- Videoconferencing app Zoom has skyrocketed in popularity in recent weeks as more people are working from home.
- But the growing popularity has also led to more scrutiny of the app’s privacy and data-sharing policies.
- Additionally, intruders have begun crashing meetings and classes held over Zoom and infiltrating them with offensive content.
- Visit Business Insider’s homepage for more stories.
Videoconferencing app Zoom is having a moment right now.
As the coronavirus pandemic has forced people across the country to work from home and stay indoors, video-chat services like Zoom are exploding in popularity.
It currently sits at the top of the charts in both Apple’s and Google’s app stores, and the service had already added more users in 2020 by late February than it did in all of 2019, according to a Bernstein note reported by MarketWatch.
But with Zoom’s newfound popularity have come fresh concerns about privacy and how the company handles consumer data.
Zoom was recently hit with a class-action lawsuit over accusations that it shares data with third parties like Facebook without adequately notifying users. Zoom calls have also been the target of a new practice that’s come to be known as “Zoom bombing,” when people intrude on meetings and digital classes and bombard chat participants with offensive content. And most recently, a report from The Intercept raised questions about the quality of the encryption the company uses to secure calls.
Such concerns haven’t gone unnoticed. The office of Letitia James, the New York attorney general, recently sent a letter to the company asking how it’s tightening security as usage ramps up now that people are teleconferencing more than ever, The New York Times reported.
A Zoom spokesperson said the company takes user “privacy, security, and trust extremely seriously” and is willing provide the attorney general with the “requested information.”
Here’s a look at the privacy concerns that have cropped up around Zoom in recent weeks.
Zoom shared some analytics data with Facebook, sparking a class-action lawsuit.
This stemmed from Zoom’s use of Facebook’s software development kit, which powers the “Login with Facebook” feature that allows you to sign into the video service using your profile on the social-media network.
Zoom has since removed the code that was sending data to Facebook by reconfiguring the feature, as Motherboard also reported. The data that was shared with Facebook didn’t include personal information, but rather it included details about users’ devices, the company told the outlet.
Still, a Zoom user filed a class-action lawsuit in California against the firm over concerns regarding its practices of sharing data with Facebook without alerting users.
Zoom videoconferences are being hijacked by internet trolls in a new practice called Zoom bombing.
The FBI has recently received several reports of “Zoom-bombing,” which is when an intruder hijacks a Zoom videoconference and infiltrates it with pornographic images or hateful content.
The Boston division of the bureau said it has been made aware of two instances in which an anonymous individual had gained access to a Zoom classroom. In one instance, the individual shouted profanity and then yelled the teacher’s home address, while in the other, the person displayed swastika tattoos.
Trolls have even taken to Alcoholics Anonymous meetings, which have turned to video meetings as social distancing is more widely recommended to slow the spread of the coronavirus.
“We take the security of Zoom meetings seriously and we are deeply upset to hear about the incidents involving this type of attack,” a Zoom spokesperson said in a statement to Business Insider.
There are some measures users can take to prevent Zoom bombing from occurring. A tool called waiting room allows the meeting host to screen those who enter the call. The FBI also suggests ensuring that the host is the only participant with the ability to share his or her screen, and advises to avoid sharing links to Zoom conferences publicly.
Zoom has a feature called “attention tracking” that lets hosts learn when a user may not be paying attention.
Zoom’s attention-tracking feature alerts the host of a meeting when a user does not have the meeting “open and active” for more than 30 seconds while another participant is sharing their screen.
The feature has come under fire in the days since Motherboard brought it to attention on March 16. Some have argued that feature is flawed because chat participants may actually be doing work-related tasks, like taking notes, while the Zoom window isn’t in use. Others were concerned over the privacy implications.
Zoom said in a statement to Business Insider that the feature is built for training purposes, is off by default, and can only be enabled by the administrator. Zoom doesn’t track any audio or video content from calls and does not monitor other apps or activity on your device, the company said.
Zoom audio and video calls do not actually support end-to-end encryption, even though its website says they do, according to a report.
End-to-end encryption would mean content is fully protected from third parties – that would include Zoom.
While Zoom’s website says it’s using end-to-end encryption, the encryption it uses appears to be closer to a type of encryption called transport encryption, the report says. Transport encryption secures the connection between a user’s computer and an outside server, similar to how URLs using HTTPS secure the connection between and a website’s server and the computer accessing it.
What this means for Zoom users is that their content is encrypted when shared between Zoom servers, and is protected from third-party intruders, but it would still be accessible to Zoom, according to the report.
Zoom did not respond to Business Insider’s request for comment regarding the level of encryption it offers.