With millions of people around the world working from home, business is booming for Zoom. However, this is bringing more attention to the company and its privacy issues.

Zoom Privacy Issues

Zoom not only tracks your attention, it tracks you.

The encryption that Zoom uses to protect meetings is TLS. This is the same technology that web servers use to secure HTTPS websites. This means that the connection between the Zoom app running on a user’s computer or phone and Zoom’s server is encrypted in the same way the connection between your web browser is encrypted.

Start off your week with tech news recap and trending conversations in your inbox

Enter valid email-id

Subscribe

I prefer it on Telegram

Simply put, when you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi. However, it won’t stay private from the company.

According to a report from Motherboard

Popular video-conferencing Zoom is leaking personal information of at least thousands of users. This includes their email address and photo. It’s giving strangers the ability to attempt to start a video call with them through Zoom.

The issue lies in Zoom’s “Company Directory” setting. It automatically adds other people to a user’s lists of contacts if they signed up with an email address that shares the same domain. This can make it easier to find a specific colleague to call when the domain belongs to an individual company.

In the last week alone, it has emerged that Zoom’s calls are not end-to-end encrypted despite several claims that they are.

The potential security issues that Zoom’s facing are myriad. Already, numerous reports have emerged of threat actors hijacking Zoom meetings. Apparently, they are upending the meetings with hate speech, threats of sexual harassment, and pornographic images. Some of the attacks have even gone so far as to threaten those attending the meeting with physical harm.

Our video call was just attacked by someone who kept sharing pornography + switching between different user accounts so we could not block them. Stay tuned for next steps. And I am sorry to everyone who experienced. We shut down as soon as we could.

— Jessica Lessin (@Jessicalessin) March 20, 2020

Zoom meetings have an option to be password protected, but there are still ways attackers could bypass that. Check Point Research on Monday pointed to cybercriminals setting up fake Zoom domains. They then persuade victims to enter their account credentials into that domain. The credentials could then be used to snoop in on conference meetings.

Zoom’s Data Collection and Data Sharing

According to the company’s privacy policy, Zoom collects reams of data on you, including your:

• Name
• Physical address
• Email address
• Phone number
• Job title
• Employer.

Even if you don’t make an account with Zoom, it will collect and keep data on what type of device you are using and your IP address. It also collects information from your Facebook profile. If you use Facebook to sign in.

Some of this data you enter yourself when you are signing in (for example, to join a call online, you must give your email). However, much of it is collected automatically by the Zoom app.

It’s important to note that as mentioned, this does not affect users with common email addresses such as Gmail, Yahoo or Hotmail accounts. However, the app appears to have missed enough personal email domains such that thousands of users have had their personal data shared with strangers.