Review date: 04/23/2020
Zoom is the popular kid at the moment among video call apps. Its daily meeting participants grew from 10 million to over 300 million in just a few months thanks to the coronavirus pandemic forcing us all to find new ways to socialize and work remotely. With so many more people working, schooling, and socializing from home, Zoom has become the tool du jour in part because of its high video quality, call recording, and ease of use. But wow, there have been a lot of reported issues surrounding its privacy and security lately. Like the phenomena known as Zoombombing, when strangers, often with bad intent, invade video calls and cause problems. Full disclosure, here at Mozilla we use Zoom and have worked closely with the company to get its privacy and security features right for us.
What could happen if something goes wrong
Zoombombing, the newly coined term where strangers--often evil trolls with malicious intent--invade your video call, sometimes bringing hateful and crude behaviors to your call without warning--is a real problem. No one wants to have racist trolls crash their relaxing Zoom yoga session when they are trying to chill out during the pandemic. And yes, Zoom has been in the news a lot lately for a whole bunch of privacy and security concerns -- everything ranging from exploits that would let bad guys download videos stored in the cloud, to leaking users' data, to a lawsuit that was filed because Facebook was allowed to "eavesdrop" on Zoom users' personal data. To Zoom's credit, they have acknowledged their mistakes and seem to be working hard to fix them.
What is required to sign up?
Third party account
An email registration is required to host a meeting. Registration is not required to join a meeting, unless the meeting host (on a paid account) requires authentication to join the meeting. Zoom allows sign up through Google and Facebook third party accounts.
What data does it collect?
How does it use this data?
How are your recordings handled?
Alerts when calls are being recorded?
For paid accounts the option to announce that a meeting is being recorded is available but not on by default. This option has to be enabled by a Zoom account administrator.
Does the platform say it is compliant with US medical privacy laws?
The paid version of Zoom can be HIPAA compliant. Please check with your healthcare provider to make sure the version of Zoom they use meets all the requirements.
Links to privacy information
Can I control it?
Is it easy to learn and use the features?
Zoom does lay out the basic host and co-host controls on their help center page. The site walks users through how to turn on your audio, video, set a profile picture, assigning permissions and more. Easy is a relative term and there is certainly a learning curve to figure everything out. We went ahead and said "yes" here because they do have a solid resource for users to help them learn.
Does this product meet our Minimum Security Standards?
Zoom uses encryption. It does not use end-to-end encryption.
Zoom requires a strong password to sign in. For an extra layer of security, Zoom meetings can also be password protected.
Updates and bug fixes are released multiple times a month.
Zoom has a program in place to handle security vulnerabilities.