Over the past few weeks, as the COVID-19 crisis has escalated, I've seen many friends and groups I am involved with flock to Zoom to keep in touch.
by flipperpa on March 29, 2020, 1:54 p.m.Random
This is an important lesson. Privacy Policies and Terms of Service can not solely be authored by lawyers looking to protect the company at the expense of user rights. While protecting the interest of the company is a necessary component, they must also be documents where you SAY WHAT YOU DO, so you can DO WHAT YOU SAY.
My original post follows, appearing as it was published yesterday.
It is understandable that in a time of crisis, so many people have discovered Zoom to keep in touch via video conferencing. They offer a product with a fantastic feature set that is very easy to use. Now that the immediate need to stay in touch has largely been met, we should all take a step back and look at what options are available to stay in touch. Zoom has a questionable track record when it comes to data privacy, security, and anonymity. When we create video conference meetings, we are not just responsible for our data: we are responsible for the data of everyone we invite to the meeting, who may not be as technically savvy as we are.
When I see therapists, doctors, government officials, and recovery groups using Zoom, I worry that people have not considered the privacy implications. These are situations where privacy and anonymity are absolutely essential, and many people using Zoom seem unaware of the privacy, security, and anonymity risk that comes with trusting a company with a questionable track record. You can search for more examples beyond what I cover here as well, and make your own decision.
Last week, Zoom was found to be sending data from their mobile apps to Facebook without notice to or permission from the user, regardless of if the user had a Facebook account. They have claimed this was an honest mistake, and have since updated their software to stop sending data to Facebook. But this is worrisome for a company with a checkered privacy track record. If I ran a company which had privacy issues in the past, I would be extra vigilant to ensure that lapses like this did not occur. At best, it gives the appearance of a company "asleep at the wheel" when it comes to privacy concerns. If this hadn't been found, this data would still be being sent to Facebook. Zoom was doing this for both the free and paid versions of their product.
This comes on the heels what happened just last year, when Zoom installed a back door into users' operating systems to allow them to automatically turn on the camera. Not only is this a major violation of decency and privacy, they introduced a bug that would allow anyone - not just the Zoom program - to activate the camera on the user's computer. In addition, they installed a web server on user's computers without their knowledge, a huge security flaw for people who are not Systems Administrators. This occurred for users of both the free and paid product.
Forbes has recently posted an article on many of the concerns as well:
This includes videos, transcripts that can be generated automatically, documents shared on screen, and the names of everyone on a call. Consumer Reports points out that your instant messages and videos can be used to target advertising campaigns or develop a facial recognition algorithm, like videos collected by other tech companies. "That's probably not what people are expecting when they contact a therapist, hold a business meeting, or have a job interview using Zoom."
Zoom has the best set of features and is among the easiest to use video conference solution out there. With such a good product, it baffles me why they continue to have some of the worst data protection practices I've seen from a company. I have been asked, "But aren't Facebook just as bad?" Yes. But people aren't required to use Facebook to see a therapist or join a recovery meeting. Facebook participation is optional, and there's a big difference between seeing a doctor and sharing pictures of your pet.
If you want more detailed information, I encourage you to explore the in-line links throughout this post. People are relying on these Zoom meetings for crucial services, and they shouldn't have to choose between the security of their personal information and life-saving essential services. There are lots of alternatives to Zoom from companies with better track records when it comes to personal information; I haven't used them all, but here is an alphabetical list of potential alternatives: