Review date: Sept. 8, 2021
Zoom’s popularity went from 0 to 60 at the start of the coronavirus pandemic in 2020. Its daily meeting participants grew from 10 million to over 300 million in just a few months. With so many more people working, schooling, and socializing from home, Zoom became a favorite video call app for many because of its high video quality, call recording, and ease of use. With Zoom’s rapid growth came a number of growing pains. Like the phenomena known as Zoombombing, when strangers, often with bad intent, invade video calls and cause problems. Full disclosure, here at Mozilla we use Zoom and have worked closely with the company to get its privacy and security features right for us.
What could happen if something goes wrong?
Zoom’s privacy and security problems since 2020 are well documented -- not being completely honest about it being fully end-to-end encrypted, security flaws the company failed to disclose, zoomboomings that included abuse and hate speech, over 500,000 users accounts up for sale on the dark web, a lawsuit filed because Facebook was allegedly allowed to "eavesdrop" on Zoom users' personal data. The list of failures and vulnerabilities is long. So, have they gotten better? Zoom has acknowledged their mistakes and appears to be invested in fixing them, for the most part. As of July 2021, end-to-end encryption is in technical preview. Because it disables several features. Zoom recommends using end-to-end encryption only for meetings where additional protection is needed. And Zoom says it does not sell personal information. Zoom does share personal information with third-parties for advertising and other purposes. This sharing of data is fairly common with many similar video call apps we reviewed like Microsoft Teams and Cisco Webex doing the same thing. All in all, Zoom is an OK video call app for most purposes. Still, given Zoom’s many very public missteps over the past couple of years, we really hope they keep working to get better at both privacy and security.
What can be used to sign up?
Optional Facebook sign up is available.
What data does the company collect?
Account Information (including contact details and billing), Profile and Participant Information (name, email address, phone number), Registration Information (name, contact information) and potentially face data.
Data collected may contain your voice and image (depending on the account owner’s settings, device settings, and what you do on Zoom Products)
Contacts and Calendar Integrations, Content and Context of meetings including audio, video, in-meeting messages, chat messaging content, transcriptions, written feedback, responses to polls and Q&A, and files, as well as related context, such as invitation details, meeting or chat name, or meeting agenda.
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In April 2020, over 500,000 Zoom accounts' details were discovered on the dark web. In July 2021, Zoom agreed to settle a class-action US privacy lawsuit for $US85 million. The lawsuit claimed Zoom breached the privacy of millions of users by sharing personal data with Facebook, Google and LinkedIn. Zoom denied any wrongdoing but did agree to improve its security practices.
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
As of July 2021, end-to-end encryption is in technical preview and disables several other features. Zoom recommends using end-to-end encryption only for meetings where additional protection is needed.
Zoom requires a strong password to sign in. For an extra layer of security, Zoom meetings can also be password protected.
Updates and bug fixes are released multiple times a month.
Zoom has a program in place to handle security vulnerabilities.
Got a comment? Let us hear it.