Collaboration platform Zoom has seen usage skyrocket since the COVID-19 pandemic forced hundreds of thousands of workers to begin telecommuting. Now, Zoom’s data privacy and security issues are being called into question. New York’s Attorney General, Letitia James, sent a letter to Zoom Monday asking whether the company had incorporated any new security measures to handle increased traffic on its network and to detect hackers, according to The New York Times.
Included in the list of concerns was that the company had been slow to address security flaws such as vulnerabilities “that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams,” the Times reported.
Zoom has been the subject of privacy concerns before; the video conferencing software experienced a webcam hacking scandal in 2019 and a bug that allowed uninvited users to potentially join meetings they hadn’t been invited to, according to CNET.
Here are a few things to keep in mind when using Zoom, especially for work-related functions. The host of a Zoom call has the ability to monitor the activities of attendees while screen sharing is underway with version 4.0 or higher, according to the Electronic Frontier Foundation (EFF).
SEE: Zoom and Comparably leaders share best practices for managing telecommuters (TechRepublic)
Zoom has a tattle-tale attention-tracking feature, which will let the host know if a participant is not paying attention, CNET noted. It doesn’t matter if it’s Zoom’s desktop version or the mobile app—the meeting host can enable an option in the software that alerts them if any attendees go more than 30 seconds without Zoom being in focus on their screen.
Zoom also provides a ranking system of users based on total number of meeting minutes, the EFF said.
The paid version of Zoom has a feature that when enabled, lets a host record the meeting along with its text transcription and a text file of any chats that occurred during that meeting, and save it in the cloud. The information can be accessed later by other authorized users at the company, even if they didn’t attend the meeting.
For any meeting that has occurred or is underway, Zoom allows administrators to see the operating system, IP address, location data, and device information of each participant, the EFF said.
This device information includes the type of machine, the specs on the make/model of the peripheral audiovisual devices like cameras or speakers, and names for those devices (such as user-configurable names given to AirPods, for example).
Administrators also have the ability to join any call at any time on their organization’s instance of Zoom, without in-the-moment consent or warning for the attendees of the call, the EFF said.
Zoom has also been caught sending analytics data to Facebook such as when the app was opened, what phone or device was being used, and the phone carrier, location, and a unique advertising identifier, according to CNET.
The policy also states that it “does use certain standard advertising tools on our marketing sites which, provided you have allowed it in your cookie preferences, sends personal data to the tool providers, such as Google. This is not a ‘sale’ of your data in the sense that most of us use the word sale.”
The company explained that it uses these tools so it can improve a user’s advertising experience (such as serving advertisements on its behalf across the internet, serving personalized ads on its website, and providing analytics services).
Zoom also said that sharing personal data with a third-party provider while using the platform may fall within the very broad definition of the ‘sale’ of personal data under certain state laws, specifically referencing California’s CCPA law.
“Under that definition,” the policy goes on to say, “when Zoom uses the tools to send the personal data to the third-party tool providers, it may be considered a “sale.”