentially face data.
Body related
Data collected may contain your voice and image (depending on the account owner’s settings, device settings, and what you do on Zoom Products)
Social
Contacts and Calendar Integrations, Content and Context of meetings including audio, video, in-meeting messages, chat messaging content, transcriptions, written feedback, responses to polls and Q&A, and files, as well as related context, such as invitation details, meeting or chat name, or meeting agenda.
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In April 2020, over 500,000 Zoom accounts' details were discovered on the dark web. In July 2021, Zoom agreed to settle a class-action US privacy lawsuit for $US85 million. The lawsuit claimed Zoom breached the privacy of millions of users by sharing personal data with Facebook, Google and LinkedIn. Zoom denied any wrongdoing but did agree to improve its security practices.
Can this product be used offline?
User-friendly privacy information?
After June 2021, Zoom updated its privacy policy, to make its language and navigation simpler. Now the privacy policy is formulated in a way of Question + Answer with links to the key points, like data retention rights, processing data of underage users, contact information, regional regulations, etc.
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
As of July 2021, end-to-end encryption is in technical preview and disables several other features. Zoom recommends using end-to-end encryption only for meetings where additional protection is needed.
Strong password
Zoom requires a strong password to sign in. For an extra layer of security, Zoom meetings can also be password protected.
Security updates
Updates and bug fixes are released multiple times a month.
Manages vulnerabilities
Zoom has a program in place to handle security vulnerabilities.
Privacy policy
Easily accessible privacy policy, formulated in a way of Question + Answer
Dive Deeper
-
Forget Zoom: Use these private video-chatting tools, insteadMashable
-
Tips to Make Your Zoom Gatherings More PrivateMozilla
-
Zoom: Here’s When To Use It, And When You Should Avoid ItForbes
-
Zoom: Two new security exploits uncoveredCNET
-
Zoom privacy and security issues: Here's everything that's wrong (so far)Tom's Guide
-
Zoom will soon let you report meeting participants to help bust ZoombombersThe Verge
-
Zoom Updates User Privacy, Security on Its Videoconferencing PlatformConsumer Reports
-
Zoom releases 5.0 update with security and privacy improvementsThe Verge
-
Your Zoom videos could live on in the cloud even after you delete themCNET
-
Hackers leak Zoom accounts’ usernames, passwords, full names and email addressesSecurity Newspaper
-
Zoom is Leaking Peoples' Email Addresses and Photos to StrangersVice
-
What Can You Tell me About Zoom?Mozilla
-
Zoom settles US privacy lawsuit for $US85 millionABC
-
Over 500,000 Zoom accounts sold on hacker forums, the dark webBleeping Computer
-
Zoom to pay $85M for lying about encryption and sending data to Facebook and GoogleArs Technica
-
How Your Boss Can Use Your Remote-Work Tools to Spy on YouWirecutter
Comments
Got a comment? Let us hear it.