Zoom

Zoom

Zoom | Free option. $14.99 per month and up for paid options.

Review date: 04/23/2020

Zoom is the popular kid at the moment among video call apps. Its daily meeting participants grew from 10 million to over 300 million in just a few months thanks to the coronavirus pandemic forcing us all to find new ways to socialize and work remotely. With so many more people working, schooling, and socializing from home, Zoom has become the tool du jour in part because of its high video quality, call recording, and ease of use. But wow, there have been a lot of reported issues surrounding its privacy and security lately. Like the phenomena known as Zoombombing, when strangers, often with bad intent, invade video calls and cause problems. Full disclosure, here at Mozilla we use Zoom and have worked closely with the company to get its privacy and security features right for us.

What could happen if something goes wrong

Zoombombing, the newly coined term where strangers--often evil trolls with malicious intent--invade your video call, sometimes bringing hateful and crude behaviors to your call without warning--is a real problem. No one wants to have racist trolls crash their relaxing Zoom yoga session when they are trying to chill out during the pandemic. And yes, Zoom has been in the news a lot lately for a whole bunch of privacy and security concerns -- everything ranging from exploits that would let bad guys download videos stored in the cloud, to leaking users' data, to a lawsuit that was filed because Facebook was allowed to "eavesdrop" on Zoom users' personal data. To Zoom's credit, they have acknowledged their mistakes and seem to be working hard to fix them.

Privacy

What is required to sign up?

An email registration is required to host a meeting. Registration is not required to join a meeting, unless the meeting host (on a paid account) requires authentication to join the meeting. Zoom allows sign up through Google and Facebook third party accounts.

What data does it collect?

How does it use this data?

Alerts when calls are being recorded?

Yes

For paid accounts the option to announce that a meeting is being recorded is available but not on by default. This option has to be enabled by a Zoom account administrator.

Does the platform say it is compliant with US medical privacy laws?

Yes

The paid version of Zoom can be HIPAA compliant. Please check with your healthcare provider to make sure the version of Zoom they use meets all the requirements.

Links to privacy information

Can I control it?

Is it easy to learn and use the features?

Yes

Zoom does lay out the basic host and co-host controls on their help center page. The site walks users through how to turn on your audio, video, set a profile picture, assigning permissions and more. Easy is a relative term and there is certainly a learning curve to figure everything out. We went ahead and said "yes" here because they do have a solid resource for users to help them learn.

Security

Does this product meet our Minimum Security Standards?

Yes

Encryption

Yes

Zoom uses encryption. It does not use end-to-end encryption.

Strong password

Yes

Zoom requires a strong password to sign in. For an extra layer of security, Zoom meetings can also be password protected.

Security updates

Yes

Updates and bug fixes are released multiple times a month.

Manages vulnerabilities

Yes

Zoom has a program in place to handle security vulnerabilities.

Privacy policy

Yes

https://zoom.us/privacy

Updates

Tips to Make Your Zoom Gatherings More Private
Mozilla
While some privacy concerns relate to platform vulnerabilities, others are related to host and participant settings, so here are steps you can take – both as a host and a participant – to help protect your own privacy as well as that of others.
Zoom: Here’s When To Use It, And When You Should Avoid It
Forbes
Before the COVID-19 crisis sent much of the world into lockdown a few weeks ago, a lot of people hadn’t even heard of video conferencing app Zoom. How things can change when you’re stuck at home–now, so many people have used Zoom, and everyone seems to have a strong opinion about it.
Maybe we shouldn’t use Zoom after all
TechCrunch
Now that we’re all stuck at home thanks to the coronavirus pandemic, video calls have gone from a novelty to a necessity. Zoom, the popular videoconferencing service, seems to be doing better than most and has quickly become one of, if not the most, popular option going. But should it be?
Zoom: Two new security exploits uncovered
CNET
Here's a timeline of every security issue uncovered in the video chat app.
Zoom privacy and security issues: Here's everything that's wrong (so far)
Tom's Guide
More than a dozen security and privacy problems have been found in Zoom recently. Here's an updated list.
Zoom will soon let you report meeting participants to help bust Zoombombers
The Verge
Zoom is adding a way for hosts to report meeting participants, according to the app’s release notes published on April 19th (via PC Mag). In theory, that could help the company track down trolls that take over Zoom calls and share inappropriate material, a practice more colloquially known as “Zoombombing.”
Zoom Updates User Privacy, Security on Its Videoconferencing Platform
Consumer Reports
Enhanced password protections and meeting controls are aimed at preventing Zoombombing
Zoom releases 5.0 update with security and privacy improvements
The Verge
Zoom promised a 90-day feature freeze to fix privacy and security issues, and the company is delivering on some of those promises. A new Zoom 5.0 update is rolling out this week that’s designed to address some of the many complaints that Zoom has faced in recent weeks. With this new update, there’s now a security icon that groups together a number of Zoom’s security features. You can use it to quickly lock meetings, remove participants, and restrict screen sharing and chatting in meetings.
Your Zoom videos could live on in the cloud even after you delete them
CNET
If you clicked Record to Cloud during a Zoom meeting, you might have assumed Zoom and the cloud storage provider would have password-protected your video by default once it was uploaded. And if you deleted that video from your Zoom account, you might have assumed it was gone for good. But in the latest example of the security and privacy woes that continue to plague Zoom, a security researcher found a vulnerability that turned those assumptions on their heads.
Facebook, LinkedIn Sued For 'Eavesdropping' On Zoom Users
Law 360
Facebook and LinkedIn have been secretly harvesting personal information from Zoom users to boost their revenues, according to a putative class action filed in California federal court Monday that targets both the social media sites and the newly ubiquitous video conferencing platform.
Hackers leak Zoom accounts’ usernames, passwords, full names and email addresses
Security Newspaper
A group of researchers from the cyber security course has published a report detailing how Zoom has become an ideal platform for online scammers, who have managed to extract login credentials from more than 350 verified accounts. This information is available on some hacker forums hosted on dark web.
Zoom is Leaking Peoples' Email Addresses and Photos to Strangers
Vice
Popular video-conferencing Zoom is leaking personal information of at least thousands of users, including their email address and photo, and giving strangers the ability to attempt to start a video call with them through Zoom.
What Can You Tell me About Zoom?
Mozilla
Zoom’s popularity has taken off – just seven weeks into 2020, the company has seen more user growth than in all of 2019. Here at Mozilla, we’ve been using Zoom for nearly a year at enterprise level. It allows our colleagues around the globe to connect with each other using high quality video and audio. When we were reviewing Zoom as a potential vendor, we asked a lot of questions about the platform’s privacy and security protections, and we think it is good consumers are asking these types of questions now. In our opinion, Zoom has done a solid job of responding to the questions, concerns, and interest that have come fast and furious in a short amount of time.

Comments

Related products

Duo | Hangouts | Meet

Google

Duo | Hangouts | Meet
Skype

Microsoft

Skype
Teams

Microsoft

Teams
GoToMeeting

LogMeIn

GoToMeeting