Covid-19 Pandemic is disrupting the routine lifestyle of people around the world and as a result of same, work-from-home has become the new “norm” in the work culture. Thus video conferencing apps and related services has picked up rapid growth amidst social distancing initiative. One such beneficiary of the new trend is Zoom, which not only supports employees and corporates but also students and universities and everyone else to stay connected with friends and family.
As Zoom gathers momentum, Users and Developers are finding some of the security and privacy-related issues related to the services which include,” Zoombombing” where some people entering video calls without invitations and sharing irrelevant and unsuitable content. Furthermore, Washington Post reported that thousands of recorded Zoom meetings which were kept in the cloud service were available on simple search results.
Therefore we thought that it is the ideal time to go through the company’s privacy statements and understand if they have mentioned such possibilities of Privacy and Security breaches.
“We do not sell your personal data”
“We do not allow marketing companies, advertisers or similar companies to access personal data in exchange for payment”
The company mentions that they do not share user data that were gathered through Zoom services (Eg:- Video call) or through their website to any third party. But as per an article by VICE, they have observed that Zoom iOS app sending some analytics data to Facebook, even if that person is not a Facebook user!
The Zoom app notifies Facebook when the user opens the app, details on the user’s device such as the model, the time zone and city they are connecting from, which phone carrier they are using, and a unique advertiser identifier created by the user’s device which companies can use to target a user with advertisements
This is contradictory to what the Privacy statement explains, as we further explain below.
Furthermore, they state that they don’t monitor or store meetings unless the host request to store recordings either locally or on Zoom’s cloud storages.
“We have robust and validated access controls to prevent unauthorized access to meeting recordings saved to the Zoom cloud. “
Yet it can be seen that there are several instances where recorded meetings were available on the open web without any security and privacy protection.
As per the statement, they only collect data that is required to facilitate meetings uninterrupted. They collect data such as Your name, username and email address, or phone number, IP Address, Nearest City location data, chat / instant messages, files, whiteboards, and other information shared while using the service.
Are you still watching?
One of the questionable tools of Zoom is their “Attention Tracking” feature, which allows the meeting host to know whether Zoom is the active window of the participants’ devices. The company has been promoting the feature, especially to the Education providers. But for the employees who work from home, this feature would even curtail their privacy as well.
“Neither the meeting host nor Zoom can see or access any other applications on a participant’s screen or computer”
Zoom states that they will gather marketing information when you visit their marketing sites (Zoom.us and Zoom.com) and other than the information you may provide when signing up, they will collect
(IP) addresses, browser type, the Internet service provider (ISP), referrer URL, exit pages, the files viewed on our marketing sites (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data Which will use to understand your behaviour around the site.
With regarding the Data retention period, as per the statement, the company will hold the personal data collected for “as long as required to do what we say we will in this policy” But you have the ability to delete their “content” and EU and California State citizens receive further rights due GDPR and CCPA Acts.
Editor
Editor